Dark Rhino Security Podcast

#SecurityConfidential #DarkRhinoSecurity Brandon Keath joins host Manoj Tandon on this week's episode of Security Confidential. Apart from being a Cyber Security officer, Brandon is also the President of PA Hackers and faculty at the University of Cumberlands and Harrisburg University. Brandon shares with us a bit about his gaming background along with his thoughts and suggestions for people wanting to start a career in Cyber.    00:00 Introduction  06:00 There’s no better teacher than failure  08:25 Vulnerabilities in the Gaming industry  12:18 Cyber background  19:44 How to look at Risk?  28:15 The cost-benefit analysis  39:00 Quantum computing  40:00 Getting rid of Passwords  45:00 Cyber insurance  51:00 TheHackingLab.com   To learn more about Brandon visit https://www.linkedin.com/in/brandon-keath/  You can check out The Hacking Lab at https://thehackinglab.com/ and https://www.youtube.com/channel/UC6vzWXOOw-hV8iuOYATPm4A  To learn more

Dennis Underwood joins host Manoj Tandon in this episode of Security Confidential. Dennis shares about his military background and how he turned to cyber to help shape his career. He is an Veteran, Father, Cryptographer, Threat Hunting Expert, and Ransomware Expert. Among his 10 years of combat experience, Dennis also has over 20 years experience being an Entrepreneur.     00:00 Introduction  01:00 Military Background  10:50 A Career in Cyber  11:50 Ransomware  16:13 Executive perspective  21:46 The Cloud and How it affects you  25:30 Speed bump Security  27:07 Rate of Encryption   31:30 Cyber Crucible  39:00 Chaos Monkeys  42:40 B-Sides PGH  45:22 Outro   To learn more about Dennis visit https://www.linkedin.com/in/dennis-underwood/  Be sure to check out https://www.cybercrucible.com/  To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com

Mia Landsem joins host Manoj Tandon in this episode of Security Confidential. From Norway, Mia discusses how a series of unfortunate events led into an astonishing Career choice. Mia has used her skills in cybersecurity to help many people. She has focused her attention on image abuse which led to a nomination in 2021 as Cybersecurity Women of The Year. She is a best selling author, has numerous TV appearances, lectured at over 300 schools, and has helped train law enforcement on pursuing criminals posting pictures of minors. 00:00 Introduction  01:16 How Mia got into Cybersecurity  03:17 Making The Olympic Team  04:27 Learnings from sports training applied to cybersecurity  07:20 Advice on Cyberbullying  09:30 Law enforcement response to Cyberbullying   11:00 The Law and illicit pictures of minors  16:54 Using Cyber knowledge to stop Image Abuse  22:21 Changing the Laws on Image Abuse  24:14 Working with the Police   29:51 Cybersecurity Woman of the Year &nbs

Laura Tich, founder of SheHacks_KE and Cybersecurity Women of The Year Nominee joins host Manoj Tandon on this episode of Security Confidential. Laura along with SheHacks_KE has helped over 400 people on their Cybersecurity Career journey. She discusses: 00:00 Introduction 01:30 What led to the nomination of Cybersecurity women of the Year? 03:27 Why focus on Information Security 05:40 High tech environment in Kenya 08:20 The work of SheHacks_KE 10:44 Cybersecurity threats Kenyan business face 13:30 Cybersecurity awareness in Kenya 15:16 Personal security challenges 17:14 The people impact of SheHacks_KE 18:37 Ransomware impacts in Kenya 22:00 Providing defense in depth to organizations in Kenya 26:15 Supporting SheHacks_KE

Sean Sweeney is a frequent author and speaker on cybersecurity. In this episode of Security Confidential Sean talks about cloud security. He has a deep background in cloud security. Sean currently leads the Field CISO and Cloud Security Advisor group within Oracle North America Cloud Engineering.  In his prior role Sean was with Microsoft where he was the Global Chief Security Advisor. Sean is a previous Chief Information Security Officer at the University of Pittsburgh, and Litigation Support Applications Manager for the U.S. Department of Justice. Sean began his career as a Database Administrator for ExxonMobil and the U.S. Department of the Interior. 00:09 Sean Sweeney’s Background  01:38 From DB Admin to CISO  05:00 Helping Dave Hickton prosecute cyber criminals  06:52 The future of cybersecurity  07:20 SAS, PAS, IAS-Your responsibilities in cloud cybersecurity  13:33 If IP is exfiltrated from the cloud app, whose responsible?  14:30 What gets popped in the cloud environ

