Back
Explore every episode of the podcast The Gate 15 Podcast Channel
Dive into the complete episode list for The Gate 15 Podcast Channel. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Venue Security, The IAVM Podcast Series EP 8. Managing Risk plus: Bobbleheads! Partnerships! and the value of diversity. | 02 Sep 2024 | 00:24:43 | |
In the discussion Byron and Andy address the concept of a venue, its diverse range of facilities, common and specific risks, and the evolving nature of the industry. They also delved into the aspects of risk management, the importance of understanding unique risks associated with different types of events and facilities, and the role of technology in venue management. In closing, they emphasized the value of diverse perspectives in risk assessment and decision-making, the significance of leadership, and the importance of a strong reputation in the community. Plus:
| |||
| Weekly Security Sprint EP 79. European events; the importance of information sharing; and are we resilient | 27 Aug 2024 | 00:22:09 | |
In this week's Security Sprint, Dave and Andy covered the following topics: Warm Start:
CISA: Shaping the legacy of partnership between government and private sector globally: JCDC
Main Topics:
International Security Incidents:
Forgotten radios and missed warnings: New details emerge about communication failures before Trump rally shooting. The day before the attempted assassination of Donald Trump, a tactical team of local police officers set aside radios for their Secret Service partners so the two agencies could communicate during the former president’s July 13 campaign rally. But those radios were never picked up.
Invest in Resilience! Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
Quick Hits: From cybercrime to terrorism, FBI director says America faces many elevated threats 'all at once' VFC: Bomb Threats at Jewish Institutions Bomb threats reported at more than 100 Canadian Jewish institutions Arizona man in custody amid investigation into alleged threats to kill former President Donald Trump Iran Tries To 'Storm' U.S. Election With Russian-Style Disinformation Campaign Meta: Taking Action Against Malicious Accounts in Iran How Russian Trolls Are Trying to Go Viral on X Trump attorney was targeted by hackers, sources say ‘Several opportunities’ to prevent Maine mass shooting were missed, commission finds International report confirms record-high global temperatures, greenhouse gases in 2023 | |||
| The Gate 15 Interview EP 48. ENCRYPTION, part 2. A conversation with Elizabeth Nolan Brown and Jessica Dickinson Goodman: Encryption, privacy and why good intentions aren’t good enough. | 21 Jul 2024 | 01:04:38 | |
In this episode of The Gate 15 Interview, Andy Jabbour talks with Reason Magazine’s Elizabeth Nolan Brown and Jessica Dickinson Goodman in part two of our two-part series on encryption. Jessica and Gate 15 are members of the Global Encryption Coalition. Elizabeth Nolan Brown. Senior Editor, Reason; President, Feminists for Liberty. Elizabeth Nolan Brown is a senior editor at Reason and the author of Reason’s biweekly Sex & Tech newsletter, which covers issues surrounding sex, technology, bodily autonomy, law, and online culture. She is also co-founder of the libertarian feminist group Feminists for Liberty, and a professional affiliate of the journalism program at the University of Cincinnati. Brown has covered a broad range of political and cultural topics since starting at Reason in 2014, with special emphasis on the politics, policy, and legal issues surrounding sex, speech, tech, justice, reproductive freedom, and women’s rights. She lives in Cincinnati, Ohio, with her husband, sons, and two cats. Andy is a big fan of her cat and family pictures. Read here complete bio at Reason.
Jessica Dickinson Goodman. Jessica Dickinson Goodman is the current chair of the Chapter Seeding Committee of the San Francisco Bay Area ISOC Chapter and past-President, serving in that role for three years. As Board President, encryption protection and education played a major role in her agenda. She ran a monthly tactical tech support webinar series for community members in how to use encryption tools to protect personal privacy in a post-Dobbs world, wrote and published Encryption for Babies, is featured on the front page of the Global Encryption Coalition’s YouTube channel talking about encryption. In the discussion Liz, Jessica, and Andy discuss:
Selected Links:
| |||
| The Gate 15 Interview EP 35: Angie Gad on intelligence, analysis, emerging threats, and the joys of good coffee, the beach and Mediterranean Vibes! | 22 May 2023 | 00:33:50 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Angie Gad. Angie is an experienced manager with a demonstrated ability to build and lead analyst teams having worked in intel and analysis in the private and public sectors. Skilled in teaching intelligence analysis, writing, and briefing with years of experience instructing and training analysts and students in analytical tradecraft. Subject matter expert on violent extremists, specifically far-right extremists, anti-government militias, and jihadists. Native Arabic speaker with experience living in the Middle East for nearly ten years. Angie Gad on LinkedIn.In the discussion we address:
Angie’s background and her experiences working with the public and private sectors.
Changes to the threat landscape over the last ten years.
The proliferation of online platforms, social media and the complexities of emerging technologies like AI.
The horseshoe of international terrorism and domestic extremism.
The importance of thinking like the enemy.
The beach, coffee, milk tea and Mediterranean Vibes.
And more!
| |||
| Weekly Security Sprint EP 18. Cyclones, faith-based community security, passion jobs, cyber and more! | 16 May 2023 | 00:31:12 | |
In this week's Security Sprint, Dave and Alec talked about the following topics:
Weather:
https://www.bbc.com/news/world-asia-65587321
https://www.noaa.gov/hurricane-prep
Faith-Based Security:
https://www.hstoday.us/subject-matter-areas/counterterrorism/nevada-man-charged-with-federal-hate-crimes-for-irvine-taiwanese-presbyterian-church-shooting/
https://www.justice.gov/opa/pr/ohio-man-charged-attempting-burn-down-church-planned-host-drag-show-events
https://www.cbsnews.com/texas/news/san-marcos-man-pleads-guilty-fire-austin-synagogue/
https://www.nbcnews.com/news/us-news/man-2-teens-planned-isis-inspired-killings-chicago-mosque-spring-break-rcna21628
https://www.texarkanagazette.com/news/2023/apr/19/texarkana-arkansas-police-department-advises/
The workers leaving their dream jobs
Cyber Advisories
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
https://www.bleepingcomputer.com/news/security/exploit-released-for-papercut-flaw-abused-to-hijack-servers-patch-now/
Quick Hits
Philadelphia Inquirer attack: https://www.inquirer.com/news/philadelphia-inquirer-cyberattack-internet-security-20230515.html
Biden calls white supremacy greatest terrorism threat - https://www.politico.com/news/2023/05/13/biden-howard-university-white-supremacy-terrorism-00096811
https://www.dni.gov/files/NCTC/documents/news_documents/2022_10_FBI-DHS_Strategic_Intelligence_Assessment_and_Data_on_Domestic_Terrorism.pdf
Malicious AI Tool Ads Used to Deliver Redline Stealer - https://www.trendmicro.com/en_us/research/23/e/malicious-ai-tool-ads-used-to-deliver-redline-stealer.html
El Niño is coming back — and could last the rest of the year, according to NOAA - https://www.usatoday.com/story/news/nation/2023/05/13/el-nino-is-likely-coming-what-is-that-will-it-lead-to-heatwaves/70211895007/
| |||
| Weekly Security Sprint EP 17. More hostile events, ransomware, hurricane predictions, and an end of COVID? | 09 May 2023 | 00:26:59 | |
In the latest episode of the Weekly Security Sprint podcast, Dave and Andy talked about:
Hostile Events
Mass Killer Kills 8, Wounds 7 at Texas Mall & Gunman Kills 8, Injures 7 in Mass Shooting at Allen Outlets.
7 dead after driver intentionally runs over them in front of migrant shelter
One dead, 4 taken to hospital after shooting in Midtown Atlanta, police say
Suspected Atlanta hospital shooter Deion Patterson in custody after allegedly killing 1 and injuring 4
Deion Patterson ID’d as suspected Atlanta hospital shooter — what we know about him.
Ransomware
CISA Jen Easterly: The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years
Victims’ reluctance to report ransomware stymies efforts to curb cyberattacks, say federal officials
As ransomware data remain ‘fuzzy,’ US cyber leaders see reasons for optimism
ZeroFox: CyberEdge 2023 Cyberthreat Defense Report.
Colonial Pipeline ransomware attack's unexpected legacy
Counter Ransomware Initiative focused on ‘expanding the tent,’ with Jordan, Costa Rica, Colombia joining
Ransomware Attack On Dallas Disrupts 911, Court And Water Systems & Dallas cyberattack highlights ransomware’s risks to public safety, health
Hacked university warns of campus text alerts sent by ransomware group
U.S.: Cyber Chiefs Forge Partnerships With Physical Security Units As Combined Threats Grow.
Meet Akira — A new ransomware operation targeting the enterprise.
Hurricanes!
· Dave links!
COVID.
WHO says Covid-19 is no longer a global health emergency.
CDC: COVID caused 6% of deaths in 2022, down from 12% in 2021
Critical Infrastructure Cybersecurity:
Italian water supplier serving 500,000 people hit with ransomware attack
USG Starting to Take Space Cybersecurity Seriously. Peters & Cornyn Reintroduce Bipartisan Bill To Protect Commercial Satellites From Cybersecurity Threats & article: U.S. Senators Reintroduce Legislation on Commercial Satellite Cybersecurity.
Top US cyber official warns AI may be the ‘most powerful weapon of our time;’
ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways
DoD Co-funds Institute to Research the Neural, Biological, and Cognitive Foundations of Artificial Intelligenc
Background Press Call on New Artificial Intelligence Announcements
Readout of White House Meeting with CEOs on Advancing Responsible Artificial Intelligence Innovation
Statement from Vice President Harris After Meeting with CEOs on Advancing Responsible Artificial Intelligence Innovation
Intelligence community working with private sector to understand impacts of generative AI; The United States’ intelligence community is looking to engage with the private sector to help them assess the technology, U.S. Director of National Intelligence Avril Haines told lawmakers Thursday.
The NSA’s research chief on emerging tech — including ‘beyond belief’ leaps in AI
TikTok – ‘We Respect Your Privacy, Except When We Don’t’
Risky Biz News: TikTok tracked FT journalist: TikTok has confirmed it tracked the movements of Financial Times reporter Cristina Criddle in order to discover if she was meeting with TikTok employees and identify her sources.
