Modern Cyber with Jeremy Snyder Jeremy Snyder

In this episode of Modern Cyber, Jeremy sits down with Steve Orrin, CTO and Senior PE at Intel Federal, to discuss organizational and technological strategies in cybersecurity. They explore the challenges of communication within organizations, the importance of product interoperability, and how NIST publications can guide cybersecurity practices. Steve emphasizes the need for clear communication across departments, the role of industry standards in product integration, and the practical use of NIST's various documents for effective cybersecurity implementation. He also highlights the significance of aligning security initiatives with business outcomes.
About Steve Orrin
Steve Orrin is a leading expert in cybersecurity with a focus on organizational and technological strategies. With extensive experience working on multiple security standards and guidance with NIST, Steve has a deep understanding of the challenges and solutions in the cybersecurity landscape. He is actively involved in various public sector initiatives and using commercial technologies to solve federal problems.
For more insights from Steve, see the links below...
Relevant Links
Intel Public Sector https://www.intel.com/content/www/us/en/government/public-sector-solutions-overview.htmlSteve on Linkedin: https://www.linkedin.com/in/sorrin/NIST 800 Family of Documents: https://csrc.nist.gov/publications/sp800NIST CSF: https://www.nist.gov/cyberframeworkNIST 1800 Family of Documents: https://www.nist.gov/itl/publications-0/nist-special-publication-1800-series-general-informationOCSF: https://schema.ocsf.io/FireTail Endpoint Security Blog: https://www.firetail.io/blog/i-was-wrong-about-endpoint-security

In this episode of Modern Cyber, Jeremy sits down with Ryan Smith, founder of QFunction, to explore how combining AI with human expertise can streamline anomaly detection in cybersecurity. They discuss innovative AI models, ethical concerns around AI use, and the importance of transparency and collaboration in the tech industry. Ryan highlights the unique challenges faced by small to medium-sized businesses and underscores the potential for AI to drive positive change beyond profit-making.
About Ryan Smith
Ryan Smith is the founder of QFunction, a company dedicated to enhancing cybersecurity through the integration of AI and human expertise. With a background in computer science and extensive experience in cybersecurity for organizations like NASA JPL and Pfizer, Ryan has developed innovative solutions for anomaly detection and threat intelligence. He is passionate about making cybersecurity accessible to small and medium-sized businesses and advocates for ethical AI practices.
QFunction's website https://qfunction.ai
Ryan on LinkedIn - https://www.linkedin.com/in/ryan-smith-0390202b/

In this episode of the Modern Cyber podcast, Jeremy talks to Craig Taylor of CyberHoot. The pair discuss critical aspects of cybersecurity, focusing on incident response, tabletop exercises, and the importance of regular testing and updating of backup systems.
Craig highlights the need for cyber literacy, emphasizing the frequent causes of breaches such as phishing, social engineering, and weak passwords. The discussion also touches on the role of AI in both aiding and combating cyber threats. AI helps hackers improve phishing emails and exploit vulnerabilities, but it also enhances intrusion detection systems by identifying anomalies quickly.
Craig shares an anecdote about a company where an HR employee was tricked into purchasing $26,000 worth of gift cards for a scammer posing as the CEO, highlighting the importance of cyber literacy training to prevent such incidents. He underscores that until cyber literacy is widely taught and enforced, phishing and social engineering will remain prevalent attack vectors. This is an episode you don't want to miss.
About Craig Taylor
Craig is a Certified Information Systems Security Professional (CISSP) since 2001, and a 25-year veteran in the field of cybersecurity. In 2014, he co-founded CyberHoot, a company dedicated to teaching cyber literacy skills through innovative training methods. Throughout his career, Craig has led cybersecurity efforts in various industries including web hosting (CSC), finance (JP Morgan Chase), and manufacturing (Vistaprint). Currently, he heads a cybersecurity consulting practice that delivers virtual Chief Information Security Officer (vCISO) services to over 40 companies.
Relevant Links:
LinkedIn: https://www.linkedin.com/in/craigmtaylor/
CyberHoot Website: https://cyberhoot.com/

In this episode of Modern Cyber, Jeremy is at RSAC 2024 where he catches up in person with cybersecurity legend, Mikko Hypponen.
Fresh from his keynote on the 'First Decade of Corporate Ransomware', Mikko talks ransomware gangs, AI, quantum computing and the role of cyber in modern conflicts. This is an episode you don't want to miss.
About Mikko Hypponen
Mikko is a cybersecurity expert, speaker and author and currently the Chief Research Officer at WithSecure. He is well known for the Hypponen Law of IoT Security: "If It's Smart, It's Vulnerable," which is also the title of his latest book, which has been translated into five languages. During his long career - which has lasted over 30 years - he has accomplished many notable career achievements: he was selected as one of the 50 most important people on the web by the PC World magazine, and was included in Foreign Policy’s Top 100 Global Thinkers list. Mikko is an accomplished speaker, regularly presenting at prestigious conferences around the world like TED, SXSW, Black Hat, DEFCON, RSA, and more.
Mikko's Website: https://mikko.com/
WithSecure Website: https://www.withsecure.com/en/home
Mikko's Linkedin: https://www.linkedin.com/in/hypponen/
Mikko's X: https://twitter.com/mikko

In this special 'Breach Alert' episode of the Modern Cyber podcast, Jeremy talks to security researcher Viktor Markopoulos about a recent data breach at Dell.
The incident saw a threat actor gain access to a partner portal using dummy credentials. They then proceeded to scrape 49M records using a poorly secured API, requesting 5,000 records per hour for almost three weeks.
Watch the full episode as Jeremy and Viktor cover what want wrong and how to protect your APIs against similar attacks.
Subscribe to Modern Cyber with Jeremy Snyder to get instant access to all episodes including these 'Breach Alert' specials as they happen.
Sources:
https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/
https://www.pcworld.com/article/2328519/dell-data-breach-includes-your-id-and-detailed-hardware-info.html
https://techcrunch.com/2024/05/09/dell-discloses-data-breach-of-customers-physical-addresses/
https://www.securityweek.com/dell-says-customer-names-addresses-stolen-in-database-breach/

In this episode of Modern Cyber, Jeremy talks to cybersecurity veteran Evgeniy Kharam, about a broad range of industry topics including the complexities of managed security services and the importance of soft skills. Evgeniy also offers fascinating insights into the startup space, the factors driving technology adoption, and the evolving cybersecurity landscape. And Jeremy learns a bit about Evgeniy's upcoming book that covers soft skills, voice improvement, and overcoming burnout. Don't miss this highly entertaining and informative discussion.
About Evgeniy Kharam
With decades of cybersecurity experience, Evgeniy Kharam has worn many hats during his long and storied career. Beginning on the technical frontlines as a firewall deployment engineer, Evgeniy has served as cybersecurity architect, VP, CISO, evangelist, consultant, advisor and speaker. Evgeniy is also the co-founder and host of both the Security Architectures Podcast and Cyber Inspiration Podcast as well as organizing the unique 'Ski & Snowboard Cybersecurity Conference'.
LinkedIn - https://www.linkedin.com/in/ekharam/
SSCC Website - https://thesscc.ca/