10 episodes

Named one of the world's top information security podcasts, The Security Ledger Podcast offers in-depth interviews with the top minds in information (cyber) security. Hosted by Paul Roberts, Editor in Chief of The Security Ledger, each podcast is a conversation about the cyber security stories making headlines and about the most important trends in the information security space including security and the Internet of Things, the latest cyber threats facing organizations and new paradigms for securing data and devices. A must listen if "cyber" is your thing!

The Security Ledger Podcasts The Security Ledger

    • Technology

Named one of the world's top information security podcasts, The Security Ledger Podcast offers in-depth interviews with the top minds in information (cyber) security. Hosted by Paul Roberts, Editor in Chief of The Security Ledger, each podcast is a conversation about the cyber security stories making headlines and about the most important trends in the information security space including security and the Internet of Things, the latest cyber threats facing organizations and new paradigms for securing data and devices. A must listen if "cyber" is your thing!

    Episode 173: Iran’s Cyber Payback for Soleimani Killing may have a Long Fuse

    Episode 173: Iran’s Cyber Payback for Soleimani Killing may have a Long Fuse

    As it weighs further response to the assassination of General Qasem Soleimani, Iran is almost certain to consider the use of cyber attacks. We talk with Levi Gundert at the firm Recorded Future about what cyber “payback” from Tehran might look like.















    When missiles from Iran landed near U.S. military bases in Iraq, the world assumed that it was an escalation of tensions between Iran and the U.S. in response to the January 3rd U.S drone assassination of General Qasem Soleimani, a high-ranking member of the Iranian government and the architect of the country’s Middle East policy.







    But fears of a shooting war between the U.S. and Iran have eased in the days following the Iranian missile launch, which caused no U.S. casualties and little damage and which were followed by mollifying comments from both the Iranian and U.S. leadership.







    Disaster averted? Not so fast.







    Levi Gundert, Recorded Future







    Disaster averted? Not so fast, say Middle East experts. “Killing Soleimani crossed a significant threshold in the US-Iran conflict,” Kiersten Todt, managing director of the Cyber Readiness Institute told CNN.  “Iranians will certainly try to retaliate — definitely in the region and they will also look at options in our homeland. Of the options available to them, cyber is most compelling.”







    Government, Private Sector Unprepared for 21st Century Cyber Warfare







    With Iran’s kinetic response mostly symbolic, speculation is now focused on the cyber theater, where Iran’s government has used hacking to advance both domestic and geopolitical objectives before. In recent memory, for example, the country tapped the Chafer hacking group to target aviation repair and maintenance firms in 2018 in an apparent effort to obtain information needed to shore up the safety of that country’s fleet of domestic aircraft, according to research by the firm Symantec.







    Those concerns prompted the U.S. Department of Homeland Security to issue a warning to private sector firms to prepare for the worst. But what might “the worst” look like?







    Episode 80: APT Three Ways







    A well-developed Offensive Cyber Program







    Iran has a well-developed offensive cyber program and has been linked to attacks against public and private interests in Saudi Arabia, the United States and Europe, according to experts. The country already has successfully executed several known major cyber attacks against the United States, with two notable ones occurring in a href="https://www.nytimes.

    • 21 min
    Episode 172: Securing the Election Supply Chain

    Episode 172: Securing the Election Supply Chain

    In this episode of the podcast (#172), Jennifer Bisceglie, the founder and CEO of Interos to talk about the links between America’s voting infrastructure and countries with a history of trying to subvert democracy.















    With an election year upon us, the media’s attention has swung back the vexing issue of election security. Given the documented interference by Russia in the 2016 presidential election and anomalies in the performance of electronic voting systems in both 2016 and 2018, as well as the recent UK Parliamentary elections, both government and watchdog groups worry about foreign actors tampering with election results in crucial (“swing”) districts.







    Report: Chinese Ties to US Tech Firms put Federal Supply Chain at Risk







    Supply chain: the unseen election risk







    Jennifer Bisceglie is the CEO of the firm Interos.







    But efforts to secure voting systems at election time can only go so far, according to research released this month from the firm Interos. The company found that one fifth (20%) of the hardware and software components in a popular voting machine came from suppliers in China. Furthermore, close to two-thirds (59%) of components in that voting machine came from companies with locations in both China and Russia.







    Podcast Episode 142: On Supply Chains Diamond-based Identities are forever







    Heightened awareness of supply chain risk







    The study comes as the U.S. government and Trump Administration are issuing guidance to private sector firms and government agencies to steer clear of hardware and software from countries with a history of spying and espionage within the U.S., including hardware giants like the Chinese firm Huawei.







    In this week’s podcast, we sat down with Jennifer Bisceglie, the founder and CEO of Interos to talk about the links between America’s voting infrastructure and countries with a history of trying to subvert democracy.







    In this conversation, Jennifer and I also talk about the larger issue of supply chain risk, which Bisceglie says goes well beyond cyber security, encompassing ethical sourcing, environmental risks and more.















