Sanjay Chopra is the co-founder and CEO of Cognistx, an AI company known for developing innovative products like SQUARE and DQE, used across various industries. With over 30 years of experience in AI and business strategy, Sanjay has led several successful technology ventures. He serves on the Pittsburgh board of the Federal Reserve Bank of Cleveland and is involved in multiple technology councils and advisory boards. Sanjay holds advanced degrees from Carnegie Mellon University and Virginia Tech, and he also teaches e-Commerce as an adjunct professor at Carnegie Mellon.

00:00 Intro

01:04 Our Guest

10:15 Changing the AI threat landscape

17:40 Using AI to complete legal work

27:10 Will AI remove the human element?

47:08 What does CognistX do?

50:00 SQUARY and Dark Rhiino’s vCISO Bot Launch -------------------------------------------------------- To learn more about CognistX visit https://www.cognistx.com/To test our vCISO bot visit https://darkrhiinosecurity.com/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com -------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​ --------------------------------------------------------

Greg Schaffer, founder of vCISO Services, LLC and a returning guest on Security Confidential, brings over 35 years of experience in IT and security, with 15 years as a CISO. He hosts the Virtual CISO Moment podcast and is the author of Information Security for Small and Midsized Businesses. 00:58 Our Guest 01:59 What’s new with Greg? 03:37 Changes in the vCISO world 11:29 People, Process, and Technology 15:00 Information Security for Small and Midsized Businesses -------------------------------------------------------------- Here's a link for $5 off Information Security for Small and Midsized Businesses exclusively for Security Confidential. Offer expires September 30, 2024. To learn more about Greg visit https://www.linkedin.com/in/gregoryschaffer/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​ --------------------------------------------------------------

Stephen Kowski is a seasoned cybersecurity expert with a robust career spanning over two decades. He is currently the CTO at SlashNext, the leader in Ai-powered cloud email, mobile, and browser messaging security. Stephen has a rich history of leading and implementing comprehensive cybersecurity strategies, ensuring robust protection for organizations against evolving cyber threats. His expertise encompasses risk management, compliance, incident response, and innovative security solutions. Stephen is also a passionate advocate for cybersecurity education and awareness, continuously contributing to the development of the cybersecurity community. 00:00 Introduction 00:32 Our Guest 02:08 What is a field CTO? 03:19 Learning to speak their language 07:26 Why not take the traditional approach? 11:00 Anything made by a human can be broken by a human 15:03 What role does Risk play into product design? 20:35 3D Phishing 25:25 What are you trying to solve? 36:11 Is Email marketing effective anymore? 42:58 Attackers don’t care 45:07 Have you become a target? 47:36 Following SlashNext ---------------------------------------------------------------------- To learn more about Stephen visit https://www.linkedin.com/in/jstephenkowski/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

#CyberHorrorStories #DarkRhinoSecurity #shorts

This October we wanted to do something different. So we came up with Cyber Horror Stories. These are 2-10 minute scary stories from your favorite guests. Now hold on, You'll still have new episodes of Security Confidential every Friday at 7 am EST on your favorite Podcast app/9 am EST on Youtube. But now, you'll also have new Cyber Horror Stories every Monday, Wednesday, and Friday as well

Share and spread the word!

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!

Instagram: https://www.instagram.com/securityconfidential/

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/

Twitter: https://twitter.com/darkrhinosec

LinkedIn: https://www.linkedin.com/company/dark-rhino-security

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#CyberHorrorStories #DarkRhinoSecurity #shorts

This October we wanted to do something different. So we came up with Cyber Horror Stories. These are 2-10 minute scary stories from your favorite guests. Now hold on, You'll still have new episodes of Security Confidential every Friday at 7 am EST on your favorite Podcast app/9 am EST on Youtube. But now, you'll also have new Cyber Horror Stories every Monday, Wednesday, and Friday as well

Share and spread the word!

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!

Instagram: https://www.instagram.com/securityconfidential/

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/

Twitter: https://twitter.com/darkrhinosec

LinkedIn: https://www.linkedin.com/company/dark-rhino-security

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Ranbir Bhutani is the CEO and vCISO of CyberCulture, a partner at Ingram Advisory Group, and a vCISO at many companies. He has a master's in cybersecurity from the University of Maryland global campus.  

00:00 Introduction 

01:00 CyberCulture and Ingram Advisory Group: What is the mission of both companies  

03:06 Why not take a corporate job? 

07:25 Myth busting #1: 100% Cyber security 

08:57 CyberCulture: Meaning behind the name 

10:50 Penalize Employees 

13:30 Myth busting #2: Achieving Compliance 

16:00 Why are companies so reactionary to their cyber issues? 

16:56 How to take cybersecurity from a cost sector to a revenue sector? 

19:05 Zero Trust Frameworks 25:07 Cloud Infrastructure  

26:35 Process steps for how the program should be operated 

36:15 Mitigation vs Outsourcing of Risk 

37:38 Do the boards understand 3rd party Risk? 

40:50 Landscape of CyberSecurity evolving 

44:00 A Message from Ranbir  

To learn more about Ranbir visit  https://www.linkedin.com/in/ranbir-b-725286175/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Greg is the CEO of CryptoStopper, a ransomware protection service that automatically detects and stops active ransomware attacks. He has been a technology entrepreneur since 1998 and has founded many businesses. Including Axis Backup, a backup and disaster recovery company for the insurance industry, that he founded a few years before CryptoStopper. He is skilled in disaster recovery, Cloud computing, and Network security just to name a few.   

00:00 Introduction 

01:30 Starting your own businesses 

02:20 Tips for future entrepreneurs  

03:26 The fear of Failure 

05:13 Entrepreneurship: should it be taught in schools? 

07:50 Cryptostopper 

11:42 Access Recovery 

12:52 Getting a disaster recovery program 

19:57 Wannacry 

24:19 Anatomy of a Ransomware attack 

25:20 When would SOC notice Ransomware 

28:20 Russia 

30:16 Ransomware 

35:54 Layered Security 

37:48 Vendor Consolidation or Defense in Depth? 

40:37 Damage Mitigation and Prevention 

44:10 More about Greg  

To learn more about Greg visit https://www.linkedin.com/in/gedwardswpd/ 

https://kitcaster.com/greg-edwards/  

Cryptostopper: https://www.getcryptostopper.com/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

SOCIAL MEDIA:

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!

