21 Burst results for "Seaso"
"seaso" Discussed on Startup Stories by Mixergy
"I think those organizations were able to move over fairly easily now if they weren't security conscious beforehand than well they wouldn't change anything but i look at it like an organization like us now. Obviously we're security company so there's a little biased there. We're always talking about security so be pretty embarrassing. If you're the person in the business who like did something stupid but like like for us. We just went home like nothing changed. Technically all our office was was a wi fi hotspot. We'll place for us all to hang out so So you i think for companies like that. That are either sas. Companies are working mostly in a cloud based infrastructure. So they're not they're not you know they're using my wife. For example like there's laptops wifi wifi routers and then everything else is. She cloud and you know zero and things like that like in that type of environment. I don't think the work from home thing. Is that big of a challenge. There is the insider threat fear. I mean i know. I know talking to people that work in cybersecurity roles in enterprise. That's the thing that they're trying to figure out. Because you know you can see if you have cameras in the office. People compete in cubicles. You can see if people are taking pictures of data on that but you can't really see what they're doing so like you know i i've had conversations with seaso's chief information security officers from big enterprise. What do you recommend we do about like. How do we protect. So that like if are employed goes to the washroom that their militias wife doesn't come in and start stealing stuff it's like man. That's you know. I think that we there's a certain point where you have to really screen people and i think it's easier in a small business. I think it's easier in a ten person company to be able to develop trust and get to know people and understand their background. I think if you're like a ten thousand person company than people become numbers and it's it's harder to to really sort of manage that an insider threat becomes a bigger problem there. The website for people want to go and.
How TPA Is Leading The Alliance
"Morning. Good afternoon and good evening. Welcome to security rabbit hole to another edition of the down the security rabbit hole. Podcast this i have got the james back on the show james. Good good to have you back. Yeah welcome to the welcome to the new year man. It's yes we some twenty twenty thousand officially twenty twenty. Not you know ten minutes later. You made a you got through the new year. Okay no casualties. Yeah now say made it through You know chilly on the other side but hopefully in a month or so. It'll start warming up for us right. Yeah well it's it's january end of january ish so Middle of january. I think we're issue that center the middle of january so Yeah it's gonna hit you get back in the sixties any day. Now maya will entry outside. That has completely wilted because it's like what the heck it's been in the upper twenties at night but all right enough about the weather. And the post apocalyptic twenty twenty one year you guys know part of the skewed visor alliance otherwise known as the alliance if you're part of in your security leadership you absolutely should be. I'll look us up on length dan. It's we'll talk a little bit more about how to joining and get things done. But basically a community of seaso's insecurity leads that to make the world better and get to get a little get a little community income roderick process and to that end we have a new executive director boy. Wouldn't it be great if we had him on. The show and so here is gary. Welcome to the podcast. Thank you very much happy to be here calling in from sunny sunny southern california. It's absolutely beautiful. Yeah that's that's that's beautiful. I love that Are you guys What's your what's your temperatures there. You're the seventy six no no. I'm actually embarrassed to say that it's going to be eighty five degrees here today. L. man all right. Yeah yeah yeah. I apologize for that theft. Never apologize i kind of wish it was here all right so a little bit of your background and we'll kind of dive into the alliance of what you're going to be doing it. Sure so this has been a long path for me in the In the cybersecurity space. I actually started in in the Early nineteen eighties. Eight eight dating myself. That way. But i think i was in it before i even knew i was in it. If that makes sense. I was learning what it wasn't a thing But at the same time. I was still doing what other guys were doing. And that's you know. Hey there was some technology beginning to get implemented in places and And there was a general sense that you had to worry about how it got secured Working with a A defense contractor in the dc area and they brought in wang word processing systems. And now you're now you're really dating. Oh this is this is crazy for yet. Do you wanna stop here. I am i. Am i too old for the show great. I don't know how many of our listeners remember the way god a while well. Or how deep. The penetration of that product was across especially across government. It was used really well so anyway. I sort became Someone who one of the people who understood the the underpinnings of wang a little bit and and what have you. And i'm not saying i'm proud of that. I'm just saying i did it. And along the way the. Us state department decided to standardize on on wang systems. They had no No computing technology in embassies and consulates around the world Back in those days the only means of communicating if you were working in an embassy or consulate was by sending telegrams sending cables and those were all done very secure rooms. And you know you kinda typed out a telegram. Carry it up to the to the communication center it was re entered into a into a cable system and sent out to whatever. The destination was so word processing was a huge step up as you can imagine at that time and and they rightly got a little bit worried about what. What does it mean. If we start putting these things all over the world and And i had the good fortune to be recruited at that time and later mentored by By one of the people. I think is really one of the sort of unsung giants in the in the cybersecurity. Space guy name lynn mcnulty Who later became a significant player. Nist and variety of other places but but lynn was tasked with building a what they called the computer security team For the department state he
"seaso" Discussed on The CyberWire
"Researchers at bit defender recently published their business threat landscape report for twenty twenty joining us with key. Takeaways from the report is live. You are seen senior. E threat analyst at defender this has been a very interesting year to say the least so Basically the entire report focuses on how the pandemic has affected both the threat landscape and the overall infrastructure for organizations as well as their employees. Well let's go through it together. It would have some of the key findings here right so i guess one of the biggest key finding is that half of organizations wouldn't prepare for a pandemic type situation. So that means you know. They literally had to redesign their entire infrastructures overnight to accommodate all their employees working remotely. And when you do these types of things without proper preparation miscavige rations and blunders will happen. And it's likely that most of these miss configurations and you know on the go. Infrastructure reliance will probably be exploited by attackers in the next twelve to eighteen months by using very simple techniques everything from brute forcing to credential stuffing or simply exploiting you know unpacked systems. So what are some of the takeaways here that with the information you gathered in the report. What lessons Can you share with our listeners. So i guess the biggest Some of the biggest are that One of the policies that seems to be less enforced. Let's say is the is the fact that companies don't have a policy for making employees or for preventing employees from reusing old passwords. Actually ninety. I think ninety three percent of employees actually reuse old passwords for their accounts. There's also the fact that. I think in the first half from january up until june we've seen a spike in the suspicious iot incidents in households and ceos and seaso's actually do believe that The fact that employees are now working remotely from their own homes their networks could actually be prone to more attacks talk more diverse attack surface if you will that potentially