#SecurityConfidential #DarkRhinoSecurity Strategist and best-selling author Michele Wucker coined the term “gray rhino” for obvious, probable, impactful risks, which we are surprisingly likely but not condemned to neglect. The metaphor has moved markets, shaped financial policies, and made headlines around the world. It became a frame for the ignored warnings that led to the COVID-19 pandemic and a lyric in a hit BTS single about depression. Michele’s 2019 TED Talk has attracted 2.5 million views. She is the author of four books including the global bestseller THE GRAY RHINO: How to Recognize and Act on the Obvious Dangers We Ignore; and the new book YOU ARE WHAT YOU RISK: The New Art and Science of Navigating an Uncertain World. A former media and think tank executive who began her career writing about emerging market finance, Michele is founder of the Chicago-based strategic advisory firm, Gray Rhino & Company. She speaks regularly to high-level audiences on risk management, the global economy, and deci

Naomi Buckwalter joins Security Confidential as a guest on this episode. Naomi has over twenty years of experience in Cybersecurity, two degrees from Villanova, and has worked at great companies like Vanguard. She brings her wealth of knowledge on Cybersecurity and discusses all the foundational elements of a great cybersecurity program from hiring the right people, Cybersecurity's effects on everyday life, shifting left in Cybersecurity to enhance it, using Cybersecurity as a revenue generator, all the way to quantifying risk and explaining it to the C-Level. There is something in this discussion for everyone interested in Cybersecurity. 00:00 Introduction  01:18 The demand gap in Cybersecurity for personnel  12:06 Cybersecurity bleeding into everyday life   19:11 Gatekeeper and created hindrances in Cybersecurity  19:45 Crafting a defense in depth architecture  23:00 The importance of explaining of the why in Cybersecurity to people  25:00 Christian Espinosa The Smartest Person

#SecurityConfidential #DarkRhinoSecurity  Charles Herring, CTO of witfoo, joins this episode of Security Confidential. Charles started his career in Information Security in 2002 with the US Navy, serving as the Network Security Officer at the US Naval Postgraduate School. Charles has been a contributing product reviewer for InfoWorld Magazine and spent 7 years running Herring Consulting a firm dedicated to process orchestration. Charles is dedicated to maturing the craft of Infosec. 00:00 Introduction  02:12 Getting a start in Cybersecurity and transition to civilian life   13:22 7 unstable conversations in Cybersecurity  14:40 Establishing a unit of work-increasing deterrence  20:04 Law Enforcement success with cyber crimes-Sharing Information  24:34 How to vet the quality of Threat Intelligence  26:47 Dealing with the Unknown-Unknowns-Zero Day Attack  33:26 1st unstable conversation-understanding all the data from the toolsets  36:36 2nd unstable conversation-man

Manoj Tandon, one of the founders of Dark Rhino Security, appeared on Pittsburgh Technology Council's TechVibe Radio on ESPN 970. This is a complete repost of the show which is wholly owned and operated by the Pittsburgh Technology Council. The Mythbusting in Cybersecurity starts at time marker 15:55. Please subscribe and leave your comments.

#SecurityConfidential #DarkRhinoSecurity Fredrik Oedegaardstuen joins Dark Rhino's Security Confidential to discuss Open Source software in cybersecurity. Fredrik the is the CEO of Shuffle, an automation platform. He has been a software engineer and has extensive experience in SOC operations in an MSSP environment. Fred discusses many topics ranging from monetizing open source software, myths with open source, architecture and design, silver bullets in cybersecurity, and provides cautionary advice. 02:34 Why Tokyo  04:13 Open source and cybersecurity  06:37 Monetizing Open Source Software  12:17 Myth of Open Source tools being not that secure  13:29 Shuffle-The security automation platform  18:40 Architecture of Shuffle inspired from the NSA  26:21 Integration of disparate systems  32:26 Tools and Silver Bullets in Cybersecurity  34:09 Does the role of the analyst change with Shuffle?   40:04 Cautionary advice on automation Frikkylikeme is Fredrik's Twitter Handle