    As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

    • 22 min
    Spotlight Podcast: Building Resilience into the IoT with Rob Spiger

    Spotlight Podcast: Building Resilience into the IoT with Rob Spiger

    In this Spotlight edition of the Security Ledger Podcast, sponsored by Trusted Computing Group*: we’re joined by Rob Spiger, a principal security strategist at Microsoft and co-chair of the cyber resilient technologies working group at Trusted Computing Group. Rob talks to us about efforts to make more resilient connected devices and how the advent of the Internet of Things is changing TCG’s approach to building cyber resilient systems.















    When the trusted computing group first hit the scene 20 years ago, the idea was to provide a so-called “root of trust” from which security operations might be launched, and a secure enclave from which devices could recover should all else fail.







    But attacks these days aren’t as simple as removing malware from a windows system and getting it back up and running. Destructive malware like Shamoon, NotPetya and WannaCry have shown that disruption and even physical destruction of devices may be the objective of malware infections and hacks. At the same time, so-called “advanced persistent threat” (APT) actors have made a practice of stealthy, long-lived compromises designed to harvest information or extend control over compromised environments.







    A Focus on Cyber Resilience







    And, as Internet of Things devices permeate both commercial and private networks, the cyber physical consequences of comprises mount. That’s why the Trusted Computing Group is expanding its work on what it calls “cyber resilient technologies” that can help restore connected devices to a working state in the event of a cyber attack or other disruption.







    In this spotlight edition of the podcast, we invited Rob Spiger of Microsoft into the studio to talk about this concept of “cyber resilience.” Rob is a 17 year veteran of Microsoft and the co-chair of the Cyber Resilient Technologies Working Group at TCG.







    Breaking the Ice on DICE: scaling secure Internet of Things Identities







    Rob Spiger is a principal security analyst at Microsoft and co-chair of the Cyber Resilient Technologies Working Group at Trusted Computing Group.







    In this conversation, Rob and I talk about how the importance of cyber resilience has grown in recent years and how TCG is adapting to address the unique challenges of the Internet of Things, including the need to manage physically remote devices and devices deployed at massive scale.







    Rob notes that the concept of resilience is not so much different today from what it was 20 years ago when TCG was first setting up shop, even though technology use cases have changed dramatically.







    “The concept is that devices could be come compromised and you need re-establish them to a trusted stage and resume normal or limited operations if mitigations are not available immediately,” Spiger told me. “The basic concept is to provide better protections and detect if an attack has occurred and then to recover from that attack to a trusted state.”

    • 27 min
    Spotlight Podcast: Beyond HIPAA – a Conversation with Nemours CPO Kevin Haynes

    Spotlight Podcast: Beyond HIPAA – a Conversation with Nemours CPO Kevin Haynes

    In this Spotlight edition of The Security Ledger Podcast, sponsored by RSA Security*, the Chief Privacy Officer at Nemours Healthcare, Kevin Haynes, joins us to talk about the fast evolving privacy demands on healthcare firms and how the Chief Privacy Officer role is evolving to address new privacy and security threats.















    In just a couple weeks The California Consumer Privacy Act – or CCPA – will take effect. Considered the most comprehensive data privacy law in the country, the CCPA could become a de-facto federal standard akin to the EU’s GDPR, at least in the absence of a matching federal law.







    The law, enforcement of which begins in July, 2020, will be a wake up call to many industries that have made a business of collecting, mining and even re-selling their customers data. One industry that is unlikely to be phased by the new requirements, however, is healthcare. That’s because a comprehensive patient data privacy law, HIPAA, has governed that industry for more than two decades.







    Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side







    Healthcare Industry beset by Changes







    Kevin Haynes is the Chief Privacy Officer at Nemours Healthcare.







    But the existence of a strong federal data protection law for patient health information doesn’t leave the healthcare industry immune from controversies, risks or questions about the extent of privacy protections. That’s especially true as a new generation of connected medical devices work their way into clinical settings, exposing them to cyber and operational risks in new ways. And, as data hungry firms like Google look to expand their reach into the massive healthcare industry, healthcare firms are needing to balance their interest in new treatments and better customer service against the privacy rights and concerns of their members. Concerns about data privacy and the abuse of medical information, for example, has dogged initiatives like Google’s Project Nightingale since its inception.







    The Role of Healthcare CPO: Beyond HIPAA







    To learn more about the unique challenges facing healthcare organizations, we invited Kevin Haynes, the Chief Privacy Officer of the Nemours Foundation – a pediatric health provider in six states and the District of Columbia – about how the role of Chief Privacy Officer is changing and adapting to the challenges and threats facing healthcare organizations.







    Massive Marriott Breach Underscores Risk of overlooking Data Liability







    Haynes says that – despite laws like HIPAA and even CCPA- privacy protecti...