compromise their work and points laptops computers and subsequently moved those threats to the enterprise environment. Do you suppose that the organizations that that went into this better prepared but also have been able to be nimble throughout are they going to have a competitive advantage when we get to the other side Well security is you can look at it that something as something organic you know i. It's never something that you you deploy ones you forget about it. You know it's something that you constantly have to evaluate so those had a plan and problem. We're probably a little bit better prepared to face the new threats but these are not the only threats the only things that have changed even those companies that were prepared for this scenario now facing threats that they previously didn't face for instance. We've found evidence if you will. Although circumstantial evidence that there is such a thing as ap hackers for hire which is a bad thing because a bt groups are mostly associated with governments and state sponsored state-sponsored actors but recent investigations found out. Reveal that some of these groups may actually be offering their services to the highest bidder for example they've instead of targeting financial institution or government institutions. They've started targeting completely different verticals. They went after A real estate company and video production company so they had absolutely nothing to do with financial gain. The attack is not financially motivated or politically motivated. So the only plausible explanation in light of the sophistication of the attack was that they were probably hired.
"seaso" Discussed on Back From The Future Podcast
"Like financial services versus something else maybe consulting or some some other industry they come at that comes with regulations versus other other places so the biggest thing i would say would be like the leadership component that area where you're interfacing with the board you're interfacing with the c. Suite your interface of war. Vp's at that see so level versus underneath. What tends to be the age of these people who become cis os. Were they people who have been working for fifteen years twenty years and then they got polished and then got pushed up to this job or are they kind of outsiders with mba's vast majority of the ones who are seen who've been successful are the ones that have the twenty years like the they're pretty seasoned. We have some younger seaso's who probably say younger forties or forty hours. You know late thirties. That come on my podcast. We ever see. We call it see thursdays now. They've been off for a few thursdays and they come on in their younger see cells. They made a joke when initially came on. Like you know because we're younger season. Meaning forty thirty late thirties early forties that people come to them like. Who's your daddy. They joke around about the fact that you know their peers are in their fifties late forties mid to you know fifties enough so it's usually someone who's been through the ranks who's been to the fire who's tried intrude. Who's either been a veteran. There's been slip. Statistics around twenty five percent of seaso's a fortune. Five hundred companies are military veterans. So coming through the ranks one way or the other is going to put you in a c- so chair unless you're with they call as you aware. Vc sells virtual. See some folks out there that they may put in every once in awhile. That has maybe less experience with most of the folks that avenue iraq acted with especially when it comes to that fortune. One thousand.
Protecting sensitive information: Growing data, regulations and risks
"So in our discussion before the show you noted. That as you said, data system Gary Systems wouldn't place ten plus years ago aren't keeping up with the massive amounts of data process today leading to increase hacks and breaches. So you know, one of the first things I usually like to ask about is how the businesses changed since you first entered. So in this case, that's an extra crucial questions a then in now as you were just discussing with. Some of these things but. Then now on what data security systems, where like back then and what they didn't implement or couldn't have known about and what data systems and data quantities would be like today if they had. So I think there's a variety of factors that go into that right so we were securing our system's ten years ago. We didn't really have the connectivity or the belief that we can just call a function over the Internet right today with a RPC today with all these different API's and all these smart Iot devices that we have today data's being exchanged. Previously never seen before every every year we create more data than we've previously created. For All the years before combined and so. Yeah, it's pretty unbelievable and so ask yourself how is it possible that the approach of translating what we did with putting security guards or having solutions? How does that translate in the digital world where data moves at a speed where we can barely keep up and so as a result, we just have to come at it with a different approach. There is no longer away can buy and protect the perimeter because that doesn't mean you're safe the old age of the advice of you know. Being able to being in control is to minimize risk is now actually more of a liability and so and also this is compounded by the fact that when we saw Google and the way they were able to use heterogenous computing to be able to you know do math producer extract value from their data. Every company wanted to become a data company obviously as we know, and so they started acquiring all of these different data all different data. Sets an trying to extract and analyze this information ten years ago. That was all the rage it's still is today but now we have these privacy laws and regulations that have been passed that are affected. We causing what we previously put into our balance sheet as an asset is now mostly a liability and the idea is if we were to understand where were the transformational shift that happened before in the history of humanity, it's when we digitize. Before you and I would be carrying cash or cowdery shells or gold billions, and we were, you know somebody held us up with, took that from us that was gone and so by building trust infrastructure and removing the value of money from the physical possession of money, itself were able to build the Commerce Foundation, the trust foundations that enable the economy today, and that's the big realization. Of businesses changed over the past five years because we're starting to understand what is the de risking of data look like in the same manner that we've derailed transactions and money today because I make sense it doesn't make sense. Yeah. So so where do you see standard security practices sort of falling down the worst right now in twenty twenty or some things that you think should be obvious but are being haphazardly implemented if at all yeah. I, think that's a very good question. So I think ultimately some of the control like basically the biggest realization, some of the most sophisticated seaso's will tell you is that compliance those unequal secured right and so just by checking the box doesn't mean you're secure right? From all the time. Yeah, right. So by versing operationalizing bicycle by being secure, you should be able to inherit compliance. It's a by product of hunting security posture. So folks who just think like, let me just secure the perimeter. Let me buy another firewall upgrade my sister's that's not a security solution. We have to understand the Algebra that goes into why you need to secure our first place a from their realize will, why do we even need it in the first place the best and? The best prevention is to not have anything worth stealing, and so if we can use the if you can have the value of data without having the actual data itself, it solves the problem that we're all trying to do because another bridge or larger wall or lower motor barbed wire that's not going to solve the problem because somebody else will be a more sophisticated attack on against. Your defenses and as time goes on, you know what you have now has to be upgraded. What we need to see is to stop thinking of diy and we need to start adopting realizing that it's just better if we become business enablers become more of a risk management. Organization rather than could trolling and securing us off. A ridiculous expect every company to be able to build their own bank fault. So why? Do. We expect them to secure their data in the same way. Does that make sense?
"seaso" Discussed on Down the Security Rabbithole Podcast
"They may have the tools they have available to them they're not using them. I think that's where we really run into an issue percentage as higher that they don't have enough in the lower in the really high. They have good enough but they've gone past it. Right? Yeah. So, there's that middle space which it's hard to find the it's hard to find the right middle ground especially because. I mean we just you know we like we like new things. We like having something new to us new tool on a new toy new tool, some some widget, some new view something that'll make our job easier. But knowing that you know X. X. dollar of investment will give you why why percentage of improvement versus you know X. dollar plus wine you get you know less than that that good return on it. These are these are tough things that I think unfortunately, you learn usually about halfway through a career if you're really paying attention and you'll never quite get there and I think that's kind of what separates the Good seaso's good advisors from those that simply want to sell you something. Yeah, and I would say you're spot on there. I've I've run into some. SEASO's where they say Dave I don't care whatever I asked for how getting. I'm like doing there is a limit. And I can tell you that you're very close to it because you're getting best of breed across all of this and I can bet you're not losing also its potential and he looks at me and he's like, no I I'm like, okay. Go for keep put down that road. Let me know how it goes that run into some that they're like day but it says it's a firewall suits enough and I'm like. No access lists are not good enough. That they stopped being good enough and like what? Two, thousand, three, two, thousand, and two. It's been a minute. It's been a minute. Listen since Since you Kinda went there we started talking about good enough and and and technology Where is the?.
"seaso" Discussed on Recorded Future - Inside Threat Intelligence for Cyber Security
"They're afraid to ask those questions that make them look. You'll sillier uninformed in front of their peers. So a Lotta Times, I spend one on one with executives or board members to get them over those hurdles because they do have that fear of asking that question in making themselves, look uninformed or done in front of their their peers in its holding you back from doing their job as governors and it's easily solved by providing them with context. With education in answering their questions in a safe environment either homer their office, how do you nurture that environment with your own team to to make it so that people are comfortable asking the dumb question the number one question I get asked from Seaso's or CEO or board members is what's the one thing I can do to to make my organization more secure or or better protected and always surprise them. With my answer, my answer is always create a culture in the tone from the top where if is an employee click on something or big mistake or do something wrong and I put my hand up I'll get help not retribution or shame, and if you can enable that environment where everyone's part of solving the problem I think that is the first big step you can make in tone from the top really matters. If, you look at the going back to first principles of security the triangle, a lot of boards or C. level executives will focus the business on user growth and they will not really think through in a what vulnerabilities leaves them open to if you're creating a bonus structure, not that is based on user growth because now year AH, going to eliminate friction which things like multi factor. And all the things that make our systems secure because you're you're economic incentives are all lying to growth strategy. So sometimes of forming changing their minds enabling people to raise their hand and ask that question is really what matters with my team I do the same we we get together. We debrief on on a lot of our challenges or whatnot and everyone has the full opportunity to non only say what they think but to ask that tough question and once you you build that trust where they feel comfortable speaking out speaking up were asking that question that's really where the magic happens. What sort of things go through your mind when you're looking to attract new team members?.