Instagram: @SecurityConfidential

Facebook: @DarkRhinoSecurity Inc

Twitter: @Darkrhinosec

LinkedIn: @DarkRhinoSecurity

Youtube: @DarkRhinoSecurity

Brian is the CEO of SideChannel. Creator and Host of the CISO life podcast and a professor at Boston College. Brian is a Security Confidential alum and an expert in Cybersecurity  

00:00 Introduction 

03:40 What’s new with SideChannel 

09:02 #CISOLife 

10:30 Roe v. Wade and Data 

21:20 SMB: I’m not a target 

23:21 Understanding Controls: A whiteboard demonstration 

26:43 Top 3 things to do 

37:35 Risk and Probability by Impact: A whiteboard demonstration 

42:22 Upcoming News for Brian   

Brians Book: https://www.wiley.com/en-us/Cybersecurity+Risk+Management%3A+Mastering+the+Fundamentals+Using+the+NIST+Cybersecurity+Framework-p-9781119816287

SideChannel on Youtube: https://www.youtube.com/c/SideChannel/videos 

To learn more about Brian visit https://www.linkedin.com/in/brianhaugli/ https://sidechannel.com/team_member/brian-haugli/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity

Rafael is a Mentor, Motivational Speaker, Veteran, and an accomplished information and cybersecurity executive. He has many skills such as Risk Mitigation, Encryption, Vendor Collaboration, and PCI/DSS. Rafael has worked as an IT security manager and Principal Information Security Analyst for Lowes, vCiso of Fortalice Solutions, and Senior Security Architect for Sirius Computer Solutions. He is the Founder of RAYA Cyber Solutions LLC and Co-Founder of Carolinas CISO RoundTable.  

00:00 Introduction 

01:30 Rafaels Background 

05:40 How Rafael remained positive 

08:00 Motivation for everyone 

09:40 Imposter Syndrome 

12:20 Firing up that ego 

14:00 How to motivate yourself 

16:08 “It takes an entire village to keep your data safe” 

21:44 Keeping Employees/Humans aware 

29:41 Vulnerabilities  

32:35 Friction Security  

36:00 Target breach 

39:29 Third Party Risk 

43:30 Zero Trust and SASE 

45:50 Corporate Failure  

51:08 Personal Failure 

53:03 Connecting with Rafael   

To learn more about Rafael visit https://www.linkedin.com/in/rafael-nunez-jr-167347148/  

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: 

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Founder and CEO of Prevailion, Karim Hijazi joins us on this episode of Security Confidential. He is the host of the podcast the introverted iconoclast. He has been in infosec since the 90s.  He was the former director of intelligence at Mandiant. He is a serial entrepreneur. In 2011, his second company, Unveillance’s, success resulted in disrupting the malicious operations of the hacker collective, Anonymous. He has been featured in news outlets throughout the country.   

00:00 Introduction 

01:40 Why entrepreneurship? What’s your driver? Advice? 

09:10 The Introverted Iconoclast 

16:20 Keeping Cyber Interesting 

18:47 Unveillance  

21:44 Anonymous 

26:01 The minds of Bad Actors

32:14 Sea Cucumbers and Armadillos  

35:22 Reducing the dwelling time 

37:03 How do I know I’m a target? 

42:00 Do you get threatened? 

43:54 How is Prevailion doing this? 

49:00 Polymorphism of Malware 

52:20 Artificial Intelligence  

54:50 Connecting with Karim  

To learn more about Karim visit https://www.linkedin.com/in/karimhijazi/ 

The Introverted Iconoclast: https://www.theintrovertediconoclast.com/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Paul is an experienced Cybersecurity executive with many skills, including being an expert on Cloud Computing. He has worked as an information security leader for Truist, Head of Cloud Security for SunTrust, and Security Architecture for Capital One. He is also a contributor to CIO Review and most recently in IDGs CIO Think Tank Roadmap report on Setting the Multi-Cloud Agenda.  

00:00 Introduction 

01:58 Pauls Background 

13:24 Learning to take risks with your job 

17:31 Advice for your career 

19:00 More about Paul's background  

26:00 Clear Program 

28:04 Malware and Bad Actors 

37:20 True Stories 

42:05 Microsoft, Google, Amazon 

45:10 The Cloud 

47:00 Top 5 tips for Companies to look at when mobilizing 

49:50 Asset managers  

51:45 Connecting with Paul  

To learn more about Paul visit https://www.linkedin.com/in/paulhamman/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Dallas is a US Army Veteran and Cyber Professional. He has worked for many companies including PerimeterX, Blue Shield, and PayPal. He is skilled in Python, SQL, Information Security, JavaScript, Networking, and more.     

00:00 Introduction 

01:10 Did you get your skills from the military? 

08:41 Transitioning to civilian life  

14:25 Rules of thumb when designing a website so you’re less prone to getting hacked 

21:45 Credit Card frauds 

26:35 Analyze, Understand, and Influence 

29:48 Ransomware Attacks 

31:05 Raising employee awareness about Phishing  

34:39 Making Cyber interesting 

39:11 HUMAN Security 

47:06 How many companies have it right? 

49:20 Tips for Small Businesses 

56:40 Upcoming events for Dallas  

To learn more about Dallas visit https://www.linkedin.com/in/dallascbaker/   

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

SOCIAL MEDIA:

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!

Instagram: @SecurityConfidential

Facebook: @DarkRhinoSecurity Inc

Twitter: @Darkrhinosec

LinkedIn: @DarkRhinoSecurity

Youtube: @DarkRhinoSecurity

This week on Dark Rhiino Security’s Security Confidential podcast, Host Manoj Tandon celebrates 150 episodes with Robert Kerbeck. Robert is a multifaceted storyteller, former corporate spy, actor, acclaimed author, and founder of the Malibu Writers Circle. His award-winning debut book, "Malibu Burning: The Real Story Behind LA's Most Devastating Wildfire," earned him the 2020 IPPY Award and Readers’ Favorite Award, among others. One of his stories was adapted into the award-winning film, "Reconnected," showcased at film festivals globally. His latest memoir, "RUSE: Lying the American Dream from Hollywood to Wall Street," offers a thrilling glimpse into his career as a corporate spy. 00:00 Introduction 00:39 Our Guest 02:10 Corporate spy 06:10 Hacking your people 33:04 What’s the legal position for companies? 36:06 RUSE 43:30 People want connection 46:26 Getting a signed copy of RUSE ---------------------------------------------------------------------- To learn more about Robert visit https://robertkerbeck.com/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

#SecurityConfidential #DarkRhinoSecurity 

Joshua is the CISO at H&R Block. He has deep experience in designing and building information security programs. He is an expert on Zero Trust. His approach to information security is to transparently support and drive business initiatives, leveraging security capabilities to differentiate companies from their competition. Josh has spoken at InfoSec World, InfraGard, and ISSA and he is a SANS mentor. In short, he is a master of helping companies reduce risk.   

