Cracking Cyber Security Podcast From Teiss

This week we are exploring the weird world of deepfakes - one of the latest ways cybercriminals are exploiting people and making money. Put simplistically, the term “deepfake” refers to an image, video, or audio clip that is manipulated using artificial intelligence and deep learning to depict something that did not really happen.  On this week’s episode, we have two experts tackling the topic, first from a tech perspective - Andrzej Kawalec, Director of strategy and technology at Optiv, who explains how criminals are using deepfakes to their advantage, how companies should start to think about them, and what tech is developing in the arena to combat the threat. My second guest is Tamara Quinn a non-contentious IP and Data Privacy Partner at Osborne Clarke, who shares a legal perspective on the topic. 

According to the National Crime Agency more than 2,500 arrests were made last year in the UK, after Facebook reported offenders for trying to entice children into sharing indecent images or meeting in real life.Today’s children and teenagers have grown up in the online world, and with all its benefits, these arrests are proof of the darker side of the digital space. So how can we better our children and teenagers online?On this week’s teissPodcast I had the honour of speaking with Lorin LaFave, the mother of Breck Bednar, who was murdered in 2014 after being groomed online. Two weeks after her son’s murder, Lorin set up the Breck Foundation to educate young people and their parents about online grooming and internet safety.In the interview, Lorin talks about the misconceptions about online grooming, what measures she would like to see put in place when it comes to security by design for products and games and what she feels the cyber security industry could be doing to improve internet safety.Do watch Breck’s

Apparently there’s an election on December 12th, so on this teissPodcast we’re exploring which cyber threats are going to impact the upcoming UK election.Our expert guest this week is Priscilla Moriuchi, director of strategic threat intelligence at Recorded Future, who’s researched the security threats facing elections globally, with a large focus on disinformation campaigns.  On the podcast Priscilla discusses the tactics hackers are using to target elections, whether political micro-targeting can really impact election results and what the security world can learn from election campaigns.   

Red teaming is one of the most fascinating activities an ethical hacker can be involved in. The practice usually involves an independent group that assumes the role of a hacker to show organisations what vulnerabilities or backdoors pose a threat to their cyber security. Sounds like every organisation should employ one…but is it always necessary? And if so, how do you know if your organisation is ready for red teaming? On this episode of the teissPodcast I speak with Ed Williams, EMEA director at SpiderLabs, Trustwave, about red teaming and deciding when is the right time for an organisation to engage a red team. Ed, a patriotic Welshman and ardent rugby enthusiast, explains some common tactics hackers use to manipulate people, where red teaming should sit in the overall cyber security strategy and how can cyber maturity be achieved through red teaming.

We are told that the expected cyber skills shortage is estimated to be 1.8 million by 2022 and yet just 12% of the cybersecurity workforce is under the age of 35.This week I speak with Mark Walmsley, CISO, Freshfields, about finding, nurturing and growing the next generation of cyber talent. Mark has a wealth of knowledge and experience in sourcing and recruiting talent – particularly in the more untraditional places – so I asked him about where and from what age the search should begin, what it takes to motivate young people, and what the industry should be doing to increase its talent pipeline.Mark will be speaking at Cyber Security Connect UK.

There’s a saying that culture trumps strategy every time, but how do you build a strong, positive culture in the first place?I caught up with Steve Moore, VP and Chief Security Strategist at Exabeam. Steve’s been on the podcast before and it’s always inspiring to hear his thoughts on leadership, nurturing talent and creating a culture which allows people to grow and thrive in their roles. Easy right? Steve highlights some approaches which can help. He also mentions Exambeam’s recent Cybersecurity Salary Survey which is worth a read.Check out Steve’s podcast The New CISO!Interview recorded at the Exabeam user conference, San Francisco, earlier this year. 