CISO Accountability Problems with Brandon Dunlap
"In the past I've worked in organizations as a C.. So where you know there's a large outsourcing component to it and you know that was the predecessor signed off on it and I walk in and I've gotten multiple years left in the contract only to realize that maybe the business landscape had shifted or the relationship was sour or the contract wasn't quite what it could ever should've been and that's a that's a tricky spot to walk into right because now you've already seeded essentially a lot of control to say your outsource or you know even when you talk about technology vendors that have been you know heavily invested in May not be. Where they need to be saved for the organization you've asked to takes a long time to either adjust or unwind or modify a lot of this contracts and those relationships, and so having an understanding of what that landscape looks like. is critical and I think we also touched on some of the organizational dynamics and current events happened since we last spoke that have made. Some of my requirements. Well, so I I'm I'm always very wary about walking into a situation. I don't have which is why I tend to look for places they. I'll that the company I go to work for fairly heavily. Now usually requiring some number of months to sort of get to know them how they operate the people that work there etcetera because you don't ever want to walk into a company that sells you this rosy picture of. The amazing job you're going to have with all this great accountability, right you're going to have all this this responsibility and this accountability, and then you go. So I, chain stuff right and they're like well, and then you end up in a situation where you're being indicted. On the show as we for those of you listening you, you know we don't go into current events and we don't really I I hate talking about any specifics of a case but this case Uber and their see so sparked a lot of conversation and that's kind of where we got started. So I WANNA ask Shawn because I'm sure Sean you paid attention to this. How do you feel about what kind of Brandon started where? I just added to it like, Hey, welcome to the company you're being sued. Yeah mean you know That's pretty harsh. way to come into a company and and you make a great point. You know you're given responsibility you're given accountability you're given accountability But you have no ability to control the circumstances around you that lead to it so that that type of scenario is is definitely not. favorable. We're looking at this case and look I. Don't know anything firsthand about this case with dry Sullivan other than whatever ad in the Department of Justice's statement about it and and the allegations made there. But. You know I think it's a bigger. It's a bigger picture that we need to see here. You know going back to target Home Depot Neiman Marcus all the breaches we really. The watershed moment of data breaches back in late twenty, thirteen, early, twenty, fourteen we have been hearing this this same statement all around of somebody's gotta go to jail before things change. Yeah. People have been saying somebody's got to go to jail before things are going to change and cabinet. Well exactly because what they were talking about or your c level. Executives your your CEO. Or Board members people like that is who they keep talking about nobody was really thinking at that time about a C.. So but when you look at the individual facts of this case from what we know. I do think that there's going to be a lot of concern and fear created out of this, but I don't think at the end of the day. This is going to be the norm I think this is more of an outlier situation. Let. This also begs the question you know who actually bears responsibility right in an organization where you you have, you know your traditional Governance Model Board executive leadership, etc. You have a see. So with the title Chief Information Security Officer but they're not sitting necessarily in most cases in the C. Suite, they're not doing in many cases maybe twice a year quarterly at best board board notification some SEASO's I know actually send kind of almost a newsletter update if you will to their board, but they're not sitting at the table and the question is where does the accountability really
"seaso" Discussed on The Darren Smith Show
"Actually. Three o'clock today, the NBA schedule came out last week. What about the Major League Baseball schedule? We'll give you our latest thoughts on Xtra Thirteenth Sixty Foxworth San Diego NFL one. Oh, three three. One up today we have the contest per usual. It's GonNa. Be At one forty. Five doesn't mean you can text us right now. Seven zero, four, seven zero first word of the tax x, T, R. A seven zero, four, seven, zero I board of tax. X T R a today. We have a twenty five dollar power card. The Dave and buster's that we're going to give away to whomever it is that. Is the winner the big? Big Winner decided by Jim Russell of today's tax contest. That could be about anything. It could be about living situation. It could be about the weather. It could be about the Bundesliga it could be about Austin hedges who knows The possibilities quite frankly are endless. We encourage lots of diversity in the subject matter of the text contest. Sometimes, we want you to go completely off. Off The reservation so have at seven, zero, four, seven, zero I board of the tax, x, T IRA. Dave and Buster's has a twenty five dollar power card for you that we will give away to. Today's winner also sounds like in our first segment. We had a couple of technical issue so our apologies. We've dropped. We've reconnected. We're back up and running it just sort of. Of happens hereafter a long weekend off. Maybe we weren't fully connected. Hopefully, we have put those issues in the rear view for this afternoon. Couple of notable names are making news and Major League Baseball today, and these are notable, and of course what happens is somebody comes out and says that they're opting out of the baseball season immediately. They get dumped on by people on twitter. Happen earlier today. Mike Leake, who is. Somewhat local product fallbrook Mike Leak said that in the final year of his deal with the Arizona diamondbacks. He is not going to play. He's not going to report. He's he's. We'll read you the statement here shortly just from Ryan Zimmerman. Of The Washington nationals we'll series champion World Series Champ, a message from Ryan Zimmerman after a great deal of thought and given my family circumstances, three young children, including newborn and a.
"seaso" Discussed on The Darren Smith Show
"Nobody seems to answer that question. Three players on the team is a five players on a team is seven players on a team. Is it somebody being put into intensive care? Be It an empire or an older coach. Like what what are what are the triggers? We hear that word a lot around San Diego County that we're hitting certain triggers positive. Of outbreaks right like what are the baseball triggers going to be under this? Yoon very unique approach that they are taking, and they don't know they don't know what it's going to like how it's GonNa work, what's going to be considered a manageable situation. Will it matter if the Marlins have seven players compared to the Yankees having seven players, you know if the Yankees and the dodgers are moving right ahead and you get. The brewer. State and access stay at home. Well, let seem to be the one thing everybody somewhat agreed on is that this will not be if baseball has to be stopped for any reason that it'll be baseball's decision, not a governmental. Now again, that's not necessarily written. into the rules, but it seems to be consensus from the different people that I spoke to who work on totally different teams. Who might know one another? But we were not on sort of group chat and it just was yeah. We don't feel like government will get in the way the most. The government might get in the way. Let's say you were scheduled to play a game in Houston this week and Houston right now, which I believe is at one hundred percent capacity with ICU beds. Beds and is unlikely as it might be that somebody would horribly break an ankle or have some sort of medical emergency baseball doesn't really WANNA put itself in that type of position, so it might exercise authority to take game. Pick it up out of the city of Houston and bring it someplace else I. Don't know where they'd go i. don't know what the protocol so that I don't even know. The baseball knows what the protocol that, but the sense was that.
