Pwned: The Information Security Podcast

In this mailbag episode of Pwned, Justin and Jack respond to a listener question that has all the earmarks of a well-known security problem: a new leader starting in an organization with what feels like a random mix of products and problems. By talking through the different elements of the situation, the team offers proven and straightforward suggestions for making the transition more action-oriented, more measurable, and much less stressful. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

This week, Justin and Jack are talking AI with one of the security industry’s most well-known experts and influencers, Diana Kelley of Protect AI. The topics, like the growth of AI, are all over the place, from the impacts of AI on security teams to secure AI development, and even a quick mention of the rights of sentient AI. Come hear what’s new in ML SecOps and high-integrity AI, and some well-informed predictions for the future. If you want to get in touch with Diana, you can find her LinkedIn here. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this breach of the week episode, Justin and Jack look into the recent attacks targeting the GitHub developer community. Developers are increasingly being targeted by North Korean state-sponsored threat actors to use and execute poison code. Tune in to get the scoop. The DarkReading article can be found here: North Korean Cyberspies Target GitHub Developers (darkreading.com) CISA’s request for comment can be found here: Request for Comment on Secure Software Self-Attestation Common Form | CISA Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Multifaceted French security and defense firm, Thales, has acquired longtime application and availability cybersecurity pioneer, Imperva, in a major acquisition from U.S. cybersecurity private equity leader, Thoma Bravo. In this RightSwipes episode of Pwned, Justin and Jack review the histories of both Imperva and Thales, adding valuable context to the market analysis. There’s plenty to talk about and factor into this week’s thumbs-up/thumbs-down conclusion. Check out the following links for resources mentioned in this episode: Announcement Thales Imperva Thoma Bravo Watch this week's episode: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In Massachusetts, a group of communities are banding together to improve IT acquisition effectiveness. In this episode of Pwned, Justin and Jack explore the benefits of this alliance, ideas on the cybersecurity impact, and the relationship between this effort and other regional and whole-of-state strategies. It’s a feel-good episode of Pwned, and the team is bringing positive vibes. Learn more about the North Shore IT Collaborative here: North Shore IT Collaborative | Danvers, MA (danversma.gov) Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode Justin and Jack are taking a question from the mailbag on choosing regional or private security operations centers (SOCs). The conversation quickly turns to finding the best SOC for your needs, the most beneficial preparation before engaging with vendors, and the right of any organization to demand answers in language they can understand and apply. Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

From ChatGPT to predictive analytics, AI techniques are changing all industries and knocking on the door of cybersecurity. Justin and Jack are answering with an episode examining potential advancements and limitations that we’ll likely encounter over the next few years. If you’re interested in an experienced, optimistic, but grounded view on what AI can do for your security operation, this is an episode for you. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