TikTok Tracked Users Who Watched Gay Content, Prompting Employee Complaints
MDM Threats as Newbots Proliferate
Rise of the Newsbots: AI-Generated News Websites Proliferating Online
Compromised DVR System
TBK DVR Authentication Bypass Attack
WaterISAC: Vulnerability Awareness – Spike in Attacks against CCTV Products with Critical Five-Year-Old Vulnerability
Security Week: Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes
| |||
| The Risk Roundtable EP: 41. The action is the Juice....jacking, plus active shooter reports, patching, and hurricane preparedness | 02 May 2023 | 00:47:23 | |
In the latest episode of the Risk Roundtable, Dave, Jen and Andy return to talk on very real and maybe somewhat less real threats across the all-hazards environment. Jen kicks things off sharing her thoughts on the recent FBI Advisory on jUIcE JaCKiNg!! Dave continues the focus on the FBI, sharing his heartfelt thoughts relating to the new Active Shooter report. Quick hits touch on Hurricane Preparedness, Patching (always patching!) and a new COVID report. The team then talks a little US-Russian history, and some musical history, as they dive into love it, hate it, or don’t care. | |||
| Weekly Security Sprint EP 16. QHSR, a Faith-Based intervention, protests, and cannabis! | 25 Apr 2023 | 00:22:31 | |
In the latest Weekly Security Sprint, Dave and Andy discussed the following topics. DHS!
See Something, Say Something – Possible Faith-Based Attack Averted & FB-ISAO Turns Five!
FB-ISAO: Five Years Strong. “Happy Anniversary to the Faith-Based Information Sharing and Analysis Organization. 18 April 2023, marks five years of serving the community of faith with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience across all-faiths and all-hazards. Our members include Houses of Worship, Charities, Faith-Based Schools, and their affiliated organizations. We are five years strong!” 4-20! Cannabis ISAO Shares Cybersecurity Best Practices for the Cannabis Industry Quick Hits:
Ransomware – March Was a Record Setting Month & Dragos Ransomware Report
Blended Threats – Critical Infrastructure Space Asset Disruption Impacts Farming Operations New FBI Elder Fraud Report 3CX – Attack x Within x Attack
SBOM, SBOM, You’re my SBOM!
Chinese Police Outposts
| |||
| The Gate 15 Interview EP 34: April is Water-palooza! Chuck Egli and Jen Walker talk WaterISAC! | 24 Apr 2023 | 01:17:24 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Chuck Egli, Senior Director at Gate 15 and Director of Preparedness and Response for WaterISAC, and Jennifer Lyn Walker, Director of Cyber Defense for Gate 15 and Director of Infrastructure Cyber Defense for WaterISAC. About WaterISAC: The U.S. water and wastewater sector’s leading national associations and research foundations established the Water Information Sharing and Analysis Center (WaterISAC) in 2002, in coordination with the U.S. Environmental Protection Agency. That same year, it was authorized by Congress in the Bioterrorism Act. WaterISAC is the designated information sharing and operations arm of the Water Sector Coordinating Council. WaterISAC is the only all-threats security information source for the water and wastewater sector. Members provide water and wastewater service to most of the United States, as well as in Canada, Australia, and New Zealand. Membership is also open to organizations in the U.K. and the Netherlands. WaterISAC is a non-profit organization, governed by a board of managers comprising water and wastewater utility managers and state drinking water administrators who are appointed by the partner organizations shown above. Built from the ground up to serve the water sector, WaterISAC is uniquely positioned to understand and support the sector’s needs. Read more.
WaterISAC:
On Twitter: @WaterISAC
Chuck: On LinkedIn
Jennifer: On LinkedIn and on Twitter: @Gate15_Jen
Topics discussed:
Chuck, Jen and WaterISAC’s backgrounds & the WaterISAC mission.
The criticality of water – our most critical lifeline!
WaterISAC’s evolution over the years, with great reports, resources, forums and events for the water and wastewater community.
Physical and cyber threats to the Sector – from extremism and the Hard Reset to insider threats and a lot more!
Adding to his comments in last month’s interview, Andy offers CISA more unsolicited guidance…
Pirates, monuments, and favorite past times in Andy’s possibly nefarious social engineering game.
WaterISAC
About WaterISAC
H2OSecCon 2022
Coming Soon! H2OSecCon 2023! Sign up for notifications and be there as a sponsor or participant!
The Cybersecurity Evangelist, Episode 6 – The ISAC Edition/Series Part 2; A chat with WaterISAC
CyberScoop: Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. 10 Apr 2023
Security Affairs: A cyber attack hit the water controllers for irrigating fields in the Jordan Valley, 11 Apr 2023
The Gate 15 Interview: Climate Change Threats with Dr. Jeff Masters. Sea Level Rise, Drought, the 2023 Hurricane Season, plus Devo, Watermelon and the beauty of the Havasupai Canyon!
| |||
| Nerd Out Security Panel Discussion: EP 36. Making your way into the security profession | 18 Apr 2023 | 00:39:02 | |
In the latest episode of Nerd Out, Dave took a break from the regular security news discussions and welcomed Alec Davison and April Zupan to talk about their paths to becoming security professionals. The group discussed how they got interested in security and provided some insight into their different paths and inspirations. They also shared some helpful pointers about navigating inside the analytical community, talking to senior leaders or executives, and some activities that ensure they stay on top of the news and latest threat. In between April's eloquent use of vocabulary and Alec's inspirational quotes, Dave interjected and shared some helpful hints as well.
| |||
| Weekly Security Sprint EP 15. A few of our favorite things - insiders, ransomware, hostile events, and Andy's quick hits | 17 Apr 2023 | 00:23:43 | |
In this week's Security Sprint, Dave and Andy talked about the following topics: Insiders, hostile events, and data loss
Ransomware
Space as Critical Infrastructure:
Others:
MDM:
| |||
| Weekly Security Sprint EP 14. More hostile events - Louisville, Colorado, plus reporting suspicious activities and breach notifications, plus quick hits! | 10 Apr 2023 | 00:28:13 | |
In this weeks Security Sprint, Dave and Andy talked about the following topics:
Blue Jeans Workshop Addressing MDM Threats While Protecting Free Speech; Identify and Address MDM (Mis- Dis- and Mal-information) Threats to Critical Infrastructure, While Protecting Free Speech Rights.:
Physical Security:
Nashville Police: Covenant Investigation Update. “Audrey Hale acted totally alone…planning over a period of months to commit mass murder at The Covenant School… motive for Hale’s actions has not been established and remains under investigation…The investigation shows that Hale fired a total of 152 rounds...”
Maryland Man Charged for Making a Threatening Phone Call to an LGBTQ Advocacy Group. “The message referenced the March 27 mass shooting at a school in Nashville, Tennessee, involving multiple shooting fatalities, where the perpetrator was publicly identified as being transgender. During the call, numerous threats were made including, ‘…We’ll cut your throats. We’ll put a bullet in your head….You’re going to kill us? We’re going to kill you ten times more in full.’”
19-year-old charged with plotting shootings at Colorado Springs school, churches & Would-be Colorado school shooter’s mom says it was ‘family decision’ to call cops
Texas Man Pleads Guilty to Hate Crime and Arson for Setting Fire to Synagogue
Religious leader stabbed during prayer session at Paterson mosque
DC church amps up security for Easter after unusual incident, pastor says
Hostility Against Churches Is on the Rise in the United States. “…findings indicate that criminal acts against churches have been steadily on the rise for the past several years.”
Ex-convict’s letters to shooter foretold Las Vegas massacre. “Letters addressing the gunman who in October 2017 unleashed the deadliest mass shooting in modern U.S. history in Las Vegas…foretold the carnage to come, according to documents obtained Friday.”
New from WaterISAC! Physical Security Case Study: Criminal and Suspicious Activity at a Wastewater Utility
Cybersecurity:
Oakland Acknowledges Ransomware Attack Has Worsened
A third of organizations admit to covering up data breaches. “Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.”
THE CYBERSECURITY 202: 'Disrupting' hackers is key, says Deputy Attorney General Lisa Monaco
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers.
Ransomware! Rorschach – A New Sophisticated And Fast Ransomware; Check Point Research Unveil “Rorschach” - Previously Unseen, Fastest Ever Ransomware & The old way: BabLock, new ransomware quietly cruising around Europe, Middle East, and Asia.
Others:
Leaked Top Secret and Secret documents, suspected to have been altered, reveal Ukrainian military vulnerabilities and information about allies including Israel, South Korea and Turkey.
Ukraine War Plans Leak Prompts Pentagon Investigation; Classified documents detailing secret American and NATO plans have appeared on Twitter and Telegram.
Pentagon investigates reported leak of top-secret Ukraine documents
Leaked US secret NATO-Ukraine war docs likely altered, say experts
Russia Media: Leaked documents sketch out scenarios for Israeli arms pipeline to Kiev
The U.S. Withdrawal from Afghanistan, view the PDF: U.S. Withdrawal from Afghanistan; This document outlines the key decisions and challenges surrounding the U.S. withdrawal from Afghanistan.
DOD: Statement by Secretary of Defense Lloyd J. Austin III on the Defense Department's Afghanistan After Action Review
State: After Action Review on Afghanistan
Comer Slams the Biden Administration’s Excuses for the Disastrous Afghanistan Withdrawal
| |||
| The Risk Roundtable EP: 40. Jen returns! Plus cybersecurity news, Nashville, staying on top of vulnerabilities and more! | 05 Apr 2023 | 00:52:44 | |
In the latest episode of the Risk Roundtable, the prodigal cybersecurity expert returns full of wisdom and words Dave admires but can't understand. Jen brings her expertise to the table and talks about 3CX, and staying vigilant. Dave builds upon vigilance talking about Nashville and about the value of taking stock of lessons learned from the latest school shooting. In the quick hits, Jen and Dave talk about protests, severe weather, and more cybersecurity updates. Not to be outdone, Andy pulls it all together and adds in his usual common sense approach and holding the security profession accountable. Then Andy runs the gang through love it, hate it, or don't care.
Some of the references in the pod include:
3CX:
3CX - https://www.securityweek.com/mandiant-investigating-3cx-hack-as-evidence-shows-attackers-had-access-for-months/3CX - Amazing work and helping the community - Huntress! https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
Check My Operator (3CX). “This site is a way for users to identify if they were potentially impacted by the supply chain attack against 3CX from March 2023. If the background appears in red, the IP address you are visiting this site from was flagged by security researchers as potentially impacted. We do not have the ability to determine if you are still impacted. This site is a best effort to broadly notify potential impacted parties of this attack by members of the cyber security research community. If the background appears in gray, the IP address you are visiting this site from has not been reported to this site.”
Nashville:
Details about the Nashville shooter's gender identity sow confusion and disinformation.
Audrey Hale’s family ‘laying low,’ communicating through church in wake of Nashville shooting
Attacks on Christian schools ‘inevitable' amid rising violence permeating society: Christian education expert warns
Hoax Shooting Threats Shut Down New York Schools Days After Nashville Tragedy
How Nashville Prepared for the Day It Never Wanted to Face
Understand the Threat. Gate 15 White Paper on The Hostile Event Attack Cycle (HEAC), 2021 Update.
