Reimagining Cyber - real world perspectives on cybersecurity

Welcome to another compelling episode of the Reimagining Cyber podcast, where your knowledgeable hosts, Rob and Stan, explore the intricate landscape of Black Friday and Cyber Monday and the associated cybersecurity challenges that intensify during this festive shopping season.

Stan sheds light on the colossal scale of holiday spending, revealing that last year's Black Friday soared to an impressive 9 billion, while Cyber Monday skyrocketed to nearly 11 billion. With an astounding 197 million U.S. shoppers in the mix, the stakes are undeniably high, and the threats are alarmingly real.

The hosts pivot to the consumer side of the equation, drawing attention to the escalating sophistication of phishing emails. They caution listeners against succumbing to alluring offers that appear too good to be true and stress the paramount importance of verifying the authenticity of retail websites before divulging sensitive information.

Rob offers valuable insights into potential pitfalls for businesses, citing the recent Adobe update that addressed nine security vulnerabilities. The conversation delves into the multifaceted risks of payment fraud, ransomware attacks, and distributed denial of service (DDoS) attacks capable of disrupting e-commerce operations during this pivotal sales period.

Practical tips emerge as the hosts advocate for the crucial use of multi-factor authentication for online shopping accounts. They underscore the necessity of secure transactions facilitated by HTTPS protocols. Furthermore, Rob and Stan caution against using debit cards for online purchases and highlight the heightened risks associated with public Wi-Fi.

In summary, this episode provides not only a comprehensive understanding of the cybersecurity challenges during the holiday season but also actionable advice to navigate these threats successfully. Tune in for expert insights and safeguard your online experience during this bustling shopping period.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

John Keane, Software Angel of Death, discusses securing the supply chain, the important of contract language, and shares his unique perspective on the cyber space on the latest episode of Reimagining Cyber, “A discussion with the Software Angel of Death, John Keane.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Kristen Bell, Senior Manager of Application Security Engineering at GuidePoint Security, is back, sharing her insights into “Building better AppSec teams: Communication, collaboration, and culture.” Two weeks ago, Bell joined the Reimagining Cyber team, Rob Aragao and Stan Wisseman, to share her perspective on “Governing a better AppSec program by empowering dev teams.” Collaboration is KeyTo build a better AppSec team, Bell explains the importance of collaboration. Many developers have a bad taste in their mouths when it comes to automation. Developing a multi-phased approach where you can share each step and mitigate any barriers to adoption (for example, many developers don’t like a lot of “noise” or false positives), can be helpful. When it comes to the actual scanning itself, Bell recommends doing a lot of work on the front end to make it run as smoothly as possible, ensuring the highest-quality results for ease of use. Additionally, she recommends integrating a ticketing system like JIRA to provide a continuous feedback loop. This way, you can pull metrics to show return on investment. Lastly, Bell recommends getting buy-in from application developers and owners. With skin in the game and a seat at the table, they’ll have influence and investment in the security program’s direction. Communicate, communicate, communicateCreating a streamlined and organized communications approach when building out your AppSec team is crucial. It is critical to have one centralized location to house all information for your security team, whether it’s standards or blueprints. “It's super important that if you're building a portal, or a Wiki, or this one-stop-shop, for the developers, to have these self-service options, they need to know it exists,” Bell says. Reiterating it in multiple ways (an All Hands call, a newsletter, an e-mail) is critical. You have to remind people 13 times before they’ll remember something.Get out into the communityThere's OWASP, ISACA, (ISC)2, ISSA and lots of different kinds of AppSec and cybersecurity related organizationsthat team members can go and be active in in their local communities. I would also encourage people on the security team, if you go to a conference, invited the good AppSec-related speakers in to speak to the team or the developers. They usually are looking for opportunities to engage and are open to do it.AppSec in the CloudBuilding a Cloud-centric AppSec team has its challenges. Bell recommends: •Separation of duties: Developers don’t typically have access to production and don’t make changes in production. However, when it comes to the Cloud, that all changes. By creating different profiles and having people commit to certain tasks allows teams to divide and conquer. •Threat modeling: Bell recommends running threat models, testing different scenarios and looking at data flows and trust boundaries to help document repeatable processes and confirming adherence to compliance requirements (like geolocation of data).•Testing automation: DAST services allow you to now test GUI-less technologies to understand Have you tried any of these tips when building out your AppSec team? Do you have any to add to Bell’s suggestions? Let us know in the comments.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

While organizations need to gain visibility into application security risks, it can be challenging to build and mature an effective application security program. In this episode of Reimagining Cyber, Kristen Bell, a Senior Manager of Application Security Engineering at GuidePoint Security, shares some the best practices that she’s used to help organizations overcome common obstacles to success. Bell uses a collaborative approach between AppSec team and developers that can create a positive security-aware development culture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Data privacy isn’t just about keeping sensitive information private. It’s about understanding what data you have (whether it’s structured or unstructured), where it is, and any risk associated with it. How do you decide what to keep? Or what’s important? It’s complicated, and the process of figuring it out can be daunting. In this episode of Reimagining Cyber Greg Anderson, Vice President and Chief Privacy Officer for E.W. Scripps Company, tackles this conundrum and also sheds light on the shift of data privacy from data governance to driving business outcomes.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]