SC 106: David Cass, Global CISO IBM Cloud & SaaS, and David Rooker, CISO Actian Corp, Discuss Today's Greatest Security Threats
In the series brought to you by Security Current and Intersections IT Security ONE2ONE Summit and you will hear CISOs discuss today’s most critical issues in IT Security. This episode features David Cass, IBM Cloud & SaaS Global CISO, and David Rooker, Actian Corporation CISO, who discuss the most prevalent attack vectors today, from email to ransomware with the Internet of Things (IoT) increasingly becoming a high security issue. In this podcast you’ll hear about how the IoT brings great benefits while exponentially expanding the opportunity landscape for bad actors. You’ll also hear what Rooker is doing to enable business processes while bolstering security. They also touch on the need for qualified security personnel and how to find the right candidates.
18 Aug 2016
SC 44: FBI Views on Cybersecurity
The recent US Presidential Directive along with White House statements on cybersecurity have brought new energy to law enforcement approaches against cybercrime. Sharing threat data within the public and private partnership is becoming increasingly important as work continues to mitigate security breaches. In this podcast, Security Current's Vic Wheatman speaks with FBI Assistant Special Agent in Charge for San Francisco's Cyber Division Malcomb Palmore about the evolution of cyber threats, cyber terrorism, industrial espionage and the FBI's focus.
18 Feb 2015
SC 47: Cloud Security Monitoring, Cloud Access Security Brokers and MSSPs
Monitoring new cloud environments for adequate security is challenging, particularly when trying to determine which approach might be best. Most Managed Security Service Providers (MSSPs), while "out there" in someone else's data center, are not operating from the cloud and are not necessarily the right choice for monitoring the security of cloud instances. Organizations have a responsibility to manage the relationship when MSSPs are used or money could be wasted. Emerging between the enterprise and the cloud are Cloud Access Security Brokers or CASBs. These topics are explored in this discussion between Security Current's Vic Wheatman and Gartner Research Vice President Dr. Anton Chuvakin.
4 Mar 2015
SC 105: Part 3- CISO of IBM Cloud & SaaS Speaks with Spirent on Medical Device and Autonomous Car Hacking
In part three of the conversation David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application discuss the potential hacking of medical devices and automated cars. In this Spirent-sponsored podcast, Weinschenk explains how they worked with a surgeon to hack a medical device. He also talks about a second hack they conducted on an autonomous car that allowed them to take control of the systems and vehicle itself. They discuss what needs to be done to secure these Internet of Things (IoT) devices and how manufacturers need to start thinking about how these systems can be exploited.
11 Aug 2016
Most Popular Podcasts
SC 104: David Cass, CISO IBM Cloud & SaaS, and David Mahon, CSO CenturyLink, Discuss the Most Common Threats Hitting Businesses Today
In this conversation with Security Current podcast host David Cass, Global CISO IBM Cloud & SaaS, David Mahon, CenturyLink Chief Security Officer, discusses what he sees as two of today’s critical security issues and how to tackle them. Mahon points to phishing and ransomware as the most prevalent types of attacks he is seeing in the industry. The two executives talk about the importance of security awareness training and Mahon provides tactical approaches to reduce the likelihood of a successful breach. They also discuss metrics, ROI and best practices for reporting to the board.
10 Aug 2016
SC 45: The Security Hits Keep Coming
Some research suggests that 97 percent of organizations are already compromised, according to former Gartner analyst Eric Ouellet. And according to Ouellet the hackers are smarter and more persistent than ever, often having a better understanding of an organization's particular computing environment better than its owners. Recorded on the streets of San Francisco with Security Current's Vic Wheatman, Ouellet who is currently VP of Strategy for Bay Dynamics says that hackers will find a way to get inside an organization's network even if it takes a long time. There is only so much you can do to protect your environment, Ouellet adds and points to credit card companies use of anomalous behaviors as where the industry needs to head to mitigate attacks.
24 Feb 2015
SC 99: CISO David Cass Speaks to Spirent Communications on IoT, Ranswomware and More
CISOs can never reduce risk to zero. As technology development increases at a lightning speed with the Internet of Things (IoT) bringing more Internet-enabled devices daily and the cloud becoming more pervasive, what can and should be done? CISO David Cass, IBM Cloud and SaaS, speaks with John Weinschenk, , general manager enterprise and network application security of Spirent Communications, about some of the biggest threats facing enterprises as a result of these trends. Listen to this sponsored podcast as David and John, discuss ransomware, including hacker help desks, and the Internet of Things, including the potential for your refrigerator to attack you. They talk about some of the top things enterprises need to do from patching systems to testing to awareness to bolster their defenses.