Protests:
Online threats of violence but few signs of far-right organizing around Trump indictment
Marjorie Taylor Greene calls for protests in New York after Trump indictment
Severe Weather:
32 dead as tornadoes torment from Arkansas to Delaware. The President has made disaster declarations for Arkansas and Mississippi as concerns remain over continued tornado and other severe weather threats. And a reminder from CISA that criminals always seek to leverage these tragedies with scams.
Significant Wintry Conditions from Intermountain West to Upper Midwest
Here we go again: 2nd tornado outbreak in 5 days looms for Midwest
Website Security:
Exchange on-prem throttling - https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Website Injection - https://blog.sucuri.net/2023/03/the-top-10-most-dangerous-types-of-injection-attacks.html
Initial Access techniques - https://blog.qualys.com/vulnerabilities-threat-research/2023/03/30/risk-fact-3-initial-access-brokers-attack-what-organizations-ignore & https://thedfirreport.com/2023/03/06/2022-year-in-review/ & https://vulncheck.com/blog/2022-cisa-kev-review
KEV! IABs!:
Bleeping Computer: 15 million public-facing services vulnerable to CISA KEV flaws (31 Mar). Read the report from Rezilion: Get to Know KEV In Our New Research Report (30 Mar)
Others:
Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security
Mandiant: Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan, 30 Mar
| |||
| Weekly Security Sprint EP 73. The importance of venue security - the assassination attempt, and Copa crisis | 16 Jul 2024 | 00:30:27 | |
In this week's Security Sprint, Dave and Andy talked about the following topics.
FB-ISAO Threat Assessment Statement: Threat Levels Remain at Elevated – July 2024
FB-ISAO Updates! FB-ISAO Newsletter, v6, Issue 7
The FB-ISAO FireArms in the House Series: What Did We Learn?
WaterISAC Surpasses 600 Members, Strengthening Water and Wastewater Security Nationwide
Critical infrastructure organizations want CISA to dial back cyber reporting
Real Estate Coalition Raises Concerns Over Cyber Reporting Requirements
Briefing 23: Space Sector at Risk as Ransomware Groups and Nation State Actors Collaborate
Guarding Health: Errol Weiss on Protecting the Healthcare Sector from Cyber Threats
Assassination Attempt
FBI, DHS warn of possible retaliation for attack on Trump
FBI Update on the FBI Investigation of the Attempted Assassination of Former President Donald Trump
Secretary Mayorkas Delivers Remarks at White House Press Briefing
Statement From U.S. Secret Service Director Kimberly Cheatle
DHS secretary says direct line of sight 'should not occur' in wake of Trump assassination attempt
What We Know—and Don’t Know—So Far About the Trump Rally Gunman
Rooftop where gunman shot at Trump was identified as a security vulnerability before rally: sources
Secret Service investigating how gunman was able to get so close to Trump
Local Cop Confronted Trump Gunman Before Shooting—but Backed Away
New information emerges on Trump shooting suspect
Misinfo:
Misinformation spreads swiftly in hours after Trump rally shooting
Social Media Platforms Deluged by Unsubstantiated Claims About Trump Rally
Conspiracy theories about the Trump rally shooting flourish online
Trump Assassination Attempt Sparks Antisemitic Conspiracy Theories and Violent, “Revenge” Rhetoric
Far-Right Extremists Call for Violence and War After Trump Shooting
Donald Trump talks unity after shooting attempt
Copa America final kick-off delayed after fans struggle to enter stadium in Miami
Copa America final delayed after hordes of fans climb vents, walls to ‘forcibly enter’ Hard Rock Stadium in chaotic scene
Copa América final start delayed after fans rush gates
Copa America security disaster ‘not a good look’ for US ahead of World Cup: Alexi Lalas
Venue Security, The IAVM Podcast Series: Throwing down the gauntlet with Brendan Farley as we discuss the art and science of crowd management.
The Gate 15 Interview: Dr. G. Keith Still on crowd security, drinking whisky, smashing ashtrays in Saudi Arabia, the Land of Ice and Fire, and what not to ask a Scotsman. 24 Jul 2023.
Nerd Out Security Panel Discussion: EP 19. Talking Crowd Control and the Holidays – in 2 Parts! Nov 2021.
Quick Hits
A Globally Integrated Islamic State
Tenuous Taliban control gives life to al-Qaida, Islamic State
Goldman Sachs: AI Is Overhyped, Wildly Expensive, and Unreliable.
Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm
TikTok Content Farms Use AI Voiceovers to Mass-Produce Political Misinformation
CSU's 2024 Atlantic seasonal hurricane forecast was released on 4 April and updated on 9 July
Colorado Reports Three Presumptive Positive H5 Cases in Poultry Workers
Bird flu spread to cows takes 'dangerous' step towards infecting humans through respiration, scientists warn
AT&T Discloses Breach of Customer Data
US and Germany foiled Russian plot to assassinate CEO of arms manufacturer sending weapons to Ukraine
New Jersey Man Charged with Soliciting Destruction of Energy Facilities
Victims of cyber extortion and ransomware increase in 2024
Orange Cyberdefense: Cy-Xplorer 2024 - When bits turn to blackmail - all about ransomware and cyber extortion
Black man dies, crying for help, after hotel guards pin him down, video shows
CISA Releases Insider Threat Reporting Templates
| |||
| Weekly Security Sprint EP 13. Nashville, Political Violence, Severe Weather, alerts, protests and Blue Jeans! | 28 Mar 2023 | 00:28:00 | |
In the latest episode of the Weekly Security Sprint, Dave and Andy covered the following topics: Nashville School Shooting: Gate 15's Blue Jeans Worksho
Political Violence
Severe Weather: Cybersecurity Regulations:
Ransomware:
Others:
| |||
| The Gate 15 Interview EP 33: Climate Change Threats with Dr. Jeff Masters. Sea Level Rise, Drought, the 2023 Hurricane Season, plus Devo, Watermelon & the beauty of the Havasupai Canyon! | 27 Mar 2023 | 00:47:30 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Dr. Jeff Masters. Jeff Masters, Ph.D., worked as a hurricane scientist with the NOAA Hurricane Hunters from 1986-1990. After a near-fatal flight into category 5 Hurricane Hugo, he left the Hurricane Hunters to pursue a safer passion - earning a 1997 Ph.D. in air pollution meteorology from the University of Michigan. In 1995, he co-founded the Weather Underground, and served as its chief meteorologist and on its Board of Directors until it was sold to the Weather Company in 2012. Between 2005-2019, his Category 6 blog was one of the Internet’s most popular and widely quoted sources of extreme weather and climate change information. He now frequently writes for YALE Climate Connections.
On Twitter: @DrJeffMasters
In the discussion we address:
Jeff’s incredible Hurricane Hugo experience.
Intergovernmental Panel on Climate Change (IPCC) Report and going beyond the ‘planetary boundaries of safe operation for the planet.’
Jeff’s important ideas to understand about climate change.
Jeff discusses his two biggest climate concerns - the disruptive threats from sea level rise and drought, including:
A potential ‘massive financial threat to the US.’ Jeff says, ‘we’re not correctly pricing risk…there threatens to be a shakeout in the…market’ and he notes insurance company struggles in Florida, Louisiana and California as examples before discussing the potential cascading effects associated with humans fleeing from the coasts.
Threats to critical infrastructure, including real estate, water and wastewater, transportation and supply chains.
And he explains his concerns about drought impacting food prices and leading to famine.
Hurricane season 2023, an anticipated El Nino year, perhaps something that may look like the 2018 hurricane season.
Plus! Devo, getting outdoors, watermelon, and the beauty of the Havasupai Canyon.
A few references mentioned in or relevant to our discussion include:
Jeff’s Hurricane Hugo Experience:
Weather Underground: Hunting Hugo: The Hurricane Hunters' Wildest Ride, a multi-part story of Jeff’s incredible experience in the eye of Hurricane Hugo.
Weather Underground: A flight through Hurricane Hugo, remembered 20 years later, 15 Sep 2009
Originally published in Weatherwise magazine, Hunting Hugo was made available in digital form, complete with the many photos I took on the flight, on the web site I co-founded, Weather Underground. A separate account of the flight was written by a reporter from Barbados who was on the flight, and was published in my Weather Underground blog in 2009. There was a 45-minute episode of “Air Crash Investigation” (AKA “Mayday”) on the Hugo flight called “Into the Eye of the Storm” that aired in 2014. Several hundred thousand dollars was spent on the episode, which included CGI effects, a set built in Toronto to simulate the flight, and actors playing the crew and scientists. In 2022, the video was available with a paid subscription to Paramount Plus. The video was also available for free at apparat.com.
Take to the Sky: The Air Disaster Podcast: Episode 85: NOAA 42 Hurricane Hunters, 02 Dec 2021
Intergovernmental Panel on Climate Change (IPCC) Report:
The Guardian: Scientists deliver ‘final warning’ on climate crisis: act now or it’s too late, 20 Mar
IPCC Sixth Assessment Report, 20 Mar
IPCC IPCO Sixth Assessment Report Working Group 1: The Physical Science Basis; Summary for Policymakers
BBC: UN climate report: Scientists release 'survival guide' to avert climate disaster, 20 Mar
New York Time: Earth to Hit Critical Warming Threshold by Early 2030s, Climate Panel Says, 20 Mar
Climate.gov: Climate Change: Global Sea Level, 19 Apr 2022
NASA Vital Signs
NASA Sea Level Change; Observations from Space
NASA Sea-Level Toolkit: New Guide Helps Planners Prepare, 07 Feb 2023
CNN: Threat of rising seas to Asian megacities could be way worse than we thought, study warns, 08 Mar 2023
Space.com: Sea level rise slowed down in 2022. NASA says it's just a blip, 22 Mar
NOAA: Destructive 2018 Atlantic hurricane season draws to an end; NOAA services before, during, after storms saved lives and aided recovery, 28 Nov 2018
Some of Jeff’s recent writing:
YALE Climate Connections: With global warming of just 1.2°C, why has the weather gotten so extreme? Climate change increases extreme weather by adding more heat and moisture to the air and through disruption of fundamental atmospheric circulation patterns, 06 Mar 2023
YALE Climate Connections: The other ‘big one’: How a megaflood could swamp California’s Central Valley; A repeat of the state’s Great Flood of 1861-62 could cause over $1 trillion in damage, 25 Jan 2023
YALE Climate Connections: If a megaflood strikes California, these dams might be at risk; The state’s highest-risk dams protect millions of people and tens of billions in property, including Disneyland and the Naval Weapons Station Seal Beach, 26 Jan 2023
| |||
| Nerd Out Security Panel Discussion: EP 35. Solo Dave talking behaviors, data, and his views on extended universes! | 23 Mar 2023 | 00:28:22 | |
On the latest episode of Nerd Out, Dave goes solo to talk about behavioral analytics, recent reporting and how to merge those together to deliver insights and develop appropriate plans. It's one thing to have the data, and it's one thing to have the reports that point to various types of behaviors, but merging them together can be a challenge. Dave also talks to the ways to develop the data if you don't have a tool. Dave wraps up by giving some thoughts on what he is seeing from the ever expanding extended universes. Is there a reason to be concerned? Could he be losing interest?
