Security Insights - Cybersecurity for Real-World Workplaces

What does CSO stand for at your organization?

Is it short for Chief Security Officer... or Chief Scapegoat Officer?

In this episode, Ivanti CSO Daniel Spicer talks about how he never thought he'd be a CSO, and the unique pressures that security executives face from their own internal leadership teams and external regulations or (worse) insurance companies.

Listen in as Daniel and Ashley dig into:

• What counts as a "breach" -- legally and ethically -- and the conflicting pressures to either report or not.
• How hackers try to bluff their way into a breach...
• ... and how "breach coach" insurance lawyers may or may not try to pressure teams out of reporting incidents they should.
• Where to find the best internal allies to help you stand up to undue pressures and maintain your ethical high grounds.
• The #1 thing security leaders should do during their interview process to make sure they're signing on with the right organization
• How -- if you do get fired due to a breach -- it's not the end of your career as a security professional.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Daniel Spicer is back! Following up on last episode's discussion on the security risks of overemployment, Ivanti's Chief Security Officer returns to clear up the age-old myth of security tools being abused for employee investigations. Join Daniel, Chris and Ashley as they discuss:

• What is (and most definitely is not) allowed in an employee investigation -- especially if the Security Team is requested to assist
• User and management's misconceptions about security data, and how it's less "Big Brother," and more "Death by Data" 
• The invaluable technique of using HR and Legal both to cover your asks and avoid abuse of security tools during investigations
• How you're more likely to investigate an employee due to a media outlet's DMCA request than overemployment
• What a manager's "tipping point" is to request a more robust employee investigation, and what would trigger Security to get involved

Join us for another episode in which empathetic management and a sympathetic legal department might be the best security tools you'll ever deploy when it comes to cracking down on bad employee behavior -- well, that, and a solid VPN / MDM combo.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Chris and Ashley use the current overemployment media trend as an example case study on evaluating security risks versus potential organizational impact. 

They cover: 

• How overemployment existed before remote work
• Weighing the various security implications of overemployment — including shadow IT and insider threats
• How far an organization should go to remediate security risks due to unknown overemployed employees... and the cultural trade offs organizations may be required to make.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Chris (finally!) adds his insights to the 2023 Press Reset cybersecurity research report, especially how its findings impact vulnerability and patch prioritization processes — do you shoot for mission critical systems, active exploits, or something else first? — and why asset visibility lies at the core of every security framework on the planet.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

JR Robinson, Head of Platform at generative AI startup Writer, joins VP of Endpoint Security Product Management Chris Goettl and Ashley Stryker to discuss current generative AI use cases for security teams that go beyond just chat bots.

(Please. For everyone’s sanity… go beyond chat bots.)

They’ll also preview a deeper webinar discussion with Chief Security Officer Daniel Spicer on the risks and rewards generative AI offers security teams at every organization, airing on April 26 — save your spot and bring your questions to "Generative AI for Infosec and Hackers: What Security Teams Need to Know!"

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Daniel and Ashley review the latest research report from Ivanti -- Press Reset: A 2023 Cybersecurity Status Report -- including prioritizing phishing and DDoS attacks, security ROI challenges, and why organizations should never increase their cybersecurity budget by sacrificing their IT allocations.

Download the full report at Ivanti.com/CybersecurityReport  

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

It's vendor risk versus reward!

Chris and Amanda educate Ashley on the core considerations, processes and requirements for robust vendor risk management programs... including when to be afraid of your IoT devices, especially those pesky Roomba vacuums and oh-so-convenient self-cleaning litter boxes.

Remember to address these three components, no matter if your vendor is a major IT software provider or just your friendly neighborhood paper salesman:

1. What data are you granting your vendor?
2. What can they access?
3. Due diligence and 200+ item questionnaires are everything.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

IT Director Tony Miller goes toe-to-toe with Chief Security Officer Daniel Spicer to justify – or condemn! – IT and cybersecurity posts found on Reddit, featuring a legendary story about hackers that patched endpoints faster than the company itself. #PatchHacks

Plus, Ashley frets about the impact of a new security policy on her personal devices, creating an impromptu case study on the importance of explaining (or just reading) new security policies.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Daniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner’s dilemma thought experiment to create a (more?) perfect vendor disclosure policy.

