Below the Surface: The Supply Chain Security Podcast Subscribe

Defending Against Supply Chain Attacks – Bri Rolston – BTS #18

November 29, 2023

Full Audio

View Show Index

Segments

1. Defending Against Supply Chain Attacks – Bri Rolston – BTS #18

Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more!

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Sponsored By

Eclypsium

Announcements

Below the surface listeners can learn more about Eclypsium by visiting eclypsium.com/go - there you will find the “Ultimate guide to supply chain security”, an on-demand webinar I presented called “Unraveling Digital Supply Chain Threats and Risk”, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean. If you are interested in seeing our product in action you can also sign up for a demo, you can get all that at eclypsium.com/go!

Guest

Bri Rolston

Cyber Security Researcher at INL

By day, this mild-mannered blue hat researcher works at Idaho National Laboratory and specializes in defensive, security engineering research and threat response. She bounces back and forth between security research (telecommunications, IT, and ICS/OT) and security operations (incident response, threat management, risk analysis & remediation, vulnerability management, secure code development, cloud security, and security architecture) to prevent boredom from setting in. She has trained a number of IACS/OT incident response teams including the DHS and DOE CERTs, contributed to IACS/OT security standards, worked on hundreds of incidents, worked in all 16 critical infrastructure sectors, and has a patent for efficient attack path selection and risk analysis.
At night—well, late afternoon–the socially bereft side REALLY comes out. She follows the dark path of threat research in her free time—reviewing new trends in attack techniques, developing threat detection plans for her favorite malware, examining the halo effects in exploit development, and analyzing the 2nd-payloads in IACS/OT attacks. She may occasionally support the odd red team effort by speculating on those factors necessary for effective target development and forcing the introverts to communicate.

Hosts

Paul Asadoorian

Principal Security Evangelist at Eclypsium

https://securitypodcaster.com

Scott Scheferman

Principal Cyber Strategist at Eclypsium

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

http://darkelement.io/

Related

Air Gapped! The Myth of Securing OT – Thomas Johnson – CSP #172

April 30, 2024

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what nee...

Application security

Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks – ASW #283

April 29, 2024

Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more!

Application security

Why Companies Continue to Struggle with Supply Chain Security – Melinda Marks – ASW #283

April 29, 2024

Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now th...