"seaso" Discussed on Cyber Work
"A couple more questions. One more sorry. The screen is scrolling on me here. Is more information. Yes, example, three point four compare and contrast, automation, concepts and technologies in that includes workflow orchestration such as Sore does cover scripting application programming interface integration automated malware signature creation data in Richmond threat feed combinations machine, learning a use of automated protocols and standards. Continuous integration and continuous deployment delivery. What it's covering and so more comparing and contrasting those automated concepts and technology, so a largely what we're going to be doing is taking it into a conceptual, a cloud environment, and so it is likely that machine learning skills, and such that you speaking of. Would be higher level than security analysts. Probably you know five years plus or as we're mostly monitoring and doing incident responses incident response we are using machine learning, but from a compare and contrast automation concepts and technologies perspective. Great thanks for looking into that and hopefully that add some clarity to that to that question there. So we're going to go for our last question here. Is For those that have this USA, plus can they get grandfathered into the network plus certification? So I, think they mean if they skip over some of those earlier certifications. Does that grant them those lower rates all of our No, it does not all of our recommendations are. Recommendations for pre recs so there are plenty of people who come out of college with Bachelor degrees who are going right into t y s A. Plus and then getting hired they a bachelor's degrees in. Information systems a even see people with software bachelor degrees. but for Bachelor degrees were finding oftentimes they can just jump right into the security analyst, a position believe it or not. I've heard several examples that from from various SEASO's. That help answer the question, and perhaps yes again. Okay! Yeah, no I think that did and Jeff. If you have a Jeff that asked the question, NPR further for their needs. We'd be happy to follow up with you, so will squeeze in one last question here. How long is the certification good for from Dennis? Okay it's going to be good for three years from the date you passed and within that three years. Then you have two ways, you can renew it I. Guess Three Ways One is, you could get a higher level search to renew it like got cast plus. Another way then you could get the You could be new it by getting..
Security When the Workforce Goes Remote
"With so many people going remote the same way that we are. What's top of mind for you? As a security expert there is a concept and information security. Which is the belief in defense in depth and that means that you don't rely on any one thing to protect you you have a series of things that you use and you stack them on top of each other and you use those series of things to offer multiple layers of protection. You don't just put a moat around the castle. You also put walls and you have archers and you have hot oil ready to pour on people that try to storm it so insecurity. We have those same sorts of controls. The challenge for security teams. Is that a lot of those controls for a lot of companies only live in their office and only live in their corporate network and so in users take the machines home with them. Mirtha remotely accessing. They don't necessarily have the same controls in the office as they do at home. And if you look at some of the large breaches over the last. Let's say five years you'd see that. There are a number of instances where a remote employees using a home computer. That's perhaps shared with someone in the House that doesn't have protections on it is used to access internal corporate information by an attacker. That's acted are the things that we're dealing with new things or just things that were underway happening a lot faster. We've had multiple scenarios in the corporate and Enterprise World where we've had to make employees work from home and work remotely. You know the first real encounter in at least my adult life with this sort of a scenario. Was these nine eleven. When we had fundamentally city that became unavailable in the workforce there being mostly unavailable or having to move to disaster recovery sites and I think nine eleven really taught a lot of large corporations about the importance of building really resilient business continuity programs the actual new thing about this is just the scale is just the entirety of a workforce for a company being forced to work remote as well as their suppliers as well as their customers. We had the advent of things like SASS and salesforce inbox. And all these tools that were basically derived so that people could access their work materials anywhere that it sort of became expected that some percentage usually sales people because they're in the field but some percentage of your workforce would be remote and so we've been building infrastructure to support that workforce for some time. Now this is less of like. Oh it's a new way to work and we have to change everything this is more like. We have to reengineer everything to handle the capacity and just the sheer number. How are the best security teams? You know properly preparing their organizations with this really rapid shift to remote work. You know I think the right way to think about it is to just build a matrix in your mind and sort of numerous all the different security controls you have available to you in the workplace in the office and have some understanding of how they translate to the different scenarios. All of your employees will find themselves in now so I think there's two things that really good security teams are fundamentally doing. The first is getting. Their people stood up online outside of the office. Because security teams don't necessarily always have a great disaster recovery and business continuity plans and then second making sure that what they're doing is actually safe and secure if you're an organization right now and say you were gone from twenty percent to now ninety percent workforce's remote breakdown from very specifically how you would do a risk assessment over the last couple of years. Most things have left. The building and so most services are provided by third parties most of the infrastructure. That you run isn't running on your premise. And so for the last three or four years most SEASO's or chief information security officer has spent a tremendous amount of time thinking about their third party risk who are there. Vendors are their counterparties who are the people that they transact with. And you have to think about them. Not just from a security perspective. Because that's a little bit narrow in terms of impact the business but you need to be more comprehensive and terms of like confidentiality so is shifting. All of your voice traffic to this third party does that provide you with the confidentiality. You need to run your business while it may be okay to have a sales call with a customer where you don't discuss anything confidential over video conferencing system now. You're having your board meetings over this video conferencing system. Does it need their requirements that you have and then you have to think in terms of integrity the systems that you're relying on now that you've moved everybody onto them have the controls in place to ensure the integrity of the operations of Your Business. Are they going to lose your data? Is there going to be some sort of disruption to the quality of the output are the systems of record truly capable of being systems of record? And then finally you have to think in terms of availability. Not just you. As a company are moving your entire workforce to the service provider the entire planet is will the service provider? Be Up and running in the face of this kind of demand or will they just follow over because of the excess utilization. I liked the way that you broke that down so it sounded like the first bucket there was really around confidentiality and what transactions were happening in person providing measure security now happening virtually. So let's focus on that for a second. How would you go about assessing that? It really depends on the vertical and it depends on the industry. There's a very very rich tapestry of regulations that you have to really understand. And it's very specific to the business that you're in specifically if you're regulated and you have to make sure that the tools that you're using can support those industry specific