Banking Information Security Podcast

Interview with Srinivas Mukkamala When it comes to incident response, there's nothing for critical than first response. And first response skills are exactly what students are attaining in a unique information assurance program offered by New Mexico Tech. In an exclusive interview, Srinivas Mukkamala of New Mexico Tech discusses: How the school's First Responders program works; Qualifications of students enrolled in the program, and how it helps them prepare for careers; Advice for individuals looking to start - or jump-start - a career in information assurance. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He

Community Banking Leader Discusses Milestones, Challenges, Opportunities Gail Mikolich stumbled into a banking career 23 years ago. Today, she is Executive Vice President and Chief Operating Officer of Northeast Bank, a $400 million community bank based in Minneapolis. In a discussion about careers in banking, Mikolich touches upon: the most important steps in her career; challenges she's faced along the way; opportunities for women; advice to people just starting their banking careers. Mikolich has overall responsibility for the executive offices, operations, information systems, security, fixed assets, account services, electronic banking and teller departments at Northeast Bank. She also coordinates the bank's audit and loan review functions. She is a 23-year employee of the institution.

Schools are back in session in the U.S., the weather is cooling, and the fall flu season is close at hand. So, how should businesses and government agencies prepare for the expected widespread return of the H1N1 virus? Regina Phelps, a noted expert in pandemic preparedness, updates us on H1N1, discussing: What we have learned so far about the pandemic; Good - and bad - examples of pandemic preparedness; How individuals and organizations can take steps today to ensure effective response to H1N1. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he dir

Unified Security Monitoring - it's all about transparency and efficiencies.

The FDIC has warned banks: Online crime is increasingly hitting small and mid-size companies in the U.S., draining those entities' bank accounts through fraudulent transfers. So, how should banks respond to this alert and assist their business customers? Doug Johnson of the American Bankers Association addresses: The prevalence of these fraudulent transactions; How banks should respond to these alerts; Ways banks can help their business customers protect themselves. Johnson serves as Senior Policy Analyst for the American Bankers Association, where his public policy responsibilities include payments system technology and the relationship between technology, privacy, and security. He also advises the ABA and its members on a variety of other matters, including social security reform, real estate brokerage, mortgage finance, and public funds.

Interview with David Taylor, Founder of PCI Knowledge Base The Heartland Payment Systems and Network Solutions data breaches have thrust the Payment Card Industry Data Security Standard (PCI DSS) into the spotlight, raising the question: Does PCI compliance help in the fight against fraud? David Taylor, founder of PCI Knowledge Base, recently administered new research on PCI compliance, and in an exclusive interview he discusses: Goods news - and not-so-good-news - about PCI compliance; Unique PCI challenges for merchants and banking institutions alike; What needs to be done to raise awareness around PCI compliance. Taylor founded the PCI Knowledge Base and before that the PCI Alliance. He has worked with many leading edge companies as an analyst for Gartner for 14 years. The PCI Knowledge Base is a Research Community which shares information and knowledge to help merchants, banks and other organizations achieve PCI compliance.

"Don't be a hero." For years, this is how banking institutions have responded to robberies - with an attitude of compliance. But in Seattle, the local division of the FBI has turned this attitude on its heels with SafeCatch, a program designed to train bank employees to spot and deter potential robberies before they even occur. In an exclusive interview about SafeCatch, FBI Special Agent Larry Carr discusses: The SafeCatch approach to deterring robberies; How effective SafeCatch has been in Seattle; Simple steps banking institutions can take to help prevent robberies. Carr is the bank robbery coordinator within the FBI's Seattle office. He is credited with creating the SafeCatch program. Since 2006, Carr has provided SafeCatch training to some 40 Washington State financial institutions -- roughly 400 bank branches and 3,000 employees. Last year, Seattle saw a 51 percent decrease in the number of bank robberies from its 1996-2006 average of approximately 300 robberies annually.

