Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler
In this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety science How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the founder of Secure Mentem and Chief Information Security Officer at Skyline Technology Soutions. He is the author of seven books on security, the latest of which is You Can Stop Stupid (discussed in this episode). He also has a new book in the works, Security Awareness for Dummies, which will be available in 2022.
So You Want to be a Cyber Spy? - Ira Winkler - CSP #20
CISO Stories Podcast
Ira Winkler, CISO at Skyline Technology Solutions, recounts his amazing journey from wannabe astronaught to NSA intelligence analyst, social engineer, systems hacker and author and some of the crazy things that happened along the way. Ira is considered one of the world’s most influential security professionals and has been named a “Modern Day James Bond” - a title he earned by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World, investigated cybercrimes against them, and then telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost-effective security programs and increase security awareness. Show Notes: https://securityweekly.com/csp20 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
Ira Winkler, "You Can Stop Stupid: Human Security Engineering"
CERIAS Security Seminar Podcast
While users are responsible for initiating 90%+ of losses, it isnot their fault. The entire system is what enables the losses, andthe entire system must be designed to prevent them. Drawing lessonsfrom safety science, counterterrorism, and accounting, thispresentation details how to expect and stop user initiated loss.
It's a BarCode NCSAM/ HALLOWEEN special, where I speak with established author and iconic security professional who is no stranger to disguises, deception and duplicity - Ira Winkler! We discuss security awareness, his time in the NSA, Secure Mentem, his new book "You CAN Stop Stupid", and some of his insane espionage expeditions that make James Bond look like 006. The virtual bartender social engineers a scary good Dracula Margarita.Support the show (https://www.patreon.com/barcodepodcast)
Information security is not just technical. There is a human aspect involved and fixing that is more than just identification and awareness. Our guest today is Ira Winkler. Ira is the president of Secure Mentem and the author of the book You Can Stop Stupid. He is referred to as the modern-day James Bond, given his skills both physically and technically in infiltrating organizations. Today, Ira shares with us many of his personal and professional experiences in the area of cybercrime. His valuable tips and information can change how you look at potential threats and scams. He is an expert in how to make people easy prey and how to prevent people from being easy prey. Show Notes: [0:51] - Ira graduated college as a psychology major and the only job he could get at that time was in the National Security Agency. This led him into the computer field within the military. [1:31] - He always wound up working on the human side of things. [3:03] - Ira shares his background and how he became a world-renowned penetration expert, which is a fancy name for a hacker. [5:21] - The way you break something is not the way you fix it. This is an important concept when looking at psychology. [7:01] - Psychology helps Ira exploit others but it is also important to understand when helping them. [7:55] - Telling someone the problem and then telling them not to fall for a scam doesn’t work. [8:50] - Ira and Chris discuss the recent Twitter hacks. Ira says that in this situation, anyone could have done what the hacker did because it was easy. You just have to have the questionable ethics and morals to do it. [9:41] - A lot of times, hackers and criminals are hired in various agencies including government and law enforcement because of their skills. Ira says this is very backwards and gives examples why this is “horrendous.” [11:58] - How do we get people to not fall for various types of scams? Ira says it is a very multi-layered process and gives a few examples of what can be done. [13:02] - Ira uses a comparison with terrorism attacks and how we can use that knowledge to help us protect ourselves, plan for a problem, and how to respond. [15:59] - A lot of sites other than banks and credit card companies are putting in security measures to keep people safe. But a lot of people get annoyed by security protection’s inconvenience. [17:15] - In general, most people use the same password across multiple accounts. If one user ID and password is compromised then the others are as well. [18:32] - Ira uses the real moral of the story of The Wizard of Oz: You have what you are looking for, you just don’t know it or how to use it. This is applicable to security. You have what you are looking for, but you aren’t using it. [21:38] - People have to stop being offended when people put security mechanisms in place. [23:10] - Something that bothers Ira is when real credit card companies are calling and ask for points of verification like social security numbers. This is exactly what scammers do and when real companies do this, it is hard to tell the difference. [25:43] - If somebody is injured, it is the fault of the system where the user exists. Somewhere they enabled the user to put themselves