To the Point Cybersecurity

Joining us this week is Christian Folini (@chrfolini), co-lead of the OWASP Core Rule Set project, co-author of the second edition of ModSecurity Handbook, and one of the few teachers on this subject. He brings a first to the podcast – a discussion on ModSecurity and the OWASP project! For those that are new to these topics, Christian shares many insights on the OWASP volunteer organization mission and how it serves as the first line of defense against web application attacks.

Closing out Insider Threat Awareness Month with us is Dr. Maria Bada, Ph.D., a Lecturer in Cyberpsychology at Queen Mary University in London and a RISCS Fellow in cybercrime. Maria shares insights on the insider risk challenge through a human-centric lens and the criticality of educational awareness, transparency, and training (Note: check out AwareGo!) to better mitigate the threat. When 98% of organizations are vulnerable to insider risks, and the “accidental” insider is the one most often reported, empowering employees with tools and knowledge to understand and be aware of the threats can really make a positive impact.

Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center, joins the podcast this week to take a deep dive view into an insider threat as September is Insider Threat Awareness Month.

Joining the podcast this week is Ellen Nakashima, National Security Reporter for The Washington Times, and shares insights into the ongoing Taiwan-China conflict. Ellen provides perspective on the much-publicized Pelosi trip to Taiwan and why the timing of that trip raised concerns in China as well.

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security. He shares insights from his 45+ years on the security risks front lines, including 34 years at the NSA. Risk was a big theme of the discussion, particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes).

Joining the podcast this week is Stefan Soesanto, Senior Researcher in the Cyberdefense Project with the Risk and Resilience Team at the Center for Security Studies (CSS) at ETH Zurich. He recently authored the excellent research report “IT Army of Ukraine” that examined in detail how it was stood up out of necessity for what many have called the ‘first cyberwar.’

Join us this week for a discussion with Brian Knappenberger, a producer and director renowned for such documentaries as Web of Make Believe: Death, Lies and the Internet, The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11, to name a few. He shares insights from his recent documentary series Web of Make Believe and also  discusses the trajectory of misinformation through a lens from the 2016 election forward.

We go deep into the dark web and ransomware 2022 with this week’s guest Tom Hofmann, SVP, Intelligence at Flashpoint. He tracks ransomware from its beginnings in 1989 through to present-day ransomware gang shenanigans including Maze double extortion tactics that attackers have enthusiastically embraced. He also gets real on what’s happening on the dark web – and the things that you can’t unsee.

John Shier, Senior Security Advisor at Sophos, joins the podcast this week for a deep dive into today’s ransomware threats landscape and insights uncovered in the recent Sophos research reports, including the “2022 State of Ransomware Report” and “Active Adversary Playbook.”

This week Rob McDonald, SVP of Platform at Virtru joins the podcast to double-click into the data and privacy protection discussion. We explore subsidizing the pain of giving personal data in exchange for ‘free’ services, informed consent, regulation alone isn’t a silver bullet, and what outcomes we could we drive when we combine user decisions with regulation.