00:00 Introduction 

01:14 Joshuas Background 

05:18 Why having different backgrounds in cyber is so important 

15:06 Using Cybersecurity as a competitive advantage 

17:04 Brand Loyalty program 

23:35 How do you measure and monitor risk? 

30:30 Establishing a culture in Cybersecurity 

33:10 Getting the Cyber sec people to understand the business  

36:00 Understanding the WHY

37:36 Amazon, Microsoft, Google myth 

40:40 Zero Trust vs SASE

45:00 Prevention, Detection, and Response 

48:10 3rd Party Risk 

50:12 More about Joshua  

Women In Security KC https://www.wiskc.org/ or https://www.linkedin.com/company/wiskc/ 

H&R Blocks Accelerate Program https://www.hrblock.com/careers/ 

Anam Cara: A Book of Celtic Wisdom by John O'Donohue https://www.amazon.com/Anam-Cara-Book-Celtic-Wisdom/dp/006092943X 

Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones by James Clear https://www.amazon.com/Atomic-Habits-Proven-Build-Break/dp/0735211299 

To learn more about Joshua visit https://www.linkedin.com/in/brownjosh/  

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Josh Harrington is a CISSP, CCSP certified Director of IT and Security at Wattpad. He has a degree in Information Technology with a specialization in Networking and IT Security and a minor in operations management. With nearly a decade of cyber and IT-related experience, Josh has utilized his knowledge of industry threats and emerging technologies to guide businesses in advisory roles from implementation to leadership development both internationally and in the Greater Toronto Area.

00:00 Introduction

01:22 Josh’s story

03:10 The challenge of a Cybersecurity career

04:00 How has your previous experience helped prepare you for your position today?

05:55 Hands-on Experience: required or not?

07:42 Wattpad

08:22 Security Challenges for open-source platforms

11:50 Top 3 areas of Security

15:10 Must have Security tools

16:20 The Future of Cyber: Where is it going?

21:13 3rd party risk

23:40 Key points for employees regarding security

27:32 Message for young cyber professionals

33:37 What has helped you grow in IT?

36:50 A must for a resume

42:27 Connecting with Josh

To learn more about Josh visit https://www.linkedin.com/in/harringtonjoshua/

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Kicking off Season 7 with Ron Eddings. Ron is a Cybersecurity Advocate, Creative Director, and Podcast Executive Producer. Ron has been a cybersecurity practitioner. He has worked as an architect at Palo Alto Networks and Demisto. He is currently the Creative Director for Axonius and is also the Co-founder & Executive Producer of Hacker Valley Studios.    

00:00 Introduction 

01:20 How did you start in Cyber? 

06:13 Marcus Careys Guide to Success 

07:55 Your spiritual guide to pursuing your passion 

12:03 The Mind, the Body, and the Spirit 

15:50 Maintaining your Sense of Wonder 

19:40 Your Superpower 23:15 Learning and Teaching 

28:20 Making Cyber entertaining 

35:12 What is the value of Cybersecurity? 

39:20 Vulnerability management 

42:00 OKTA and Passwords 

43:00 Infosec programs that worked and ones that didn’t 

48:15 The Department of “no” 

49:25 News with Ron  

To learn more about Ron visit https://www.linkedin.com/in/ronaldeddings/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

Managing Oneself: https://www.amazon.com/Managing-Oneself-Harvard-Business-Classics/dp/142212312X 

Hackervalley.com 

Axonius.com   

SOCIAL MEDIA: 

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Articles mentioned: 

https://www.kaspersky.com/resource-center/threats/ransomware-attacks-and-types 

https://www.backblaze.com/blog/complete-guide-ransomware/ 

https://www.tomsguide.com/us/ransomware-what-to-do-next,news-25107.html   

To learn more about Ransomware, listen to our podcast video with Ransomware expert Dennis Underwood here 

https://www.youtube.com/watch?v=DJoVdcMGzE0   

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

Jake is the SR. Director of Security Strategy at VillageMD. He has over 20 years of IT and Security experience building, operating, and enhancing: Risk Management, Security Awareness, and governance. He has worked with many "C-suite" executives and boards of directors. He is a graduate of the University of Pittsburgh Katz School of Business  

00:00 Introduction 

02:04 VillageMD 

03:28 Walgreens and the Minute Clinic 

05:01 How has Cyber security changed the Healthcare business? 

07:50 Why is patient healthcare data worth more money than credit card information?  

10:30 Making the data less valuable 

16:50 What are some policy positions we could take? 

18:57 What is motivating bad actors to get healthcare data?   

22:50 Cyber insurance 

26:40 3rd party risk 

30:05 Doctors and mobile devices vs HIPAA?  

39:10 More on Jake   

To learn more about Jake Belcher visit https://www.linkedin.com/in/jakebelcher/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: 

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity

Greg Schaffer joins us on this episode of Security Confidential. Greg founded vCISO services in 2017 to help SMBs. He has over 33 years of experience in IT and security including over 15 years at the CISO level. Greg is the host of the virtual CISO moment podcast and authored information security for small and mid-sized businesses.

00:00 introduction

01:37 How did you get into Cyber?

04:40 What brought you to SMB?

07:00 Equifax Breach

10:30 Defense in Depth

13:05 Doing more than just checking the boxes

19:40 Cyber insurance

24:00 Some ways SMBs get breached

28:00 Ransomware

30:40 SMB: What to do if you don’t have the resources?

36:44 How much money should SMBs spend on cybersecurity?

38:24 Should the CISO work for the CIO?

42:17 Metrics for decision-makers

45:20 Russians and the Chinese

49:00 Meeting Greg  

CU Intersect conference is July 18-20. Link https://cuintersect.com/ 

RETR3AT Link: https://www.montreat.edu/about/events/retr3at/  

Greg's podcast: https://virtual-ciso.us/ 

Gregs Book: https://www.amazon.com/Information-Security-Small-Midsized-Businesses/dp/1733066845/

To learn more about Greg visit https://www.linkedin.com/in/gregoryschaffer/

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

SOCIAL MEDIA:

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!