Welcome to the Security Leaders’ Roundtable Podcast, where I am joined by two exceptionally talented CISOs, Brian Brackenborough, CISO of a major broadcaster and Nick Nagle, CISO of the Publishing House, Conde Nast International. On this podcast, recorded in July 2019, I asked them to bring two cyber security news stories to the table, as well as a “grudging respect” – a story/hack/response to a breach which deserves a tip of the hat. Brian selected the story about the ICO intending to fine British Airways £183.39M for breaches of data protection law. Nick chose one on the anonymous hacker who was arrested after dropping a USB stick while throwing a Molotov cocktail, as you do.Brian’s “grudging respect” (though not so much grudging, but more pure respect) was for the digital bank Monzo and how they responded to the Ticketmaster and BA breaches. Nick’s contribution was about a fake French minister in a silicone mask who stole millions. True story.Hope you enjoy the discussion.

Whether it’s external threats to an organisation or bracing personal challenges, how do you respond to the unknown unknowns? Well fortunately our guest this week, Colin Anderson, CISO at Levi Strauss & Co, has had much experience in this realm.I had the opportunity to speak with him at the Exabeam user conference in San Francisco last week where we spoke about his leadership style, how he forms partnerships and support from within the board and whether cyber security can be measured in numbers alone.And…yes, he only wears Levi’s.

What can we learn from the way cybercriminals recruit and train people in their networks to help us with our own cyber security skills shortage? On this podcast we are visiting the dark side of the moon with teissPodcast friend and regular, Joe Carson, Chief Security Scientist & Advisory CISO at Thycotic. We explore how criminals recruit and train people in their network and how quickly can they take someone with no experience and coach them to be a functional member of their team. Essentially, with ethics in mind, what could we learn and even copy from them?

This week the teissPodcast jumps right into the heart of cyber security innovation at LORCA (the London Office for Rapid Cybersecurity Advancement) –  a Government-backed cyber accelerator which supports the most promising cyber security innovators in scaling and growing solutions to the cyber problem.teiss speaks with programme director, Saj Huq about the emerging trends in cyber innovation, the challenges that cyber start-ups face on both macro and micro levels and what role investors should play in this space. We also discuss safeguarding and nurturing international cyber talent as the Brexit date looms.

This week, The teissPodcast is at The National Museum of Computing on Bletchley Park in Milton Keynes.If you’ve not already been there – GO - it’s a treasure trove of historic computers…In fact, it's home to the world’s largest collection, from the Turing-Welchman Bombe and Colossus of the 1940s through the large systems and mainframes of the 1950s, 60s and 70s, to the rise of personal computing and the rise of mobile computing and the internet.Seeing a floppy desk, Pacman mazes and a Sega Mega Drive in a museum did make me feel quite old, but it’s incredible how these holy relics really arouse the inner child in you. It certainly did with my guest, Paul Watts CISO at Domino’s Pizza Group PLC, who bounded and buzzed with excitement at the technology that had occupied his adolescence.I always enjoy talking with Paul and hearing his thoughts on the past, the present and the future…In this interview we talk data - ethics and its future, the double-edged sword that is technology and...Chuckie Egg!With many t

There’s a cyber skills shortage, but are cyber security hiring and retention processes doing more harm than good to your organisation?This week I speak with Vicki Gavin, about recruitment, talent retention and leading teams. Vicki is an advisor on security, privacy and resilience and was previously CISO for the Economist; with years of experience under her belt I thought she was ideal to discuss these topics with.Vicki speaks with genuine warmth, passion and clarity and admits that it wasn’t until she became a mother that she discovered how to be a good leader. "It’s the same skill set," she says, "never forcing but helping them to understand the world around them and be the best they can be.” I love that.So let’s look at the stats, findings revealed in ISACA’s recent State of Cybersecurity 2019 research, say that 64% of respondents indicated that they have trouble retaining qualified cyber security professionals. So what's going wrong?

Can you imagine a world where our water, energy and transport systems just stop working? How about our hospitals, telecoms and financial services? It’s a picture I struggle to visualise, and yet we are told that the risks to our national security have never been greater. So, how safe actually is our National Critical Infrastructure right now and are we able to protect ourselves? Questions we’ll be exploring on this episode of the Cracking Cyber Security Podcast. Tim Mackey, Principal Security Strategist at the Synopsys CyRC (Cybersecurity Research Centre) about the ominous potential of a cyber-attack on our National Critical Infrastructure. We discuss the threats, the problems and some possible solutions.