Reports mentioned in this podcast include:
START: https://www.start.umd.edu/spotlight/pirus-dataset-launches-major-update-adding-955-subjects-database
U.S. Secret Service: https://www.secretservice.gov/newsroom/releases/2023/01/new-secret-service-research-examines-first-time-five-years-mass-violence
| |||
| Weekly Security Sprint EP 12. Extremism and Terrorism Reports, Financial Crisis "fears", Climate, and quick hits! | 20 Mar 2023 | 00:23:53 | |
In this Week's Security Sprint, Dave and Andy talk about the following topics.
Extremism and Terrorism:
START reports. PIRUS: https://www.start.umd.edu/profiles-individual-radicalization-united-states-pirus-keshif; https://www.start.umd.edu/news/major-update-pirus-dataset-adds-955-us-subjects-2019-2021
Press Release via Yahoo! Terrorist attacks more deadly, despite decline in the West, 14 Mar, PDF and complete report, Institute for Economics & Peace: Global Terrorism Index 2023
Catholic Vote: 300th Catholic Church Attacked Since 2020, 13 Mar
Banking Fears:
World Economic Forum: https://www.weforum.org/agenda/2023/03/fears-global-banking-crisis-economy-roundup/
CNN: https://www.cnn.com/2023/03/16/investing/bank-scare-credit-suisse/index.html
Intergovernmental Panel on Climate Change (IPCC) Report:
The Guardian: Scientists deliver ‘final warning’ on climate crisis: act now or it’s too late, 20 Mar
IPCC Sixth Assessment Report, 20 Mar
IPCC IPCO Sixth Assessment Report Working Group 1: The Physical Science Basis; Summary for Policymakers
Other:
New York Post: NYC bracing for unrest after Trump calls for protests over possible arrest, indictment, 19 Mar
The Register: LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier, 13 Mar
CISA: CISA Establishes Ransomware Vulnerability Warning Pilot Program, 13 Mar
DOJ: Associate Attorney General Vanita Gupta Issues Statement on the FBI’s Supplemental 2021 Hate Crime Statistics, 13 Mar
Senator Mark Warner: Warner, Blackburn, Colleagues Request Cybersecurity Analysis of Chinese-Made Drones, 16 Mar
SEC: SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets, 15 Mar
CyberScoop: Presidential advisory council recommends cyber mandates for critical infrastructure, 14 Mar
| |||
| Weekly Security Sprint EP 11. Cyber reports, hate based behaviors and Peacemaker is making waves into security? | 13 Mar 2023 | 00:25:10 | |
On the latest episode of the Security Sprint, Andy bails Dave out on some technology issues and they work through it to cover the following topics.
FBI IC3 Report:
FBI Internet Crime Report 2022 (PDF) & Report Statistics
Risky Biz News: BEC loses top spot in FBI Internet Crime report, 12 Mar
Physical Security: NJ [.] com:
Man yelled ‘white lives matter,’ threw smoke bombs at N.J. church’s anti-racism concert, 06 Mar
Michigan Man Arrested and Charged For Illegally Possessing Firearms While Making Threats to Kill Government Officials, 10 Mar
Florida neo-Nazis who projected a swastika on a downtown building say the hysteria over drag queens is helping them recruit people, 10 Mar
ODNI Annual Threat Assessment:
'ODNI Releases 2023 Annual Threat Assessment of the U.S. Intelligence Community and see here, PDF report, and U.S. Senate Hearing 08 Mar
Risky Biz News: ODNI report highlights China as the US’ biggest cyber threat, 09 Mar
SVB:
Statement from President Joe Biden on Actions to Strengthen Confidence in the Banking System
READOUT: Financial Stability Oversight Council Meeting on March Federal Reserve Board - Federal Reserve Board announces it will make available additional funding to eligible depository institutions to help assure …
Federal Reserve Board - Joint Statement by Treasury, Federal Reserve, and FDIC
Silicon Valley Bank: why did it collapse and is this the start of a banking crisis?
In historic last-minute deal, HSBC acquires Silicon Valley Bank UK, says all depositors’ money is safe
Silicon Valley’s surreal weekend
SVB’s ventures are taken apart in China, UK after US bank’s collapse
Other Cybersecurity Updates:
Cyber Incident Reporting Framework: Global Edition (PDF)
NBC: Data breach hits ‘hundreds’ of lawmakers and staff on Capitol Hill, 08 Mar
CNN: Hundreds of US lawmakers and staff affected by data breach, 08 Mar
WaterISAC: Threat Awareness – Keep Our Eyes on Emotet, 09 Mar
Cofense: Emotet Sending Malicious Emails After Three-Month Hiatus, 07 Mar
WIRED: The Era of Faked CCTV Has Truly Arrived, 07 Mar
Washington Post: Cyberattacks Are Just One Part of Hybrid Warfare, 07 Mar
Ransomware:
WIRED: Ransomware Attacks Have Entered a ‘Heinous’ New Phase, 13 Mar
Security Scorecard: ESXi Ransomware - A case study of Royal Ransomware Prepared by: Vlad Pasca, Senior Malware & Threat Analyst
Sentinel Labs: IceFire Ransomware Returns; Now Targeting Linux Enterprise Networks, 09 Mar
John Cena: Cybersecurity Enthusiast (?): @CenaOnSecurity
Gate 15's upcoming Blue Jeans Workshop: Addressing MDM Threats While Protecting Free Speech
| |||
| The Risk Roundtable EP 39: Special Guests, the latest scams, the National Cybersecurity Strategy and more! | 07 Mar 2023 | 00:52:18 | |
In the latest episode of the Risk Roundtable, Andy and Dave welcome in Tracy Maleef as they went through the latest security news. Tracy kicked things off by looking at a new scam reported on by the Better Business Bureau involving craft fairs (is there no place that's safe). Then the roundtable took turns looking at the recently released National Cybersecurity Strategy and what it means for individuals and organizations, especially around training and information sharing. Andy used the release to also discuss corresponding actions that the EPA is taking to improve the resiliency of the water system. Tracy then transitioned back to other types of scams and how Artificial Intelligence is even getting into the scam business targeting individuals pretending to be loved ones and how safe words could be an effective mitigating factor. Dave wrapped things up with a quick hit on venue security to which the group discussed how this is not strictly a physical security problem, but in fact a blended threat. Andy put the finishing touches on the pod with his three questions (no comment on the new CISA website redesign).
National Cybersecurity Strategy:
White House: FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy, 02 Mar
Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar
US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar
Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar
HS Today: COLUMN: A Shared Accountability Approach to Cyber Defense, by Bob Kolasky, 02 Mar
CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb
Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar
WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar
Water Cybersecurity:
EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar
Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar
CNN: US introduces new rules to protect water systems from hackers, 03 Mar
CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar
SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar
Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar
Venue Security:
AP: 1 dead, 9 hurt in stampede at GloRilla concert in New York, 06 Mar
Dr. G K Still on Twitter, ‘Teaching crowd safety/risk analysis around the world. Consulting and expert witness experience help develop better teaching and training courses.’ International Association of Venue Managers’ (IAVM) Academy of Venue Safety and Security (AVSS)
Scams: BBB Scam Alert:
Think twice before filling out craft fair applications, 03 Mar
Washington Post: They thought loved ones were calling for help. It was an AI scam., 05 Mar
| |||
| Weekly Security Sprint EP 10. Happy Birthday to DHS, protests, cyber threats, and more. | 06 Mar 2023 | 00:26:47 | |
In this week's Security Sprint, Dave and Andy talked about the following topics: National Cybersecurity Strategy:
Water Cybersecurity:
Homeland Security:
Cybersecurity & Ransomware:
Other: Gizmodo: Yikes, the U.S. Is Now Using Facial Recognition Rigged Drones for Special Ops, 27 Feb | |||
| Weekly Security Sprint EP 9. ADL Report, Ransomware, Measles, Mis/Dis/Mal-information, and more. | 28 Feb 2023 | 00:26:24 | |
In the latest Security Sprint Dave and Andy cover the following topics:
Extremism:
ADL: Murder and Extremism in the United States in 2022, 22 Feb
Bridget Johnson in HS Today: Jewish Community, Law Enforcement Respond with Preparedness, Unity to Extremists’ ‘National Day of Hate,’ 24 Feb
ABC 6 Action News: Philadelphia mosque vandalized with paint; suspect wanted, 27 Feb
Blended Threats:
CNN: Cyberattack on food giant Dole temporarily shuts down North America production, company memo says, 22 Feb
Gate 15: Blended Threats to Hospitals: A Growing Concern, 21 Feb
Newsweek: Russian Media Hack Hits During Putin Speech, 21 Feb
Information Operations:
Graphika: How to Lose Influence and Alienate People, 23 Feb
Meta: Meta’s Ongoing Efforts Regarding Russia’s Invasion of Ukraine, 22 Feb 2022
Others:
The Record at Recorded Future: Oakland says 311, business license systems still down, but National Guard is helping, 24 Feb
Cybersecurity 202: Federal panel says agencies need to focus on harmonizing cyber regulations, 22 Feb
Malwarebytes: Royal Mail schools LockBit in leaked negotiation, 23 Feb
| |||
| The Gate 15 Interview EP 32: Getting Weird with Rachel Tobac - Hacking, Twitter, MFA, Being Politely Paranoid and…Time Travel? | 27 Feb 2023 | 00:29:34 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Rachel Tobac, (She/Her), CEO, SocialProof Security, Friendly Hacker. Rachel is a hacker and the CEO of SocialProof Security where she helps people and companies keep their data safe by training and pentesting them on social engineering risks. Rachel was also 2nd place winner of DEF CON’s wild spectator sport, the Social Engineering Capture the Flag contest, 3 years in a row. Rachel has shared her real life social engineering stories with NPR, Last Week Tonight with John Oliver, The New York Times, Business Insider, CNN, NBC Nightly News with Lester Holt, Forbes and many more. In her remaining spare time, Rachel is the Chair of the Board for the nonprofit Women in Security and Privacy (WISP) where she works to advance women to lead in the fields.
On Twitter: @RachelTobac and see @SocialProofSec & @WISPorg
On Mastodon: http://infosec.exchange/@racheltobac
In the discussion we address:
Rachels’ superhero origin story and her company, SocialProof Security
Women in Security and Privacy (WISP)
Hacking. Hacking. Hacking.
Twitter and Baking Security In
And a little on horror, time travel and Twin Peaks!
A few references mentioned in or relevant to our discussion include:
SocialProof Security
Women in Security and Privacy (WISP) - Advancing Women To Lead The Future Of Privacy And Security.
CNN: We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened, 18 Oct 2019
CNN, three years later (2022): 'Don't use the same password': Watch how easy it was to hack this CNN reporter
Aura: Hacking A Billionaire, with Rachel Tobac
Yubico: Uber Hack Reenactment Video, with Rachel Tobac
Twitter: An update on two-factor authentication using SMS on Twitter, 15 Feb 2023
Rachel’s Twitter Thread regarding the announcement
CISA Director Jen Easterly’s Twitter Thread regarding the announcement
The Hill on Which Rachel will die, on Twitter
And check out SocialProof Security merch on Etsy; Gear for The Politely Paranoid (the stickers are awesome and on Andy’s laptop…)
| |||
| Nerd Out Security Panel Discussion: EP 34. Hostile events, venue security and upcoming religious holiday preparedness. | 21 Feb 2023 | 00:44:19 | |
In the latest episode of Nerd Out, Dave is joined by Bridget Johnson and Joe Levy as they talked about some of the hostile events to date in 2023 and looked ahead to the coming faith-based holidays and celebrations in the coming months. Bridget talked about the California shootings and the power of copy cats, while Joe focused attention on the various ways that organizations can deploy security protocols to reduce risk. The nerds then took a look ahead at the upcoming religious holidays and what that might mean for accelerationists and other hate-based groups. Joe then wrapped up talking about the upcoming AVSS event that is coming up in Pittsburg. Registration Information can be found here: https://iavm.org/events/avss/ Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: vssc@iavm.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ | |||
| Nerd Out EP 49. Foreign Influence, extremism, a top 3, and the Acolyte | 10 Jul 2024 | 00:45:47 | |
In the latest episode of Nerd Out, Dave and Alec went through the recent news talking about the foreign influence that is creating security concerns around the world. Then they looked at the latest extremist news before getting into a new segment that talks to three of their considerations for building a security program. Then they wrapped up digging into the happenings of the Acolyte and what they think may happen in the finale.
Some of the articles referenced in the pod include:
State sponsor.
https://amp.cnn.com/cnn/2024/07/09/politics/intelligence-russian-sabotage-threat-us-bases-europe
https://www.cnn.com/2024/06/30/europe/russia-hybrid-war-nato/index.html
https://www.atlanticcouncil.org/commentary/testimony/the-urgent-threats-posed-by-the-ira[…]stify-before-the-us-house-committee-on-homeland-security/
https://extremism.gwu.edu/sites/g/files/zaxdzs5746/files/Hezbollah's_Operations_and_Networks_in_the_United_States_June30_2022.pdf
Protests.
https://abcnews.go.com/US/wireStory/iran-encourages-gaza-war-protests-us-stoke-outrage-111792439
https://www.jpost.com/international/article-807189
https://www.policemag.com/vehicle-ops/news/15670549/group-burns-portland-police-vehicles-over-propalestinian-protests
FTO/HVE.
https://abcnews.go.com/Politics/foreign-terrorists-targeting-us-increasingly-fbi-director/story?id=109045112
https://www.washingtonpost.com/national-security/2024/07/05/gaza-terrorism-israel-us-intelligence/
https://www.voanews.com/a/new-migration-patterns-fuel-islamic-state-s-plans-for-the-us-/7676413.html
https://gnet-research.org/2024/07/04/the-digital-weaponry-of-radicalisation-ai-and-the-recruitment-nexus/
https://www.cbsnews.com/news/more-information-emerges-about-8-tajikistani-men-arrested-for-suspected-isis-ties/
https://nypost.com/2024/07/09/us-news/suspected-jihadist-caught-with-weapons-outside-laguardia-indicted/#:~:text=A%20suspected%20Jihadist%20from%20Queens,with%20his%20license%20plate%20covered.
DVE.
https://www.militarytimes.com/news/your-military/2024/07/03/toxic-politics-increase-terrorism-extremism-risk-dhs-official-says/
https://abcnews.go.com/US/yellowstone-national-park-shooting-update/story?id=111794858
https://www.cbsnews.com/sanfrancisco/news/san-jose-explosives-arrest-ridder-park-drive/
| |||
| Weekly Security Sprint EP 8. Twitter fight over MFA, FBI threat considerations, Ransomware, Supply Chain and more. | 21 Feb 2023 | 00:30:26 | |
On this week's Security Sprint, Dave allows Andy to start off and talk about how the rightful name for the third Monday in February. Then Dave and Andy covered the following topics.
Twitter & MFA
Twitter: An update on two-factor authentication using SMS on Twitter, 15 Feb.
TechSpot, Twitter’s SMS two-factor authentication is now a paid feature, 19 Feb
Bleeping Computer, Twitter gets rid of SMS 2FA for non-Blue members — What you need to do, 19 Feb
Rachel Tobac on Twitter’s update, via Twitter, 17 Feb
Jen Easterly on Twitter’s update, via Twitter, 19 Feb
FBI: Director Wray’s Remarks at the 2023 Homeland Security Symposium and Expo, 16 Feb
Oakland’s Ransomware Attack
Pogo Was Right, Data Breaches.net, Weeklong ransomware attack on Oakland government drags on, 18 Feb
San Francisco Business Times: Oakland cyberattack hobbles planning department, blocks most building permits, 17 Feb
Kron4: Oakland PD warns of delayed response times after city targeted by ransomware attack, 14 Feb
Supply Chain. UK National Cyber Security Centre: Supply Chain Cyber Security: Assessing and gaining confidence in your suppliers: https://www.ncsc.gov.uk/files/Assess-supply-chain-cyber-security.pdf
Others:
LA Times: Suspect in shootings of two Jewish men in L.A. is charged with federal hate crimes, 17 Feb
CERT-EU: Sustained activity by specific threat actors, 15 Feb
| |||
| Weekly Security Sprint EP 7. Crowd management, Hostile Events arrests, ransomware, cyber news and more. | 14 Feb 2023 | 00:24:42 | |
In this week's Security Sprint, Dave and Andy talked about the following topics.
Event and Venue Safety and Security:
Athletic Business: Crowd Crush Ensues Outside Purdue’s Mackey Arena as Students Wait for Ticket Giveaway, 08 Feb
IAVM’s Academy for Venue Safety and Security
Extremism:
DoJ: Maryland Woman and Florida Man Face Federal Charges for Conspiring to Destroy Energy Facilities, 06 Feb
HS Today: Pair Charged with Conspiring to Attack Maryland Power Facilities with Mylar Balloons, Rifle in Extremist Plot, 06 Feb
Heavy: Sarah Clendaniel & Brandon Russell: 5 Fast Facts You Need to Know, 07 Feb
Gate 15: The Gate 15 Interview: Brian Harrell on Energy & Infrastructure Security, plus baseball, boating & burgers!, 26 Dec 2022
Ransomware:
BlackFog: Retail Sector Ransomware Attacks Grow in 2022, 07 Feb
CISA: Alert (AA23-040A) - #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities, 09, 10 Feb
CISA: Alert (AA23-039A) - ESXiArgs Ransomware Virtual Machine Recovery Guidance, 08 Feb
VMWare: ESXiArgs: Questions & Answers Recorded Future® by Insikt Group® In Before The Lock: ESXi, 13 Feb: https://www.recordedfuture.com/in-before-the-lock-esxi
Top Risks in Cybersecurity 2023:
Bipartisan Policy Center: Top Risks in Cybersecurity 2023, 12 Feb
Washington Post Cybersecurity 202: The top cyber risks to watch out for in 2023, 13 Feb
Others:
BBC: Ukraine war - Russia planning 24 February offensive, Ukrainian defence minister says, 02 Feb
Darth Putin on Twitter: @DarthPutinKGB Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability, 12 Feb
Group-IB: Know Thy Enemy: unraveling the “Hi-Tech Crime Trends 2022/2023” report, 10 Feb
WSJ: Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered, 08 Feb
BlackCloak Identifies Surge in Doxxing and Swatting Threats on Corporate Executives, 08 Feb
Graphika: Deepfake It Till You Make It, 07 Feb
Dave & Andy talking U2's top 5 albums: Nerd Out Security Panel Discussion: EP 12. High Stress and U….2., 20 Apr 2021
| |||
| The Risk Roundtable EP 38: The 4 R's - ransomware, reporting, romance scams and Paul Rudd! Not to mention all-hazards! | 08 Feb 2023 | 00:52:23 | |
In the latest episode of the Risk Roundtable, Andy does double duty, first welcoming Jen to get the latest on the ransomware threats, before bringing Dave in to talk about weather and natural disasters. Jen kicked things off talking about all things ransomware to include preparedness items, the recent Hive takedown, the importance of reporting, and ways to protect yourself. Dave then joined Andy to talk about the third-wheel in the all-hazards preparedness model - weather and natural disasters, especially in light of the recent earthquake in Turkey. The roundtable took a split approach to the end of pod questions talking about marathon's, some show dilemmas and the arc of Paul Rudd!
Ransomware and Cyber News:
| |||
| Weekly Security Sprint EP 6. DDoS, ransomware, targeted violence, and maybe some balloon talk. | 07 Feb 2023 | 00:23:32 | |
In this week's Security Sprint, Dave and Andy talked about the following topics: Ransomware:
DDoS:
Faith-Based Security:
Baking in Cybersecurity:
Others:
| |||
| Weekly Security Sprint EP 5. Secret Service Report, Hive, attacks on houses of worship, insider threats and more. | 31 Jan 2023 | 00:25:13 | |
In the latest Security Sprint, Dave and Andy talked about the following topics:
US Secret Service: New Secret Service Research Examines for the First Time Five Years of Mass Violence Data, 25 Jan
Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update
DoJ: U.S. Department of Justice Disrupts Hive Ransomware Variant, 26 Jan
FTC: FTC Finalizes Order with Ed Tech Provider Chegg for Lax Security that Exposed Student Data, 27 Jan
DoJ: Former Special Agent in Charge of the FBI New York Counterintelligence Division Charged with Violating U.S. Sanctions on Russia, 23 Jan
Washington Post: N. Carolina church says it lost nearly $800K in email scam, 28 Jan
Gate 15 SUN, US Section, faith-based incidents, 30 Jan
CISA: JCDC Focused on Persistent Collaboration and Staying Ahead of Cyber Risk in 2023, 26 Jan
Washington Post THE CYBERSECURITY 202: Anne Neuberger discusses work to protect critical infrastructure, 30 Jan
CISA: Secure Your Drone: Privacy and Data Protection Guidance, 27 Jan
Hawaii News Now: After signs are hacked, state warns changing roadwork message boards is illegal, 26 Jan
Risky Biz News: KeePass disputes vulnerability designation for feature that exposes cleartext passwords, 29 Jan
Webinar, REGISTER NOW! Ransomware: Planning and Protecting Your Organization, Recorded Future & Gate 15, 14 Feb: https://go.recordedfuture.com/ransomware-planning-and-protecting-your-organization?utm_campaign=ransomware-webinar&utm_source=gate15&
| |||
| The Gate 15 Interview EP31: Josh Poster, Auto-ISAC, on automotive cybersecurity, preparedness, building trust, fishing and BMX! | 30 Jan 2023 | 01:11:02 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Josh Poster, Intelligence and Analysis Operations Manager for Auto-ISAC. In that role, Josh also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long-time leader in the ISAC and homeland security communities. ‘Preparation is prevention’ - Josh Poster ‘Everyone has a plan until they get punched in the mouth.’ – Mike Tyson
In the discussion we address:
Josh’s background and current position
Developing trust, the importance of relationships and how those relate to both Auto-ISAC and broader, cross-sector and private-public information sharing
Building confidence through preparedness
We name drop longtime National Council of ISACs leaders Health ISAC’s Denise Anderson, IT-ISAC’s Scott Algeier, and Comms ISAC’s Joe Veins, as well as Bob Kolasky, formerly Assistant Director the Cybersecurity and Infrastructure Security Agency (CISA) and now Exiger’s Senior Vice President of Critical Infrastructure. We also talk about the very valued Auto-ISAC Executive Director, Faye Francy.
