Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!

Prologue

You've GOT to hear this!

This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - using commonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us!

Guest

• Martin Zizi
  • Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint®, a cloudless AI-supported neural-tapping technology that can be used for authentication, identification, encryption, secure TLS, and bot segregation. Following his early years in the United States as a Scientist at the Walter Reed Army Institute of Research where he worked on very advanced projects, he had a 20-years dual-track career, leading both academic and strategic projects as a top scientist in 3 fields and was also a Chief Scientific Officer for Belgian DoD. Martin was a sought-after advisor for the Belgian, the EU governments, international organizations (UN) and the industry. Aerendir Mobile Inc. is his second start-up. He was #2 at another start-up in the Medical technology vertical.
  • LinkedIn: https://www.linkedin.com/in/martinzizi/
  • Twitter: https://twitter.com/MartinZ_uncut
  • Aerendir Mobile, Inc.
    • LinkedIn: https://www.linkedin.com/company/aerendir-mobile-inc
    • Twitter: https://twitter.com/AerendirMobile/

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!

Chrome to label more sites as insecure in 2017

• Link: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
• Focus on sites that transmit passwords or credit card info over HTTP

A USB Device is all it takes to steal credentials from locked PCs

• Link: http://www.pcworld.com/article/3117793/security/a-usb-device-is-all-it-takes-to-steal-credentials-from-locked-pcs.html
• This is actually pretty interesting, but a little trickier than it sounds
• Still - it's quite fascinating that a USB attack works cross-platform, based on network activity and default USB behaviors

DHS chief: 'Very difficult' for hackers to skew vote

• Link: http://thehill.com/policy/national-security/294956-homeland-head-very-difficult-for-hackers-to-skew-vote
• • Instead of dismissing the claim, let’s explore the merits
  • Then let’s consider what, if anything, it means for enterprise security
• “It would be very difficult through any sort of cyber intrusion to alter the ballot count, simply because it is so decentralized and so vast,” he said, noting the series of state, local and county systems involved in running elections. “It would be very difficult to alter the count.”
• • Decentralized and vast - the merits
  • How many companies make the systems - so is it as decentralized as we’d like
  • How much of what you do in the enterprise is decentralized?
  • What are your points of failure - or the easy pathways to attack?
• If someone did alter the vote... would we know? How would we know?
• What’s the impact of appearing to alter the vote?
• Depending on your organiz

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!

TL;DR:
On this episode of post-Black Hat 2023, my buddy Will Gragido joins me to talk about what we saw, what we learned, and what shenanigans transpired. We're focused on marketing and booths - how do vendors differentiate, what do conferencegoers take away, and what makes your booth or offering unique? What about AI?
Yeah, we talk about all of that.
YouTube Video: https://youtube.com/live/cWwKA-2XsQU
Guest

• Will Gragido
  • LinkedIn: https://www.linkedin.com/in/gragido/

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).

This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.

Join us! And spread the word!

Guest:

• Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.

If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731 ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!

First ...a milestone.

I want to take this time to formally welcome Mr. James Jardine, of SecureIdeas, as my permanent co-host to the podcast. James has experience podcasting as he already co-pilots the Professionally Evil Podcast, and he's witty, knowledgeable, and awesome to work with on the microphone. I ask that you all give James a warm welcome!

In this episode...

• Overview of what cyber liability insurance is and what it isn't
• We ask "Why would we need a security program, when you can just buy insurance?"
• How do [cyber] under-writers figure out how to insure you, and how much of a liability your organization and its practices is?
• The types of costs and coverages available in some of the different policies at the various carriers
• We pull on the 'reputation' thread ... again
• We try to divine the magic formula used to calculate how to calculate a 'liability' or coverage requirement
• We try and figure out how an enterprise can drive down their cyber liability insurance premiums
• Christine touches on mobility, encryption, and some interesting tidbits for the modern enterprise

Guest

• Christine Marciano ( @DataPrivacyRisk ) - Christine Marciano is President of Cyber Data Risk Managers, an Independent Insurance Agency specializing in Cyber Risk/Data Breach insurance, Directors & Officers insurance and (IP) Intellectual Property protection. Christine has over 17 years of experience working in various roles within the Insurance and Financial Services industry. Prior to establishing Cyber Data Risk Managers, Christine has held positions at CIBC Oppenheimer, Axa Advisors and Allstate Insurance Company.

Links

• Christine's Blog - http://databreachinsurancequote.com/blog/
• My 2013 Data Privacy, InfoSec & Cyber Insurance Trends report - http://databreachinsurancequote.com/wp-content/uploads/2013/02/2013-Data-Privacy-Information-Security-and-Cyber-Insurance-Trends-Report.pdf
• Christine's free weekly newsletter signup page - http://databreachinsurancequote.com/subscribe-data-breach-weekly-newsletter/

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast