OwlTail

Cover image of Dan Geer

Dan Geer

7 Podcast Episodes

Latest 18 Jul 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Dan Geer Interview at S4x18

@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: Unsolicited Response Podcast (LS 28 · TOP 10% what is this?)Episode: Dan Geer Interview at S4x18Pub date: 2018-02-01I had the pleasure of interviewing Dan Geer on the S4x18 Main Stage for 30 minutes. He typically speaks from prepared papers, so an interview is a bit unique, and his papers provided plenty of topics and questions. We covered a wide range of issues including: Risk: The impact of complexity and dependencies. How redundancy can increase risk against a sentient opponent. The trade off between preventing random faults and protecting targeted faults. The importance of eliminating silent failures. Even so far as raising the probability of failure if it eliminates or reduces silent failure. Business risk acceptance when society would not make the same risk decision. The need for "different" redundancy, two systems with no common mode failures. Manual is an obvious different redundancy, but can two cyber systems have no common mode failures? The growing importance of integrity. The value of patching or otherwise reducing vulnerabilities based on whether vulnerabilities are sparse or dense. The density of medical device vulnerabilities was discussed as an example. Are we going to take the path of proof of correctness and rigid change control or almost constant change? This episode was sponsored by CyberX. Founded by military cyber experts, CyberX has developed a platform that helps organizations continuously reduce ICS risk. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

40mins

17 Mar 2019

Episode artwork

Dan Geer Interview at S4x18

Unsolicited Response Podcast

I had the pleasure of interviewing Dan Geer on the S4x18 Main Stage for 30 minutes. He typically speaks from prepared papers, so an interview is a bit unique, and his papers provided plenty of topics and questions. We covered a wide range of issues including: Risk: The impact of complexity and dependencies. How redundancy can increase risk against a sentient opponent. The trade off between preventing random faults and protecting targeted faults. The importance of eliminating silent failures. Even so far as raising the probability of failure if it eliminates or reduces silent failure. Business risk acceptance when society would not make the same risk decision. The need for "different" redundancy, two systems with no common mode failures. Manual is an obvious different redundancy, but can two cyber systems have no common mode failures? The growing importance of integrity. The value of patching or otherwise reducing vulnerabilities based on whether vulnerabilities are sparse or dense. The density of medical device vulnerabilities was discussed as an example. Are we going to take the path of proof of correctness and rigid change control or almost constant change? This episode was sponsored by CyberX. Founded by military cyber experts, CyberX has developed a platform that helps organizations continuously reduce ICS risk. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.

40mins

1 Feb 2018

Similar People

Episode artwork

Interview with Dan Geer

The Cyberlaw Podcast

In our sixty-seventh episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, Michael Vatis, and Jason Weinstein are joined by Dan Geer, Chief Information Security Officer at In-Q-Tel. They discuss: this week in NSA: what’s on top this week for the 215 metadata program; border laptop searches; an FTC FOIA case; hacking airplanes in flight; FBI’s Stingray guidance; and the first anniversary of the “Right to be Forgotten.” In our second half we have an interview with Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

58mins

18 May 2015

Episode artwork

DtR Episode 100 - Security Wisdom from Dan Geer

Down the Security Rabbithole Podcast

In this episode Who is Dan Geer (just in case you live in a cave and don't know) Dan's definition of security - "The absence of unmitigatable surprise" What exactly is the pinnacle goal of security engineering? Responsibility, liability and when software fails as a result of security issues In a liability lawsuit - "What did you know, when did you know it?" The fraction of the population who could sign an "informed consent" is falling - so now what? Why ICANN is actually making all of this so much worse What do we do about "abandoned software"? Fixing security bugs in software is a tricky business...good, bad, worse Are things getting better [in security]? Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now? (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away? Guest Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer

1hr

7 Jul 2014

Most Popular

Episode artwork

Dan Geer - Episode 282 - April 5, 2012

Paul's Security Weekly

Dan Geer comes on the show to talk about security, metrics, APT, breaches, and more! Episode 282 Show Notes Episode Hosts: Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Night Jack Daniel, Security B-Sides, Most epic beard in information security. John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly EspanolAudio Feeds: Video Feeds:

49mins

10 Apr 2012

Episode artwork

Dan Geer, "A quant looks at the future"

CERIAS Security Seminar Podcast

If there is a difference between information and bits we had betterfind it soon. The bit-count is bounding upward, no one dares throwanything away, and once "search" supplants "organize" there is nogoing back. Information may or may not want to be free, but itwants to be in motion, so much so that ISPs see their future inmovie rentals and the speed of light determines how far away yourtrade submission servers can be from the Exchange and still domicro-arbitrage. Like a gas, information has to be collected,purified, and compressed to be of value, so any leak, impurity, orloss of containment is a loss of value, per se. The street price ofdrugs has a more stable floor than the street price of stolen data,the percentage of attack tools that are privately held is rising,and the workfactor for information defense is the integral of theworkfactor for information offense, yet we do not have thequantitative tools to value our information. That is possibly thekey -- quantitative information risk management that is on par withquantitative financial risk management.

21 Mar 2007

Episode artwork

Show 002: The Necessities of a Security Practitioner with Dan Geer

The Silver Bullet Security Podcast with Gary McGraw

In this episode of the Silver Bullet Security Podcast, Gary chats with Dan Geer, Chief Scientist at Verdasys.

22mins

13 Jun 2006