Instagram: https://www.instagram.com/securityconfidential/

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/

Twitter: https://twitter.com/darkrhinosec

LinkedIn: https://www.linkedin.com/company/dark-rhino-security

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Eddie Thomason joins us for this week's episode of Security Confidential. Eddie is a Regional Sales Manager at DataLocker,  a bestselling author, and entrepreneur who has been featured on ABC, CBS, & FOX news affiliates. Eddie has worked with multiple Fortune 500 companies to improve their revenue and was named one of the top business professionals by the Chamber of Commerce. Eddie hosts the popular “Simply Secure Podcast” where he talks to cyber professionals about #InfoSec. When he is not talking or working in cyber, he can also be found creating cutting boards and wood furniture with his passion project ET Woodworks.   

00:00  Introduction 

04:07 How did you establish credibility with C-suite without trying to sell them anything? 

09:02 Referring clients to other companies. Has that gotten you into trouble?  

11:17 How SMBs should navigate through the sea of Cybersecurity? 

15:40 Questions to ask MSSPs  

19:22 Friction Security 

25:10 Risk Appetite  

32:35 Biggest mistakes Security teams have made 

38:10 Tips for transitioning into cyber

 46:00 How to use USBs correctly in your organization  

53:55 Simply Secure Podcast  

To learn more about Eddie visit https://www.linkedin.com/in/eddiethomason/ 

Listen to Eddie's podcast:  https://simplysecurepodcast.com/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: 

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! 

 Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity

Rory Meikle hosts this episode of Security Confidential with Erika Carrara. Erika is an influential, strategic, business-focused, and highly accomplished C-Suite executive. She has accomplished many things such as being a CISO, Director of Information Technology, Penetration Tester, IT Security Specialist, and many more. Erika is also a Veteran of the United States Army and Mentor. She is currently the CISO of Wabtec Corporation.  

00:00 Introduction 

00:49 How did you start your career in cybersecurity? Was it something you did while in the military?  

03:03 Advice for younger individuals stepping into cyber 

04:27 Advice for Veterans transitioning into Cyber 

06:29 Due diligence process when looking at an acquisition?  

13:40 ISO 27,001 

17:04 Security Frameworks for Small Businesses  

22:00 What motivates bad actors?  

26:40 Are there policies that you think the government should adopt that would better deter bad actors?  

34:18 Can you shed some light on what defense in depth should entail for critical infrastructure companies?  

37:45  3rd party risk mitigation 

41:14 Small businesses: expectations regarding cybersecurity? 

45:03 Code: Girl  

50:00 Connecting with Erika  

To learn more about Erika visit https://www.linkedin.com/in/infosecpainpoints/ 

To learn more about coding programs for girls, check out these websites: 

https://girlswhocode.com/ 

https://code.org/girls 

https://www.blackgirlscode.com/ 

https://www.coding-girls.com/ 

https://www.techgirlz.org/ 

https://djangogirls.org/en/ 

To learn more about Dark Rhino Security visit 

https://www.darkrhinosecurity.com 

SOCIAL MEDIA: 

Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security 

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #Darkrhinosecurity  

Endre Jarraux Walls is the EVP and CISO for Customers Bancorp and Customers Bank. He provides leadership to the Bank’s technology risk, digital compliance, security operations, governance, resilience, physical security, and cyber fraud departments of Customers Bank. He has held all 3 C-level roles in the technology industry, as an award-winning CIO, CTO, and now CISO. Prior to joining the Bank, he served as an executive in Healthcare, Telecom, and more. He was recently recognized as one of the top 40 under 40 leaders in the greater Philadelphia region, is a 2021 Top 100 CISO, was recognized as a top 10 global CISO in 2020, and received an American Cyber Awards honor in 2020.  He attended both Capella University in Minnesota for his BS in Information Technology and Yale University’s School of Management for Executive Education.  

00:00 Introduction 

01:17 How did you start your career in cybersecurity? 

03:05 Is (General Electric, Nuclear Industry) moving to the cloud? 

07:20 What do you see as the biggest threats in the financial sector 

08:40 Third-Party Risk- How to go about it 

11:38 Developing standards with Vendors 

15:07 Personal devices 

21:00 How do you communicate risks to the C-Suite? 

23:12 Do they see cyber as a business problem or IT Problem?  

27:40 How did you bring users in?  

35:40 What is the role of frameworks?  

41:20 What drives a bad actor? 

47:40 Upcoming News for Endre   

To learn more about Endre visit https://www.linkedin.com/in/endrewalls/  

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com  

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/  

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/  

Twitter: https://twitter.com/darkrhinosec  

LinkedIn: https://www.linkedin.com/company/dark-rhino-security  

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Nat Shere is currently a cybersecurity consultant, specializing in ethical hacking and secure coding. He has also worked as a product security engineer, where he worked directly with developers to integrate security into the development lifecycle. He has a Master's in Computer Security and has taught undergraduate-level courses in both math and computer science.

00:00 Introduction 

01:20 Penetration testing 

05:50 Walking through Risk Analysis  

08:07 SQL injections  

09:50 3rd Party Risk. What does it mean? 

11:30 How to protect yourself when using open sourced code 

15:33 Google, Amazon, and Microsoft 

16:30 Being on the Cloud and in the Cloud 

18:40 Communicating to the executives 

20:10 Cybersecurity as a Revenue Service 

25:55 MFA issues and vulnerability  

29:52 Smart Phones 

37:56 Penetration tests on Mobile Devices 

41:37 More about Nat  

To learn more about Nat Shere visit  https://www.linkedin.com/in/nathaniel-shere 

Links to Nat's blogs as mentioned in the video: 

https://www.craftcompliance.com/post/7-steps-to-website-security-worth-bragging-about 

https://www.craftcompliance.com/post/penetration-testing-the-what-the-why-the-how 

https://www.craftcompliance.com/post/getting-the-most-out-of-penetration-testing 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec 

LinkedIn: https://www.linkedin.com/company/dark-rhino-security

This week on Dark Rhiino Security’s Security Confidential podcast, Host Manoj Tandon talks to Brian Vallelunga. Brian is the Founder and CEO of Doppler, which is the first secrets management platform for developers. Doppler empowers tens of thousands of engineering and devops teams to seamlessly orchestrate, govern, and manage their secrets across environments at scale. Brian has been featured in Forbes 30 Under 30, worked at improving overall Safety at Uber, and has won multiple state level science fairs.

00:00 Introduction

00:18 Our Guest

01:03 Building a successful company

07:37 Falling in love with your own idea

11:20 Killing Bad Startups

20:53 What problem are you solving?

26:38 Closing the gap

30:25 The bigger the company, the worse their security is

37:20 Out of Business 6 months after Breach

41:26 Will Machine Learning and Quantum Computing play a role?

