A Big Hot Mess – BSW #203
Full Audio
View Show IndexSegments
1. Everyone missed SUNBURST… or did they? – Matt Cauthorn – BSW #203
When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Guest
Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.
Hosts
2. Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap – BSW #203
In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Cybersecurity Failure among Highest Risks, warns World Economic ForumThe 16th edition of the World Economic Forum’s (WEF) Global Risk Report was released on Tuesday, and many of the risks/threats contained are unsurprising. However, among these risks we are also facing cybersecurity failure, which is ranked 4th in the ‘clear and present danger’ section. What may not come as a surprise is that not enough people realize the significance of cybersecurity, and how to properly protect their information. This leaves individuals, as well as enterprises vulnerable to cyber-attacks.
- 2. The Most Pressing Concerns Facing CISOs TodayBuilding security into the software development life cycle creates more visibility, but CISOs still need to stay on top of any serious threats on the horizon, even if they are largely unknown, including: 1. Cultural Divisions = More Risk 2. Digital Transformation Needs Scalability and Continuity 3. The Present and Beyond
- 3. How to reboot a broken or outdated security strategyCISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders: 1. Indicators of an ineffective security strategy 2. Align security strategy with risk 3. Security reboot planning and preparation 4. Selling a security reboot to stakeholders
- 4. How to Keep Your Cool in High-Stress SituationsAs a leader, the more effectively you can self-regulate, the better you can lead and help others. Based on our experience, we’ve developed a five-step framework to help people make this shift: Step 1– Understanding Step 2– Awareness Step 3 – Recall Step 4 – Intention Step 5 – Trust the process
- 5. Data privacy law is coming, big tech privacy officers sayAt the digital CES 2021 event, privacy leaders at Google, Twitter and Amazon said the time is right for a data privacy law. Finally!
- 6. A 21st Century Solution to Our Cybersecurity Skills ShortfallDespite the best efforts by colleges and universities, students today are simply not learning modern skills. Surprisingly, relatively few colleges offer undergraduate or graduate cybersecurity degrees that ensure graduates have the skills that will make them successful. Here’s A five-point plan for developing a 21st-century solution to our cybersecurity skills shortfall: 1. Build New Alliances 2. Overhaul Cyber-Education Approaches 3. Adopt an Apprenticeship Model 4. Incentivize New Skills Training 5. Market Cyber Career Paths Downstream