Application security, Careers, Cloud security, DevOps, Incident response, Insider threat, Leadership, Privacy, Threat intelligence, Zero trust

A Big Hot Mess – BSW #203

This week, we welcome back Matt Cauthorn, VP Sales Engineering at ExtraHop, to talk about how Everyone missed SUNBURST... or did they? When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Everyone missed SUNBURST… or did they? – Matt Cauthorn – BSW #203

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Sponsored By

ExtraHop Networks

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Guest

Matt Cauthorn
Matt Cauthorn
VP Cloud Security at Extrahop

Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

2. Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap – BSW #203

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. Cybersecurity Failure among Highest Risks, warns World Economic Forum - The 16th edition of the World Economic Forum’s (WEF) Global Risk Report was released on Tuesday, and many of the risks/threats contained are unsurprising. However, among these risks we are also facing cybersecurity failure, which is ranked 4th in the ‘clear and present danger’ section. What may not come as a surprise is that not enough people realize the significance of cybersecurity, and how to properly protect their information. This leaves individuals, as well as enterprises vulnerable to cyber-attacks.
  2. 2. The Most Pressing Concerns Facing CISOs Today - Building security into the software development life cycle creates more visibility, but CISOs still need to stay on top of any serious threats on the horizon, even if they are largely unknown, including: 1. Cultural Divisions = More Risk 2. Digital Transformation Needs Scalability and Continuity 3. The Present and Beyond
  3. 3. How to reboot a broken or outdated security strategy - CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders: 1. Indicators of an ineffective security strategy 2. Align security strategy with risk 3. Security reboot planning and preparation 4. Selling a security reboot to stakeholders
  4. 4. How to Keep Your Cool in High-Stress Situations - As a leader, the more effectively you can self-regulate, the better you can lead and help others. Based on our experience, we’ve developed a five-step framework to help people make this shift: Step 1– Understanding Step 2– Awareness Step 3 – Recall Step 4 – Intention Step 5 – Trust the process
  5. 5. Data privacy law is coming, big tech privacy officers say - At the digital CES 2021 event, privacy leaders at Google, Twitter and Amazon said the time is right for a data privacy law. Finally!
  6. 6. A 21st Century Solution to Our Cybersecurity Skills Shortfall - Despite the best efforts by colleges and universities, students today are simply not learning modern skills. Surprisingly, relatively few colleges offer undergraduate or graduate cybersecurity degrees that ensure graduates have the skills that will make them successful. Here’s A five-point plan for developing a 21st-century solution to our cybersecurity skills shortfall: 1. Build New Alliances 2. Overhaul Cyber-Education Approaches 3. Adopt an Apprenticeship Model 4. Incentivize New Skills Training 5. Market Cyber Career Paths Downstream
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad