Explore every episode of the podcast DrZeroTrust
| Title | Pub. Date | Duration | |
|---|---|---|---|
| The Dr Zero Trust Show | 20 Mar 2025 | 00:19:42 | |
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the intersection of cybersecurity and finance, focusing on market trends, vulnerabilities, and the implications of recent cybersecurity incidents. He emphasizes the importance of understanding the financial aspects of cybersecurity, including stock performance and investment strategies, while also addressing the challenges faced by government programs and the ongoing threats from ransomware and state-sponsored attacks. Takeaways Cybersecurity is becoming increasingly intertwined with financial markets. Investors should consider buying stocks after breaches for potential rebounds. Government cybersecurity programs face significant vulnerabilities. Microsoft has not patched a critical vulnerability for eight years. Legislative bodies are scrutinizing the DHS's response to cyber threats. Ransomware operations may have connections to state actors. Investment opportunities exist in the cybersecurity sector despite volatility. Fake updates are a common tactic used by ransomware gangs. Understanding the financial impact of cybersecurity breaches is crucial. Staying informed and proactive is essential for cybersecurity. | |||
| The Dr Zero Trust Show | 17 Mar 2025 | 00:33:49 | |
In this conversation, Dr. Chase Cunningham and Barry Mainz, CEO of Forescout, discuss the pressing issues surrounding cybersecurity, particularly in critical infrastructure, legacy systems, and the importance of a zero trust approach. They critique the Netflix series 'Zero Day' for its portrayal of cybersecurity threats and explore the current state of security in various sectors, including healthcare and airports. The discussion emphasizes the need for compliance, business continuity, and the integration of cybersecurity into business strategies. They also touch on the future of cybersecurity investments and the importance of considering schools as critical infrastructure. Takeaways The portrayal of cybersecurity in media can be exaggerated. Critical infrastructure is vulnerable and requires investment in security. Zero trust principles should be applied to OT and IoT systems. Legacy systems pose significant challenges for cybersecurity. Compliance requirements for OT and IoT are lacking compared to other sectors. Business continuity is a key driver for cybersecurity investments. Cybersecurity discussions should focus on business impacts, not just technical details. Heterogeneous environments require flexible security solutions. Airports vary in their cybersecurity readiness based on age and investment. Healthcare cybersecurity often reacts to breaches rather than preventing them. | |||
| The Dr Zero Trust Show | 09 Dec 2024 | 00:27:58 | |
In this conversation, I discussed various cybersecurity reports, highlighting the increasing risks associated with AI, human behavior, and organizational vulnerabilities. He emphasizes the need for better security practices, the implications of recent data breaches, and the importance of updated cybersecurity legislation. The conversation also touches on the failures of government agencies to secure communications and the need for accountability in cybersecurity funding. Takeaways Fridays are a better time for live streaming. There is a significant uptick in state-sponsored cyber attacks. Organizations are not configuring AI services securely. Human behavior poses a major risk in cybersecurity. Phishing attacks have a guaranteed click rate of 5%. Windows has a new zero-day vulnerability affecting multiple versions. Deloitte experienced a significant data breach. NIST emphasizes password length over complexity. Cybersecurity legislation in Canada is facing delays. The EU has identified substantial cyber threats to its member states. | |||
| Quantum and the Potential Problems Therein | 23 Jan 2023 | 00:29:48 | |
What the h*ll is quantum really? Why should we care? Does cracking an algorithm with quantum change the balance of power globally? Is quantum potentially a WMD? How can this technology be used by our government and others? What about the banking system and quantum applications and risks? Those questions and more on this very nerdy episode! | |||
| Cyber news and Zero Trust insights for 1/18/2023 | 19 Jan 2023 | 00:26:11 | |
Checkpoint released a report on the wrap up from 2022, what can we learn from that analysis? It's a super cool report by the way, ping me for the link! How secure or insecure are the education systems in the US? Can I find some glaring issues? China wants to "work with" the UN on addressing disinformation, ok. Lol, sure. What do they mean? A major shipping system is hit with ransomware, uh oh! Orange published some research on the criminal mindset and motivations for ransomware operators. Wow that is very interesting, but what should we take away from that research? Norton got problems y'all, what can we learn from the problems they face? Those points and more on this episode! | |||
