Blog

 

onSecurity Podcast – Episode 20: Engaging with Attackers

onSecurity Podcast – Episode 20: Engaging with Attackers Listen on Spotify or Apple Podcasts As the tactics of hackers and threat actors evolve, organizations are finding themselves in unknown, uncomfortable, and unsafe situations. When it becomes necessary to engage or negotiate with hackers, experts can offer their experience and resources to ensure the most positive outcome possible. In this episode of onSecurity, Stel is joined by Marc Grens, Co-Founder and President of DigitalMint. Marc goes into the often unknown details about how companies engage with ransomware attackers and shares some surprising experiences.

SEC’s Rule 106 Creates Confusion Instead of Standards

SEC’s Rule 106 Creates Confusion Instead of Standards -Stel Valavanis One of the main purposes of the SEC is to ensure that the investing public receives all the information they can and should have to make informed investments. As technology and business practices evolve, so too must the SEC and their latest attempt to adapt to changing times has led to new SEC rules involving cybersecurity and cyber operations. New SEC regulations that went into effect on September 6th (with compliance reporting to begin 90 days later, this December), garnered much attention and comment while they were under consideration and…

onShore Security Named to MSSP Alert’s 2023 List of Top 250 MSSPs

onShore Security, a leading provider of enterprise-grade cybersecurity solutions nationwide, ranks among the Top 250 Managed Security Service Providers (MSSPs) for 2023, according to MSSP Alert, a CyberRisk Alliance resource. The company rose in the rankings to 146, compared to 192 in 2022. “We are honored to continue to be included in the MSSP 250 list, and are pleased to have moved up in the ranking yet again this year,” said Stel Valavanis, CEO of onShore Security. “I believe our pure-play approach and our own Panoptic Cyberdefense platform are what make onShore Security stand out. No other company has network…

Implementing the Cyber Workforce and Education Strategy in your organization

Implementing the Cyber Workforce and Education Strategy in your organization – Josh Eklow The Biden Administration recently released another cyber strategy document: the National Cyber Workforce and Education Strategy. While parts of the document focus on how the Federal government will work to further the cyber education of potential government employees and to grow the cyber workforce available to the public sector, they also outline a strategy that strives to raise the general level of cybersecurity awareness and training of all organizations and citizens, enrich the workforce for the private sector, and close the cybersecurity employment gap in the US…

onSecurity Podcast – Episode 19: Inclusion and Community Engagement

Episode 19: Inclusion and Community Engagement  In cybersecurity, teamwork is everything. Every part of the practice is about being part of a team, from playing your part in your organization to being part of the larger community and ecosystem. Cybersecurity conventions, such as the upcoming Blue Team Con, are a focal point for team building at every level, with knowledge sharing and training, networking, and volunteering. Many cybersecurity events are run by volunteers, seeking to learn more about cybersecurity and organizing, meet active and involved members of the community, and take part in building the culture.  This episode, onSecurity…

onSecurity Podcast – Episode 18: Securing IoT and Operational Technology

Episode 18: Securing IoT and Operational Technology In an interconnected world, the rapid proliferation of IoT (Internet of Things) devices and the integration of Operational Technology (OT) into critical infrastructure have unlocked tremendous opportunities. However, these technological advancements have also exposed us to unprecedented security risks. To counter these risks, businesses can quickly and efficiently turn to the practice of maintaining a comprehensive asset inventory. By identifying and cataloging all IoT and OT devices, organizations can better understand their attack surface and implement targeted security measures to safeguard their networks. Huxley Barbee, CISSP and CISM of RunZero, joins onShore Security…

onSecurity – Episode 17: AI and Chatbots in Cyberattacks

Episode 17: AI and Chatbots in Cyberattacks The emergence of artificial intelligence (AI) has introduced a new set of challenges to the field of cybersecurity. While AI offers immense potential for enhancing security measures, it also presents unprecedented risks and complexities. One of the primary concerns is the use of AI by malicious actors to develop sophisticated attack techniques, such as AI-powered malware and intelligent chatbots that can mimic human behavior. These AI-driven attacks have the potential to bypass traditional security defenses, exploit vulnerabilities at an unprecedented scale and speed, and even autonomously adapt and evolve to evade detection. In…

onSecurity – Episode 16: Responding to Ransomware

Episode 16: Responding to Ransomware Responding to cybersecurity incidents is no longer merely the responsibility of the IT team at a business. There are legal and financial actions that must be taken and the ability of a business to respond smartly and with speed can determine the fate of the organization after an attack. Todd Rowe of Constangy Law joins Stel to talk about his experience practicing law in the cybersecurity space, how his work has evolved, and lessons learned on how to respond to ransomware and other cybersecurity incidents.