21 Jun 2016
SC 125: Ron Green, Mastercard Executive VP & CISO, Talks New Technologies, What Keeps Him Up at Night and Provides Recommendations to His Peers
Mastercard is a technology company in the global payments industry which operates the world’s fastest payments processing network, connecting consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. Mastercard’s products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more efficient and secure for everyone. As Mastercard’s Executive Vice President and CISO, Ron Green is responsible for upholding that mission. In this podcast, Green, a security visionary responsible for both cyber and physical security, speaks with David Cass, Global Partner, Cloud Security and FSS CISO at IBM, about what Mastercard is doing to ensure the promise of security not only today but in the future. Green talks about new technologies and processes, what keeps him up at night, and he provides recommendations to his peers.
9 Oct 2017
SC 122: CISO David Cass Talks Cloud Adoption and Security
Enterprises are increasingly adopting cloud strategies. Despite this, adoption has been impacted in some cases due to cybersecurity concerns. In this podcast, David Cass, the Global Partner, Cloud Security and FSS CISO at IBM reviews the state of cloud adoption and security with Mike Schuricht, Senior Director of Product Management at Bitglass, a cloud access security broker. The two experts discuss how cloud is taking off and that despite security being a key concern of CISOs, with the right protections and solutions in place, cloud can be highly secure. In this Bitglass sponsored podcast, the two touch on critical control areas and what CISOs should take into account when adopting and maintaining a cloud strategy.
6 Jun 2017
SC 126: Tufin Talks Increasing Security and Agility Through Security Policy Orchestration
Enterprise networks grow more complex by the day. With hundreds to thousands of firewall rules, devices and routers across on-premise and hybrid cloud environments, it is difficult to have visibility into the security policy change process. This complexity, combined with the increasing rate of change, leads to vulnerability in the network. In addition, business owners need to have applications provisioned quickly but have little consideration as to the security implications of their requests. In this Tufin sponsored podcast, David Cass, the Global Partner, Cloud Security and FSS CISO at IBM, discusses with Sagi Bar-Zvi, Tufin’s Solution Architect for the Americas, the benefits to CISOs of automating security policy orchestration. The two talk about how it delivers agility while verifying change requests – sometimes hundreds per day – will not cause a security breach once made.
7 Nov 2017
SC 20: Securing the Branch Location and Remote Site
BLACK HAT SERIES 2014 Hackers continue to go after the easiest target -- the branch or remote office be it a gas station, retail store, bank branch, local health clinic or the like. Armed with the knowledge that organizations are increasingly distributed and most organizations' budgets are allocated to headquarters, a branch or remote office often provides an easy access point for attackers. Vic Wheatman speaks at Black Hat with Dave Porcello, CTO and founder of Pwnie Express about what kinds of attack the organization should actually be concerned about. Is it the advanced persistent threat or is it that unknown rogue access point? As you'll hear from Porcello, your organization may have unbelievable security 99 percent of the time but it's that one computer, or air conditioning duct, that often opens the door.
11 Aug 2014
SC 17: Sex Tapes, Cloud and Security
A recent movie shows what happens when a private video goes "up into the cloud" for everyone to see. The movie is called "Sex Tape." A memorable refrain from one of the characters in the movie is "Nobody Understands the Cloud." securitycurrent's Vic Wheatman speaks with cloud expert JD Sherry of Trend Micro about the controls and protective services organizations should implement to protect their cloud-based applications. Sherry, Trend Micro's VP of Technology and Solutions, notes that by 2014 some 51 percent of workloads will be processed in the cloud, pointing out that organizations are seeing the benefits of the adoption of these huge cloud-based services. The also examine the importance of security and privacy and note real-world instances of just what can happen in a cloud ecosystem.
9 Jul 2014
SC 66: Using User Behavior Intelligence To Identify Account Takeovers
Massive database breaches have resulted in millions of user identification and authentication profiles being compromised. Identifying unauthorized attempts to access systems or accounts is a basic requirement for financial institutions, etailers, retailers, healthcare provides and other enterprises. Knowing the difference between employee and attacker behavior is key to avoiding security alert fatigue and using scarce resources to parse the good from the bad access attempts. Further, collecting information about rogue takeovers for forensics purposes is a a good idea. Security Current's Vic Wheatman speaks on these issues and others with Mark Seward, Vice President of Marketing for Exabeam in this sponsored podcast.
14 Jul 2015
SC 81: Addressing the Growing Cybersecurity Threat in 2016 with Jason Witty, U.S. Bancorp CISO
The overall cost of cyber crime in 2015 to the world economy as a whole was estimated at a conservative $575 billion, according to research. Breaches are growing in number and sophistication. According to Jason Witty, Executive Vice President and CISO at U.S. Bancorp, there are five major sources of information security threats and they are continuing to evolve dramatically. He identified five high-level classifications which include: insider threats, organized crime, hactivists, terrorists, and nation states. But as Witty tells Security Current’s Vic Wheatman there is a light at the end of the tunnel. Using security frameworks and taking advantage of new legislation that supports threat information sharing among organizations are some of the most viable approaches to combating the increasingly sophisticated and emerging threats. Hear about these topics, as well as the growth in business email compromise, in this conversation.
