Jackie McGuire, Hank Thomas – ESW #338
In this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures.
We've got market questions, like:
- What has changed in the last year?
- Are IPOs coming back any time soon?
- How large is the cybersecurity death pool?
- What do early and mid-sized startups need to do to survive in the current market?
There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for whatever reason.
Data is hard to classify, organize, and monitor. By designing for convenience, we've created convenience debt that now has to be paid down. In this segment we talk to Jackie McGuire about what needs to happen to accomplish this, at the enterprise level, and at scale.
Even if we can one day address the challenge of tracking and labeling data, we'll still have the challenge of addressing data integrity and resilience, which we'll also discuss if we have time!
Segment Resources: https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-
Oh, the HARror! Sanitizing HAR files is not as easy as some might lead you to believe. CISA funds Cyber.org for K-12 cyber education and ORNL creates a Center for AI Security Research (CAISER). Cloudflare creates a tool out of spite, and CISA creates a tool you shouldn't use in production? Biden's EO on "Safe, Secure, and Trustworthy AI" and the Top Five Things you need to know about how GenAI is used in Security Tools.
Five lessons learned form Okta's latest breach, should ransom payments be illegal, and why ransomware victims can't stop paying ransoms. We discuss the impact of the charges made against Solarwinds and its CISO by the SEC, the 2023 ISC2 Cybersecurity Workforce Survey, and Microsoft's latest open letter on security.
Finally we wrap up discussing a delicious $8M Series A for better bagels!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. Quarterly Market Review with a VC: Strategic Cyber Ventures – Hank Thomas – ESW #338
In this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures.
We've got market questions, like:
- What has changed in the last year?
- Are IPOs coming back any time soon?
- How large is the cybersecurity death pool?
- What do early and mid-sized startups need to do to survive in the current market?
Announcements
Join us for one of our Identiverse Regional Events, coming up on December 1st in New York City and December 5th in Chicago! Participate alongside local experts and regional peers in information-rich sessions on the latest technologies, best practices, and industry trends.
Secure your complimentary registration at securityweekly.com/idvregionalevents2023
Guest
Hank Thomas is a Washington D.C. based Venture Capital Investor, Founder, and CEO of Strategic Cyber Ventures (SCV). SCV invests in rapidly growing cybersecurity and privacy focused technology companies. The SCV team brings an expert, more modern venture capital experience to startup founders and the broader investment ecosystem, working every day to bridge the gap between emerging commercial technology and corporate and national security challenges. Hank is a former U.S. Army Military Intelligence Officer, and Booz Allen Hamilton security consultant and executive. He leverages 25 years of experience to identify, invest in, and help mature differentiated technology companies. Hank serves as a member of the board of directors for cybersecurity technology companies Cloudburst, Polarity, ID DataWeb, SnapAttack, and HackNotice. Hank also serves on Consumer Electronics Show (CES) advisory board.
Hosts
2. Data Chaos MUST be Curbed, but how? – Jackie McGuire – ESW #338
There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for whatever reason.
Data is hard to classify, organize, and monitor. By designing for convenience, we've created convenience debt that now has to be paid down. In this segment we talk to Jackie McGuire about what needs to happen to accomplish this, at the enterprise level, and at scale.
Even if we can one day address the challenge of tracking and labeling data, we'll still have the challenge of addressing data integrity and resilience, which we'll also discuss if we have time!
Segment Resources: https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-
Announcements
Security Weekly Listeners: We are celebrating the milestone of reaching over 1,000 members of our CISO community. The Cybersecurity Collaboration Forum is a one-stop shop for executive collaboration comprised of CISOs across various industries. If you want to be part of this growing community of CISOs, join us as a member or technology partner. To learn more, visit: securityweekly.com/cybersecuritycollaboration
Guest
Jackie McGuire is a Senior Security Strategist at Cribl. As a data scientist and thought leader, Jackie writes, speaks, and memes about security. Prior to joining Cribl, Jackie was a Research Analyst with S&P Global, covering technologies including SIEM, SOAR, and XDR. As a data scientist, Jackie developed behavior analysis and anomaly detection models for a SIEM. She has also been co-founder, CEO, and CFO for several startups, and before her work in technology, was a licensed securities broker and SEC Registered Investment Advisor.
Hosts
3. HAR files, Okta breach, EO on AI, Ransomware, Solarwinds CISO charged, and Bagels! – ESW #338
Oh, the HARror! Sanitizing HAR files is not as easy as some might lead you to believe. CISA funds Cyber.org for K-12 cyber education and ORNL creates a Center for AI Security Research (CAISER). Cloudflare creates a tool out of spite, and CISA creates a tool you shouldn't use in production? Biden's EO on "Safe, Secure, and Trustworthy AI" and the Top Five Things you need to know about how GenAI is used in Security Tools.
Five lessons learned form Okta's latest breach, should ransom payments be illegal, and why ransomware victims can't stop paying ransoms. We discuss the impact of the charges made against Solarwinds and its CISO by the SEC, the 2023 ISC2 Cybersecurity Workforce Survey, and Microsoft's latest open letter on security.
