mnemonic security podcast mnemonic

The importance of identity within our field has been established. According to analysis from CrowdStrike, 8/10 attacks are identity-based. But what does that actually mean? How do we even define identity these days, and how has it changed?

To look into this, Robby has invited an expert within the field, Peter Barta. Peter works as a Senior Cloud Security Engineer at Rothesay, the UK's largest specialist pensions insurer, securing pensions for over 810 000 people, and has previously worked in Norges Bank Investment Management (NBIM) which manages the Norwegian Government Pension Fund Global.

During their conversation, Peter takes us both to the far side of Security Engineering, as well as goes though some of the more standard best practice most organisations should have on their radar.

They talk about how you can design and create something that is user-friendly enough for everyone in an organisation, also the users not interested in identity or security. As well as the developer side of secret management, dynamic sessions, zero trust, and what he thinks security engineers should focus more on.

Bots; they can be both helpful assistants and harmful pests, and you’ll find them all over the internet targeting most public facing applications in some way or another. But what actually are they?
To explore the bad bots on the Internet, Robby is joined by someone that has spent the last seven years studying them, Dan Woods, Global Head of Intelligence, F5.
They talk about why Dan became fascinated by bots, real-life examples of how bots are being used, and what separates the sophisticated bots from the rest.
They also discuss if we are underestimating the sophistication and the motivation of the organisations behind these automations, how botnets and human click farms work, and whether Elon Musk will be able to solve his bot problem on Twitter.

This episode is for anyone working within cybersecurity that has ever had to explain what they actually do, or defend why they are investing in security.
We’re happy to welcome Jeff Barto back to the podcast, to go through his presentation “We are Defending” that he presented at mnemonic’s C2 summit this summer. Jeff is the CISO of a large hedge found in the US, and has worked in security for over 20 years. He will share some of the key lessons from his presentation that aims to explain what it is we, the defenders out there, actually do. 
During his presentation, Jeff goes through the importance of continuous improvement in security, testing, and how to identify what your major gaps are and what you need to take care of in 2023.
To follow Jeff’s PowerPoint presentation, Feel free to check out the video version of the podcast on ISACA Norway's channel - https://www.youtube.com/@isacanorwaychapter

House of Pain: new EU cyber regulations

NIS2, DORA, the Cyber Resilience and Artificial Intelligence acts; have you started to familiarise yourself with the new EU cyber regulations that are coming into force?

In this episode, Robby welcomes Rolf von Roessing, former Vice Chair of ISACA Global, and CEO of FORFA Consulting, a German company specialising in senior level consultancy and advisory work.

During their conversation, Rolf provides an introduction to a few new and upcoming EU regulations many are now starting the familiarise themselves with; the Network and Information Security Directive, version 2 (NIS2), the EU Cyber Resilience Act, the Artificial Intelligence Act and the Digital Operational Resilience Act (DORA).

Rolf walks us through these upcoming regulations, and provides an overview of the main differences between them, who the regulations are for and who they will affect.

Feel free to check out the video version of the podcast on ISACA Norway's channel - https://www.youtube.com/@isacanorwaychapter

What happens when cyber criminals don’t get what they believe they're owed?
For this episode, Robby is joined by John Fokker, Head of Trellix Threat Intelligence. John shares from his long experience fighting cybercrime, where he among other places has worked for the Dutch National High-Tech Crime Unit (NHTCU), the Dutch National Police unit dedicated to investigate advanced forms of cybercrime. John was also one of the co-founders of the NoMoreRansom Project.
They discuss John’s encounter with an insider in a ransomware group, the valuable information these situations provide the security community, and what we have learned from them.
John also talks about how cybercrime has changed during his career, and how the war in the Ukraine has affected organised cybercrime.

Network detection and response (NDR): the value of evidence
What exactly is NDR, how have these technologies changed over the years, and are they more relevant now than ever?
To help answer these questions, Robby is joined by Jean Schaffer. She’s had, to say the least, an interesting career with more than 33 years of experience from the US Department of Defense. Including managing the network of the NSA, and holding the position of CISO of the Defense Intelligence Agency. Currently she’s the Federal CTO at Corelight, an open-source network detection and response company.
During their conversation, they talk about the differences, limitations and benefits of EDR and NDR, what evidence based detection really is, and President Biden’s Executive Order on Improving the Nation's Cybersecurity.
She also shares some of the most common pain points she’s observed that organisations are looking to solve, as well as go into how the adaption of cloud affects the value of NDR, and her take on the future of NDR.