Cracking Cyber Security Podcast From Teiss

What can we learn from the way 'national security' government organisations think about and buy security?  This week I’ll be speaking with ex-BAE Systems cyber security technical director and now co-founder of Garrison, Henry Harrison. He tells us what we can learn from government organisations in their approach to security and advises on the mind-set and strategies companies should adopt when buying security.  Also, our podcast has been nominated for not just one but two awards at this year’s EU Security Blogger Awards…We are up for "Best New Cyber Security Podcast" and "Best Security Podcast"…We’d like to thank all of you for your support over the past year and we also ask that you go and vote for us! Cast your votes here: https://www.surveymonkey.com/r/eubloggerawards2019 (entries 1 and 5)

On this podcast we speak with CEO and co-founder at Tessian, Tim Sadler, about whether - amidst high stress and anxiety – CISOs can afford to be creative and take risks in their decision-making. We also ask, can the role of defender really be a creative one? Tim also shares advice on how to *creatively recruit* for *creative thinkers* and how he keeps his own leadership inspired.Also, our podcast has been nominated for not just one but two awards at this year’s EU Security Blogger Awards…We are up for "best new cyber security podcast" and "best security podcast"…We’d like to thank all of you for your support over the past year and we also ask that you go and vote for us! Cast your votes here: https://www.surveymonkey.com/r/eubloggerawards2019 (entries 1 and 5)

Our theme this week is “Zero trust” – what is it and how can you implement it in your organisation. On the episode I’m joined by Richard Archdeacon, Duo Security’s Advisory CISO about a ‘Zero Trust’ approach to security (ie ‘trust no-one, verify everything’) and how this addresses some of the biggest concerns for Security Professionals: from digital transformation to enabling remote working. We discuss the evolution of trust, the psychology of a zero trust approach and how hackers are evolving in the perimeterless era.

That’s the question we’ll be tackling on this episode of the cracking cyber security podcast. Peter Woollacott, CEO and Founder of Huntsman Security, joins us this week to discuss the changing face of cyber risk and how businesses can better understand their cybersecurity posture. We cover security scorecards, cyber insurance and whether it’s possible to place a price on risk, as well as reflecting on how far a success GDPR has been - almost a year since its implementation. Peter, who’s been in the cyber security industry for over 20 years, is from Australia, so we took the opportunity to ask what the UK could learn about cyber regulation from our friends in Oz.

Cryptographer Bruce Schneier once said, "only amateurs attack machines, professionals target people" and yet how far should we be blaming humans for the breakdown of our cyber security?Joining us on this podcast is Flavius Plesu, former CISO at Bank of Ireland and co-founder and CEO of OutThink – a platform which is transforming the way companies are engaging with their employees.Many organisations push out some sort of security awareness training, simulated phishing emails, or bright, amusing posters relaying the importance of cyber security – but how effective are these traditional methods? Or could they, in fact, be doing more harm than good when it comes to building a solid relationship between the workforce and security teams?Flavius explains why we should be reframing the conversation around what is expected from humans and why we need to be talking about "managing human risk" rather than "behavioural change". We also explore what the role of the CISO should be and how the

March 12 2019 marked the 30 year anniversary of the World Wide Web and it was around this time that I met with former senior British Intelligence Officer and Head of Cyber Security at ITC, Malcolm Taylor.The serendipity of the occasion provided an opportune moment to ask Malcolm how he thinks the web has evolved since its inception and whether it’s, ultimately, been a force for good or bad…We also discussed the nature of privacy and trust and how they’ve changed during that time and are changing still.As a starting point, however, I began asking Malcolm about “spear phishing” – and how criminals specifically target their victims through carefully designed emails. This is in contrast to traditional phishing attacks usually conducted by sending malicious emails to as many people as possible. Lots of food for thought and tips to protect your “digital tattoo”.

Are CISOs suffering from an image crisis? Do they need a rebranding of sorts? How can they be taken seriously by the board and be seen as part of business operations as opposed to purely an investment? With us to explore these questions is TEISS podcast regular Joe Carson, Chief Security Expert at Thycotic. He’ll explain why 2019 is the year of the CISO but also why CISOs need to do more listening than talking.

This week on the show we have ESET’S Malware Analyst and Researcher, Lukas Stefanko and Head of Automated Threat Detection and Artificial Intelligence, Juraj Jánošík. TEISS caught up with them at Mobile World Congress last month in Barcelona where we discussed the tactics criminals are employing to hack into mobile phones and how we can stay secure with the fast moving innovations in the mobile space. 