in a situation to allow them to be harmed. [27:42] - Sometimes bad grammar and poorly written scams is actually a filtering feature for scammers to filter out the people who are too smart to fall for it. Even a small percentage of people falling for a scam is still money in the criminal’s pocket. [28:44] - We need better infrastructure to protect organizations and individuals because these events cause so much money to be lost. [29:46] - Anyone who tells you there can be perfect security is either a fool or a liar. [30:19] - Anytime you have the option to add two-factor authorization, take it! Yes, it is annoying, but the consequences of not utilizing it are far more annoying in the end. [32:11] - Ira shares a story about when there was suspicious activity on his bank account. He saw the pattern and told the bank that he would work with them and law enforcement because he does this for a living. They “made a note of it,” and didn’t really do anything to stop the problem. [35:14] - Ira references a movie called Focus that is about scams, social engineering, and con-artists. [37:21] - You have to admire the minds of these criminals and the lengths they’ll go to manipulate and take advantage. [38:10] - You need to respect your potential adversaries. [39:00] - Chris and Ira discuss why the United States is different from other countries in regards to using the combination of cards and signatures versus cards and a PIN. [40:24] - How much risk can you assume as a culture? [42:13] - Chip and PIN is risk mitigation, but how much risk is it actually mitigating? [43:10] - You Can Stop Stupid, Ira’s book, is about how stupid is an effect, not a cause. It outlines what you can do now and how you respond to a problem. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Ira Winkler on LinkedIn Ira Winkler on Twitter Secure Mentem Web Page You Can Stop Stupid by Ira Winkler
It tells me that goose-stepping morons like yourself should try reading books instead of BURNING them -- Henry Jones, Sr – Indiana Jones and the Last Crusade If you like my opinions, you'll love my latest book. If youdon't like my opinions, I encourage you to buy 3 copies of the book, so you have the satisfaction of burning them. -- Ira Winkler - LinkedIN On this week’s InSecurity, Matt Stephenson speaks with Ira Winkler, president of Secure Mentem and author of multiple books, including You CAN Stop Stupid. We take a frank look at the people and systems involved in the world of cybersecurity and look to point out what is stupid about all of it and what can be done to stop stupid behavior and fix stupid systems. About Ira Winkler Ira Winkler (@irawinkler) is President of Secure Mentem and Author of the forthcoming books, You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world’s most influential security professionals and was named “The Awareness Crusader” by CSO magazine in receiving their CSO COMPASS Award. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. He and his work have been featured in a variety of media outlets including CNN, The Wall St Journal, USA Today, San Francisco Chronicle, Forbes, among other outlets throughout the world. Ira began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. He has also served on the graduate and undergraduate faculties of the Johns Hopkins University and the University of Maryland. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts, and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
This week Ira Winkler joins the show to talk about social engineering & protecting your network against the human element. My 3 main takeaways were how we need to integrate lessons from industrial safety programs into our security policies. Second, what procedures Twitter should've had in place to prevent their recent hack against high profile users as well as what the most important skill for social engineering is. For more information, including the show notes check out https://breachsense.io/podcast
Ira Winkler - Cyber Security, the Twitter Hack & "You Can Stop Stupid"
The Rohan & Max Show
Ira Winkler is an influential security professional. He has done consulting work for numerous organizations including the United States National Security Agency. He's authored several books on cybersecurity, especially human security engineering. In his latest book, You Can Stop Stupid he advocates that companies should not place the responsibility for security solely on the users.
Yes, DtSR took a week off ... we were due. This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy. Highlights from this week's show include... Ira gives a run-through on his career and what's gotten him "here" Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what reality should be Ira gives us his take on training, certifications, career paths and the like Yeah, so much more... Guest Ira Winkler ( @IraWinkler ) - This guy: https://www.linkedin.com/in/irawinkler/
Ira Winkler, Secure Mentem - Startup Security Weekly #33
Business Security Weekly (Video)
Ira Winkler is the Author and President of Secure Mentem, a company dedicated to the human aspects of security. He consults to some of the largest corporations in the world. Before joining the private sector, Ira began at the National Security Agency, where he performed in a wide variety of positions for US and foreign intelligence agencies. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!