In cybersecurity, teamwork is everything. Every part of the practice is about being part of a team, from playing your part in your organization to being part of the larger community and ecosystem. Cybersecurity conventions, such as the upcoming Blue Team Con, are a focal point for team building at every level, with knowledge sharing and training, networking, and volunteering. Many cybersecurity events are run by volunteers, seeking to learn more about cybersecurity and organizing, meet active and involved members of the community, and take part in building the culture. This episode, onSecurity is joined by Phoenix Fier, security analyst for Funko and volunteer coordinator for the upcoming Blue Team Con. Phoenix discusses the importance of inclusion in cybersecurity events, the opportunities that volunteering at an event presents, and why getting involved is a critical step in your career. In an interconnected world, the rapid proliferation of IoT (Internet of Things) devices and the integration of Operational Technology (OT) into critical infrastructure have unlocked tremendous opportunities. However, these technological advancements have also exposed us to unprecedented security risks. To counter these risks, businesses can quickly and efficiently turn to the practice of maintaining a comprehensive asset inventory. By identifying and cataloging all IoT and OT devices, organizations can better understand their attack surface and implement targeted security measures to safeguard their networks. Huxley Barbee, CISSP and CISM of RunZero, joins onShore Security CEO Stel Valavanis on this episode of onSecurity as we delve into securing IoT and OT systems, exploring the significance of asset inventory in fortifying these vital networks against potential cyber threats, and identifying common pitfalls. The emergence of artificial intelligence (AI) has introduced a new set of challenges to the field of cybersecurity. While AI offers immense potential for enhancing security measures, it also presents unprecedented risks and complexities. One of the primary concerns is the use of AI by malicious actors to develop sophisticated attack techniques, such as AI-powered malware and intelligent chatbots that can mimic human behavior. These AI-driven attacks have the potential to bypass traditional security defenses, exploit vulnerabilities at an unprecedented scale and speed, and even autonomously adapt and evolve to evade detection. In this episode of onSecurity, we delve into the emerging threats posed by artificial intelligence (AI) and chatbots in cybersecurity, exploring how these technologies are being leveraged and the necessary adaptations cybersecurity professionals must make to safeguard our digital landscape. James Moore, Director of Online Learning at DePaul University, joins us to discuss the alarming ways in which AI and chatbots are being weaponized by adversaries, the increased sophistication of these attacks, their potential impact on industries, and the challenges faced by cybersecurity professionals in countering them.
Responding to cybersecurity incidents is no longer merely the responsibility of the IT team at a business. There are legal and financial actions that must be taken and the ability of a business to respond smartly and with speed can determine the fate of the organization after an attack. Todd Rowe of Constangy Law joins Stel to talk about his experience practicing law in the cybersecurity space, how his work has evolved, and lessons learned on how to respond to ransomware and other cybersecurity incidents. Planning and enacting a proper cybersecurity strategy requires data, usually in the form of metric data. These tracked statistics, qualitative and quantitative, are analyzed and organized into stories that can help a security operation see vulnerability and places to focus their attention. Metrics, however, can just as easily distract leadership and waste effort and expense. Knowing which metrics to consult and when is as valuable as tracking the data in the first place. Edward Marchewka, founder of 3LC Solutions, joins onSecurity to talk with Stel about what metrics are worth basing decisions on, times metrics don’t tell the whole story, and essential things to remember when considering qualitative and quantitative data. One of the most important parts of the cybersecurity community’s work to protect data is to educate their clients and inform the public of known risks and specific threats to their personal and professional data. In a space already filled with disinformation and out-of-date ideas, it is vital that leaders, practitioners, and experts know how to communicate essential security information in clear, credible, and actionable terms. Kyle McNulty joins Stel on this episode of onSecurity to talk about methods and modes of cybersecurity content creation and developments in the media landscape Cybersecurity professionals are constantly honing their skills and adding to their knowledge set. Still, to stay ahead of attackers, defenders must make sure to continue to think outside of the box, see the obscure, and practice their ability to solve problems. Capture the Flag competitions are a popular exercise at cybersecurity events, offering an array of riddle-like security challenges. Blue Team Con 2022 hosted such a competition for attendees and it was won by onShore Security analyst Chris Spankroy. Chris joins Stel to talk about his experience with Blue Team Con’s Capture the Flag competition, how it was designed to test “blue team” skills, and how he analyzed his way to