• Find shownotes for this episode at Ivanti.com/SecurityInsights-30

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Amanda and Ashley talk about their experiences as women in the cybersecurity and technology industries. (Spoiler alert: it’s on the up-and-up!)

• Find shownotes for this episode at Ivanti.com/SecurityInsights-29

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Amanda and Chris share stories proving why your data really is more secure in the cloud than the average on-premises server closet – and what organizations should worry more about when it comes to data security.

• Find shownotes for this episode at Ivanti.com/SecurityInsights-28   

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Do you want to work in cybersecurity, but not sure how to start? Ashley and Chris talk to three current cybersecurity experts on how they entered the industry – including Ivanti deputy CSO Amanda Wittern. (Also, bonus update on how Ashley pulled off her social engineering assignment from last episode!)

• Find shownotes for this episode at Ivanti.com/SecurityInsights-27   

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

In this episode, Chris tries to convince Ashley that marketers naturally make excellent hackers, based on modern phishing attacks and techniques… And Ashley confirms his guess by revealing the lengths to which marketers will go to “spoof” natural conversation and drive their target audience to take action.

Referenced materials:

The DarkNet Diaries Podcast, Episode 69: Human Hacker - https://darknetdiaries.com/transcript/69/

Ashley’s “Social Engineering” booklist - https://www.amazon.com/hz/wishlist/ls/1INOW5WGDDUO5?ref_=wl_share

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Security Insights welcomes its new host, Ashley Stryker, into the mix! In today's episode, Chris Goettl and Daniel Spicer break down some backlash from Microsoft customers on their failure to disclose a “ninja patch” on a vulnerability researchers found months before the fix. Listen in as the trio discuss security transparency and best practices for vendor coordinated disclosures of vulnerabilities for cloud versus on-prem products and much more!

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Hello and welcome back to this week’s episode of Ivanti’s Security Insights! Today Chris Goettl and Daniel Spicer go over their takeaways from the recent Gartner Security & Risk Management Summit.

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

We’re back and ready to roll with this week’s episode where our host Chris Goettl interviews Chad Holmes and Daniel Brody from Cynario. Today they discuss healthcare and security through EMT devices and much more.

Watch to learn more about how cyber security is assisting healthcare innovation! For more information, check out Cynario’s website www.cynerio.com or their social media @cynerio. Be sure to follow us on our socials @goivanti for more episodes like this! 

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

In our first episode of 2022, Chris Goettl and Daniel Spicer unpack one of last year's biggest vulnerabilities: Apache Log4j. The conversation includes:

• What is Log4j?
• The difficulty of detecting Log4j and developing guidance for organizations
• Why security teams and IT teams are stuck in a Catch 22 of patching
• The latest guidance you can use for your organization

Check out cisecurity.org and Ivanti's article on Log4j

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Host Adrian Vernon sits down with Daniel Spicer to bust some cybersecurity myths! The list of myths include:

• Passwords should be changed every 30 days
• You shouldn't write down your password
• Multi-factor Authentication is not secure
• You don't need antivirus
• VPNs keep my devices safe and secure
• IT is responsible for all of the cybersecurity at an organization

"Stay safe, be secure, and keep smiling!"

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Host Adrian Vernon is joined by Ivanti's Senior Vice President of Security Products Sri Mukkamala, CEO of Cyber Security Works (CSW) Aaron Sandeen, and Senior Intelligence Analyst at Cyware Neil Dennis. They break down the recent collaborative Ransomware Index Spotlight Report to make sure you are up to date on today's cybersecurity landscape. The conversation includes:

• How the report was put together
• What you can expect from the report
• The importance of the collaboration
• Surprising contexts
• Why a yearly compliance checkpoint may not be enough
• The possible future of ransomware
• CYBER HYGIENE!

Check out the report at ivanti.com

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Adrian gets some insight from Chris and Daniel on some recent supply chain attack events.

The conversation includes:

• The unique agenda of nation state attacks
• The numbers game associated with cloud services attacks
• There are way more attacks than what get covered in the news
• What makes an attack a "Supply Chain Attack"
• Microsoft's recommendations for providers and customers
• Proactive steps you can take

For more on supply chain attacks check out our episode The Human Element of Preventing Supply Chain Attacks 

• Next episode going live June 29, 2023!
  • New episodes publish around the second and fourth Thursdays each month.
• For all show notes, resources and references, head to Ivanti.com/SecurityInsights
• Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)