| Is TikTok really a threat? | 11 Jan 2023 | 00:24:28 | |
Is TikTok really a threat to national security? Why should we be concerned about this app? Should your kids be on this thing? What are the implications for national security and those folks who have clearances? Where does this all go in the next year? What about social media and the justice system? Are you still able to get a fair trial in today's news cycle focused world? How does that affect our future? Those questions and more on this one with an expert who served in the FBI! | |||
| Cyber news and Zero Trust insights for 1/4/2023 | 05 Jan 2023 | 00:31:47 | |
Welcome to 2023 y'all. Let's get into the new year by looking at some news you need to know. A major FAA system went down and caused an outage for all of Florida. How secure is the FAA, and what about other airport safety systems? Surely, no misconfigurations there. Right? Links to study guides for OSCP cert via Reddit, pretty cool huh? A hospital was hit with ransomware then the bad guys gave the key away for free. What does that reveal about the business model for those threat actors? The best example of how "useful" GDPR is, via a hack. Lol. Those points and more on this one! | |||
| Cyber news and Zero Trust insights for 12/21/2022 | 22 Dec 2022 | 00:34:43 | |
Okta has an issue with their source code and a Github breach. Does that matter, and if so why? Is the FDA asking for more funding a real issue, and are they secure enough to be mandating legislation? 1password published an interesting analysis on the state of access for 2022, what can we learn from that? What about this ChatGPT thing, how can it be useful and is it a threat? And the most egregious example of combining marketing, social media, TikTok, and a lie that have influenced millions is discussed. Those points and more on this episode! | |||
| Cyber Certifications - The Self Licking Ice Cream Cone of Misery | 08 Dec 2022 | 00:31:06 | |
Why are certs hurting the industry? Are they really? How much does it cost to get an entry certification? Why so much? Is the process for certifications fair for everyone? Should companies have a fellowship track for non-manager technologists? How do we get past this problem? Is HR in the way of fixing the cyber security hiring crisis? How hard is it to fix the problem with management and onboarding? Could a CISO get their own job based on the HR filtering system? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 11/30/2022 | 01 Dec 2022 | 00:28:58 | |
Do buyers always configure vendor security solutions correctly? Is there a magic button to push and then your organization is secure? Do vendors have no risks or avenues of compromise? How bad is the MSQL database security that is out there right now (think millions). The DoD released it's strategy for Zero Trust, what should we take away from that? Amazon is offering a security data lake recently, is that a good thing? The White House and Starlink were hit by a threat group via a DDoS attack, so what? And another attack on an island nation that is now working off of paper to run the government, super. Those points and more on this episode. | |||
| What happens when two former analysts have a real conversation? | 28 Nov 2022 | 00:39:45 | |
A former Forrester analyst and a former Gartner analyst talk about the market and a variety of topics. Is it a good idea for layoffs to be taking place right now in cyber as the economy takes a dive? How will that affect our collective security? What should you know about analyst reports like the Wave or the Magic Quadrant? Does security product bloat actually hurt operational capabilities? Should automation be everywhere? How does strategy start, and where? Why do customers still run towards point solutions, rather than broader strategic offerings? What about the new book "The Art of Selling Cybersecurity"? Those questions and more on this one. | |||
| Cyber news and Zero Trust insights for 11/17/2022 | 17 Nov 2022 | 00:31:23 | |
Zscaler has come up with their own certification for Zero Trust. Is that a good thing? What else is up with Medibank and how bad is the security for the Australian government that is pushing the formation of these new "hack back" teams? Is that even a thing? China is using universities to plunder research and intellectual innovations from America, so what? Why isn't that more of a problem? Don't we have a means to address this insider threat activity? Navigation systems for pilots were affected recently, did you hear about that on the news? Why not? How much financial impact can one tweet have on a major company? It's a lot y'all. Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 11/9/2022 | 10 Nov 2022 | 00:27:56 | |
