Reimagining Cyber - real world perspectives on cybersecurity Reimagining Cyber

What is an insider threat? How do you mitigate the impact of an insider theat? From malicious insiders driven by profit or spite to negligent insiders prone to carelessness, and compromised insiders unwittingly manipulated by external forces, Rob Aragao and Stan Wisseman try to unravel the layers of this critical cybersecurity concern.
Drawing from recent incidents like the Sisense breach and the XZ exploit, light is shed on the evolving tactics employed by malicious actors, highlighting the pressing need for robust detection and response mechanisms. 
Links to points raised in this episode:
What is an insider threat?Insider Threats in 2024: 30 Eye-Opening StatisticsInsider Threat Statistics for 2024: Reports, Facts, Actors, and CostsPonemon Institute's 2023 Cost of Insider Risks studyMITRE ATT&CK frameworkMITRE’s Insider Threat TTP Knowledge Base projectXZ exploitYakima Valley Memorial Hospital breachSisense breachYahoo IP theftTesla insider threat incidentBlog by Stan - 
Insider Threats Demystified: Enhancing Security with ITDR and MITRE ATT&CK Frameworks


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

"For nation states today their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security." 
Stan Wisseman and Rob Aragao delve into the critical realm of election security with Dr. Ben Adida, the co-founder and executive director of VotingWorks, renowned for his expertise in safeguarding our voting processes. Dr. Adida shares insights from his two-decade journey at the forefront of election security, offering a deep dive into the complexities of ensuring the integrity of our democratic process.
From the challenges of balancing ballot secrecy with verifiability to the evolving landscape of election security concerns, the conversation navigates through the intricate web of issues surrounding voting systems. 
Dr. Adida sheds light on the pivotal role of voter-verifiable paper ballots and post-election audits in bolstering trust and transparency, emphasizing the need for modernizing voting technology to align with current security standards.
As the discussion unfolds, topics ranging from external influences on elections to the role of federal guidelines versus state autonomy are explored, providing a comprehensive overview of the multifaceted efforts to fortify election integrity. Dr. Adida's vision for the perfect voting system, grounded in openness, transparency, and layered defense mechanisms, offers a compelling roadmap for safeguarding democracy in the digital age.
https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode  Stan Wisseman and Rob Aragao delve into the critical yet often overlooked realm of API security. APIs, the linchpin of today's digital landscape, facilitate seamless communication between diverse software components, but they also present enticing targets for cyber threats. Through real-world examples and insightful analysis, Stan and Rob explore the escalating risks associated with APIs and offer strategies for fortifying your organization's defenses. From understanding your API inventory to implementing robust security measures, this episode equips listeners with essential knowledge to navigate the complex terrain of API security and safeguard their digital assets effectively.

Helpful links relevant to this episode:
Growing Concern Over API SecurityFastly API Security 2024 studyOWASP Top 10 API Security Risks—2023Developer Guide to the 2023 OWASP Top 10 for API SecurityFortify API SecurityNetIQ Secure API Manager












Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

“It’s only going to get worse if we don't pump the brakes and go, nope, we need to make sure we're doing this the right way.”
In this episode, Tim Fowler, an accomplished offensive security analyst and penetration tester from Black Hills Information Security, joins the podcast to discuss the intersection of cybersecurity and space systems. 
Tim sheds light on:
The unique challenges posed by the space environment,How the design of space systems differs from terrestrial systems The importance of threat modeling in shaping cybersecurity protocols for space systems. The biggest threats to cybersecurity in space both now and in the future.  Drawing from real-world examples like the ViaSat hack, Tim underscores the need for proactive cybersecurity measures, especially in the face of evolving threats and the increasing democratization of space technology.
The conversation also touches upon international collaboration and regulatory efforts in space cybersecurity, with Tim mentioning standards set by bodies like the Consultative Committee for Space Data Systems (CCSDS). However, challenges persist, including the cultural shift required to prioritize cybersecurity early in the space system lifecycle and address emerging threats effectively.

For details on Tim's Introduction to Cybersecurity and Space Systems class go to:
 https://www.antisyphontraining.com/

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Join hosts Stan Wisseman and Rob Aragao as they explore the evolution of payment card security standards. With insights on PCI DSS 4.0, they dive into key changes and technology considerations. From data protection to application security, this episode offers crucial insights for organizations navigating compliance in an ever-evolving landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode, the Rob and Stan delve into a recent cyber attack targeting Change Healthcare, a key player in the healthcare sector. They highlight the unprecedented nature of the breach, its implications, and the collaborative efforts undertaken to mitigate its impact.
Change Healthcare, based in Nashville, Tennessee, disclosed the cyber attack on February 21st, causing significant disruptions across the healthcare ecosystem. The breach impacted various services, including claims processing and clinical decision support, affecting hospitals, pharmacies, and patients alike.
The attackers, identified as the ransomware group BlackCat, operated on a ransomware-as-a-service model. The hosts discuss the complex web of ransomware operations and affiliate relationships, shedding light on the intricate nature of cyber threats facing the healthcare industry.
The breach triggered a swift response from government agencies, with the Medical Group Management Association requesting assistance from the Department of Health and Human Services (HHS). HHS issued statements and provided alternative electronic data interchange options to minimize disruptions in patient care.
Rob and Stan look at the critical need for cybersecurity resiliency in the healthcare sector. They discuss proposed measures, including the adoption of HHS cybersecurity performance goals and the streamlining of funding opportunities to bolster cybersecurity defenses.



Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com