46:07 More about Brian ------------------------------------------------- To learn more about Brian visit https://www.linkedin.com/in/vallelungabrian/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ------------------------------------------------ SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​ ------------------------------------------------------------------

#SecurityConfidential #darkrhinosecurity  

Brian Haugli joins host Manoj Tandon on this week's episode of Security Confidential. Brian is a Managing Partner and Chief Executive Officer at SideChannel. Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. He is also a contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.  

00:00 Introduction 

01:50 How do you see the threat landscape changing in cybersecurity? 

05:00 Do you think the mid-market understands that cybersecurity is not an IT problem but a business problem? 

08:30 Why are SMBs such hot targets? 

12:35 Insurance brokers typically do not understand cybersecurity postures, they deal in applications. How can an SMB leverage the broker to get an underwriter to understand their posture? 

20:50 Is it possible for you the client to get in front of the carrier? 

23:42 How does a company access its security posture? 

27:00 How do these businesses go about this practically?  

33:20 News from Brian  

Brian and Cynthia’s Book https://www.amazon.com/Cybersecurity-Risk-Management-Mastering-Fundamentals/dp/1119816289 

To learn more about Brian visit https://www.linkedin.com/in/brianhaugli/   

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com 

SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!  

Instagram: https://www.instagram.com/securityconfidential/ 

Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ 

Twitter: https://twitter.com/darkrhinosec

LinkedIn: https://www.linkedin.com/company/dark-rhino-security

Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#SecurityConfidential #DarkRhinoSecurity 

Tim Chase joins host Manoj Tandon on this episode of Security Confidential. Tim Chase is a Field CISO, Professional Speaker, Author, Ethical Hacker, Certified Application Security Engineer, etc. He is also a LinkedIn Learning Instructor who writes training modules about DevOps and DevSecOp. Tim is an expert at resolving challenging security incidents with a short turnaround time. He is a graduate of Tennessee Tech and the University of Phoenix.  

00:00 Introduction

01:13 The problem of Ransomware, how do you see it evolving over in the near future?

05:17 Third-Party Risk

06:21 Applications built on open source code and how to ensure their security?

11:45 What do you see as the Top 3 root causes of security incidents?

14:40 DeProvisioning

22:22 Step-by-step on how to build a cybersecurity program for SMB

32:05 How to make Cybersecurity logical when coaching a young cybersecurity team. What foundational elements do you emphasize?

37:30 Companies use Cybersecurity as a revenue

40:48 Outro

To learn more about Tim Chase visit https://www.linkedin.com/in/timchase2/ 

To see Tim's Course on DevOps and DevSecOps visit https://www.linkedin.com/learning/devops-foundations-devsecops/welcome?autoplay=true

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

#SecurityConfidential #DarkRhinoSecurity

 Dr. Joseph J. Burt-Miller Jr talked with host Manoj Tandon on this episode of Security Confidential. Dr. Joseph is a Veteran, Father, Husband, and GRC-Focused Cybersecurity Professional among many other things. Dr. Joseph J Burt-Miller Jr. is a product of Mt. Vernon, NY. He is an Air Force Veteran and a Capella University graduate with a myriad of experience within IT, cybersecurity, cloud-based applications, and biometric identity management for the United States government.  

00:00 Introduction 

01:35 Background 

04:30 How he started in cyber 

08:11 Memorable moments  

09:15 Is North Korea Competent? 

10:40 Failures and Successes 

20:30 Our National Grid 

30:00 Should the Government provide the Cyber security Umbrella for Smaller companies? 

32:00 Russia’s Cyberattack of 2014 

40:10 Could Russia’s Strategy against Ukraine work against the U.S? 

48:20 What should the U.S do to help our grid?

58:22 Connecting with Dr. Joseph J Burt-Miller Jr.

To learn more about Dr. Joseph J. Burt-Miller Jr visit https://www.linkedin.com/in/drjjbmj/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

#SecurityConfidential #DarkRhinoSecurity

Brian Stoner joins us today on Security Confidential. Brian has a long history with cybersecurity OEMs starting with CA where I first met him. Brian has been with McAfee, Fireeye, Cylance, and is now with Stellar Cyber. Brian has been in the business of helping companies build their channels.  

00:00 Introduction 

02:04 What are the elements of a successful cybersecurity channel program?

06:10 Is there an inherent conflict with having a salesperson be managing a partner?  

08:12 Where do the programs have mismatched expectations between the OEM and reseller? 

13:20 Is the pure Var model the way forward? Are clients in cybersecurity not locking more for a total solution for defense in depth vs a pure technology play. 

16:11 What market sectors in cybersecurity do you see doing well in the coming year? 

20:17 Explain what is XDR? 

31:28 How have you been able to avoid the pitfalls of storage and computing power as it relates to the cloud? 

39:52 Thoughts on AI 

41:00 Events and Contacting Brian 

 To learn more about Brian visit https://www.linkedin.com/in/brian-stoner-146a56/

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

For individuals to get hacked is very common. Getting hacked is regardless of an individual's demographic. Even well-protected personalities like Donald Trump have been hacked. The sad reality is much could have been done by the individual to prevent it. Dark Rhino Security shares some very simple and basic information security knowledge for individuals to take control of their online accounts. 

Research from the video: 

https://www.washingtonpost.com/world/... 

https://www.nytimes.com/2021/09/13/te... 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

Manoj Tandon and Tyler Smith talk about Incident Response in this episode of Dark Rhino Security's Security Confidential

#SecurityConfidential #DarkRhinoSecurity

Confidence Staveley joins host Manoj Tandon in this week's episode of Security Confidential. Confidence joins us from Lagos, Nigeria, where she talks to us about her career in Cyber and how she is helping young women break the stereotypes. She is a Cyber Security Professional, Author, and Entrepreneur. She is the founder and executive director of CyberSafe and NoGoFallMaga. Confidence was also the winner of the Cyber Security Woman of the Year 2021 award.

00:00 Introduction

01:25 How Confidence started in Cyber

06:07 Cyber Security in Nigeria

10:24 Cyber Security Woman of the Year

15:56 CyberSafe Foundation

17:46 Biggest Challenges

19:58 Women in the role of Cyber

24:42 Stereotypes for Women

31:28 Cybersafe for businesses

35:55 CyberSafe success stories

42:43 Cyber advice from Confidence

46:33 Closing

#SecurityConfidential #DarkRhinoSecurity

Brandon Keath joins host Manoj Tandon on this week's episode of Security Confidential. Apart from being a Cyber Security officer, Brandon is also the President of PA Hackers and faculty at the University of Cumberlands and Harrisburg University. Brandon shares with us a bit about his gaming background along with his thoughts and suggestions for people wanting to start a career in Cyber.   