A noted Russian "leader" openly admits to tampering with elections, does that close the book on whether or not that has happened? An article on the Hill says that "ignorance" is the issue for legislators regarding cyber. Is it "ignorance" or willful ignoring of the problem? With the midterm elections going on surely I can't find potentially insecure and misconfigured election related systems? Right? And surely the company that has been tasked with securing those election networks isn't at risk, right? The CIO of the US DoD will release their Zero Trust strategy in the coming weeks, what should we take away from that? And a great article from Andy Ellis on some of the realities of being a CISO in today's business world. Those points and more on this episode. | |||
| The Dr Zero Trust Show | 01 Dec 2024 | 00:25:34 | |
In this conversation, I discussed the ongoing cybersecurity talent crisis, highlighting qualified individuals seeking employment and the systemic issues contributing to the hiring problem. He delves into recent cybersecurity incidents, their financial implications, and the impact of identity security on consumer behavior. The discussion also touches on government regulations and the need for innovative practices in cybersecurity, emphasizing the importance of proactive measures and collaboration in the industry. Takeaways There is a significant talent shortage in cybersecurity. Qualified individuals are struggling to find work in the industry. The hiring process needs to be more inclusive and flexible. Recent cyber incidents have financial repercussions for companies. Consumers are increasingly concerned about identity security. Government regulations are often bureaucratic and ineffective. Innovative practices like micro-segmentation are essential for cybersecurity. Companies must prioritize transparency and security in their software. The cybersecurity industry needs to adapt to evolving threats. Collaboration is key to addressing the hiring crisis and improving security. | |||
| Cyber news and Zero Trust insights for 11/2/2022 | 03 Nov 2022 | 00:29:14 | |
Banks have paid out a massive multi-billion dollar plus to ransomware operations, but where does all that money go? Is crypto entirely to blame? Dropbox had a compromise issue, but luckily it's never happened before? Right? And it's good that it wasn't related to any companies intellectual property. Oh wait. And then let's talk about Chegg. They get the award for continued cyber negligence I think. But the FTC is now suing them, even though this is the fourth breach in a few years. Good thing they moved fast. Why does this keep happening and how are such major companies getting away with ignoring basic best practices? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 10/27/2022 | 27 Oct 2022 | 00:30:54 | |
A major insurance provider for an millions of people is dealing with a compromise, surely they have buttoned up the easy stuff? Right? Wanna bet. Can I find a misconfigured SSH server that pipes me directly into an adversary nations internal networks? Maybe. More problems with TikTok as it gets reported in Forbes that the company was working to access American citizens personal location data "without their knowledge". Uh oh. How about the new mandates from TSA for the rail companies? Do those requirements really have teeth and will they help things? How many standards for compliance and the legal requirements to do business via digital connections are there? Guess. FastCompany got hit via the use of really bad passwords, that must have been a really hard problem to solve. Right? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 10/19/2022 | 19 Oct 2022 | 00:32:22 | |
How long does it take to find possible vulnerable assets online, about 21 minutes. Yeah. Is the OPM data breach "settlement" even worth it? Surely I can't find admin usernames and passwords with 1234 on the internet, right? Certainly not for a state or local system, right? Is data security up to par after a breach? Why aren't states and local governments willing to work through the paperwork to get a cyber security grant? That's nuts! Is the job market getting any better for staffing? Do trends indicate that? A free resource for ZT planning, really? Well, some of it's free but the resources are great. Do vendors sell "snake oil" or is more a factor of the market at large and are investors and VC's affecting the ability to execute? Those questions and more on this episode! | |||
| Cyber news and Zero Trust insights for 10/12/2022 | 13 Oct 2022 | 00:29:24 | |
Dell has setup a Zero Trust Center of Excellence, that's pretty cool. Real investment into strategic technology alignment sounds like a good idea to me. Disinformation around the hurricane Ian fiasco. How can we defend democracy when folks buy into this stuff? Are you using Reddit to gain insight into your customer experience, you should be. How secure is the organization that is forcing me to renew my business and cyber insurance policy, wanna guess? And what about the Uber CISO issue? Does that scenario really affect us all? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 9/28/2022 | 29 Sep 2022 | 00:30:56 | |