How can we tackle the cyber skills shortage? What’s the best way to up-skill your cyber security workforce? Does it take more than just passion to work in cyber security? These are questions we’ll be exploring on this week’s Cracking Cyber Security podcast.This week I chat with Principal Security Consultant (CCSAS) at Trustwave SpiderLabs, Matt Lorentzen. We are told that cybersecurity skills shortage is worsening for the third year in a row and according to the annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) has impacted nearly three quarters (74 percent) of organisations. So what can be done about it? On the podcast Matt gives some great advice to anyone looking to work in cyber security, as well as employers who want to up-skill their current workforce.

This week we are talking about leadership, imposter syndrome and humour with Thom Langford on the Cracking Cyber Security podcast. Founder of (TL)2 Security Ltd and former CISO at Publicis Groupe, Thom is a well-known figure in the security world, prolific public speaker and an active and engaging social media user – so to hear that he describes himself as “naturally shy” – came as a bit of a surprise. Thom speaks candidly about wrestling with imposter syndrome, using humour to his advantage and how public speaking has helped his confidence grow over the years. 

How should organisations deal with the Insider Threat? Can you stop the insider before they cause harm? What are the red flags to look out for? This week on the Cracking Cyber Security Podcast we speak with Lisa Forte, cybersecurity expert and founder of Red Goat Cyber Security about the “Insider Threat”.Lisa began her career in maritime security before moving into counter-terrorism intelligence, and then later into one of the UK Police cyber-crime units where she got to know the attackers’ mindsets and methodologies well. She’s also a bit of a legend in the tech world, winning the “Top 100 Women In Tech” award last year. Lisa recently conducted some research on the Insider Threat and she shares some fascinating findings on the episode.  

Head of Threat Intelligence at Cybereason, Assaf Dahan, shares some fascinating research about the latest cyber security trends.Assaf, shares some of the most notable attacks we’ve seen over the past year, which techniques were used, what were the attackers after and what you need to know about how to protect yourself from such attacks. We also discuss how the criminals are collaborating and what makes Israel a leader in cyber innovation.Assaf has over 15 years in the InfoSec industry. He started his career in the Israeli Military 8200 Cyber Security unit where he developed extensive experience in offensive security. Later in his career he led Red Teams, developed penetration testing methodologies, and specialized in malware analysis and reverse engineering.

Can defenders trick their attackers? Can organisations use deception successfully to level the playing field and dupe cybercriminals? This week on the Cracking Cyber Security podcast we’ll be discussing the “art of tricking the trickster”.This week Carolyn Crandall – who has the coolest title in cyber - Chief Deception Officer and CMO at Attivo Networks, joins us on the podcast and explains how organisations can turn the attackers' techniques against them. We also talk about evolving threats in 2019 and Carolyn’s quest to get more females into tech.

On this episode of the Cracking Cyber Security Podcast, Stephen Moore, Chief Security Strategist at Exabeam says that organisations need a new breed of CISO – one who is groomed for the challenging audiences of the Executive Leadership Team (ELT), the CEO, subcommittees, and the Board.Furthermore, he shares advice on how to speak to the board in a language they understand, how to avoid sugar-coating bad news, and how to focus on co-operation not just budget. Stephen also talks passionately about how CISOs can be better security leaders.

Why has the US banned the use of Chinese company Huawei’s technology? To what extent is Huawei a security threat? What are the deeper issues at play in this power struggle? These are questions we’ll be exploring on this week’s cracking cyber security podcast.Malcolm Taylor, Head of Cyber Security at ITC Secure Networking, joins me to discuss what’s really at the root of tensions between the US, UK and China in the battle over the use of Huawei 5G technology. We also talk about the wider issues of surveillance and data privacy. What's a surveillance state? What surveillance is ok and what is not? What would George Orwell make of all this?