Cracking Cyber Security Podcast From Teiss

This week we are talking about leadership, imposter syndrome and humour with Thom Langford on the Cracking Cyber Security podcast. Founder of (TL)2 Security Ltd and former CISO at Publicis Groupe, Thom is a well-known figure in the security world, prolific public speaker and an active and engaging social media user – so to hear that he describes himself as “naturally shy” – came as a bit of a surprise. Thom speaks candidly about wrestling with imposter syndrome, using humour to his advantage and how public speaking has helped his confidence grow over the years. 

How should organisations deal with the Insider Threat? Can you stop the insider before they cause harm? What are the red flags to look out for? This week on the Cracking Cyber Security Podcast we speak with Lisa Forte, cybersecurity expert and founder of Red Goat Cyber Security about the “Insider Threat”.Lisa began her career in maritime security before moving into counter-terrorism intelligence, and then later into one of the UK Police cyber-crime units where she got to know the attackers’ mindsets and methodologies well. She’s also a bit of a legend in the tech world, winning the “Top 100 Women In Tech” award last year. Lisa recently conducted some research on the Insider Threat and she shares some fascinating findings on the episode.  

Head of Threat Intelligence at Cybereason, Assaf Dahan, shares some fascinating research about the latest cyber security trends.Assaf, shares some of the most notable attacks we’ve seen over the past year, which techniques were used, what were the attackers after and what you need to know about how to protect yourself from such attacks. We also discuss how the criminals are collaborating and what makes Israel a leader in cyber innovation.Assaf has over 15 years in the InfoSec industry. He started his career in the Israeli Military 8200 Cyber Security unit where he developed extensive experience in offensive security. Later in his career he led Red Teams, developed penetration testing methodologies, and specialized in malware analysis and reverse engineering.

Can defenders trick their attackers? Can organisations use deception successfully to level the playing field and dupe cybercriminals? This week on the Cracking Cyber Security podcast we’ll be discussing the “art of tricking the trickster”.This week Carolyn Crandall – who has the coolest title in cyber - Chief Deception Officer and CMO at Attivo Networks, joins us on the podcast and explains how organisations can turn the attackers' techniques against them. We also talk about evolving threats in 2019 and Carolyn’s quest to get more females into tech.

On this episode of the Cracking Cyber Security Podcast, Stephen Moore, Chief Security Strategist at Exabeam says that organisations need a new breed of CISO – one who is groomed for the challenging audiences of the Executive Leadership Team (ELT), the CEO, subcommittees, and the Board.Furthermore, he shares advice on how to speak to the board in a language they understand, how to avoid sugar-coating bad news, and how to focus on co-operation not just budget. Stephen also talks passionately about how CISOs can be better security leaders.

Why has the US banned the use of Chinese company Huawei’s technology? To what extent is Huawei a security threat? What are the deeper issues at play in this power struggle? These are questions we’ll be exploring on this week’s cracking cyber security podcast.Malcolm Taylor, Head of Cyber Security at ITC Secure Networking, joins me to discuss what’s really at the root of tensions between the US, UK and China in the battle over the use of Huawei 5G technology. We also talk about the wider issues of surveillance and data privacy. What's a surveillance state? What surveillance is ok and what is not? What would George Orwell make of all this?

What can we learn from the way 'national security' government organisations think about and buy security?  This week I’ll be speaking with ex-BAE Systems cyber security technical director and now co-founder of Garrison, Henry Harrison. He tells us what we can learn from government organisations in their approach to security and advises on the mind-set and strategies companies should adopt when buying security.  Also, our podcast has been nominated for not just one but two awards at this year’s EU Security Blogger Awards…We are up for "Best New Cyber Security Podcast" and "Best Security Podcast"…We’d like to thank all of you for your support over the past year and we also ask that you go and vote for us! Cast your votes here: https://www.surveymonkey.com/r/eubloggerawards2019 (entries 1 and 5)

On this podcast we speak with CEO and co-founder at Tessian, Tim Sadler, about whether - amidst high stress and anxiety – CISOs can afford to be creative and take risks in their decision-making. We also ask, can the role of defender really be a creative one? Tim also shares advice on how to *creatively recruit* for *creative thinkers* and how he keeps his own leadership inspired.Also, our podcast has been nominated for not just one but two awards at this year’s EU Security Blogger Awards…We are up for "best new cyber security podcast" and "best security podcast"…We’d like to thank all of you for your support over the past year and we also ask that you go and vote for us! Cast your votes here: https://www.surveymonkey.com/r/eubloggerawards2019 (entries 1 and 5)

Our theme this week is “Zero trust” – what is it and how can you implement it in your organisation. On the episode I’m joined by Richard Archdeacon, Duo Security’s Advisory CISO about a ‘Zero Trust’ approach to security (ie ‘trust no-one, verify everything’) and how this addresses some of the biggest concerns for Security Professionals: from digital transformation to enabling remote working. We discuss the evolution of trust, the psychology of a zero trust approach and how hackers are evolving in the perimeterless era.