The targets are getting bigger, the fraudsters bolder, and we all have a whole lot more at stake to lose. This is the message from Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. In a discussion of current data breach trends, Monahan touches upon: How breaches in 2009 are trending differently from 2008; What public and private sector organizations need to do to prevent breaches; What to watch for as we approach 2010. Monahan has 10 years of financial services industry experience. Her banking background includes extensive managerial experience working with growth businesses, strategizing and implementing cross-sectional financial plans to accommodate multiple projective scenarios. As a college educator, Ms. Monahan's work focused on current issues in accounting and economics. Javelin, based in the San Francisco Bay area, provides direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiat

Banks fail, are closed and acquired every week. The business processes behind these conversions are proven and precise. But what is the role of information security in a bank acquisition? When does the security group enter the discussion, and what's its role in the transition? Matthew Speare of M&T Bank, which recently acquired Provident Bank, discusses: The role of information security in a bank acquisition; Successes and challenges in conducting a conversion; Advice to other institutions that might acquire or be acquired. Speare oversees security for M & T Bank Corporation, the nation's 17th largest bank holding company, based in Buffalo, New York. He is responsible for developing and sustaining an information risk program that effectively protects the personal information of millions of M & T Bank customers. His responsibilities include information security management, IT compliance and risk management, corporate emergency and incident response, and business continuity management. Matt is also a Ma

Ten years ago, the National Security Agency (NSA) started up the Centers of Academic Excellence program to encourage stronger information assurance programs at colleges and universities. Initially, there were 7 designated CAE schools. Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face. Dickie George, Information Assurance Technical Director within the NSA, discusses: The CAE program's core mission; Benefits of the program for participating schools and students; What to expect from CAE in its second decade. George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications

Interview with Dr. David Dampier on Mississippi State's Unique Program Mississippi State University's 'Wounded Warriors' program is all about providing digital forensics training for soldiers and sailors transitioning home from Iraq, Afghanistan and elsewhere in the world. In an exclusive interview, Dr. David Dampier, associate professor in the university's department of computer science and engineering - and an Army veteran - discusses: Details of the 'Wounded Warriors' program; Job prospects for returning veterans; How this program has impacted other training opportunities at Mississippi State. Dampier is an Associate Professor in the Department of Computer Science and Engineering and serves as the Director of the National Forensics Training Center at Mississippi State University. The NFTC is a USDOJ-funded center that provides law enforcement officers free training in digital forensics. He is a retired Army officer with over 20 years of service. His research interests are in digital forensics and sof

Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives,

Already in 2009 we've seen more than double the number of bank and credit union failures than we saw in all of 2008. Where will it end? Which big institution is next to fail? To gain insight on market trends, we interviewed Christine Barry of AITE Group LLC on: Why Colonial Bank is likely to be the largest failure of the year; How many more institutions are likely to close through the end of the year; How the banking landscape is being altered by these failures. Barry serves as a Research Director at Aite Group LLC, focusing on the strategies and technology implementations of global banks of all sizes. Her recent research has addressed remote deposit capture, best-practices for credit unions, capturing the valuable small-business customer, global cash management trends, and core banking system replacement. She is an acknowledged banking industry expert with more than a decade of experience in financial services products and technologies. She has worked with a broad range of U.S. and international clients

Log Management is a necessary first step, but only a baseline technology. Compliance mandates and good security practice also require real-time, end-to-end monitoring to identify, prioritize, analyze and remediate the true threats. Given the increase in targeted stealth attacks, clear visibility is more important than ever to protect your data. Consequently, Log Management alone is just not enough. Learn how the convergence of Log Management and Security Information Management (SIM) is changing the way we think about security, and why the demand for SIM is surging, even in the face of the current economic downturn. Mark Nicolett and netForensics Vice President of Products, Tracy Hulver, discuss: Shortfalls of traditional Log Management solutions Recommendations for effective real-time threat identification Pitfalls to avoid when deploying SIM technology How to make your existing log data actionable Combining and simplifying SIM and Log Management Log Management is a necessary first step, but onl

The worst thing a bank president or a senior management team at a financial institution can hear is "We've had a data breach." John Scanlon, a senior executive at Intersections, speaks to data breach readiness and the lessons learned from others' incidents. Intersections is a business partner of the Identity Theft Assistance Center. Listen to this podcast for Scanlon's insights on: The state of incident response and data breach response in the financial services industry; What is data breach readiness and why it's not admitting defeat by being ready; The seven steps of data breach readiness. John Scanlon is executive vice president and chief operating officer at Intersections, a consumer and corporate identity risk management services company based in Virginia. He previously held a number of positions at financial services companies including Capital One Financial Corp. and JP Morgan & Co.

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Sc

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Infor

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a