victory. Cybersecurity practitioners, as defenders of information, benefit from the fact that they are, in some ways, one large team, and the sharing of information and best practices as an industry and a community elevates everyone’s ability to protect their data. The passing of experience and expertise among peers is important, but staying ahead of emerging cyber threats requires recruiting and training the next generation. John Johnson joins onSecurity to discuss CornCon, the cybersecurity convention he founded in Davenport, Iowa. CornCon’s growth is in large part due to it filling a growing demand for regional cybersecurity events, as well as the event’s focus on young professionals, students, and children, with programming designed to support and welcome the cybersecurity industry leaders of tomorrow. onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Cybersecurity practice is typically the territory of experts in the field, but for large organizations, cybersecurity is a board-level concern and should factor into decisions in every department, from security and risk to marketing and customer experience. Cybersecurity can seem a big obstacle and is a large source of risk for the unaware or ill-prepared, but for those leading with cybersecurity, it offers a new way to think about every part of your organization, at every level. For our eleventh episode, Robert Barr joins onSecurity to discuss the importance of cybersecurity awareness at the board level and the work that the Private Directors Association is doing with their new Cybersecurity Governance Committee to ensure that leaders have the understanding and knowledge needed to make big decisions. onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. The image of the lone wolf hacker or of small-time crooks lit only by laptop glow in their basements is long out-of-date. Cyber attacks, ones that impact civil society, now commonly derive from governmental organizations or groups working for government and military agencies, and their targets are not restricted to the public sector. Total warfare is becoming the prevailing tactic on the growing cyber front of global geopolitical conflict and everyone is caught in the crossfire. For our tenth episode, John Hering joins onSecurity to discuss the importance of digital diplomacy and his efforts with Microsoft and the Cybersecurity Tech Accord to reduce the risk and impact of cyber warfare and state-sponsored cyber attacks on Enterprises and individuals. At the Enterprise level, many discussions and decisions about cybersecurity and IT focus on the operational capability of the organization and bad actors that may interfere. As cyber operations become a larger part of business operations as a whole, organizations now must also consider regulatory compliance or risk losing the ability to operate and even face potential damaging liability. Chris Johnson, Sr. Director of Cybersecurity Programs at CompTIA ISAO, joins onSecurity to discuss the importance of GRC – governance, risk, and compliance. Though implementation of GRC in an organization may offer some hurdles, this work raises the cybersecurity posture of an organization, making them better able to prevent and resist cyberattacks, as well as comply with regulations, allowing them to continue the work they do and expand into new opportunities. In cybersecurity, the importance of teamwork, collaboration, skill sharing, and peer review cannot be overstated. When it comes to cyber defense, blue teams are in competition against the criminal elite and cyber attackers worldwide, but draw strength from working and communicating with each other. Cybersecurity conventions are increasingly popular places for the industry’s most meaningful discourse. onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our seventh episode focuses on practicing the zero-trust philosophy to harden cybersecurity targets. As cyber operations at the Enterprise level expand to defend against cyberattacks, hackers seek easier targets among enterprises. Chase Cunningham joins onSecurity to talk about his effort to raise the maturity level of cybersecurity of targeted companies and how organizations are adopting the use of a zero-trust strategy at every level. onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our sixth episode focuses on the development of new cybersecurity products and processes. Data analysis is a pillar of any mature cybersecurity operation and is the process that transforms information into intelligence. As cybersecurity advances, engineers and analysts must work together to move forward with speed and safety. Anil Mudholkar, Head of Product Development for onShore Security, joins Stel to talk about the current state of cybersecurity products.Episode 19: Inclusion and Community Engagement
Episode 18: Securing IoT and Operational Technology
Episode 17: AI and Chatbots in Cyberattacks
Episode 16: Responding to Ransomware
Episode 15: Better Security Through Better Metrics
Episode 14: Creating Cybersecurity Media
Episode 13: Capture the Flag!
Episode 12: Building the Cybersecurity Community of Tomorrow
Episode 11: Leading with Cybersecurity
Episode 10: Cyberpeace
Episode 9: Governance, Risk, and Compliance
Episode 8: Blue Team Con
On our eighth episode, Frank McGovern, Cybersecurity Architect at StoneX, joins onSecurity to discuss the gap he saw in the cybersecurity convention scene and his work to organize Blue Team Con along with our host, BTC co-founder and onShore Security CEO Stel Valavanis. Episode 7: Zero Trust
Episode 6: Developing Cybersecurity Products