When it comes to movers and shakers in the tech world, our guest this week is certainly making some noise in that realm. Sian John, MBE, is the Chief Security Advisor at Microsoft and the tour de force behind the #queuefortheloo initiative; a series of events and online resources aimed at women (and men) in the cyber security sector. On this podcast Sian discusses how the #queuefortheloo campaign came about as well as why we’ve gone backwards when it comes to attracting and recruiting diverse talent to the industry. 

This week on the podcast we are talking with Naaman Haart, a UK-based threat hunter for the cybersecurity company, Digital Guardian.The role of the Threat hunter is a fairly new one within the industry and on this episode Naaman discusses the ins and outs of what the job entails, as well as how he hunts for, investigates and quarantines threats on a number of enterprise networks. Naaman also reveals the biggest malware trends he’s seeing at the moment.

On this week’s episode, we talk to cyber security company Tanium’s CEO Orion Hindawi and Chief Technology Officer, Ryan Kazanciyan, at their yearly conference, CONVERGE.Is it fair to label vendors as the snake oil of the cyber security industry? How can CISOs measure risk and present their findings to the board in a comprehensive way? Can companies really avoid having a weak link in their armour? What questions should organisations be asking when it comes to protecting themselves?Find out how Orion and Ryan responded and more on the episode.

On this week’s podcast TEISS speaks with Detective Superintendent Andrew Gould - Head of the Metropolitan Police Cyber Crime Unit about how the Met is tackling international cybercrime, how well nation states cooperate when it comes to tracking down the criminals and what he’s learned from previous work in counter terrorism that is helping in the plight to clamp down on cybercrime.

Did you know that the most popular password at the end of 2018 was "123456", followed by “password” in second place? Here's a list of the top 25 which might seem alarming...or not.So, unsurprisingly, this week we’re talking passwords…yes, those things we love to hate…but why do we love to hate them? Why exactly are we so bad at changing our passwords regularly? What’s wrong with using the same password across multiple accounts?To help us tackle the password conundrum, Cyber Security Specialist at ESET, Jake Moore, uncovers some tactics the hackers employ to steal our passwords and gives advice for better password management. 

This week Joe Carson, chief security scientist at Thycotic, takes us through the mind of a hacker. What reconnaissance does a hacker conduct before an attack? What are the vulnerabilities they’re looking for? When are hackers most likely to strike? Joe shares his thoughts on these questions, as well as addressing the risks of introducing IoT for ease of use but sacrificing security and how you can prevent and reduce the risk of abuse to your critical information assets.

Here we are - at the end of 2018 – and what a year it’s been in the world of cyber security. Barely a week went by without a story of another major breach hitting the headlines. It was the year of GDPR, when businesses jostled to understand and implement the required privacy regulations. Was it also Facebook’s annus horribilis? The Cambridge Analytica scandal, Russian fake news, and the failure to remove child pornography were just a few of the problems that plagued Facebook founder, Mark Zuckerburg, in recent months. So what lessons have we learned in 2018? Has the long anticipated GDPR delivered? And what sort of trends can we expect in 2019? Former CISO and Founder and CEO of Cyber Risk Aware, Stephen Burke, shared some of his thoughts on the year that was, and the year to come. 

This is Part Two of our focus on cyber extortion with Tim Lambon, Director of NYA, the Global Response Team. The episode explores the stigma attached to admitting your business has been a victim of ransomware, the emotional trauma some victims go through, how GDPR has empowered the criminals, as well as Tim’s top tips for dealing with cyber extortion.

Cyber extortion is our theme this week; the crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack. This is the first part of a 2 part cyber extortion special where Tim Lambon, Director of the Global Response Team at NYA, discusses the different types of cyber extortion the criminals are exploiting, when to pay the ransom and when not, the negotiation process itself, how the perception of the value of data changes throughout the negotiation process and what’s the psychology behind it all…

This week we are talking about security awareness with Martin Smith MBE, Chairman of both SASIG and The Security Company. On the podcast Martin discusses the importance of humour and humanity, what is needed to inspire security culture behaviour change within an organisation, and why the security industry needs to stop isolating itself from other industries. 

TEISS speaks with Tanium’s Chief Security Officer, David Damato, at CONVERGE18 in Washington DC. On the podcast, we explore how he thinks the cyber skills gap could be bridged, how WannaCry could have been avoided, lessons he’s learnt along his career path, as well as how to talk to the board effectively.New research from Tanium suggests that UK firms have a long way to go in building the business resilience required to withstand modern cyber threats and other major disruptions. Tanium's latest Business Resilience study reveals that 96% of business decision makers claim business resilience should be core to company strategy, however only 54% say that it definitely is…so why are they struggling to take action?

This week we talk hackers vs defenders, how to convince the board to invest in the unknown and the future of cybersecurity with Juraj Malcho, CTO at ESET. Also, why a dose of health paranoia could be good for us...