regulations if you are for example in the healthcare industry and let's say you're a hospital network and hospitals right now are rushing to provide telemedicine and to remotely treat potentially sick people. The issue with that is that there are these regulations called hip and high-tech that mean that you actually have to work to maintain the confidentiality of your patient information. So then I guess looking at a second bucket that you talked about which was really selecting these new tools and introducing these new third party vendors that you maybe weren't using before so for instance you and I are using a totally new tool for a sixteen Z. That we rolled out as soon as we went remote that we could keep running our podcast. Power you or security professionals thinking about these third party tools in how do you go about assessing them? Well it's always about the data for example where recording a podcast. This is public information. Eventually it's going to be released and so the sensitivity of our discussion that we're recording right now is slow. It's fundamentally public data whereas if we were talking about a portfolio company this might not be an appropriate tool because it might not adequately protect those discussions and so we really have to understand I the sensitivity of the data and then matched that data sensitivity to the security features and capabilities of the tool generally marketing teams. You're kind of free to experiment with tools that are maybe not industrial grade security but the moment that you start talking about transferring customer records transferring personal information that your customers or any actual property. Then you really need to understand the tools and a very quick adoption and migration path to potentially get you into a not so great place was interesting. You mentioned quick adoption because that is absolutely what we're seeing right now when you suddenly have in our case all of the sixteen ego in remote. We suddenly needed all these new communication tools that we didn't use before so we are rolling them out relatively quickly. How our it insecurity teams keeping up with the fact that people are rapidly adapting to this things are changing daily. How do they balance that with security at a sixteen year? We've been fortunate in the we've probably spent the last two years really focusing on eliminating any kind of custom solutions not having servers under people's desks not having servers at all focusing on using cloud infrastructure and SAS and so when this event happened and we had to pivot credit to our. It team. They did some wonderful work but we were really well positioned. There wasn't a whole lot of stuff other than adding a few new services. That were disruptive. I think the way the modern enterprise has built their data stores is somewhat similar so that a lot of the data that a company has that could very easily flow out of the organization are generally pretty well controlled often. Were used to these. Large enterprise roll outs of new tools. They take a long time. But now you have a workforce going remote and you may need to roll tools out faster. What steps are you seeing? People caught or needing to add to get the tools out into the hands of workers to do virtual work. Usually one of the longest polls on any of these kinds of tools. Deployments is the legal and contract negotiations. It's the kind of thing where the length of your proof of concept is probably half the length of the debate. You're going to have with the vendor about limits of Liability. It's like people complain about it. But if you really want to prolong something bring a couple of lawyers and especially when you have to have. It people technical people work with lawyers at compounds it. So I think where I've seen things getting quicker is just on the procurement side on the contracting side. We've gone through a three year. Process of large enterprises telling employees. Don't use your credit card to buy a SAS services. That window seems to have opened up a little bit. And so you're seeing people paying for things with personal or corporate cards to get services deployed and unrolled and I think. It legal. They're going to be flexible. They're to keep the business moving. There's probably going to be a lot of contract review and a lot of heath gnashing over the next couple of months since they figure out what they've allowed into the
"seaso" Discussed on Down the Security Rabbithole Podcast
"And you're like, okay. Well, you know, every time this is not to knock any former employers. But every time I'd seen somebody go through one of those or been a part of them the things that you're told to do was great. How creative can we get to answer everything? Yes. But there's a part of you that goes golly. That's like. Yeah. We technically kind of do that. If I squint, but that's not what we're going for here. Right. So that's where like your security brain takes over. So we're you're on the inside of that. Right. Looking out. Yes. So talking about like from the perspective as always from the operational perspective as well be on both sides. So being the auditor and then flipping to the audited. And really, you know, what you learn. There is just building a good relationship with the the compliance team because compliance can be a good driver for security as long as it's kind of frameworks, and then you build on that. So what drives that like what separates company that does that does compliance that is compliant, but actually that where Dr security versus a good company that is compliant period. Yeah. So I mean, you look at a there's been several examples of companies that were PI compliant, but still got breached and see I think a good security program in compasses appropriate risk management. Good contingency planning affective, owner ability management security operations compliance in. That knows how to translate that into the audible artifacts. If you're in if you're on the audited side, and this is something that seaso's the world over for security providers or other providers anybody as a provider really have to deal with you get a million requests for questionnaires on do you comply with do you do this? And you get audited a thousand times a year like you have to basically spend your time being compliant or chasing various. Levels in shades of compliance that that there's gonna be like if you don't have fantastic process that has got to be a nightmare to live. Yeah. And in, you know, from the the auditing perspective or from the audited perspective. Just once again having relationships in making sure that you're fully aware of the assessment frameworks, you're up against in the things that you have to make a test stations on and then just being ready to provide that documentation to the the teams that are running that audit. So what do you how do you? How do you get to a good balance in in your career? How did you find a good balance between? Yes, we're compliant, and and secure as a result, or or more secure as a result versus okay, we can't just do security to the degree because it will go out of business. Like, how did you? What are some of the things that helped us specifically in kind of you realize situations leverage compliance to drive better security. Yeah. I think just like I mentioned before building relationships compliance teams. So that you're ready when the auditors come in. We've we've you have external auditors just like any profession where they understand some of the rigors from an operational security team. And then you've got others who just kind of go by the letter of the the assessment firmer control. And so being ready in having experienced going through some of those audits in the past makes it a makes it a lot more predictable months. You kind of iterative you learn from previous assessments in where you you felt sure or you know, where you had to kind of to wiggle your way out of an exception to to really go back and look at where you fell short in in mixture that you're Justin accordingly in and building that based on past assessments have you seen because we've I think we've all seen. But have you seen anything specifically in in the kind of industry trends where you're like? Okay. Compliance is is evolving from more than just check these seven boxes and everything's fine to something more meaningful. I feel like we talk about like it is more meaningful than it has been in the past. Have you seen any evidence of that? And it's like what? Yeah. GDP our is definitely making an impacts the across all all areas of Infosec and so from the security operations team..