Hans Vargas Silva joins this episode of Dark Rhino Security's Security Confidential Podcast and Videocast. Hans is a leader in cybersecurity leader. He has extensive experience in the field. Hans has worked with Sallie Mae and is currently with Marathon Petroleum. He has a great academic background with degrees and certificates from Purdue, MIT, and Harvard. He provides his thoughts and experiences on protecting critical infrastructure from cyber intrusions, compliance and cybersecurity, giving back to the community and much more.   01:13 How Hans got into Cybersecurity  04:00 How education shapes a career in Cybersecurity  08:56 Critical Infrastructure and Cybersecurity  19:40 Compliance is a low bar for Cybersecurity  23:57 Incomplete deployments of Cybersecurity solutions   24:49 How to communicate cyber risk  29:58 The dilemma of regulators  34:44 Sharing security information with the Federal Gov’t  39:20 Contributions to infosec from academia  42:25 Givin

Amelia Jarboe appears on this episode of Security Confidential. Amelia is a Cybersecurity Controls Engineer. She has held many positions in the field of cybersecurity. She is a graduate of The Ohio State University. In addition, to her work as a cybersecurity controls engineer she is on the Steering Committee for Machine Learning and is speaking at the ISSA Central Ohio Infosec Summit. 00:00 Introduction  01:10 How Amelia got into Cybersecurity  03:57 A passion for protecting people with Cybersecurity  06:47 OSU's Cybersecurity Program  07:40 Imposter Syndrome in Cybersecurity  12:25 Compliance and Cybersecurity  15:20 Continually verifying and validating the controls in place  16:17 Top metrics in Cybersecurity  17:47 A technique to convince decision makers about cyber spend  21:25 Controls to begin a Cybersecurity program with-Spikes and Gaps  26:38 Guidance on frameworks in Cybersecurity  30:20 Cybersecurity is an everyone problem  32:27 Individua

Ilya Bodner joins us on Security Confidential. Ilya is the found and CEO of Bold Penguin a highly successful technology company serving major insurance companies. Ilya has created a great company and achieved great success. He has received much recognition including business executive of the year and Columbus Business First 40 under 40 Class of 2019. In this episode Ilya discusses: 01:34 Journey from Russia to the CEO of Bold Penguin 05:00 Partner/Co-Founder Relationships 09:03 Three legs of the stool for business success 14:25 Lessons from working with VCs 17:40 How to land your first customer 23:26 Origins of the name Bold Penguin 26:00 Why pick insurance as the prime sector for a tech startup? 28:53 Competing with insurance companies on their own products 32:14 Is cybersecurity a business problem or an IT problem? 35:47 Making cybersecurity accessible to SMBs 36:37 Should cyber insurance be tied to effectivity of implemented controls? 39:40 What does a startup enthusiast do next? 41:25 Career opportunitie

Samara R. Williams

Ross Young joins us on Security Confidential to talk about cybersecurity. Ross is the CISO of Caterpillar Financial Services Corporation, a lecturer at Johns Hopkins University, and the Co-Host of the CISO Tradecraft podcast, and the inventor of the OWASP Threat and Safeguard Matrix. Ross is also a veteran of CIA and NSA. 00:00 Introduction  00:55 How Ross became CISO of Caterpillar Financial Service  03:04 Scholarship for Service  04:10 Foreign cyber espionage capabilities  07:01 The elusive identity online  07:50 Compliance frameworks = great cybersecurity?  12:47 Can cybersecurity be used for revenue generation?  20:30 Learning from vendors selling in cybersecurity place  22:55 Vulnerability management in the cloud  27:02 How do you develop a resilient software system  31:50 OWASP Threat and Safeguard Matrix  37:58 Accounting for The X-Factor and Zero Day threat in cybersecurity  41:45 CISO Tradecraft The videocast for this episode To learn more

