onSecurity

As the tactics of hackers and threat actors evolve, organizations are finding themselves in unknown, uncomfortable, and unsafe situations. When it becomes necessary to engage or negotiate with hackers, experts can offer their experience and resources to ensure the most positive outcome possible. In this episode of onSecurity, Stel is joined by Marc Grens, Co-Founder and President of DigitalMint. Marc goes into the often unknown details about how companies engage with ransomware attackers and shares some surprising experiences.

In an interconnected world, the rapid proliferation of IoT (Internet of Things) devices and the integration of Operational Technology (OT) into critical infrastructure have unlocked tremendous opportunities. However, these technological advancements have also exposed us to unprecedented security risks.

To counter these risks, businesses can quickly and efficiently turn to the practice of maintaining a comprehensive asset inventory. By identifying and cataloging all IoT and OT devices, organizations can better understand their attack surface and implement targeted security measures to safeguard their networks.

Huxley Barbee, CISSP and CISM of RunZero, joins onShore Security CEO Stel Valavanis on this episode of onSecurity as we delve into securing IoT and OT systems, exploring the significance of asset inventory in fortifying these vital networks against potential cyber threats, and identifying common pitfalls.

The emergence of artificial intelligence (AI) has introduced a new set of challenges to the field of cybersecurity. While AI offers immense potential for enhancing security measures, it also presents unprecedented risks and complexities. One of the primary concerns is the use of AI by malicious actors to develop sophisticated attack techniques, such as AI-powered malware and intelligent chatbots that can mimic human behavior. These AI-driven attacks have the potential to bypass traditional security defenses, exploit vulnerabilities at an unprecedented scale and speed, and even autonomously adapt and evolve to evade detection. In this episode of onSecurity, we delve into the emerging threats posed by artificial intelligence (AI) and chatbots in cybersecurity, exploring how these technologies are being leveraged and the necessary adaptations cybersecurity professionals must make to safeguard our digital landscape. James Moore, Director of Online Learning at DePaul University, joins us to discuss the alarming ways in which AI and chatbots are being weaponized by adversaries, the increased sophistication of these attacks, their potential impact on industries, and the challenges faced by cybersecurity professionals in countering them.

Planning and enacting a proper cybersecurity strategy requires data, usually in the form of metric data. These tracked statistics, qualitative and quantitative, are analyzed and organized into stories that can help a security operation see vulnerability and places to focus their attention. Metrics, however, can just as easily distract leadership and waste effort and expense. Knowing which metrics to consult and when is as valuable as tracking the data in the first place. 

Edward Marchewka, founder of 3LC Solutions, joins onSecurity to talk with Stel about what metrics are worth basing decisions on, times metrics don’t tell the whole story, and essential things to remember when considering qualitative and quantitative data.

Cybersecurity professionals are constantly honing their skills and adding to their knowledge set. Still, to stay ahead of attackers, defenders must make sure to continue to think outside of the box, see the obscure, and practice their ability to solve problems. Capture the Flag competitions are a popular exercise at cybersecurity events, offering an array of riddle-like security challenges. Blue Team Con 2022 hosted such a competition for attendees and it was won by onShore Security analyst Chris Spankroy.  Chris joins Stel to talk about his experience with Blue Team Con’s Capture the Flag competition, how it was designed to test “blue team” skills, and how he analyzed his way to victory.

onShore Security's podcast, onSecurity, explores a variety of topics in the cybersecurity field. Cybersecurity practice is typically the territory of experts in the field, but for large organizations, cybersecurity is a board-level concern and should factor into decisions in every department, from security and risk to marketing and customer experience.

Cybersecurity can seem a big obstacle and is a large source of risk for the unaware or ill-prepared, but for those leading with cybersecurity, it offers a new way to think about every part of your organization, at every level.

For our eleventh episode, Robert Barr joins onSecurity to discuss the importance of cybersecurity awareness at the board level and the work that the Private Directors Association is doing with their new Cybersecurity Governance Committee to ensure that leaders have the understanding and knowledge needed to make big decisions.

At the Enterprise level, many discussions and decisions about cybersecurity and IT focus on the operational capability of the organization and bad actors that may interfere. As cyber operations become a larger part of business operations as a whole, organizations now must also consider regulatory compliance or risk losing the ability to operate and even face potential damaging liability.

Chris Johnson, Sr. Director of Cybersecurity Programs at CompTIA ISAO, joins onSecurity to discuss the importance of GRC - governance, risk, and compliance. Though implementation of GRC in an organization may offer some hurdles, this work raises the cybersecurity posture of an organization, making them better able to prevent and resist cyberattacks, as well as comply with regulations, allowing them to continue the work they do and expand into new opportunities.

In cybersecurity, the importance of teamwork, collaboration, skill sharing, and peer review cannot be overstated. When it comes to cyber defense, blue teams are in competition against the criminal elite and cyber attackers worldwide, but draw strength by working and communicating with each other. Cybersecurity conventions are increasingly popular places for the industry’s most meaningful discourse.

On our eighth episode, Frank McGovern, Cybersecurity Architect at StoneX, joins onSecurity to discuss the gap he saw in the cybersecurity convention scene and his work to organize Blue Team Con along with our host, BTC co-founder and onShore Security CEO Stel Valavanis.

As cyber operations at the Enterprise level expand to defend against cyberattacks, hackers seek easier targets among enterprises. Chase Cunningham joins onSecurity to talk about his effort to raise the maturity level of cybersecurity of targeted companies and how the use of zero trust strategy is being adopted by organizations at every level.

Our sixth episode focuses on the development of new cybersecurity products and processes. Data analysis is a pillar of any mature cybersecurity operation and is the process that transforms information into intelligence. As cybersecurity advances, engineers and analysts must work together to move forward with speed and safety.

Anil Mudholkar, Head of Product Development for onShore Security, joins Stel to talk about the current state of cybersecurity products.

As automated processes augment the capabilities of cybersecurity operations, it is important not to overlook the importance of the human element. Understanding the benefits of automation in cybersecurity requires an examination of potential pitfalls and the ways that security teams fill in the gap.

Joe Gresham, Product Development specialist for onShore Security, joins Stel to talk about the benefits and pitfalls of automation in cybersecurity.

onShore Security's podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our fourth episode focuses on the future of cybersecurity. As cybercrime adapts to new cyberdefense products and processes, security must stay one step ahead. Developing new ways of thinking and doing in defending data will require security teams to be agile and imaginative.

Craig Brozefsky, Senior Software Engineer Consultant for onShore Security, joins Stel to talk about his experience at Cisco, projects with onShore, and the future of security.

As network perimeters become "squiggly", the focus must shift from endpoint management to the data itself.
Founder and CEO of Nullafi, Rob Yoskowitz joins Stel Valavanis to discuss how changes in people and processes require cybersecurity operations to reconsider who has access to what and when.

onShore Security CTO Steven Kent joins Stel to discuss the intersection of compliance and security. As the author of an oft-cited saying at onShore, “security is a process, not a product”, Steven Kent is the reason that onShore has been able to satisfy the complex needs of clients in the banking industry.