"seaso" Discussed on Daily Tech News Show
"The the systems are not angry with vendors they need the vendors just the sort of traditional sales tactics and what the vendors need to do which is you know close sales meet quotas get you know quarterly results those just probably are not in line with what the cisco's needs are now i'm glad you action mention that because there was a lot of vile spewed my way that people were assuming that that i hate security vendors and that is not at all the case i absolutely need vendors to help i i can't you know i can't hire ten thousand security engineers to build all the products that i need that's not the business that lift is in and so that doesn't make sense for us to invest all of those ingineers sources so absolute absolutely need the vendors all of seaso's need these vendors to to help us out just it comes back to the approach and the approach can leave a bad taste okay so if you had to design good approach bike how would you like someone to approach you boy so i had several people ask me that i'm a little bit cautious and answering this question because i'm expecting that it's going to be used against me a different situation but but what i look for is solutions no so if you have a novel solution reach out to me point me at your website that i can go and take a look at what your solution isn't what it does what problems it solves i can get creative about how it might solve my particular problems but i need that that up front that openness still security vendors are always a problem for me because they generally have nothing on their website and so it's hey we want to schedule a meeting and i don't have the time and so what i look for is give me this information give me a con of information upfront i will consume it i'll probably ask some of my peers we have amongst to sos plenty of networks that we talk.
"seaso" Discussed on KHJ 930 AM
"Intercession enjoy health body and protection of soul through christ our lord seaso's through the intersessional casper malcolm baltasar made through their merits 'cause they're saints and intercession they're praying for us that we may enjoy health body and protection of seoul and so that's the blessing that goes on the so when everybody then marks there there the blessing goes with it that's how it works so why what's the truck uh well i'm not sure what to tradition where that came from now been again it says something from the east uh this blessing comes from the orient so so must be a let's do this to father own opened the phones and i only have father maybe other i ten fifteen minutes most if you want to join us the time to get in right now our toll free number is eight eight eight nine one four nine one four nine right that downer stick it in the speed dials i like to say most of all use it okay let me let me just say one more quick figure is also a blessing after the truck a blessing of the homes on epiphany now i do many blessings a homes but particularly to do it on the opening day uh this is the and to find that goes to the magnifico can't go let's prayed before the blessing and it says may jyle from the east came to that plan to a door the lord and opening their treasure chest they presented him with precious gifts gold for the great king incense for the true god and murder in symbol of his burial and then you uh pretty magnificant and then you have the final blessing on the home uh which is a similar blessing as the regular blessing on the home or got on many bless this home and under its shelter let there be health chaffetz these self conquest humility goodness mildness obedience to the commandments and thanksgiving together father son in holy spirit mayor blessing remain always on this home in and those who live here through christ our lord humanity man and father all.
"seaso" Discussed on Packet Pushers - Datanauts
"Include lewis is is is written uniquely i mean we've we've looked at for instance we have like a couple of networking drivers the workday o m the amac sneh three and of course with peak that author opensource drivers to see how they are implemented but that that's about it this is a nerdy detail about the networking stack but uh but but that that's where my branko sometimes when you cut into rated tcp driver there are so many variance of tcp you could have chosen to deal with for example uh highthroughput over a highlight and see network you know these sorts of things jitters stick with plain vanilla tcp or did you pick up particularly variant oh basically we looked at the arf cease so we sort of defined be according to a udf as opposed to sort of so i think like that later scores of a bit of confusion because like an annex limits refers to soak it being something different than yet reverse our for what what what it means bye bye bye socket but but witnessed took basically the the art of cease an unjust implemented everything off to the of cease and turns out you can actually do that than that actually works are abc's are really good and so we have a and there are seaso's i mean that there's stuff that you can add others have sort of minimum others that this amendment requirements will what the host should be going remember the number of it but i think that lay it could says its name something like the minimum requirements for intimate toast something and then they're they're stuff that you can add like a.
"seaso" Discussed on News-Talk 1400 The Patriot
"President has destroyed the subsidies which are unconstitutional in violation of the station seac than we have something to say about that and he's withdrawing from the iran deal and people for get that that can only be done if they're not in compliance or noncompliance which means a terrorist state took us to the cleaners under president obama larry arnn it's a very good week for freedom yeah and think seaso i'll tell you something else about the week freedom but then well about the first about the tweet so all these people like they mauve amy is a revolutionary budget director he he is you know he this two for one thing you gotta take out two regulations every time you put in one new one that's just the tip of the iceberg next year for the first time in the history of the united states of america we are going to have a regulatory budget how much to the regulations cost and it's gonna be measured in next year it's going to be lower than this year and the year after that lower again that's never happened before and mick mulvaney is very aware that he was put in that office by donald trump and so you know maybe trump's tweets are a bad idea but it's easy for me to say i didn't get elected president of the united states and he did and then he's put these people in place that are doing all of this work i heard yesterday from some really now two three days ago i heard from some really great people in the white house who have to do with regulatory fair stuff which i think is the most important thing going on in the government today i can explain why but but he they say that when when they they're they're doing some wonderful things according to my light to get the unrepresentative part of the government under control and they say that when they mention to the president what they're doing he he impatient with them for not doing more and they love that so yeah that's what got you know inside and that's a i can only tell you what i here and uh uh that's when i hear too and it does not have and what what kelly was saying will in fact i'll play this parts you can hear what he's saying about sources cut number eight.