How many VPN's are out there that might have a configuration issue? Are there any major companies that might be piping threats into their networks (the answer is probably). Has Uber fixed the low hanging fruit from it's recent issue? More ICS and SCADA vulnerable systems aren't out there, right? Research from ZScaler on the use and adoption of the VPN is interesting, has the tide shifted with this old technology? Are users really the weakest link, or has the security industry misled that group? Those questions and more on this one! | |||
| Thoughts and Perspectives on the Twitter Whistleblower | 19 Sep 2022 | 00:46:55 | |
Why are security leaders going "scorched earth" when they leave employers? How can an organization better be prepared to deliver on their promises? Does ethics apply in technology (it sure should)? What's the right and wrong way to go about blowing the whistle when the need is there? Does money paid out call into question the motives for speaking out? Is it better to go out with a bang or just fade away? Some hard hitting questions on this one! | |||
| Cyber news and Zero Trust insights for 9/14/2022 | 15 Sep 2022 | 00:26:57 | |
What a wake up call this week when working with SMB's on their cyber security strategy and the reality of the space. Do SMB's use outsourced security, and is that smart? Does that hurt their overall awareness? Why aren't things getting patched the way they should even when we have been notified by CISA and others of "critical vulnerabilities"? Does the upcoming legislation around semi-conductors and silicon pointed at China have any impact on our national security and cyber future? Those questions and a few more on this one. | |||
| Cyber news and Zero Trust insights for 9/7/2022 | 07 Sep 2022 | 00:31:28 | |
Is the news media collaborating to manipulate our collective consciousness? How would that happen? Is local news "more true" than national news? What about OPSEC for the war in Ukraine? Could an organization cause a kinetic attack based on pictures that came from soldiers sharing via social media? How does politics play into the space around cyber and disinformation? Some hard hitting questions in this one to ponder. | |||
| Security for Apps and Low or No Code Systems | 01 Sep 2022 | 00:28:54 | |
How can you secure no code or low code applications? Is devsecops a real thing? Does anyone actually do this? How should organizations look at the risks from these types of "factory made" apps? Why is the 8200 unit such a big thing in the Israeli cyber scene? What types of pricing make sense for security applications that you might not own? How should the market approach the future of application security in an all cloud world? Those questions and more on this one. | |||
| Cyber news and Zero Trust insights for 8/24/2022 | 25 Aug 2022 | 00:32:09 | |
An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware attacks. Surely that means they have their stuff on lock and have no misconfigured assets, right? Google has an AI and privacy program that seem to be intersecting and could impact all of us, and Apple is dealing with those issues as well. How do we handle this problem? According to new research from Tessian "apathy" is the biggest vulnerability for an organization, but don't we train our folks enough to mitigate that risk? Those questions and more on this episode. | |||
| The Dr Zero Trust Show | 22 Nov 2024 | 00:16:57 | |
In this conversation, Dr. Zero Trust and Kevin Brink discuss the challenges and innovations in implementing Zero Trust security frameworks, particularly within the Department of Defense (DoD). Kevin shares insights on the need for automation in Zero Trust assessments to overcome the limitations of manual processes, emphasizing the importance of empirical data for continuous evaluation. They explore the cost and scalability of Zero Trust solutions, as well as the value of assessing existing security measures against Zero Trust principles. Takeaways Automation is essential for effective Zero Trust assessments. Manual assessments are labor-intensive and unsustainable. Empirical data is crucial for validating security measures. Zero Trust can be applied across various industries, not just DoD. Breach and attack simulations provide quantitative data for assessments. Cost-effective solutions can scale based on organizational needs. Continuous monitoring is key to maintaining security compliance. Zero Trust frameworks can help identify areas of inefficiency. Integration with existing systems enhances the value of Zero Trust. Understanding the specific needs of an organization is vital for implementation.
