x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

CISO Perspectives (public)

This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new

technology

All Episodes

15:58

Software Defined Perimeter (SDP): A Rick the Toolman...

CISO Perspectives (public) ·

2023/02/13

Zero trust is a cybersecurity first principle strategy. Key to deploying a robust program is the Identity and Access Management tactic (IAM). The old perimeter defense model, designed in the 1990s, where network architects allowed good guys (and bad guys) through the perimeter to validate IAM policy seems ridiculous in hindsight. The new model, Software Defined Perimeter (SDP), is not as well known but is probably a better design. In this episode, Rick Howard discusses the history and current

en

30:53

Two-factor authentication: A Rick the Toolman episode.

CISO Perspectives (public) ·

2023/02/06

In 1995, AT&T patented the idea of two-factor authentication (2FA). They said that to identify an authorized user, a system needed to check at least two of three factors: something they have, something they are, or something they know. But the early systems were clunky, hard to manage, and only used in environments that needed the most security. Today, the industry has come a long way and there are several different choices for 2FA with some more secure than others: SMS, Email, Authenticator Soft

en

15:30

Single Sign-On: A Rick the Toolman episode.

CISO Perspectives (public) ·

2023/01/30

Single Sign-On (SSO) in the real world is complicated and messy and how we got there is a byzantine maze of innovation and standards that has taken years. But, if zero trust is the first principle strategy we are all trying to pursue, getting Identity and Access Management (IAM) right is the most important tactic. And, SSO is a piece of the entire Identity and Access Management puzzle. Rick summarizes the history and current state of Single Sign-On with some Rick the Toolman thrown in. Learn more

en

18:19

A Rick the Toolman Episode on the current state of...

CISO Perspectives (public) ·

2023/01/23

One way to reduce the risk of software supply chains is with a concept called a Software Bill of Materials (SBOMs). Standards bodies have been slowly working in the background for the past decade to move this concept into reality. On this episode Rick Howard discusses the current state of SBOMs, and throws some Rick the Toolman in as well. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

37:41

Andy Greenberg Interview: Tracers in the Dark.

CISO Perspectives (public) ·

2023/01/16

Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.” Learn more about your ad choices. Visit megaphone.fm/adchoices

en

58:36

History of Infosec: a primer.

CISO Perspectives (public) ·

2023/01/09

In order to understand the current state of the cybersecurity landscape, you must understand the history of how we got here. Rick summarizes the history along several threads: Firsts, adversary playbook names, government-commercial-academic entities, important papers and books, people, law, technologies, tools, and strategy-tactics. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

28:23

Security infrastructure as code.

CISO Perspectives (public) ·

2022/12/19

We’ve been wrestling with the idea of software development methodologies (Waterfall, Agile), infrastructure-as-code (cloud deployments, DevOps, DevSecOps) and coding best practices (OWASP, BSIMMS, SAMM) going on for two decades now. These are not independent systems. They overlap and interact. Up to this point, at least for the security side, they have been manual tasks, toil, that are prone to mistakes. We all know that automation can reduce the impact, at least be consistent with mistakes we make,

en

27:18

Kill chain models.

CISO Perspectives (public) ·

2022/12/12

Big thinkers from Lockheed Martin (kill chain), the Department of Defense (Diamond Model), and Mitre (ATT&CK Framework) gave us the blueprints of how to do intrusion kill chain prevention over a decade ago. It’s taken us that long for the rest of us mere cybersecurity mortals to get our heads around the key concepts. Rick Howard takes us through the models. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices

en

24:24

Vulnerability Management: An essential tactic for...

CISO Perspectives (public) ·

2022/12/05

In this “Rick the Toolman” episode, Rick rethinks vulnerability management as a first principle zero trust tactic. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

49:09

Cyber sand table series: 2014 OPM hack.

CISO Perspectives (public) ·

2022/11/28

The 2014 OPM hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the OPM hack on the cyber sand table to see what might have been done differently. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. To access CyberWIre Pro only bonus material for CSO Perspectives, listen

en

23:07

Pt 2 – Supply chains around the Hash Table.

CISO Perspectives (public) ·

2022/11/21

Rick Howard, the CyberWire’s CSO and Chief Analyst, is joined by Hash Table member Amanda Fennell, the Relativity CIO and CSO, to discuss strategies and tactics to reduce digital supply chain risk. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

20:56

Pt 1 – Supply chains.

CISO Perspectives (public) ·

2022/11/14

Rick explains the history of digital supply chains and the potential future of securing them. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

36:42

Pt 2 – Students of the game: What are the Hash...

CISO Perspectives (public) ·

2022/11/07

Rick Howard, the CyberWire’s CSO and Chief Analyst, chats with Steve Winterfeld, the Akamai Advisory CISO, and Errol Weiss, the Health-ISAC CSO, about recommended sources of infosec content that they found valuable in 2021. Links to content mentioned in the show: Documentaries “Kill Chain: The Cyber War on America’s Elections,” by Harri Hursti, Published by HBO, 26 March 2020. “The Perfect Weapon.” by David Sanger, Published by HBO, 16 October 2020. Podcasts “Darknet Diaries – True Stories from the

en

39:03

Pt 1 – Students of the game: What are your go-to...

CISO Perspectives (public) ·

2022/10/31

Rick recommends podcasts and books that he found valuable in 2021, and makes the case for why reading books and listening to podcasts makes security professionals better students of the cybersecurity game. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

24:23

Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.

CISO Perspectives (public) ·

2022/10/17

In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

30:41

Pt 2 – XDR: from the Rick the Toolman Series.

CISO Perspectives (public) ·

2022/10/10

In this “Rick the Toolman” episode, Rick interviews Jon Oltsik, from the Enterprise Strategy Group, on the current state and future of XDR. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

19:51

Pt 1 – XDR: from the Rick the Toolman Series.

CISO Perspectives (public) ·

2022/10/03

In this “Rick the Toolman” episode, Rick breaks down XDR in terms that busy security executives can understand and apply to their first principle security strategy. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

27:53

Pt 1 – Introducing Rick the Toolman Series: Mitre...

CISO Perspectives (public) ·

2022/09/26

In this episode of CSO Perspectives, Rick Howard examines the MITRE ATT&CK® framework for the security executive. Rick explains how your infosec team can use it to support your intrusion kill chain strategy. More importantly, Rick describes the framework in terms that busy security executives can understand. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

en

31:25

Introducing the cyberspace sand table series: The DNC...

CISO Perspectives (public) ·

2022/09/19

The 2016 DNC hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the DNC hack on the cyber sand table to see what might have been done differently with host Rick Howard, the CyberWire’s CSO and Chief Analyst. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more

en

30:05

Security compliance around the Hash Table.

CISO Perspectives (public) ·

2022/09/12

Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” On the Hash Table,

en

141 results

Similar Podcasts

Lead With AI

Tamara Nall

Linux in the Ham Shack

Black Sparrow Media

Data Engineering Podcast

Tobias Macey

Eye On A.I.

Craig S. Smith

Reflections

Livewire Labs