"seaso" Discussed on The Tim McKernan Show
"Of their preference as opposed to whatever the free agency offered their view on that's going to change too because of what you began this conversation with is urgency urgency changes all sorts of things you know zach duke goes and has tommy john all of sudden brett seaso's a cardinal when these are not nonrural laws in advance horse so you mentioned donaldson you mentioned with any of the free agents upper eight months and that's where the out feelers from the marlins come in and then the the wild cards out there like uh a what's pittsburgh going to do um is mccutcheon all that appealing what's the what are the padres going to do as will myers all that appealing the free agents from kansas city mike was stockists in air casper what do they fit and do they add more confusion to the roster than they solve um with the positions that they play uh you know all these things got bake in there and and you just always come back to the three outfielders in miami and that tipping point all it everybody wants his will what direction does geeta and the group go junior moves into his office and now they're in a spot where they own the team that has a three hundred milliondollar promise um north new whatever's left on that deal and they they're on the hook for uh so what direction do they want to go to either rebuild rethink that team or divest themselves of some of their financial commitments so they can start getting a return on their purchase um all those things are in play and if you had you know if you go back and maybe put like some blinders on to some of the uh the comments made during the press conference and listen to the type of header that they're talking about and where that hair comes from it is entirely from a team that has won and wants to pivie in a very different direction um so that's where you have to start um and then the next level would be in this is the harder level.
"seaso" Discussed on Doug Loves Movies
"I wish this was a comic low because there's someone i would have thrown out definitive very bouncers sam what do you got for the bag all right i for those of you who have heard yesterday show which technically as possible from my pal clerk wolf similar logan lucky swag in a promotional tour a trucker hat with the logan lucky logo for a cnn threetimes first logan lucky logo look logo it'll get me can be done and then a logan lucky lighter that also has a bottle opener portion to it that's pretty exciting and from doug from from the the the the that's why i came over here you're good man the from c so from the now sadly defunct thanks doug see so the entire for a season of take my wife butcher and cameras magnificently plenty show and i know that seaso's no longer alive but i really hope that that show finds a new venue is empty by not dvds assure you because i felt so terrible about when we played willem dafoe lastminute stand last week now one person sit boondoggle saint so a dvd kundaksi i've never seen that movie so maybe i should hang on to go for it having seen these either home keeping all this shit if i promise i feel bad i had that we were a team and i didn't give a shit about mother movies but since you like them i can guarantee our gallison mci of posters and dvds abuse embarrassing i would love to give someone that winds would it be sports i i'll make sure you i swear you'll get it.
"seaso" Discussed on Citation Needed
"He that was you was here's what happened everybody ally dropped his adorable plug on the floor the other day it's perfectly reasonable dropped my pug and then blamed my and she reaction ran little puppy cern handle the truth no any spiked it on the floor because he was excited somemore shoe shine remover with my wife of the pods are like cats though they always laid on their face though right like or is that just once with their board that is how it it's really a cocker spaniels somebody dropping to do that to see seaso's cats you'd have a curse on your lever demon things from ghostbusters art is dog widow wasn't haitham it's still be falling that's exactly witness but before we start we'd like to thank all the generous people who've on this show with money they are really awesome probably feels good to donate to something so worthwhile try it caused the show patriarch comes legislatation pot and see how it views who you like then you like given you this podcast call me david airway there are they give the idea they get the feels good to donate to show for and like to be awesome as they are picture to stick around to the end of the show where i will say a very similar sentence to the one i will be at the end of the show in the beginning and with that out of the way tell us no one person place thing concept phenomena or event we'd be talking about today today we will be talking about ghost hunting the younger brother of goodwill hunting marquee mark is talented and nansen now that was matt damon played well i cannot tell white people apart so let's red had one hundred words are you ready to tell us how to see dead people you can't.
"seaso" Discussed on The WIRED Podcast
"Lady sitting in a chance to see police kunis has gone well we can see the smartest different issues in terms of limiting you put into context a bit more context in terms of just in terms of how the nhs been so much loved organized so here's a couple of things that i've learned just over the last couple of days in that you should should at the nhs is a relatively unique type of organisation being that it's a franchise operation with no direct mandate to patch machines or go to the latest level so it's operating in a way very different than most businesses robbery i think the reaction that and i spent the morning with fifteen seaso's they were doing a panel it was scheduled beforehand with this was on everybody's mind and almost all of them had some level of operational plan when it comes through what's the feed you look at where you're getting information and they're trying everything they can over the weekend to kind of corral control at which systems on my exposed on and how do i patch it i don't think the same process existed as effectively for something like the nhs probably dozens of other organisations that have the same level of exposure i think that's actually part of the question we should who should be asking ourselves i think we're really tuned to businesses protecting themselves from this level of criminal capability but as i saw this morning with with the discussion with seaso's their lives were very much impacted because the nhs created such panic and so everybody in the organization created a level of panic around it because it became very emotional.