The Gate 15 Interview EP 28: Talking election security, tea and baseball, with Scott Algeier
Bob Kolasky - How the Cyber Risk Landscape Changed in 2022 – and What’s in Store for 2023
Companies recognizing bottom-line impact will spend more on cybersecurity, 13 Jan 2023
The cyber threats facing the automotive industry Fishing, Rainbow Trout, BMX and more! ‘Every single one of our members has a global presence’ - Josh Poster
A few references mentioned in or relevant to our discussion include:
Automotive Information Sharing And Analysis Center (Auto-ISAC)
National Council of ISACs (NCI)
Josh was also a guest on the podcast in September 2022: The Gate 15 Interview: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC!
Plus, background! shout-outs!! favorite movies, tigers, and more!!!
BBC, Industrial espionage: How China sneaks out America’s technology secrets, 17 Jan 2023
FEMA National Level Exercises and Cyber Storm ENISA: The European Union Agency for Cybersecurity
Japanese Auto-ISAC
WIRED: Hackers Remotely Kill a Jeep on the Highway—With Me in It, 21 July 2015
WIRED: The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse, 01 Aug 2016
| |||
| Nerd Out Security Panel Discussion: EP 33. Monterey Bay, Practical Security Measures, and risks for 2023. | 24 Jan 2023 | 00:53:07 | |
In the latest Nerd Out, Dave welcomes Ed Heyman and Alec Davison to talk about the recent hostile event in Monterey Bay and how organizations can take some of the lessons learned from the incident and apply them to their business. This led to a deeper discussion about simple and straightforward security measures that can go a long way to ensuring the organization is prepared for a wide variety of events. This discussion included sharing free resources around vulnerability assessments, training, and exercises. The nerds then talked about Faith-Based Organizations and some of the threats that these organizations are facing heading into 2023 to include the often-overlooked threat from above (drones), as well as the impacts that attacks on critical infrastructure can have.
Ed Heyman is a security professional with over 30 years of experience in the intelligence and security community and he is the co-chair of the Faith-Based Information Sharing and Analytical Organization (FB-ISAO) Organizational Resilience Group.
Alec Davison is a threat and risk analyst with Gate 15 where he works with various industries on threat awareness and security preparedness matters.
Some of the resources mentioned in this episode include:
Conduct a facility vulnerability assessment, such as a free assessment offered through DHS’s Protective Security Advisor (PSA) program.
Train employees on how to identify suspicious behaviors and activities, using resources available through the Nationwide Suspicious Activity (SAR) Initiative (NSI) and information in the U.S. Violent Extremist Mobilization Indicators booklet (2021 edition).
Maintain situational awareness about incidents and events happening in your communities that threat actors might seek to exploit to commit acts of violence, such as by connecting with your local fusion center.
Prepare and/or update an emergency response plan, including by using templates and resources provided by EPA and FEMA.
Rehearse and improve your plans and employee preparedness through training and exercises. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has published a series of CISA Tabletop Exercise Packages (CTEPs) that prompt participants to walk through their plans for responding to incidents.
First Responder Toolbox: Free reference aid material intended to promote counterterrorism coordination among federal, state, local, tribal, and territorial government authorities and partnerships with private sector officials in deterring, preventing, disrupting, and responding to terrorist attacks.
| |||
| Weekly Security Sprint EP 4. Monterey Park, Offboarding, Blended Threats, and Scams | 24 Jan 2023 | 00:21:37 | |
On this week's Security Sprint, Dave and Andy provided insights and additional thoughts into the following incidents or security news items.
| |||
| Weekly Security Sprint EP 3. Weather, network outages, protecting data, and cyber news! | 17 Jan 2023 | 00:20:18 | |
In the latest Security Sprint, Dave and Andy touched on the following topics:
Milestones and notable reports.
REN-ISAC Birthday! https://www.ren-isac.net/about/History/index.html
CISA Year Review. https://www.cisa.gov/2022-year-review
Weather.
https://www.cnn.com/2023/01/13/weather/tornado-storm-damage-south-friday/index.html
FAA Incident.
https://www.faa.gov/newsroom/faa-notam-statement
Survey of Threat Landscape.
https://www.washingtoninstitute.org/policy-analysis/survey-2023-terrorism-threat-landscape
Protecting data.
https://www.bbc.com/news/world-asia-china-64206950
https://www.dw.com/en/us-to-invest-millions-to-expose-kim-jong-un-regime-to-north-koreans/a-64405400?maca=en-rss-en-world-4025-rdf
Dose of Cyber!
https://analyst1.com/ransomware-diaries-volume-1/
https://twitter.com/andyjabbour/status/1615048335760719872?s=20&t=qBDUVHXSk_jkOYKoKPv1TQ
https://twitter.com/NSA_CSDirector/status/1613850710453501955?s=20&t=DsfyO-7Gt3uObRlRN4-zjg
https://arstechnica.com/information-technology/2023/01/vulnerability-with-9-8-severity-in-control-web-panel-is-under-active-exploit/
https://www.reuters.com/world/europe/russian-hackers-targeted-us-nuclear-scientists-2023-01-06/
https://meduza.io/en/news/2023/01/13/phishing-scam-invites-russian-telegram-users[…]heck-conscription-lists-to-see-if-they-ll-be-drafted-in-february
| |||
| The Risk Roundtable EP 37: Breaking in 2023 with continuations from 2022 - critical infrastructure risks, terrorism, and cyber hygiene | 10 Jan 2023 | 00:49:51 | |
Embarking on year 4, the Risk Roundtable jumps two feet into 2023 by talking through the various physical and cyber threats that continue to present challenges. Jen opened up the discussion covering the latest breaches with password managers, fast food restaurants and even platforms that seem to be unbreakable. Matching Jen, Dave covers the wide variety of physical security threats and environmental considerations that organizations are already dealing with this year to include critical infrastructure concerns (power stations, solar plants), terrorism, and environmental factors, to include understanding the role that politics can have in the workplace.
Before moving to the roulette round Andy led a discussion about the importance of preparedness in this complex environment and the risk of not evaluating these incidents and taking appropriate action. Jen then talked about the news and cyber implications around ChatGPT, as well as ensuring organizations are aware of some upcoming timelines such as the end of support for Windows 7 (yes, it is still being used). Dave transitioned and talked about Bridget Johnson's latest piece on 7 Terrorism Trends for 2023 before Andy wrapped up with the ever-popular three questions.
Some of the topics discussed include:
Imperva Report: More Lessons Learned from Analyzing 100 Data Breaches https://www.imperva.com/resources/resource-library/white-papers/more-lessons-learned-from-analyzing-100-data-breaches/
Not in a million years: It can take far less to crack a LastPass password Dec 28, 2022 https://blog.1password.com/not-in-a-million-years/
Troy Hunt on Twitter regarding Twitter breach: https://twitter.com/troyhunt/status/1611263070738972677?s=61&t=vOVhs4DMT_LNUVPd9z8gkg
We gave a few mentions of our esteemed colleague Bridget Johnson, @BridgetCJ on Twitter, and her recent article in HS Today, 7 Terrorism Trends to Watch in 2023.
Attacks on Critical Infrastructure to include power plants, and a solar energy farm
ChatGPT links:
SANS Institute https://www.sans.org/webcasts/what-you-need-to-know-about-openai-new-chatgpt-bot-and-how-it-affects-your-security-lightning-talks-panel-sessions/
https://www.darkreading.com/omdia/chatgpt-artificial-intelligence-an-upcoming-cybersecurity-threat-
https://www.hackread.com/hackers-openai-chatgpt-malware/
https://www.scmagazine.com/analysis/emerging-technology/cybercriminals-are-already-using-chatgpt-to-own-you
| |||
| Weekly Security Sprint EP 72. Sequel week - hurricanes, FBI reports, ransomware | 09 Jul 2024 | 00:28:18 | |
In this week's Security Sprint, Dave and Andy covered the following topics: DHS Announces $18.2 Million In First-Ever Tribal Cybersecurity Grant Program Awards. “For far too long, Tribal Nations have faced digital and cybersecurity threats without the resources necessary to build resilience,” said Secretary of Homeland Security Alejandro N. Mayorkas. Main Topics: Beryl!! & Hurricane Preparedness. Port of Corpus Christi announcement. https://portofcc.com/hurricane-beryl-impact-to-the-port-fully-transitioned-to-post-storm-recovery/ Airline impacts. https://www.cbsnews.com/news/hurricane-beryl-houston-texas-travel-flights-airlines/ Ransomware Ransomware Attack Demands Reach a Staggering $5.2m in 2024 Risky Biz News: Ransomware attacks increase hospital mortality rates Risky Biz News: A ransomware attack is putting lives at risk across South Africa Halcyon Whitepaper: What CFOs Should Know about Ransomware FBI Helps Public to Recognize Signs of Concerning Behavior https://www.fbi.gov/news/stories/behavioral-analysis-unit-asks-public-to-talk-to-someone-you-trust-if-you-notice-concerning-behaviors Microsoft: Combatting AI Deepfakes: Our Participation in the 2024 Political Conventions CDC Reports Fourth Human Case of H5 Bird Flu Tied to Dairy Cow Outbreak Quick Hits: Another far right group marches through downtown Nashville Pa. Capitol evacuated over emailed bomb threat 'Local Residents' Terrorizing City Council Meetings Were Actually Overseas, Feds Allege Europol: Taking action against antisemitism – close to 2 000 pieces of content flagged for removal Fifty violent attacks shock France ahead of crunch vote A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too Europol coordinates global action against criminal abuse of Cobalt Strike CISA: Guide to Operational Security for Election Officials | |||
| Weekly Security Sprint EP 2. Recapping terrorism, critical infrastructure threats, and cyber news! | 10 Jan 2023 | 00:20:41 | |
In this week's Security Sprint, Dave and Jen are joined by Alec Davison discuss:
7 Terrorism Trends to Watch in 2023 - https://www.hstoday.us/featured/7-terrorism-trends-to-watch-in-2023/
Two charged with attacks on four Pierce County power substations - https://www.justice.gov/usao-wdwa/pr/two-charged-attacks-four-pierce-county-power-substations|
Man, 34, is charged with terrorism after he ‘deliberately destroyed solar energy plant’ - https://tetracyclined7k.com/man-34-is-charged-with-terrorism-after-he-deliberately-destroyed-solar-energy-plant/
German police arrest Iranian man suspected of planning chemical attack - https://amp.theguardian.com/world/2023/jan/08/german-police-arrest-iranian-man-suspected-of-planning-chemical-attack
Political Violence.
