Getting Defensive Podcast

In this episode of Getting Defensive, hosts Jerry Bell and Andrew Kalat welcome Derek Held, a senior cloud security engineer, to discuss the challenges organizations face in cloud security. The conversation explores the transition from traditional IT environments to cloud-native architectures, emphasizing the importance of leveraging cloud capabilities, particularly in identity management. Derek shares insights on avoiding security pitfalls, drawing lessons from notable incidents like Capital One, and highlights the significance of defensive writing in incident response. The discussion also covers the value of public records in researching data breaches and the best practices for learning about cloud identity functionalities. Derek on infosec.exchange: derekheld (@[email protected]) – Infosec Exchange Derek’s presentations/conference talks:

In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andrew Kalat welcome cybersecurity educator Michael Taggart. They discuss Taggart’s journey into cybersecurity, the challenges of educating others in the field, and the importance of empathy and communication in security training. The conversation also touches on affordable training options, the role of security researchers in healthcare, and advice for aspiring cybersecurity professionals. Links: Taggart Institute: https://taggartinstitute.org/ Michael Taggart on the Fediverse: https://infosec.exchange/@mttaggart

In this episode, Jerry Bell and Andrew Kalat discuss the evolving landscape of cryptography with expert Sophie Schmeig. They explore her journey into cryptography, the implications of quantum computing on classical cryptography, and the importance of transitioning to post-quantum cryptography. Sophie shares insights on current cryptographic standards, the challenges posed by quantum threats, and the need for proactive measures in key management and encryption practices. The conversation emphasizes the urgency of adopting quantum-safe solutions and the complexities involved in this transition. Takeaways Cryptography has various paths into it, not straightforward. Quantum computing poses a significant threat to classical cryptography. Post-quantum cryptography is not a drop-in replacement for existing algorithms. Disk encryption is generally safe from quantum threats. Symmetric cryptography remains largely unaffected by quantum advancements. Security engineers need to start planning for quantum threats now. Current cryptographic standards are evolving to address quantum risks. Key management is crucial in mitigating risks associated with quantum computing. The timeline for quantum threats is estimated around 2035, but uncertainty remains. Proactive key hygiene practices are essential for long-term security.

Summary In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andrew Kalat welcome Martin Fisher, a seasoned CISO with over 20 years of experience in information security, particularly in the healthcare sector. Martin shares insights from his decade-long tenure at Northside Hospital Group, discussing the unique challenges of cybersecurity in healthcare, the importance of patient safety, and the need for effective incident response and business continuity planning. He emphasizes the significance of leadership, managing stress and burnout, and the necessity of adapting to the ever-evolving cybersecurity landscape. As he transitions into consulting, Martin reflects on his journey and the lessons learned throughout his career.

Summary In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andy Kalat welcome Chris Dotson, a cloud security expert and author of ‘Practical Cloud Security’. The conversation covers a range of topics including the challenges of writing a book, common security mistakes in cloud environments, the importance of identity and access management, and the implications of the Capital One breach. They also discuss the future of non-human identities, the significance of passkeys, and the evolving landscape of cyber insurance. The episode emphasizes the shared responsibility between cloud providers and customers in maintaining security and the need for better management of identities and authentication methods. Takeaways Security professionals must maintain a broad understanding of threats. Risk management fundamentals are crucial for effective security. Non-human identities pose unique challenges in security management. Passkeys represent a significant advancement in authentication methods. Shared responsibility in cloud security is essential for both providers and customers. Cyber insurance can influence security practices but has its limitations. Understanding the Capital One breach provides valuable lessons in IAM. Prioritization of security measures is critical to avoid mismanagement. The future of cloud security will increasingly rely on automated identity management.

In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andrew Kalat welcome IT security professional and digital human rights activist Rysiek. They discuss Rysiek’s experiences while working for the OCCRP during the release of the Panama Papers, the challenges faced by small organizations in cybersecurity, and the importance of multi-factor authentication. The conversation also covers the political aspects of security decisions, the development of the Resilient.is project aimed at combating censorship, and the need for decentralized solutions in the digital age.

In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andrew Kalat engage with cybersecurity expert Dan Tentler, discussing the complexities of cybersecurity roles, the challenges of hiring qualified professionals, and the importance of learning from past breaches. Tentler emphasizes the need for accountability in security practices and the necessity of understanding the fundamentals of cybersecurity. The conversation also touches on the current state of the industry, the impact of technology on security practices, and the importance of personal experience in shaping effective security strategies. For more about Dan, please visit https://phobos.io. You can find Dan on the fediverse at https://mastodon.social/@Viss https://www.youtube.com/watch?v=NWQrO8GwNUY

In this episode, we interview cybersecurity expert Dave Shackelford. We discuss the current state of the cybersecurity industry, the impact of ransomware, and the evolving landscape of cloud security. The conversationy touches on the challenges of burnout in the field, the changing nature of cybersecurity conferences, and the importance of understanding shared responsibility and fate models in cloud environments. Dave shares insights from his extensive experience, emphasizing the need for organizations to adapt to the fast-paced technological landscape, particularly with the rise of AI. You can connect with Dave on X at: https://twitter.com/daveshackleford

Andy and Jerry interview Joe Gray and discuss his entry into the work of social engineering and his experience in helping organizations build programs to resist social engineering attacks. For more information about Joe Gray, please visit his LinkedIn page here: https://www.linkedin.com/in/joegrayinfosec/

More about Andy Green: https://andygreen.phd/