    • 29 min
    Episode 171: Stopping the 21st Century’s Plumbers – Defending Digital Campaigns from Hackers

    Episode 171: Stopping the 21st Century’s Plumbers – Defending Digital Campaigns from Hackers

    In this week’s episode of the podcast (#171): as voters go to the polls in the UK and primaries loom here in the U.S., we sit down with Michael Kaiser, the CEO of a new group: Defending Digital Campaigns and Joel Wallenstrom, the CEO of secure collaboration platform Wickr to discuss efforts to extend an information security lifeline to political campaigns in an era of epidemic campaign hacking and online disinformation.















    Cyber attacks on high profile political campaigns aren’t just an artifact of the 2016 presidential campaign in the U.S. or the 2015 Brexit referendum in the UK. In fact, attacks on campaigns – at home and abroad- predate those events and have now become more the rule than the exception. Just in the last year, there is evidence of campaign hacks and damaging leaks in the US midterm elections and in the lead-up to this week’s Parliamentary elections in the UK.







    Episode 106: Election Trolls Are Afoot. We Talk To The Guy Who Watches Them







    There are many explanations for why campaign hacks and attacks have become a fixture of modern elections. For one thing: campaigns operate almost entirely online these days, making the crowbar and flashlight routine of the Watergate burglars unnecessary. But campaigns are also slap dash affairs: spun up quickly, with ever evolving and revolving staff, and spun down just as quickly after the voting is finished.







    Michael Kaiser is the CEO of Defending Digital Campaigns.







    Furthermore, despite the never-ending media fixation on hacks of voting infrastructure, malicious operations to discredit candidates and campaigns are easier and have been shown to actually sway outcomes.







    And finally: campaigns run on shoestring budgets, with most of their available cash devoted to getting the candidate’s message out to voters. Cyber security tools and talent are not a high priority.







    Still: in the wake of the 2016 election hacking, plenty of cyber security firms stood ready to offer both tools and talent…for free, or at steep discounts. But then there’s the matter of federal election rules, which consider such discounts as ‘in kind’ gifts that were disallowed campaign donations.







    Enter Defending Digital Campaigns (DDC). The not-for-profit group that was created to give campaigns access to cybersecurity products, services and information regardless of party affiliation.







    Episode 146: Elections Loom, Political Parties struggle with Cyber Security and Securing Cloud with Aporeto’s Amir Sharif







    a href="https://www.linkedin.

    • 35 min
    Episode 170: Cyber Monday is for Hackers

    Episode 170: Cyber Monday is for Hackers

    In this episode of the podcast, sponsored by Signal Sciences: Cyber Monday may have been the biggest yet – and not just for shoppers and online retailers. Hackers use the year’s biggest online shopping day to cover their tracks. Brendon Macaraeg joins us to talk about Cyber Monday and the rising tide of e-commerce hacks.















    Cyber Monday 2019 is in the rear view mirror and this year’s holiday shopping bonanza looks to be the biggest ever. Adobe Analytics estimated this week that sales from Thanksgiving through Cyber Monday will exceed $29 billion. And, in just one measure of how shopping habits are changing, the online sales platform Shopify, which is used by more than a million merchants, reported that sales on the platform had already surpassed $1.5 billion, which is more than the sales from the full Thanksgiving weekend last year, according to reports.







    But the post-Thanksgiving weekend isn’t just big for shoppers and retailers. It is also one of the busiest weekends for cyber criminals, who find cover for their attacks and fraud among the millions of legitimate online shoppers.







    Critical Flaws in VxWorks affect 200 Million Connected Things







    Brendon Macaraeg is a Senior Director of Product Marketing at the firm Signal Sciences.







    And it isn’t just during the holiday season that online criminals hide in the crowd. A recent study by the firm Signal Sciences* found that attacks on e-commerce applications jump on the 15th and 30th of the month — pay days when overall shopping volume is higher as well.







    What does this mean for e-tailers? To find out, we invited Brendon Macaraeg of the firm Signal Sciences back into the Security Ledger Studios to talk about that company’s research which finds a rising tide of e-commerce fraud.







    Data Breach Exposes Records of 114 Million U.S. Citizens, Companies







    To start off, I asked Brendon about Cyber Monday and how e-tailers are struggling to balance a concern about security and fraud with the desperate need to have their e-commerce operation humming from Black Friday on. 















    (*) Disclosure: This podcast was sponsored by Signal Sciences. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.







    As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher,

    • 26 min

Customer Reviews

AnneViola ,

Excellent and informative

My go-to source for security trends and news, with a well-rounded selection of guests. Paul has an affable yet hard-hitting interview style and always gets the best out of his subjects.

LStar-BOS ,

great cyber security podcast!

One of the best and most thoughtful podcasts on the cyber security space. Interviews with hackers, executives, activists and leading policy makers and academics. A 'must-listen' if information security is your thing!

Top Podcasts In Technology

Listeners Also Subscribed To