Biden’s Cybersecurity Announcement – Some Subtle Points are Being Lost

Biden’s Cybersecurity Announcement – Some Subtle Points Are Being Lost – Stel Valavanis The Biden Administration recently announced a new, five-pillared cybersecurity strategy that outlines not only new Federal initiatives to strengthen the defense of public infrastructure and increase federal cybersecurity capability, but also details changes that will greatly impact the private sector, cybersecurity leaders, and practitioners of today and tomorrow. It is important to remember that this announcement is a policy document, not an executive order, so while it does signal that changes are coming, it will remain difficult to prepare for specific parts of this shift until further…

onShore Security Endorses Plans to Curb Proliferation of Cyber Mercenaries

onShore Security is proud to announce that, as members of the Cybersecurity Tech Accord, we have signed onto the principles released by the group to state our intent to do whatever we can to help curb the training, recruitment, and deployment of cyber mercenaries.  The Cybersecurity Tech Accord, a signatory group of cybersecurity organizations, has responded to the developments in the US cybersecurity strategy by calling for an agreement to counter and prevent the proliferation of cyber mercenaries, both in service of foreign governments and our own. US-based cybersecurity operations have historically not acted offensively, and the infrequent “hack backs”…

onSecurity – Better Security Through Better Metrics

Episode 15: Better Security Through Better Metrics Planning and enacting a proper cybersecurity strategy requires data, usually in the form of metric data. These tracked statistics, qualitative and quantitative, are analyzed and organized into stories that can help a security operation see vulnerability and places to focus their attention. Metrics, however, can just as easily distract leadership and waste effort and expense. Knowing which metrics to consult and when is as valuable as tracking the data in the first place.  Edward Marchewka, founder of 3LC Solutions, joins onSecurity to talk with Stel about what metrics are worth basing decisions on,…

onSecurity – Creating Cybersecurity Media

Episode 14: Creating Cybersecurity Media One of the most important parts of the cybersecurity community’s work to protect data is to educate their clients and inform the public of known risks and specific threats to their personal and professional data. In a space already filled with disinformation and out-of-date ideas, it is vital that leaders, practitioners, and experts know how to communicate essential security information in clear, credible, and actionable terms. Kyle McNulty joins Stel on this episode of onSecurity to talk about methods and modes of cybersecurity content creation and developments in the media landscape

onSecurity – Capture the Flag!

Episode 13: Capture the Flag! Cybersecurity professionals are constantly honing their skills and adding to their knowledge set. Still, to stay ahead of attackers, defenders must make sure to continue to think outside of the box, see the obscure, and practice their ability to solve problems. Capture the Flag competitions are a popular exercise at cybersecurity events, offering an array of riddle-like security challenges. Blue Team Con 2022 hosted such a competition for attendees and it was won by onShore Security analyst Chris Spankroy. Chris joins Stel to talk about his experience with Blue Team Con’s Capture the Flag competition,…

onSecurity – Building the Cybersecurity Community of Tomorrow

Episode 12: Building the Cybersecurity Community of Tomorrow Cybersecurity practitioners, as defenders of information, benefit from the fact that they are, in some ways, one large team, and the sharing of information and best practices as an industry and a community elevates everyone’s ability to protect their data. The passing of experience and expertise among peers is important, but staying ahead of emerging cyber threats requires recruiting and training the next generation. John Johnson joins onSecurity to discuss CornCon, the cybersecurity convention he founded in Davenport, Iowa. CornCon’s growth is in large part due to it filling a growing demand for regional…

onSecurity – Leading with Cybersecurity

Episode 11: Leading with Cybersecurity onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Cybersecurity practice is typically the territory of experts in the field, but for large organizations, cybersecurity is a board-level concern and should factor into decisions in every department, from security and risk to marketing and customer experience. Cybersecurity can seem a big obstacle and is a large source of risk for the unaware or ill-prepared, but for those leading with cybersecurity, it offers a new way to think about every part of your organization, at every level. For our eleventh episode, Robert Barr joins onSecurity…

onSecurity – Cyberpeace

Episode 10: Cyberpeace onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. The image of the lone wolf hacker or of small-time crooks lit only by laptop glow in their basements is long out-of-date. Cyber attacks, ones that impact civil society, now commonly derive from governmental organizations or groups working for government and military agencies, and their targets are not restricted to the public sector. Total warfare is becoming the prevailing tactic on the growing cyber front of global geopolitical conflict and everyone is caught in the crossfire. For our tenth episode, John Hering joins onSecurity…

onSecurity – Governance, Risk, and Compliance

Episode 9: Governance, Risk, and Compliance At the Enterprise level, many discussions and decisions about cybersecurity and IT focus on the operational capability of the organization and bad actors that may interfere. As cyber operations become a larger part of business operations as a whole, organizations now must also consider regulatory compliance or risk losing the ability to operate and even face potential damaging liability. Chris Johnson, Sr. Director of Cybersecurity Programs at CompTIA ISAO, joins onSecurity to discuss the importance of GRC – governance, risk, and compliance. Though implementation of GRC in an organization may offer some hurdles, this…