We are joined by Rob Oden for a discussion on cybersecurity. Rob is an Air Force veteran and has over 16 years of experience in cybersecurity and is a practicing security architect. This is part 2 of our interview with him. Rob provides insights into the many issues prevalent in cybersecurity and relevant to anyone serious about making their cyber environment safer.   00:00 Introduction  01:50 Why does being compliant not equate to great cybersecurity?  13:53 No good deed goes unpunished  16:50 Technology vs Process in cybersecurity 21:45 The Prevention Paradox  28:54 Gov't Policies addressing cybersecurity  34:41 Cybersecurity business problem or an IT Problem?  37:37 Should the office of the CISO be separate from IT?  40:26 How to quantify cybersecurity risk? 44:08 The insider threat and the executive order governing it?  54:10 How to leverage the most underutilized cybersecurity asset?  01:00:20 Vulnerability management  01:07:18 Rob's favorite cyberse

Host: Manoj Tandon Guest: Chad Weinman The FAIR way to assess cybersecurity risk is discussed in this episode of Dark Rhino Security's Security Confidential. Chad Weinman is the VP of Professional Services at Risk Lens. Risk Lens is a software company that has codified the FAIR based approach to assessing cybersecurity risk. Chad has performed many consulting engagements helping clients quantify cyber risk. 00:00 Introduction 00:47 Is Cybersecurity Risk used in a cavalier way? 03:16 What are the ground rules for discussing cybersecurity risk? 05:53 Does the disaster recovery plan cover all the risks? 07:30 Are regulators considered threats? 09:03 Compliance does not correlate to cybersecurity 14:20 What is FAIR? 17:59 Layman's approach to risk 28:00 Is a single risk score of any relevance? 32:20 Companies that have direction with a FAIR analysis of risk 37:40 Chad's information for cybersecurity practitioners To learn more about Chad Weinman https://www.linkedin.com/in/chadweinman/   To learn more about

Rob Oden joins us on Security Confidential for a two part series. This is part 1 and he is going to discuss with us his personal journey from humble beginnings to a great cybersecurity architect. He shares his story and the many challenges he faced and qualities of people wanting to create success for themselves in the field of cybersecurity.  The topics discussed in this episode are: Journey from humble beginnings to cybersecurity architect First exposure to cybersecurity Taking responsibility and owning it The crab effect Is a traditional computer science path necessary for cybersecurity? The transition from Military to Civilian life The soft skills for a great career Check in with yourself-have a true North Be comfortable with being uncomfortable Rob can be found on linkedin https://www.linkedin.com/in/robertoden/ Manoj Tandon can be found linkedin https://www.linkedin.com/in/manoj-tandon-drs/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com The video cast for this episo

Dark Rhino Security's Security Confidential is hosted by Manoj Tandon who is joined by guest Rob Duhart Jr. He has many years of experience in cybersecurity having worked at the Department of Energy, NSA, FBI, Ford Motor Company's Red Team, and is currently the head of Federated Security for Google.  Rob discusses: Formative experiences with the FBI and APT's, the best and most frequent bad actors, inspiration to get into cybersecurity, builders and breakers in cybersecurity, finding the genius in cybersecurity, cybersecurity as the great equalizer, bug bounty, hiring cybersecurity professionals at firms like Google, Microsoft, and Facebook. Rob also discusses cybersecurity as a business problem, quantify risk, an over reliance tools, the biggest cybersecurity asset in a company, the impact of Covid 19, unified IAM, and spirituality. Rob's twitter handle is @robduhart He https://www.icmcp.org/ and https://sharethemicincyber.splashthat.com/ To learn more about Dark Rhino Security visit https://www.darkrhi

Jeff Manhardt joins us for episode 11 of Season 3 of Dark Rhino Security's Security Confidential. Jeff is the chief project officer at Kaleida Health, president of the PMI Buffalo Chapter and an adjunct professor at Daemen College. Jeff believes in the art of the possible and the power of the why.  Jeff shares his insights on project management, cybersecurity, future direction of PMI with us. 00:46 The Power of the Why and the Art of the Possible 03:50 How has the Pandemic affected project management 05:40 Regulatory mandates and issues as result of Covid 19 07:53 Telehealth and change management 09:31 How to make cultural change happen 11:37 Have the metrics changed by which projects are measured 12:57 The future of of project management techniques 15:50 Collisions are important 16:54 How should cybersecurity be incorporated into Project Management 17:55 Is cybersecurity a business problem or IT problem? 18:49 Has cybersecurity taken a back seat in healthcare? 20:57 Project Management Institute'