Finally we wrap up discussing a delicious $8M Series A for better bagels!
Announcements
Join our Discord channel to chat with us throughout the live show today! Visit securityweekly.com/discord to receive an invite and become part of our community.
Hosts
- 1. FUNDING: Cranium Announces $25 Million in Series A Funding to Secure AI
- 2. FUNDING: CISA Awards CYBER.ORG $6.8M in Funding for K-12 Cyber Education
- 3. ACQUISITIONS: Palo Alto Networks buys Dig Security, sources say for $400M
- 4. ACQUISITIONS: Proofpoint Signs Definitive Agreement to Acquire Tessian
- 5. NEW ORGANIZATIONS: Center for Artificial Intelligence Security Research (CAISER)
- 6. NEW TOOLS: HAR Sanitizer tool by Cloudflare
I recorded a simple HAR file of me logging into a VERY simple website that I regularly use. Maybe I need to do additional testing, but it was not possible for me to figure out which cookies or other elements to sanitize from the HAR file. The variable/cookie names looked randomly generated - there was nothing labeled "password", "secrets", or "OAuth key". Browsing the HAR file manually was also difficult, and I failed to locate the OAuth key that way as well.
In summary, I don't think the average employee would be successful in sanitizing HAR files, and I don't see a straightforward way to automate this process.
However, the attackers seem to have found a process to take advantage of them, however! They don't have to understand the HAR file or perform surgery on it, they can just use it as is to have a logged-in session.
- 7. NEW TOOLS: Logging Made Easy
Initially created by NCSC and now maintained by CISA, Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple free and open software platforms, where LME helps the reader integrate them together to produce an end-to-end logging capability. We also provide some pre-made configuration files and scripts, although there is the option to do it on your own.
Logging Made Easy can:
- Show where administrative commands are being run on enrolled devices
- See who is using which machine
- In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tactics, Techniques and Procedures (TTPs)
- 8. LEGISLATION: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
I'm sad we overlooked the opportunity to call this the "Skynet Prevention Act"
- 9. AI ESSAYS: The Top Five Things You Need To Know About How Generative AI Is Used In Security Tools
- 10. AI ESSAYS: AI Security Has Serious Terminology Issues
- 11. REPORTS: Offensive Security Vision Report 2023
Penetration tests have always had gaps. It's unavoidable - you just can't do everything the bad guys can do, like installing malware with a worm component in production environments. But it strikes me that, with the popularity of SaaS these days, pentests might be missing entire environments. The term SaaS, environments like Salesforce, M365, Google Workspace, Okta never come up in this NetSPI report.
Working in product marketing for a SaaS security vendor, one of my challenges has been figuring out why SaaS security isn't higher on folks' priority lists, and I suspect this might be part of the reason why. I mean, I get it - folks still have NT4, Server 2003 on their networks (hell, they still have "networks"), and that's scary as hell. But an Okta/M365 admin takeover is pretty scary as well, no?
Is SaaS in scope for modern pen tests? Is it even on pen testers' radars?
- 12. AI INTERVIEWS: Trustworthy AI for National Security – Kathleen Fisher – PSW #805
- 13. BREACHES: Five Lessons Learned From Okta’s Support Site Breach
- 14. TRENDS: Why ransomware victims can’t stop paying off hackers
- 15. PODCASTS: Should Ransom Payments Be Made Illegal?
On its face, refusing to pay ransoms sounds like a great idea. However, 'winning' against cybercrime always comes with a cost. Here's my logic:
- We convince everyone to stop paying ransoms and we win! Cybercriminals stop using ransomware and extortion as a means of making money.
- The cybercriminals didn't go away, so they're going to use their sizable numbers, R&D budget, time, and skills to come up with a new way of making money.
- They'll either shift to something else that's currently working (e.g. BEC, which is already several times more profitable than ransomware), or come up with something new.
- Are we prepared for the new? Do we follow the trend and shift focus away from ransomware prevention to the new thing?
- Most companies don't have fundamentals down, so this plays out badly for us. Again.
Could we even consider stopping ransomware a success, or a reasonable goal, given that most orgs won't be prepared for what comes next?
- 16. ESSAYS: How to Banish Heroes from Your SOC?
- 17. INTERVIEWS: SC Media Talks Cybersecurity and Process Mining
- 18. HOWTOS: How Leading Companies Use Trust Center Updates — Best Practices and Examples – SafeBase Blog
- 19. LEGAL: SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures
- 20. LEGAL: Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
Maybe there's an upside here though? Now CISOs can push back on pressure to bend the truth or lie, pointing to cases like these?
- 21. LEGAL: Here’s what that Capital One court decision means for corporate cybersecurity
- 22. REPORTS: 2023 ISC2 Cybersecurity Workforce Survey
- 23. OPEN LETTERS: Announcing Microsoft Secure Future Initiative to advance security engineering
Lastly, we are continuing to push the envelope in vulnerability response and security updates for our cloud platforms.
- 24. SQUIRREL FUNDING: Deal Dive: Bagels with a schmear of venture capital