The White House has released another statement on their National Cybersecurity Strategy. This time Justin and Jack are supportive of the tone and some of the content. In this episode, hear about the new approach to improving cybersecurity with an emphasis on vendor responsibility, liability, opportunities, and outcomes. Do you think the President’s directive is helpful, or do you think it lacks the specifics for these policies to succeed? Resources mentioned in this episode: Policy: FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy | The White House. Dark Reading: The White House National Cybersecurity Strategy Has a Fatal Flaw (darkreading.com) by Eyal Mamo. Request for Comment on Software Security Attestation: Request for Comment on Secure Software Self-Attestation Common Form | CISA by CISA. For more insight on federal cybersecurity policy, listen to our 2022 White House Week series: Presidential Prerogative – “Bulletproof Cybersecurity in One Week or Less” Another Presidential Push - This Time It’s National Washington Week 3 is Spelled SEC Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this RightSwipes episode, the unexpected union of Proofpoint and Illusive creates an irresistible combination for Justin and Jack. They're talking through the applicability of deception technology, market appetite, and Proofpoint's move to deepen their bench with Illusive. The question remains whether Proofpoint was looking to strengthen identity-based defenses or if there's a broader strategy in motion. As referenced in this episode, you can check out Ericka Chickowski's article on DarkReading here. Watch this week's video here: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack are talking about threat intelligence, from its ideal content mix to the audience, and ways to improve its usefulness and availability. Threat intel is about more than feeds. It's about hunting, sharing, and enriching our understanding of threats whenever we can. Check out our SLED Cybersecurity Priorities Report here to examine top cybersecurity priorities in SLED, what's fueling them, and how you can implement them in your organization. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In part two of “An Old Friend, Some Old Equipment, and New Challenges All Around," we welcome back Zack Borst. Since his departure from NuHarbor Security, Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and now he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. Join the trio for the second part of this eye-opening discussion about technology, threats, aging equipment, critical services, and the troubling mix of kinetic and cybersecurity emergencies. Watch this week's video here: Check out EM Weekly at EM Weekly — The Readiness Lab or on your favorite podcast streaming service. You can find Zack on Linked in here: https://www.linkedin.com/in/zborst/, or by email at zack.borst@dobermanemg.com. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Our latest episode welcomes back Zack Borst, former co-host and co-contributor to Pwned in its earlier seasons. Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. It's an eye-opening discussion that blends technology, threats, aging, equipment, critical services, and the troubling mix of kinetic and cybersecurity emergencies. Gain insight into an emerging arena and a heightened urgency for cybersecurity improvements. Watch this week's video here: You can find Zack on Linked in here: https://www.linkedin.com/in/zborst/, or by email at zack.borst@dobermanemg.com. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In an episode that is close to Jack's heart and history, he and Justin explore a renewed interest in the security of applications. They discuss the new Application Security Center of Excellence (ASCOE) being built at the Commonwealth of Massachusetts, shifting far left of boom by prioritizing contract language, and the importance of championing the need for application security before implementing any program. Listen in for practical ways to make progress in an area that will only get better by working on the applications you'll see tomorrow. Key moments: 1:51 – Introduction to application security. 8:26 – Application security surrounding AI/ChatGPT. Is open source insecure? 9:38 – Application security = restaurant? 10:39 – In a world where no one wants you to get in front of application security, how do you get in front of it? 18:15 – Strong application security requires healthy communication. 21:38 – Why is application security so important? 25:26 – Application security is not a one-and-done deal; it goes on forever. It’s a continuing cycle of Whac-A-Mole. Watch this week's episode here: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack delve into the growing trend toward increased investment in detection and response. With the rise in successful attacks and public breaches, detection and response are getting plenty of love, sometimes at the expense of preventative measures. Tune in as our duo explore the current state of affairs, share their observations on various response tactics, and provide valuable insight for listeners who are considering investing in cybersecurity capabilities to reduce the likelihood or impact of inevitable threats. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this mailbag edition of Pwned, Justin and Jack are presented with a question from a listener who's feeling pressured to justify continuing cybersecurity tooling spend. They've seen this happen repeatedly and offer recommendations for responding with well-articulated tradeoffs and benefits and preparing for budget cuts during the proposal and acquisition process. Ultimately, security leaders do their best when they can maximize value from their existing tooling, or garner support from non-security stakeholders that can translate the negative impacts of reduced security capabilities into business terms. Listen in for practical advice as security teams start to bear more scrutiny and field more requests for spending justification in tight economic times. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack discuss a recent CISO dialogue around the difficulties in replacing staff that move on, and strategies for easing the impact of losing talented folks to competitors or lottery wins. From educating other team members, to succession planning and developing close relationships with vendors there are ways to prevent the unexpected loss of teammates from resulting in a corresponding loss of sleep. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack respond to a note from the mailbag. A listener inquires about successful approaches to recruiting support for security initiatives, and the team shares stories about educating stakeholders, developing champions, and encouraging security program collaborators, especially when planning a multiyear, multipronged strategy. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following a listener request, Justin Fimlaid and Jack Danahy are talking about successful paths forward when a CISO finds themselves in a role that’s a little larger than they expected, or an organization has a well-meaning CISO that needs a little more time to get it right. This happens all the time, and it doesn’t have to end with burning out or throwing out an otherwise capable executive. If you find yourself in that oversized chair, sit back and give a listen. Helpful links: The Hunt for the Super CISO Part 1 The Hunt for the Super CISO Part 2 CISO Job Description Download Check out this week's video: Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following well-publicized comments from Zurich Insurance CEO Mario Greco on the potential demise of cyber insurance, Justin and Jack are digging deep. They describe the challenge to insurers, the potential for unlimited liability, and propose a new and more intentional model that benefits insurers, clients, and the CISOs involved. It’s a new take on a thorny problem, with lessons for all players. Links: Are Cyber Attacks Uninsurable? World Economic Forum 2020 Grim Insurance Predictions On a lighter note: Whisky Home - Old Forester | First Bottled Bourbon™ Check out this week's video: Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this last episode of PWNED Season 3, Justin and Jack are paying off the year’s debts from infractions against the Pit of Despair, while analyzing a BlackHat announcement by a leader in the market. There are debts to be paid, and there’s a striking new example of the old security tendency to obscure, over-the-top messaging. The season is going out with a bang, and it looks like Season 4 will start with a blank slate but a full list of issues to watch for. As mentioned in this episode, check out the Security Bullshit Generator! Check out this week's video: Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/