00:00 Introduction 

06:00 There’s no better teacher than failure 

08:25 Vulnerabilities in the Gaming industry 

12:18 Cyber background 

19:44 How to look at Risk? 

28:15 The cost-benefit analysis 

39:00 Quantum computing 

40:00 Getting rid of Passwords 

45:00 Cyber insurance 

51:00 TheHackingLab.com  

To learn more about Brandon visit https://www.linkedin.com/in/brandon-keath/ 

You can check out The Hacking Lab at https://thehackinglab.com/ and https://www.youtube.com/channel/UC6vzWXOOw-hV8iuOYATPm4A 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

Dennis Underwood joins host Manoj Tandon in this episode of Security Confidential. Dennis shares about his military background and how he turned to cyber to help shape his career. He is an Veteran, Father, Cryptographer, Threat Hunting Expert, and Ransomware Expert. Among his 10 years of combat experience, Dennis also has over 20 years experience being an Entrepreneur.    

00:00 Introduction 

01:00 Military Background 

10:50 A Career in Cyber 

11:50 Ransomware 

16:13 Executive perspective 

21:46 The Cloud and How it affects you 

25:30 Speed bump Security 

27:07 Rate of Encryption  

31:30 Cyber Crucible 

39:00 Chaos Monkeys 

42:40 B-Sides PGH 

45:22 Outro  

To learn more about Dennis visit https://www.linkedin.com/in/dennis-underwood/ 

Be sure to check out https://www.cybercrucible.com/ 

To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

Mia Landsem joins host Manoj Tandon in this episode of Security Confidential. From Norway, Mia discusses how a series of unfortunate events led into an astonishing Career choice. Mia has used her skills in cybersecurity to help many people. She has focused her attention on image abuse which led to a nomination in 2021 as Cybersecurity Women of The Year. She is a best selling author, has numerous TV appearances, lectured at over 300 schools, and has helped train law enforcement on pursuing criminals posting pictures of minors.

00:00 Introduction 

01:16 How Mia got into Cybersecurity 

03:17 Making The Olympic Team 

04:27 Learnings from sports training applied to cybersecurity 

07:20 Advice on Cyberbullying 

09:30 Law enforcement response to Cyberbullying  

11:00 The Law and illicit pictures of minors 

16:54 Using Cyber knowledge to stop Image Abuse 

22:21 Changing the Laws on Image Abuse 

24:14 Working with the Police  

29:51 Cybersecurity Woman of the Year  

31:03 Privacy rules and catching pedophiles  

36:20 Moving forward  

42: 45 How illicit pictures are propagated  

53:23 Can pedophiles recover? 

55:00 Contacting Mia

This week on Dark Rhiino Security’s Security Confidential podcast, Host Manoj Tandon talks to Max Hillebrand. Max is the CEO at ZKSNACKS and Wasabi Wallet, a pioneering figure in the realm of privacy-focused cryptocurrency wallets. He is a dedicated open-source contributor focused on liberty and digital freedom. He champions non-scarcity in the digital realm, sharing his creations generously. Hillebrand works to build a robust economic ecosystem, empowering individuals for entrepreneurial pursuits.

00:00 Introduction 

00:21 Our Guest

03:41 ZKSNACKS and Wasabi Wallet

06:41 The Basics of Bitcoin: How does it work?

13:30 How do bitcoin exchanges fail?

26:46 Changing the rules

33:47 Why do Ransomware actors want their cash in bitcoin?

37:00 How to get your public key on the blockchain?

44:10 Quantum computing and future issues

57:05 Book Recommendations from Max

Laura Tich, founder of SheHacks_KE and Cybersecurity Women of The Year Nominee joins host Manoj Tandon on this episode of Security Confidential. Laura along with SheHacks_KE has helped over 400 people on their Cybersecurity Career journey. She discusses:

00:00 Introduction

01:30 What led to the nomination of Cybersecurity women of the Year?

03:27 Why focus on Information Security

05:40 High tech environment in Kenya

08:20 The work of SheHacks_KE

10:44 Cybersecurity threats Kenyan business face

13:30 Cybersecurity awareness in Kenya

15:16 Personal security challenges

17:14 The people impact of SheHacks_KE

18:37 Ransomware impacts in Kenya

22:00 Providing defense in depth to organizations in Kenya

26:15 Supporting SheHacks_KE

Sean Sweeney is a frequent author and speaker on cybersecurity. In this episode of Security Confidential Sean talks about cloud security. He has a deep background in cloud security. Sean currently leads the Field CISO and Cloud Security Advisor group within Oracle North America Cloud Engineering.  In his prior role Sean was with Microsoft where he was the Global Chief Security Advisor. Sean is a previous Chief Information Security Officer at the University of Pittsburgh, and Litigation Support Applications Manager for the U.S. Department of Justice. Sean began his career as a Database Administrator for ExxonMobil and the U.S. Department of the Interior.

00:09 Sean Sweeney’s Background 

01:38 From DB Admin to CISO 

05:00 Helping Dave Hickton prosecute cyber criminals 

06:52 The future of cybersecurity 

07:20 SAS, PAS, IAS-Your responsibilities in cloud cybersecurity 

13:33 If IP is exfiltrated from the cloud app, whose responsible? 

14:30 What gets popped in the cloud environment?

15:23 What is the difference between zero trust and SASE? 

19:45 What is the order of implementing elements of SASE or Zero Trust 

23:10 The role of MDM in BYOD 

26:54 Too much friction is a risk 

32:27 Should the CISO work for the CIO? 

36:58 How do you secure hybrid cloud environment? 

42:34 Accelerator Program at Oracle 

45:49 Dealing with Ransomware 

50:26 Struggling with vulnerability management

To learn more about Dark Rhino Security

#SecurityConfidential #DarkRhinoSecurity

Strategist and best-selling author Michele Wucker coined the term “gray rhino” for obvious, probable, impactful risks, which we are surprisingly likely but not condemned to neglect. The metaphor has moved markets, shaped financial policies, and made headlines around the world. It became a frame for the ignored warnings that led to the COVID-19 pandemic and a lyric in a hit BTS single about depression. Michele’s 2019 TED Talk has attracted 2.5 million views. She is the author of four books including the global bestseller THE GRAY RHINO: How to Recognize and Act on the Obvious Dangers We Ignore; and the new book YOU ARE WHAT YOU RISK: The New Art and Science of Navigating an Uncertain World. A former media and think tank executive who began her career writing about emerging market finance, Michele is founder of the Chicago-based strategic advisory firm, Gray Rhino & Company. She speaks regularly to high-level audiences on risk management, the global economy, and decision-making, and is quoted often in leading media. She has been recognized as a Young Global Leader of the World Economic Forum and a Guggenheim Fellow, among other honors. Visit her website at www.thegrayrhino.com or www.wucker.com; follow her on twitter @wucker.  