| |||
| Selling Zero Trust at enterprise scale. | 22 Aug 2022 | 00:31:37 | |
Do enterprises really buy Zero Trust? How should they think about a strategic approach to a problem. What about rip and replace? Are there no-go's when it comes to working to help an enterprise adopt ZT? Where do they budget for these endeavors? Is this only a big business problem? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 8/17/2022 | 18 Aug 2022 | 00:30:43 | |
Okta's Zero Trust study. What does it say about the market and the growth of ZT? More cyber insurance shenanigans, why does this keep coming up? Should we really use this "service"? Water treatment plant is hacked in the UK, but is it really a clear case of compromise? What happens if you try and send someone shit in a box (literally) and the service is hacked? Is that a PII violation, or HIPPA or what? How many devices are out there that are possibly exploitable right now (hint, it's a lot!). Those questions and more on this episode. | |||
| How to sell into the channel the right way. | 16 Aug 2022 | 00:35:37 | |
Truths about selling into the channel market with a real expert. How should your organization go about selling to a channel? Is the market different? How can you use those partners smarter? Do you have to sell twice? What shouldn't you do to leverage that channel? How can you optimize your channel approach and force multiply your sales efforts? Those points and more on this episode! | |||
| Cyber news and Zero Trust insights for 8/10/2022 | 11 Aug 2022 | 00:29:01 | |
How hard is it to find "internal use only" files with a simple crafted search? How about spreadsheets with passwords and admin logins? What should we think about this whole Trello thing? What happened when I got phished (yup, they got me). Was it even a problem? Is the national emergency alert system really vulnerable? How big does the Zero Trust market get in the next 9 years? Those points and more on this episode! | |||
| Cyber news and Zero Trust insights for 8/3/2022 | 04 Aug 2022 | 00:34:20 | |
Are there potential ways to attack a nuclear site via online misconfigurations? What about water as a vital national resource, can you attack a water supply system? Or a dam? Are containers inherently secure, and does that matter when they are part of a cluster? PE firms keep buying up the security market players, is there an anti-trust issue there? Is your threat intelligence service pulling in IOC's from US Cyber Command? Was the Pelosi visit part of a cyber attack? Does that matter and is it cyberwarfare? Weak security in the system used to track organ transplant systems, that's ok right? And some points on how to stay motivated (lol) and my thoughts on dealing with trolls online. My cool new swag from Lumu and more on this episode. Check it out! | |||
| Cyber news and Zero Trust insights for 7/27/2022 | 28 Jul 2022 | 00:28:38 | |
Can I find privacy violations with Shodan? What companies are using hackable unpatched scada systems that are misconfigured? Can we find osint on a company that has government contracts but is not secure? Why is phishing training still a multi-billion dollar business when a variety of reports indicate that the numbers for that "defense" don't justify that expense? Is the government really as secure as we think they are? What about finding illegal violations of compliance mandates in ics systems? Isn't breaking the law a bad thing? Those questions and more on this podcast! | |||
| Applying Zero Trust to Cloud Workloads and Kubernetes. | 18 Jul 2022 | 00:22:45 | |
More ideas and thoughts around applying Zero Trust to cloud workloads and kubernetes. How should we think about the inherent vulnerabilities in these application development environments? How can you secure something that only exists for minutes at a time? Can you use open source solutions to approach the problems in this space? Do developers really need to be security engineers, and should security people know how to build apps to make things more secure? Check this one out and look for a video demo on Tigera.io and their open source Calico solution soon! | |||
| Cyber news and Zero Trust insights for 7/6/2022 | 07 Jul 2022 | 00:25:34 | |
Marriott got hacked again, say what? Does it mean anything? What about their fines, didn't that teach them something? Can I find vulnerable government assets that are misconfigured and make 30 grand in bug bounties in half an hour? What about cloud resources that the DoD uses? A billion records are stolen in China, what's up with that? Those questions and more on this episode! | |||
| What's up with the WAF market? | 05 Jul 2022 | 00:27:33 | |