That’s the question we’ll be tackling on this episode of the cracking cyber security podcast. Peter Woollacott, CEO and Founder of Huntsman Security, joins us this week to discuss the changing face of cyber risk and how businesses can better understand their cybersecurity posture. We cover security scorecards, cyber insurance and whether it’s possible to place a price on risk, as well as reflecting on how far a success GDPR has been - almost a year since its implementation. Peter, who’s been in the cyber security industry for over 20 years, is from Australia, so we took the opportunity to ask what the UK could learn about cyber regulation from our friends in Oz.

Cryptographer Bruce Schneier once said, "only amateurs attack machines, professionals target people" and yet how far should we be blaming humans for the breakdown of our cyber security?Joining us on this podcast is Flavius Plesu, former CISO at Bank of Ireland and co-founder and CEO of OutThink – a platform which is transforming the way companies are engaging with their employees.Many organisations push out some sort of security awareness training, simulated phishing emails, or bright, amusing posters relaying the importance of cyber security – but how effective are these traditional methods? Or could they, in fact, be doing more harm than good when it comes to building a solid relationship between the workforce and security teams?Flavius explains why we should be reframing the conversation around what is expected from humans and why we need to be talking about "managing human risk" rather than "behavioural change". We also explore what the role of the CISO should be and how the

March 12 2019 marked the 30 year anniversary of the World Wide Web and it was around this time that I met with former senior British Intelligence Officer and Head of Cyber Security at ITC, Malcolm Taylor.The serendipity of the occasion provided an opportune moment to ask Malcolm how he thinks the web has evolved since its inception and whether it’s, ultimately, been a force for good or bad…We also discussed the nature of privacy and trust and how they’ve changed during that time and are changing still.As a starting point, however, I began asking Malcolm about “spear phishing” – and how criminals specifically target their victims through carefully designed emails. This is in contrast to traditional phishing attacks usually conducted by sending malicious emails to as many people as possible. Lots of food for thought and tips to protect your “digital tattoo”.

Are CISOs suffering from an image crisis? Do they need a rebranding of sorts? How can they be taken seriously by the board and be seen as part of business operations as opposed to purely an investment? With us to explore these questions is TEISS podcast regular Joe Carson, Chief Security Expert at Thycotic. He’ll explain why 2019 is the year of the CISO but also why CISOs need to do more listening than talking.

This week on the show we have ESET’S Malware Analyst and Researcher, Lukas Stefanko and Head of Automated Threat Detection and Artificial Intelligence, Juraj Jánošík. TEISS caught up with them at Mobile World Congress last month in Barcelona where we discussed the tactics criminals are employing to hack into mobile phones and how we can stay secure with the fast moving innovations in the mobile space. 

When it comes to movers and shakers in the tech world, our guest this week is certainly making some noise in that realm. Sian John, MBE, is the Chief Security Advisor at Microsoft and the tour de force behind the #queuefortheloo initiative; a series of events and online resources aimed at women (and men) in the cyber security sector. On this podcast Sian discusses how the #queuefortheloo campaign came about as well as why we’ve gone backwards when it comes to attracting and recruiting diverse talent to the industry. 

This week on the podcast we are talking with Naaman Haart, a UK-based threat hunter for the cybersecurity company, Digital Guardian.The role of the Threat hunter is a fairly new one within the industry and on this episode Naaman discusses the ins and outs of what the job entails, as well as how he hunts for, investigates and quarantines threats on a number of enterprise networks. Naaman also reveals the biggest malware trends he’s seeing at the moment.

On this week’s episode, we talk to cyber security company Tanium’s CEO Orion Hindawi and Chief Technology Officer, Ryan Kazanciyan, at their yearly conference, CONVERGE.Is it fair to label vendors as the snake oil of the cyber security industry? How can CISOs measure risk and present their findings to the board in a comprehensive way? Can companies really avoid having a weak link in their armour? What questions should organisations be asking when it comes to protecting themselves?Find out how Orion and Ryan responded and more on the episode.

On this week’s podcast TEISS speaks with Detective Superintendent Andrew Gould - Head of the Metropolitan Police Cyber Crime Unit about how the Met is tackling international cybercrime, how well nation states cooperate when it comes to tracking down the criminals and what he’s learned from previous work in counter terrorism that is helping in the plight to clamp down on cybercrime.

Did you know that the most popular password at the end of 2018 was "123456", followed by “password” in second place? Here's a list of the top 25 which might seem alarming...or not.So, unsurprisingly, this week we’re talking passwords…yes, those things we love to hate…but why do we love to hate them? Why exactly are we so bad at changing our passwords regularly? What’s wrong with using the same password across multiple accounts?To help us tackle the password conundrum, Cyber Security Specialist at ESET, Jake Moore, uncovers some tactics the hackers employ to steal our passwords and gives advice for better password management. 

This week Joe Carson, chief security scientist at Thycotic, takes us through the mind of a hacker. What reconnaissance does a hacker conduct before an attack? What are the vulnerabilities they’re looking for? When are hackers most likely to strike? Joe shares his thoughts on these questions, as well as addressing the risks of introducing IoT for ease of use but sacrificing security and how you can prevent and reduce the risk of abuse to your critical information assets.