00:00 Introduction

01:22 How the name Grey Rhino was coined 

05:45 Why companies put off dealing with Risk 

10:55 What is an individual’s risk fingerprint 

12:26 Does nature or nurture win on defining One's risk fingerprint? 

14:01 Are there one or two that stand out in shaping One's risk fingerprint? 

21:28 Millennials and risk  

24:58 The risk muscle 

28:09 Building your risk muscle 

34:05 Genetics and risk 

40:00 How to change an organization's risk fingerprint 

45:30 https:/Thegreyrhino.com 

45:53 Newsletter Around my Mind

Naomi Buckwalter joins Security Confidential as a guest on this episode. Naomi has over twenty years of experience in Cybersecurity, two degrees from Villanova, and has worked at great companies like Vanguard. She brings her wealth of knowledge on Cybersecurity and discusses all the foundational elements of a great cybersecurity program from hiring the right people, Cybersecurity's effects on everyday life, shifting left in Cybersecurity to enhance it, using Cybersecurity as a revenue generator, all the way to quantifying risk and explaining it to the C-Level. There is something in this discussion for everyone interested in Cybersecurity.

00:00 Introduction 

01:18 The demand gap in Cybersecurity for personnel 

12:06 Cybersecurity bleeding into everyday life  

19:11 Gatekeeper and created hindrances in Cybersecurity 

19:45 Crafting a defense in depth architecture 

23:00 The importance of explaining of the why in Cybersecurity to people 

25:00 Christian Espinosa The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity 

25:46 Diversity of thought 

28:00 Convincing executives to take on fresh Cybersecurity talent 

32:00 Is being a women in Cybersecurity is a plus? 

37:20 Shifting left in Cybersecurity-what is that? 

44:10 Quantifying and communicating cyber risk to the c-level 

46:14 Understanding corporate revenue channels and their importance to Cybersecurity 

47:37 Using Cybersecurity as a revenue generator 

51:38 Cybesecuritygatebreakers.org

#SecurityConfidential #DarkRhinoSecurity 

Charles Herring, CTO of witfoo, joins this episode of Security Confidential. Charles started his career in Information Security in 2002 with the US Navy, serving as the Network Security Officer at the US Naval Postgraduate School. Charles has been a contributing product reviewer for InfoWorld Magazine and spent 7 years running Herring Consulting a firm dedicated to process orchestration. Charles is dedicated to maturing the craft of Infosec.

00:00 Introduction 

02:12 Getting a start in Cybersecurity and transition to civilian life  

13:22 7 unstable conversations in Cybersecurity 

14:40 Establishing a unit of work-increasing deterrence 

20:04 Law Enforcement success with cyber crimes-Sharing Information 

24:34 How to vet the quality of Threat Intelligence 

26:47 Dealing with the Unknown-Unknowns-Zero Day Attack 

33:26 1st unstable conversation-understanding all the data from the toolsets 

36:36 2nd unstable conversation-managing the investigators 

37:28 3rd unstable conversation-security practice communicating with the business 

40:23 4th unstable conversation-security vendors lie 

41:42 5th unstable conversation-challenges in sharing information by orgs 

42:00 6th unstable conversation-law enforcement sharing information 

42:04 7th unstable conversation-law enforcement lacks evidence to prosecute 

43:30 What is witfoo? 

48:24 https://www.logfibber.com 

50:10 Breaking in Bad

Manoj Tandon, one of the founders of Dark Rhino Security, appeared on Pittsburgh Technology Council's TechVibe Radio on ESPN 970. This is a complete repost of the show which is wholly owned and operated by the Pittsburgh Technology Council. The Mythbusting in Cybersecurity starts at time marker 15:55. Please subscribe and leave your comments.

#SecurityConfidential #DarkRhinoSecurity

Fredrik Oedegaardstuen joins Dark Rhino's Security Confidential to discuss Open Source software in cybersecurity. Fredrik the is the CEO of Shuffle, an automation platform. He has been a software engineer and has extensive experience in SOC operations in an MSSP environment. Fred discusses many topics ranging from monetizing open source software, myths with open source, architecture and design, silver bullets in cybersecurity, and provides cautionary advice.

02:34 Why Tokyo 

04:13 Open source and cybersecurity 

06:37 Monetizing Open Source Software 

12:17 Myth of Open Source tools being not that secure 

13:29 Shuffle-The security automation platform 

18:40 Architecture of Shuffle inspired from the NSA 

26:21 Integration of disparate systems 

32:26 Tools and Silver Bullets in Cybersecurity 

34:09 Does the role of the analyst change with Shuffle?  

40:04 Cautionary advice on automation

Frikkylikeme is Fredrik's Twitter Handle

Hans Vargas Silva joins this episode of Dark Rhino Security's Security Confidential Podcast and Videocast. Hans is a leader in cybersecurity leader. He has extensive experience in the field. Hans has worked with Sallie Mae and is currently with Marathon Petroleum. He has a great academic background with degrees and certificates from Purdue, MIT, and Harvard. He provides his thoughts and experiences on protecting critical infrastructure from cyber intrusions, compliance and cybersecurity, giving back to the community and much more.  

01:13 How Hans got into Cybersecurity 

04:00 How education shapes a career in Cybersecurity 

08:56 Critical Infrastructure and Cybersecurity 

19:40 Compliance is a low bar for Cybersecurity 

23:57 Incomplete deployments of Cybersecurity solutions  

24:49 How to communicate cyber risk 

29:58 The dilemma of regulators 

34:44 Sharing security information with the Federal Gov’t 

39:20 Contributions to infosec from academia 

42:25 Giving back and volunteering  

To learn more about Team Rubicon

Amelia Jarboe appears on this episode of Security Confidential. Amelia is a Cybersecurity Controls Engineer. She has held many positions in the field of cybersecurity. She is a graduate of The Ohio State University. In addition, to her work as a cybersecurity controls engineer she is on the Steering Committee for Machine Learning and is speaking at the ISSA Central Ohio Infosec Summit.