What's up with the WAF market? Talking about how we should and shouldn't use a WAF with an expert. Is the WAF the best way to address the problems we face? Where is this market going? What about the evolution of the WAF and it's place in history? And some hard questions with data to challenge why we might need to move to a new approach. | |||
| Cyber news and Zero Trust insights for 6/29/2022 | 30 Jun 2022 | 00:27:15 | |
Can I find medical offices open to the internet? How hard would it be to hack them? Why is phishing training a problem for enterprises and businesses? Deepfakes and PII are being used for nefarious purposes, say what? Those points and more on this episode. | |||
| The Dr Zero Trust Show | 08 Nov 2024 | 00:27:12 | |
In this conversation, I discussed various aspects of cybersecurity, including recent TSA regulations, stock market trends related to cybersecurity companies, emerging threats from AI-driven phishing scams, the importance of veteran employment in the cybersecurity field, rising salaries and stress levels among cybersecurity professionals, and the need for organizations to address vulnerabilities and improve their security measures. The discussion emphasizes the importance of proactive measures in cybersecurity and the potential for financial gain in the stock market following breaches. Takeaways The TSA is proposing new cybersecurity regulations for surface transportation. Investing in cybersecurity stocks can be profitable after breaches. AI is increasingly being used in sophisticated phishing scams. Veterans can fill the talent gap in cybersecurity roles. Cybersecurity salaries are rising, but so is job-related stress. Organizations need to patch vulnerabilities promptly to avoid exploitation. Emerging tools and resources can aid in cybersecurity efforts. The importance of reporting significant security concerns is emphasized. Cybersecurity professionals are seeking better work-life balance and training opportunities. Proactive measures are essential to combat evolving cyber threats. | |||
| Cyber news and Zero Trust insights for 6/15/2022 | 16 Jun 2022 | 00:29:38 | |
Thoughts on RSA2022. New research from Digital Shadows breaks down key areas of concern for us. I find some vulnerable databases on the web (some are "security vendors"...uh oh). We are still failing at the basics, and the password is eating our lunch, why is this still a problem? A great new blog from the S/R team at Forrester on the economy and the security market. Did AI just go sentient? Those thoughts and more on this episode! | |||
| What is Collaboration Security? | 09 Jun 2022 | 00:29:11 | |
Can an organization be compliant if they are using Slack to share files, passwords, and other critical and risky data? How does an agent-less system keep up with all of those short communications in collaboration applications? Is there more risk if we use modern applications that allow unlimited interaction and collaboration? What about business context, is there value to deciphering risk? | |||
| Cyber news and Zero Trust insights for 6/1/2022 | 02 Jun 2022 | 00:34:56 | |
RSA is next week, I really need a beard trim. See y'all out there! Finding vulnerable hospital systems on the internet shouldn't be this easy, but here we go. Don't worry though they all are HIPPA compliant lol. How powerful is pimeyes at finding images of people on the internet and how does that affect privacy and security? Should you be worried? The new Microsoft Zero Day, how bad is it? What about hacking tractors and affecting the food supply, that can't be a thing right? DHS took seven years to hire one person, yeah. Your tax dollars at work. Costa Rica ignored it's own cyber defense strategy, and that worked out well right? How much money is going into the Zero Trust market? And the tech jerk of the year award goes to an absolute turd of a person. Those questions and more on this one! | |||
| Cyber news and Zero Trust insights for 5/25/2022 | 25 May 2022 | 00:23:03 | |
Can you find vulnerable stuff online from 2003? Surely not? Uh oh. Do we need a cyber moonshot to get past the failures we face in cyber security? Is there more evidence that legislation isn't dealing with reality, and that some of our leaders are missing the point? Using your phone SIM to do MFA, good or bad? Is DuckDuckGo really a "private" browser? Those points and more on this episode. | |||
| Cyber news and Zero Trust insights for 5/18/2022 | 19 May 2022 | 00:30:28 | |
What matters more, targeting the "asset" (tractors) or the infrastructure for John Deere. Can you overthrow a government with a ransomware attack? Why are insurers changing their approach to cyber policies and why are they raising rates? What about the NSA guidance on best practices, is it really that different? Those questions and more on this one! | |||