https://thehill.com/homenews/state-watch/3802461-florida-man-arrested-for-threats-of-lgbtq-mass-shooting/
https://www.npr.org/2023/01/06/1147392476/albuquerque-democrats-attacks-homes-offices-bernalillo-new-mexico
Brazil protests and breach of government buildings - Brazil protests: Lula vows to punish ‘neo-fascists’ after Bolsonaro supporters storm congress
Cyber.
Not in a million years: It can take far less to crack a LastPass password | 1Password
Mac vulnerabilities
Chick fil a breach
Windows 7 end of service
| |||
| Weekly Security Sprint EP 1. Recapping the latest all-hazards security news - ransomware, weather, hostile events, and others. | 03 Jan 2023 | 00:19:32 | |
Gate 15 is kicking off 2023 with a new weekly pod with a sprint through the latest security news, risks and new threats and some of the key focus areas for organizations to consider behind the headlines. In this inaugural episode, Dave and Andy discuss:
Ransomware:
Ransomware gang apologizes, gives SickKids hospital free decryptor: https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/
Bleeping Computer: Ransomware gang cloned victim’s website to leak stolen data, 01 Jan 2023 https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
ecrime Threat and Risk Intelligence Services https://ecrime.ch:
Verve Security: How to Prevent Ransomware in 2023, 28 Dec 2022 https://verveindustrial.com/resources/blog/how-to-prevent-ransomware-in-2023/ which is not to be confused with The Verve: https://www.youtube.com/watch?v=1lyu1KKwC74
Climate / Weather: FEMA National Preparedness Report: https://www.fema.gov/emergency-managers/national-preparedness PDF: https://www.fema.gov/sites/default/files/documents/fema_2022-npr.pdf
Hostile Events: New York City and other attacks.
New York Post: Alleged Islamic extremist who attacked NYPD cops with machete was on FBI watchlist: sources, 01 Jan 2023 https://nypost.com/2023/01/01/alleged-islamic-extremist-who-attacked-nypd-cops-with-machete-idd/
New York Post: Mass shooting at Alabama New Year’s Eve celebration leaves one dead, 9 others injured, 01 Jan 2023 https://nypost.com/2023/01/01/1-dead-9-injured-in-alabama-new-years-eve-shooting/
And cyber hygiene - software updates: WIRED: Update Android Right Now to Fix a Scary Remote-Execution Flaw
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more., 31 Dec 2022 https://www.wired.com/story/android-ios-16-windows-10-critical-update-december-2022/
| |||
| The Gate 15 Interview EP30: Brian Harrell on Energy & Infrastructure Security, plus baseball, boating & burgers! | 26 Dec 2022 | 00:49:12 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with Brian Harrell, Vice President and Chief Security Officer (CSO) at AVANGRID. Brian currently serves as the Vice President and Chief Security Officer (CSO) at AVANGRID, an energy company with assets and operations in 24 states. He is responsible for the company’s cybersecurity, privacy, physical security, threat management, and business continuity.
In 2018, Brian was appointed by the President of the United States to serve as the sixth Assistant Secretary for Infrastructure Protection at the U.S. Department of Homeland Security. He was also the first Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency (CISA). He has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats. Brian is a Board Member and Strategic Advisor to many great companies.
Brian on Twitter: @gridsecure
In the discussion we address:
Brian’s background and path from law enforcement to infrastructure, CISA to AVANGRID
Information Sharing
Preparedness and Best Practices
Evolving threats to energy and infrastructure, including hostile events, insider threats, cyberattacks and nation state threats, 3rd party risk and more
We talk baseball, burgers, and boating, plus shoutouts to some valued friends and partners!
A few references mentioned in or relevant to our discussion include:
AVANGRID. “AVANGRID is a leading sustainable energy company transitioning America toward a clean and connected future headquartered in Orange, CT, and has a footprint in 24 states with $40 billion in assets. Our primary businesses are Avangrid Networks, which serves 3.3 million electric and natural gas customers in the Northeast, and Avangrid Renewables, the third-largest renewable energy company in the U.S. with a diverse onshore and offshore renewable energy portfolio.”
WSJ Pro Research Survey: Preparedness Results, 29 Nov 2022
The Cybersecurity and Infrastructure Security Agency (CISA) release of the Resilient Power Best Practices for Critical Facilities and Sites. This document supports emergency and continuity managers with guidelines, analysis, background material, and references to increase the resilience of backup and emergency power systems during all durations of power outages. Improving power resilience can help the nation withstand and recover rapidly from deliberate attacks, accidents, natural disasters, as well as unconventional stresses, shocks, and threats to our economy and democratic system.
The Electricity Information Sharing and Analysis Center (E-ISAC)
GridEx VII – November 14-15, 2023
Space ISAC
DHS CISA on Cyber-Physical Convergence
Gate 15: Blended Threats (update 1.1): Understanding an Evolving Threat Environment (and numerous other blog posts, papers and exercises)
| |||
| Nerd Out Security Panel Discussion: EP 32. Taking stock of 2022 security surprises and making wishes for 2023. | 21 Dec 2022 | 00:42:59 | |
In the latest episode of Nerd Out, Dave, Joe and Bridget look back at 2022 to capture their top security "surprise" before looking ahead to some security wishes for 2023. While Dave was surprised with organizational responses, Joe talked about the continuous challenges the organizations face on a day in and day out basis before Bridget rained down on the holiday cheer with some thoughts on the normalization of extremist behaviors. Turning to wishes, the team looked at spreading good will by focusing on fundamentals, creating security cultures, and being aware of the various threats that are lurking out there as threat actors continue to evolve. We hope you all enjoyed the podcast for 2022 and we look forward to an exciting 2023!
Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: vssc@iavm.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/
Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
| |||
| The Risk Roundtable EP 36: Putting a bow on the year with Critical Infrastructure, Accelerationists, and Cyber Hygiene. | 06 Dec 2022 | 00:55:00 | |
In the latest episode of the Risk Roundtable, Dave, Jen, and Andy wrap up their third year together and talk through recent events and talk about ways to fight off those seeking to ruin the holiday spirit. Dave and Andy kicked things off talking about the incident at the North Carolina power substation and what it could mean given recent events (Walmart shooting, Colorado Springs) and how to look at it from a preparedness standpoint. Jen dropped down the chimney and spread holiday cheer with a double shot of cybersecurity tips talking about holiday scams (in only the way Jen can do), and passwords (don't be like Dave). Then Dave then took the group back through some of the 2022 predictions to see if they were right, needed more time, or were off base before Andy put a bow on the podcast with a holiday themed question. Some of the topics discussed on the pod:
| |||
| The Gate 15 Interview EP 29: Andy, James and Herb talk mass gatherings and event security, threats, and best practices, Thanksgiving, Tom Petty, Bob Marley and old-school hip-hop. | 28 Nov 2022 | 00:50:17 | |
In this episode of The Gate 15 Interview, Andy Jabbour visits with James A. DeMeo and Herb Ubbens on their work with Crowdguard, facility security and security best practices and more. James A. DeMeo, M.S. is a best-selling author, professional speaker, and event security expert. Mr. DeMeo brings vast experience to the public/private, non-profit, sports/entertainment, corporate, higher education & vendor management/contract analyst ecosystems. Mr. DeMeo serves as Vice President for Crowdguard US, a crowd safety solutions provider & CEO of Unified Sports and Entertainment Security Consulting, LLC., (USESC) based in Raleigh, NC. He was recognized by Security Magazine as The Most Influential People in Security 2017. Mr. DeMeo is also the author of the best-selling book, What’s Your Plan? A Step-By-Step Guide To Keep Your Family Safe During Emergency Situations. Mr. DeMeo holds professional memberships with both ASIS International and National Center for Spectator Sports Safety and Security-NCS4. He serves as a remote learning Adjunct Instructor with the following Universities: Tulane University’s School of Professional Advancement-SOPA, Jacksonville State University, Dept. of Kinesiology, Mercer University-Stetson School of Business where he teaches both graduate/undergraduate students about Event Security, Facilities and Risk Assessment. Mr. DeMeo is currently enrolled in an Online Higher Education Graduate Certificate Program at Appalachian State University-Cratis D. Williams School of Graduate Studies.
Herb Ubbens. Guiding organizations to increase their resiliency and emergency preparedness, reduce risk and provide safety and value to their clients and assets. Board Certified in Security Management (CPP) and Physical Security (PSP). SAFETY Act DHS Assessor in BPATS (Best Practices for Anti-Terrorism Security). OSHA general industry and construction trainer, safety expert and Project Manager.
In the discussion we address:
A few references mentioned in or relevant to our discussion include:
| |||
| Nerd Out Security Panel Discussion: EP 31. Elections, Holidays, and the annual holiday food draft | 14 Nov 2022 | 00:43:56 | |
In the latest episode of Nerd Out, in which Dave continues to fumble with the introduction, Joe Levy and Bridget Johnson join to talk about a smooth election day, but what could be a long, tense post-election period that will be filled with recounts, and legal challenges. As she normally does, Bridget brought in the "cheer" of how extremists are viewing the results and how it could still be used for future attacks. Joe then took a look at venue security and how organizations should be more accustomed to being prepared for these type of events. Even so, as we move into the holidays there are several challenges facing organizations to include staffing shortages as well as challenges with experience levels. Then they wrapped up the pod with a fun "holiday food draft" where the Nerds went through their favorite holiday dishes and drinks.
Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: vssc@iavm.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/
Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
| |||
| The Risk Roundtable EP 35: Talking elections, pathway to violence, and our Top 5! | 01 Nov 2022 | 00:42:08 | |
It's never a good thing when Jen takes time and leaves Andy and Dave to their own devices. With Jen away, Andy tried to cover down for her and gave a shout out to all the cyber work being down by great security practitioners. Then the boys dug into hostile events and some of the challenges that individuals and organizations can face, even when they do the right thing. At the same time, there are also inherent responsibilities that we all have in identifying behaviors or contributing to a threat actor's pathway to violence by inaction (Michigan school shooting). Dave and Andy then talked about the upcoming election and all the work that is going to make safe and secure elections. However, there are also some potential risks that could occur in the aftermath. Finally, Dave and Andy have some fun talking about their top 5 (or 50) movies that they just can't turn off when they happen to see them on. Some of the areas covered on the pod include:
| |||
| The Gate 15 Interview EP 28: Talking election security, tea and baseball, with Scott Algeier | 24 Oct 2022 | 00:41:39 | |
In this episode of The Gate 15 Interview, Andy Jabbour welcomes back Scott Algeier to discuss the work he’s doing with IT-ISAC and the Elections Industry Special Interest Group to help ensure, safe, secure, and reliable elections. Scott Algeier, who was on the Gate 15 interview earlier this year, is the Founder, President and CEO of Conrad, Inc. Cybersecurity Consulting. “Scott C. Algeier works at the intersection of cybersecurity policy and operations. He is the Founder, President and CEO of cybersecurity consulting firm Conrad, Inc., Executive Director of the Information Technology – Information Sharing and Analysis Center (IT-ISAC). Conrad, Inc. provides strategic policy and business consulting services to businesses and not for profit organizations focused on cyber security and critical infrastructure protection (CIP). Scott engages senior level policy makers in industry and government, domestically and internationally, on behalf of his clients. This includes direct engagement in the development of the nation’s most significant domestic cybersecurity and CIP policies and operational plans.” From his LinkedIn bio. To learn more about Conrad, Inc, visit the Conrad website and connect on Twitter and you can follow and learn more about Scott on LinkedIn.
In the discussion we address:
What the IT-ISAC and the Elections Industry Special Interest Group (EI-SIG) are doing to help ensure safe, secure, and reliable elections.
Who is involved in the SIG.
The SIG’s mission, including Learning from Coordinated Sharing, Planning for Major Attacks or Incidents, and Enhancing Cybersecurity Protections.
The EI-SIG’s industry framework for a coordinated vulnerability disclosure program.
Scott returns to play three (more!) questions.
A few references mentioned in or relevant to our discussion include:
Conrad website: https://www.conradinc.biz
The IT-ISAC You Tube Channel with the Advancements TV segment IT-ISAC: https://www.youtube.com/itisac
IT-ISAC: https://www.it-isac.org
Elections Industry Special Interest Group (SIG): https://www.it-isac.org/ei-sig
The Gate 15 Interview: Scott Algeier on information sharing, critical infrastructure, cybersecurity & more! https://gate15.global/the-gate-15-interview-scott-algeier-on-information-sharing-critical-infrastructure-cybersecurity-more/
IT-ISAC Partners with Elections Infrastructure Sector Coordinating Council to Launch Threat Information-Sharing Group, 08 Aug 2018: https://130760d6-684a-52ca-5172-0ea1f4aeebc3.filesusr.com/ugd/b8fa6c_765f03ef0e584e7ca6819b41b7d16847.pdf
FireWall Chats Episode 10, Pt. 1 - EI-SIG Members Eric Coomer, Sam Derheimer, and Brian Hancock: https://www.youtube.com/watch?v=Vqk-EiT5qZA&t=303s
FireWall Chats Episode 10, Pt. 2 - EI-SIG Members Keir Holeman, Ed Smith, and Chris Wlaschin: https://www.youtube.com/watch?v=QpSZTX8cEWY
IT-ISAC EI-SIG Two Years Of Progress White Paper, August 2020 (PDF): https://130760d6-684a-52ca-5172-0ea1f4aeebc3.filesusr.com/ugd/b8fa6c_1633ac012a1148eca2bf9dbaf3c965e9.pdf
If anyone has any questions on some of the work being doing by the FBI, CISA and others to help secure elections, or about some of the recent open source reporting regarding threats, please contact our team and we can provide a number of links.
| |||
| Nerd Out Security Panel Discussion: EP 30. Dave going solo talking Elections and Manifesto Impacts | 20 Oct 2022 | 00:42:05 | |
In the latest episode of Nerd Out, Dave went without the panel and talked about two topics - Election preparedness and the impacts of a recent attack, specifically analyzing the manfesto from the threat actor in the recent Bratislava attack. Tackling the upcoming U.S. midterm elections, Dave talks through some of the key considerations for individuals and organizations and about the various risks not just leading up to the election, but after as well. Then Dave transitioned to talking about the recent attack against a LGBTQ business in Bratislava and the information that was gleamed from the manifesto. Particularly interesting was the inspiration that was gained from the Buffalo attacker in May. Referencing work by Nerd Out alumni Bridget Johnson, Dave talked through the importance of this analysis and then how it could be used by another threat actor in the future. Dave then wrapped up the pod (technical difficulties aside) with some mailbag questions related to weather preparedness and gaining leadership buy-in. Referenced in the pod: https://www.hstoday.us/featured/slovak-who-attacked-gay-bar-credits-buffalo-shooter-with-giving-him-final-nudge/ | |||
| Venue Security, The IAVM Podcast Series EP 6: Throwing down the gauntlet with Brendan Farley as we discuss the art and science of crowd management. | 08 Jul 2024 | 00:38:40 | |
In this episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Brendan Farley, Vice President of Operations & General Manager, San Diego Theaters.In the discussion we address:
“Safety and security is definitely a team sport.” – Brendan Farley, during our podcastAs discussed in the pod, for additional discussion on this topic, see: | |||
| The Cybersecurity Evangelist: Ep 22 – See Yourself in Cyber, the Cybersecurity Awareness Month 2022 Edition with Chris Foulon | 12 Oct 2022 | 00:42:55 | |
TCE talks Cybersecurity Awareness Month 2022 and Seeing Yourself in Cyber with Chris Foulon of the Breaking into Cybersecurity podcast. Resources and Mentions (it’s a long list, but we love to share resources and other’s great work)
Not mentioned in this podcast, but a couple of relevant (CS)²AI podcasts hosted by @Derek_Harp that I came across after – I hope they don’t mind the mentions!
| |||
| The Risk Roundtable EP 34: Awareness Month Alphabet Soup, Upcoming Festivities, and a Spicy Debate | 04 Oct 2022 | 00:42:10 | |
On the latest episode of the Risk Roundtable, Andy leads Dave and Jen through a discussion of the various awareness campaigns and how these efforts do a great job of providing resources and materials for all organizations, big and small. Focusing first on Cybersecurity Awareness Month that is ongoing in the month of October, Jen talked through the messaging, the themes (See Yourself in Cyber) and the importance of each of us doing our part. Later in the podcast, Dave shared his thoughts on National Insider Threat Awareness Month that concluded in September and the theme of Critical Thinking for Digital Space and how everyone can do their part. The team also talked about security preparedness for the upcoming holidays. Andy capitalized on the discussion to talk about security awareness and mindfulness to appreciate, regardless of who you are and what your beliefs are. To cap off the episode, Andy took the roundtable through his three questions to include the always spicy debates on pumpkin pie and pumpkin flavored drinks. Microsoft Exchange links:
Additional links include:
| |||
| The Gate 15 Interview EP 27: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC! Plus, background! shout-outs!! favorite movies, tigers, and more!!! | 25 Sep 2022 | 01:25:36 | |
In this episode of The Gate 15 Interview, Andy Jabbour speaks with National Cybersecurity Alliance Executive Director, Lisa Plaggemier, Automotive ISAC Intelligence and Analysis Operations Manager & Vice Chair for the National Council of ISACs, Josh Poster, and FS-ISAC Senior Director, Strategic Partnerships, Bridgette Walsh, about Cybersecurity Awareness Month 2022!
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a proven track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa has held leadership roles with the Ford Motor Company, CDK, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
Twitter: @LisaPlaggemier
Josh Poster is the Intelligence and Analysis Operations Manager for Auto-ISAC. In that role he also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long time leader in the ISAC and homeland security communities.
Bridgette Walsh is the Senior Director, Strategic Partnerships for the Financial Services-Information Sharing Analysis Center (FS-ISAC). Prior to her arrival at the FS-ISAC, Bridgette supported the Department of Homeland Security (DHS) mission since its inception in 2003 and has led various leadership positions within cybersecurity strategy and stakeholder engagement. She most recently served as the Deputy Assistant Director (A) for Stakeholder Engagement for the Cybersecurity and Infrastructure Security Agency (CISA) including standing up the 6th Division within CISA. She also served as the Chief of Staff for the Cybersecurity Division (CSD) in CISA and as the Senior Counselor for Cyber to the CISA Director providing strategic guidance and counselor on cyber issues for the Agency. While leading Partnerships & Engagement for the CSD Stakeholder Engagement and Cyber Infrastructure Resilience Sub-Division (SECIR) she oversaw the Departments’ development and delivery of the President’s Executive Order 13800 Critical Infrastructure deliverables and all major partnership engagements. See additional background on Bridgette below.
In the discussion we address:
The great organizations our guests belong to!
Background on Cybersecurity Awareness Month
DHS’s history and role with Cybersecurity Awareness Month
Cybersecurity Awareness Month 2022
The role of the NCI and individual ISACs in message amplification
Multi-factor authentication!
Strong passwords and password managers!
Updating software!
Recognizing and reporting phishing!
Books, movies, tigers and dogs, and our guests answer when they’d like to be in time!
A few references mentioned in or relevant to our discussion include:
Website Link: https://staysafeonline.org
Cybersecurity Awareness Month
Learn more about the National Cybersecurity Alliance’s Cybersecurity Awareness Month Champion program at https://staysafeonline.org/champion. Are you a Cybersecurity Awareness Month Champion yet? Sign up today to receive your toolkit of free infographics, social media posts, tip sheets and more! Join in helping everyone stay safe online. #BeCyberSmart
Facebook: Staysafeonline
Instagram: @natlcybersecurityalliance
The Financial Services Information Sharing and Analysis Center (FS-ISAC)
Automotive Information Sharing And Analysis Center (Auto-ISAC)
National Council of ISACs (NCI)
PPD-63
The Gate 15 Interview: Scott Algeier on information sharing, critical infrastructure, cybersecurity
| |||
© My Podcast Data