00:00 Introduction 

01:10 How Amelia got into Cybersecurity 

03:57 A passion for protecting people with Cybersecurity 

06:47 OSU's Cybersecurity Program 

07:40 Imposter Syndrome in Cybersecurity 

12:25 Compliance and Cybersecurity 

15:20 Continually verifying and validating the controls in place 

16:17 Top metrics in Cybersecurity 

17:47 A technique to convince decision makers about cyber spend 

21:25 Controls to begin a Cybersecurity program with-Spikes and Gaps 

26:38 Guidance on frameworks in Cybersecurity 

30:20 Cybersecurity is an everyone problem 

32:27 Individual privacy and Cybersecurity 

36:37 Causes for Cybersecurity incidents 

39:12 Engaging the end users in Cybersecurity 

41:13 Machine learning 

43:13 Mentorship at the High School and Elementary School levels 

49:24 The freedom to fail as a base for great success 

50:00 ISSA in Central Ohio appearance

To learn more about Dark Rhino Security

Samara R. Williams 🔸️ Manager of Threat Operations for Cardinal Health joins on us on this episode of Security Confidential. Samara pecializes in defense in depth improvement, vulnerability management, threat intelligence, technical risk communication, and cybersecurity program design and development. She has several degrees in computer science and cybersecurity and she is passionate about helping young people with STEM. Samara is also the founding member and treasurer of Empower Women of Infosec.

01:36 Journey into Cybersecurity-South Texas to Columbus

05:08 Passion, persistence, and reliance = success in cybersecurity

08:17 Why is there a lack of people going into STEM?

15:12 Building a team in the pandemic and Social Media

20:55 Vulnerability and Risk Management and Threat Intelligence

23:34 Defense in Depth Build of Risks

26:12 Metrics to consider in cybersecurity

29:34 Making Threat Intelligence actionable

35:50 Mentorship in Cybersecurity

39:57 Organizations of interest to Samara and Scholarships

To learn more about International Consortium of Minority Cybersecurity Professionals (ICMCP)

Empower Women in Infosec https://www.empower-infosec.org/

Check out the videocast

#Cybersecurity #threatintelligence #vulnerabilitymanagement #DarkRhinoSecurity

#SecurityConfidential #DarkRhiinoSecurity This week on Dark Rhiino Security’s Security Confidential podcast, Host Manoj Tandon talks to Daryl Donley. Daryl is currently a VP at Outcomes responsible for Security and IT. He has a passion for building and solving problems through secure software and embraces secure software development practices. He spent 20 years directly involved as a tester, developer, and architect building end-user solutions. For the last 15+ years, he has been working in Information Security, helping teams build secure and compliant solutions. In his spare time, he enjoys sports and tinkering with technology like blockchain and digital assets. 00:00 Introduction 00:17 Our Guest 06:15 How do you manage 3rd party risk? 07:48 The role of threat intelligence 09:34 Do the stakeholders understand? 12:10 Not replying solely on Open source 18:40 Convenience over security 20:30 It’s secure enough 26:20 Throwing technology at a problem doesn’t solve it 29:36 Can AI help? 46:50 More about Daryl ---------------------------------------------------------------------- To learn more about Daryl visit https://www.linkedin.com/in/daryl-donley-cissp-873156/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

Ilya Bodner joins us on Security Confidential. Ilya is the found and CEO of Bold Penguin a highly successful technology company serving major insurance companies. Ilya has created a great company and achieved great success. He has received much recognition including business executive of the year and Columbus Business First 40 under 40 Class of 2019. In this episode Ilya discusses:

01:34 Journey from Russia to the CEO of Bold Penguin

05:00 Partner/Co-Founder Relationships

09:03 Three legs of the stool for business success

14:25 Lessons from working with VCs

17:40 How to land your first customer

23:26 Origins of the name Bold Penguin

26:00 Why pick insurance as the prime sector for a tech startup?

28:53 Competing with insurance companies on their own products

32:14 Is cybersecurity a business problem or an IT problem?

35:47 Making cybersecurity accessible to SMBs

36:37 Should cyber insurance be tied to effectivity of implemented controls?

39:40 What does a startup enthusiast do next?

41:25 Career opportunities at Bold Penguin

To learn more about Ilya

To learn more about Manoj Tandon

To watch the videocast 

To learn more about Bold Penguin

To learn more about Dark Rhino Security

Ross Young joins us on Security Confidential to talk about cybersecurity. Ross is the CISO of Caterpillar Financial Services Corporation, a lecturer at Johns Hopkins University, and the Co-Host of the CISO Tradecraft podcast, and the inventor of the OWASP Threat and Safeguard Matrix. Ross is also a veteran of CIA and NSA.

00:00 Introduction 

00:55 How Ross became CISO of Caterpillar Financial Service 

03:04 Scholarship for Service 

04:10 Foreign cyber espionage capabilities 

07:01 The elusive identity online 

07:50 Compliance frameworks = great cybersecurity? 

12:47 Can cybersecurity be used for revenue generation? 

20:30 Learning from vendors selling in cybersecurity place 

22:55 Vulnerability management in the cloud 

27:02 How do you develop a resilient software system 

31:50 OWASP Threat and Safeguard Matrix 

37:58 Accounting for The X-Factor and Zero Day threat in cybersecurity 

41:45 CISO Tradecraft

The videocast for this episode

To learn more about Ross Young 

To learn more about Dark Rhino Security

We are joined by Rob Oden for a discussion on cybersecurity. Rob is an Air Force veteran and has over 16 years of experience in cybersecurity and is a practicing security architect. This is part 2 of our interview with him. Rob provides insights into the many issues prevalent in cybersecurity and relevant to anyone serious about making their cyber environment safer.  

00:00 Introduction 

01:50 Why does being compliant not equate to great cybersecurity? 

13:53 No good deed goes unpunished 

16:50 Technology vs Process in cybersecurity

21:45 The Prevention Paradox 

28:54 Gov't Policies addressing cybersecurity 

34:41 Cybersecurity business problem or an IT Problem? 

37:37 Should the office of the CISO be separate from IT? 

40:26 How to quantify cybersecurity risk?

44:08 The insider threat and the executive order governing it? 

54:10 How to leverage the most underutilized cybersecurity asset? 

01:00:20 Vulnerability management 

01:07:18 Rob's favorite cybersecurity organizations  

To learn more about Rob Oden https://www.linkedin.com/in/robertoden/ 

To learn more about Dark Rhino Security https://www.darkrhinosecurity.com

To watch the videocast of this episode https://youtu.be/FnEilYhfrOw