23 Dec 2015
SC 120: DocuSign CISO Discusses the Human Element of Incident Response
The volume of threats and attacks most security teams face daily can leave them overworked and fatigued, operating in what DocuSign CISO Vanessa Pegueros has identified as level one trauma – a sort of cyber PTSD that can put organizations at risk. In this podcast, Pegueros talks with David Cass, IBM Cloud & SaaS Global CISO, about her four-part series in Security Current that explores the human element of incident response and how CISOs can identify and resolve trauma in the organization. They also discuss the Board’s role in incident response and why being quick to fire after a breach may not always be the most effective approach. Read the series: Read Part OneRead Part TwoRead Part ThreeRead Part Four
28 Feb 2017
SC 40: A Small Company Takes on the Devil Inside the Beltway
LabMD processes medical specimens. One day, a security services company emailed them advising that its patented searching software, which looks for problems caused by peer-to-peer applications, found a file with sensitive information. The security company offered its services at $475 an hour in what was interpreted as a shakedown. LabMD refused to play and refused to pay, choosing to mitigate the problem themselves. The security company turned over its finding to the Federal Trade Commission (FTC) leading to a multi-year, resource-draining battle by LabMD to try prove that they did nothing wrong. Security Current's Vic Wheatman spoke with LabMD's CEO Mike Daugherty, author of The Devil Inside the Beltway: The Shocking Expose of the US Government's Surveillance and Overreach into Cybersecurity, Medicine and Small Business. Daugherty talks about taking on a government bureaucracy over matters of principle. Also, read Security Current's Richard Stiennon's review of Daugherty's book.
6 Jan 2015
SC 21: Yale New Haven Health System Cyber Security Case Study
YALE NEW HAVEN HEALTH SYSTEM CASE STUDY With an increase in cyber attacks across industries, and in particular healthcare with medical-related identity theft accounting for 43 percent of all identity thefts reported in the United States last year according to the Identity Theft Resource Center, managing risk has never been more pressing for organizations. With risk growing daily and the consequences -- both in terms of data loss, patient and employee confidence and potential fines -- looming large, one healthcare organization that takes cyber security seriously is Yale New Haven Health System. Steve Bartolotta, who heads the health system's information security and risk management program talks about the challenges facing organizations today across verticals and what measures he recommends taking. In this podcast with securitycurrent's Vic Wheatman, Bartolotta talks about the actual tools he uses to support Yale New Haven's risk management system and what he has gained.
18 Aug 2014
SC 62: Augmenting the Past with Network Forensics
Most "new" security technologies use functions and features developed years ago. Network Forensics applies machine learning, automating detection functions via machine-based analytics to decode and visualize relevant metadata. Accordingly, Network Forensics represents an evolutionary trend in security. Who is providing these tools and capabilities? Gartner Research Director Lawrence Pingree answers the questions in this interview with Security Current's Vic Wheatman.
5 Jun 2015
SC 67: Cloud SIEM Doesn't Really Exist - Yet
SIEM stands for Security Information and Event Management. SIEM is continuing to grow in usage but where does it stand in terms of cloud deployments and what is its cloud-based market share? Gartner's Dr. Anton Chuvakin challenges the idea that one can compute market share for "Cloud SIEM" products because they actually don't quite exist, yet. While he acknowledges that there are some "almost" SaaS (Software as a Service) SIEM products and services, true cloud-based SIEM solutions are not available. In conversation with Security Current's Vic Wheatman, Dr. Chuvakin provides a taxonomy for SIEM and describes for the definitional differences.
20 Jul 2015
SC 58: A CISO Talks Security in Healthcare
Healthcare providers have some of the most complicated environments with a multitude of systems, users and regulatory mandates. And often, according Barnabas Health CISO Hussein Syed, this leads to one of the biggest challenges, which is a misunderstood environment. There concerns over Personally Identifiable Information (PII), as well as maintaining compliance with Payment Card Industry (PCI) mandates as healthcare providers generally take credit cards. Further, because of the growing Internet of Medical Things with various equipment now networked, data leakage becomes a greater concern. And compounding this is are third party providers, from doctors to billing companies, working with healthcare providers, making security even more difficult. As you'll hear from Hussein Syed as he speaks with Security Current's Vic Wheatman while at RSA it is a balancing act to provide access while ensuring security. They speak about these and other issues.
11 May 2015