onSecurity – Blue Team Con

Episode 8: Blue Team Con In cybersecurity, the importance of teamwork, collaboration, skill sharing, and peer review cannot be overstated. When it comes to cyber defense, blue teams are in competition against the criminal elite and cyber attackers worldwide, but draw strength from working and communicating with each other. Cybersecurity conventions are increasingly popular places for the industry’s most meaningful discourse. On our eighth episode, Frank McGovern, Cybersecurity Architect at StoneX, joins onSecurity to discuss the gap he saw in the cybersecurity convention scene and his work to organize Blue Team Con along with our host, BTC co-founder and onShore…

onSecurity – Zero Trust

Episode 7: Zero Trust onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our seventh episode focuses on practicing the zero-trust philosophy to harden cybersecurity targets. As cyber operations at the Enterprise level expand to defend against cyberattacks, hackers seek easier targets among enterprises. Chase Cunningham joins onSecurity to talk about his effort to raise the maturity level of cybersecurity of targeted companies and how organizations are adopting the use of a zero-trust strategy at every level.

onShore Security Named to MSSP Alert’s Top 250 MSSPs List for 2022

MSSP Alert, a CyberRisk Alliance resource, has named onShore Security to the Top 250 MSSPs list for 2022 (http://www.msspalert.com/top250). The list and research identify and honor the top MSSPs (managed security service providers) worldwide. The rankings are based on MSSP Alert’s 2022 readership survey combined with the site’s editorial coverage of MSSP, MDR and MSP security providers. The sixth-annual list and research track the MSSP market’s ongoing growth and evolution. “To protect our clients and their data from the constant barrage of new cybersecurity threats, our organization strives to stay ahead of bad actors and to be prepared for future…

onShore Security sponsors NYC Pinball Championships 2022

At onShore Security, we believe that security gives us freedom. We empower organizations to use that freedom to do what they do best. We support some of the biggest names in healthcare, banking, construction, and education. This weekend, we support some of the biggest names in pinball! onShore Security is proud to sponsor the NYC Pinball Championships! “The New York City Pinball Championships delivers 3 spectacular tournaments, the Open + B Division NYCPC Championship, Classics, and Dahlia Rowan Memorial Women’s Championship. All tournaments bring world-class competitive pinball excitement to the heart of New York City, and will be broadcast live…

onShore Security CEO Stel Valavanis to Join PDA Cybersecurity Committee

Cyberleader and CEO of onShore Security Stel Valavanis has been asked to join the cybersecurity committee of the Private Directors Association, a national non-profit business association with more than 3000 members, including executive board members, company owners, officers of family-owned businesses and more. Its mission is to advocate for and teach board formation and governance and to create a network of business owners and leaders. One of the fastest growing areas of the organization is the cybersecurity leadership team, offering education such as webinars and white papers, as well as offering guidance in long-term strategic planning to improve security posture….

onShore Security Partners With Palo Alto as MSSP

onShore Security, a leader in MDR services with its Panoptic Cyberdefense® platform, is pleased to announce that the company has been admitted to Palo Alto Networks’ MSSP program, enabling them to package Palo Alto tools into a managed solution, delivering optimal outcomes for clients with critical cloud-hosted infrastructure. onShore Security, will be expanding its managed cybersecurity services powered by PAN’s best-of-breed technologies. They are beginning this new relationship by delivering managed Cortex and Endpoint solutions and will follow with Prisma Cloud and SASE-managed solutions in the future. onShore Security CEO Stel Valavanis says, “Palo Alto Networks has long been in…

onSecurity – Developing Cybersecurity Products

Episode 6: Developing Cybersecurity Products onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our sixth episode focuses on the development of new cybersecurity products and processes. Data analysis is a pillar of any mature cybersecurity operation and is the process that transforms information into intelligence. As cybersecurity advances, engineers and analysts must work together to move forward with speed and safety. Anil Mudholkar, Head of Product Development for onShore Security, joins Stel to talk about the current state of cybersecurity products.

onSecurity – Benefits and Pitfalls of Automation

Episode 5: Benefits and Pitfalls of Automation onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our fifth episode focuses on the rise of automation in cybersecurity. As automated processes augment the capabilities of cybersecurity operations, it is important not to overlook the importance of the human element. Understanding the benefits of automation in cybersecurity requires an examination of potential pitfalls and the ways that security teams fill in the gap.  Joe Gresham, Product Development specialist for onShore Security, joins Stel to talk about the benefits and pitfalls of automation in cybersecurity.

1 2 6