| Cyber news and Zero Trust insights for 5/11/2022 | 12 May 2022 | 00:30:31 | |
Can we find vulnerable ICS and SCADA controls on the internet? What about the physical doors that are in those facilities? Have we really learned anything a year after the pipeline hack? Microsoft has put out it's advise for ransomware defense, is it any good? What about F5 and it's big new vulnerability, should you be worried? Why shouldn't we talk about gangs "going down" in cyber, and does that hurt or help as we deal with those threats? Those points and more on this episode! | |||
| Cyber news and Zero Trust insights for 5/4/2022 | 05 May 2022 | 00:32:46 | |
Finding vulnerable passwords with Google dorks, it's super easy (don't do this). How many VPN's can I find that are possibly misconfigured? Why does it take a 600 million dollar hack for a company to adjust it's approach to cyber? New banking legislation and rules on a 36 hour reporting mandate, good or bad? Those points and more on this episode. | |||
| Helping Small and Mid Sized Businesses in Cyber with Arctic Wolf | 28 Apr 2022 | 00:24:30 | |
What do SMB's care about in cyber? Where do they need help? How do they budget for this issue? Is there value to training or is it better to have a technical control? What is "security theater for businesses, and what fixes problems? Those questions and more on this episode! | |||
| Cyber news and Zero Trust insights for 4/21/2022 | 21 Apr 2022 | 00:31:36 | |
Why is the government looking at legislation on "quantum security"? Can I find vulnerable systems for ICS and SCADA that have no authentication on a livestream? Does a cyber attack have the ability to stop a university from operating and put it out of business for good? What about T-Mobile's "unstoppable" phish? Should we be scared? Those questions and more on this episode. | |||
| Cyber news and Zero Trust insights for 4/14/2022 | 14 Apr 2022 | 00:28:25 | |
The dog barks, like always. What is the Zero Trust market map? How about Microsoft's new CVE issue, is that something that we should have fixed years ago (the answer is hell yes). Can I find vulnerable assets with no authentication in real time? Forrester research published some great data on enterprise breach activity globally, what does it mean and how should we think about it? What about cyber and nuclear threats, do those relate? Those questions and more on this episode. | |||
| The Dr Zero Trust Show | 07 Nov 2024 | 00:27:16 | |
In this episode of the Dr. Zero Trust podcast, hosts James Pham and Oz Wasserman from Opsin discuss the implications of generative AI in the context of cybersecurity and Zero Trust principles. They explore the evolution of AI, the risks associated with generative AI, and how Opsin aims to secure sensitive data while leveraging AI for productivity. The conversation highlights the importance of understanding the security landscape as generative AI becomes more integrated into enterprise environments.
| |||
| Cyber Insurance, Truth and Consequences with an Expert | 11 Apr 2022 | 00:32:28 | |
Is cyber insurance worth it? Do insurers actually know what they are doing, and why are policies not being honored? Is a strategy useful for better security and helping lower a premium? What data is being used to validate a policy, or is that even a thing? Is this a big deal for small business, or is cyber insurance better suited for enterprises? And am I wrong by saying it's a "rip off"? Those questions and more on this very cool episode. | |||
| Deploying Zero Trust at the Enterprise Level | 05 Apr 2022 | 00:29:22 | |
Working with big enterprise ZT, how does one engage the leadership effectively? Is this about more tech? Who holds the keys to the kingdom on budget? Where does it make sense to start with a big time roll out? How hard is it to get ZT in place? How long is the journey? Where does one go after they solve their first problem? And why is Sean Connery on the line for this call? | |||
| The Devil Never Sleeps new book review | 28 Mar 2022 | 00:22:21 | |
"The Devil Never Sleeps" is one of the best books out there that can help us better understand how to deal with today's never ending threats. Juliette Kayyem has done a great job of helping break down a variety of past historical issues and applied realistic and insightful ways to help her readers think more intelligently about accepting the threats and dealing with them, rather than being fearful of them. Her book is a must read, go get your copy now! | |||