Dark Rhino Security Podcast

Ross Young joins us on Security Confidential to talk about cybersecurity. Ross is the CISO of Caterpillar Financial Services Corporation, a lecturer at Johns Hopkins University, and the Co-Host of the CISO Tradecraft podcast, and the inventor of the OWASP Threat and Safeguard Matrix. Ross is also a veteran of CIA and NSA. 00:00 Introduction  00:55 How Ross became CISO of Caterpillar Financial Service  03:04 Scholarship for Service  04:10 Foreign cyber espionage capabilities  07:01 The elusive identity online  07:50 Compliance frameworks = great cybersecurity?  12:47 Can cybersecurity be used for revenue generation?  20:30 Learning from vendors selling in cybersecurity place  22:55 Vulnerability management in the cloud  27:02 How do you develop a resilient software system  31:50 OWASP Threat and Safeguard Matrix  37:58 Accounting for The X-Factor and Zero Day threat in cybersecurity  41:45 CISO Tradecraft The videocast for this episode To learn more

We are joined by Rob Oden for a discussion on cybersecurity. Rob is an Air Force veteran and has over 16 years of experience in cybersecurity and is a practicing security architect. This is part 2 of our interview with him. Rob provides insights into the many issues prevalent in cybersecurity and relevant to anyone serious about making their cyber environment safer.   00:00 Introduction  01:50 Why does being compliant not equate to great cybersecurity?  13:53 No good deed goes unpunished  16:50 Technology vs Process in cybersecurity 21:45 The Prevention Paradox  28:54 Gov't Policies addressing cybersecurity  34:41 Cybersecurity business problem or an IT Problem?  37:37 Should the office of the CISO be separate from IT?  40:26 How to quantify cybersecurity risk? 44:08 The insider threat and the executive order governing it?  54:10 How to leverage the most underutilized cybersecurity asset?  01:00:20 Vulnerability management  01:07:18 Rob's favorite cyberse

Host: Manoj Tandon Guest: Chad Weinman The FAIR way to assess cybersecurity risk is discussed in this episode of Dark Rhino Security's Security Confidential. Chad Weinman is the VP of Professional Services at Risk Lens. Risk Lens is a software company that has codified the FAIR based approach to assessing cybersecurity risk. Chad has performed many consulting engagements helping clients quantify cyber risk. 00:00 Introduction 00:47 Is Cybersecurity Risk used in a cavalier way? 03:16 What are the ground rules for discussing cybersecurity risk? 05:53 Does the disaster recovery plan cover all the risks? 07:30 Are regulators considered threats? 09:03 Compliance does not correlate to cybersecurity 14:20 What is FAIR? 17:59 Layman's approach to risk 28:00 Is a single risk score of any relevance? 32:20 Companies that have direction with a FAIR analysis of risk 37:40 Chad's information for cybersecurity practitioners To learn more about Chad Weinman https://www.linkedin.com/in/chadweinman/   To learn more about

Rob Oden joins us on Security Confidential for a two part series. This is part 1 and he is going to discuss with us his personal journey from humble beginnings to a great cybersecurity architect. He shares his story and the many challenges he faced and qualities of people wanting to create success for themselves in the field of cybersecurity.  The topics discussed in this episode are: Journey from humble beginnings to cybersecurity architect First exposure to cybersecurity Taking responsibility and owning it The crab effect Is a traditional computer science path necessary for cybersecurity? The transition from Military to Civilian life The soft skills for a great career Check in with yourself-have a true North Be comfortable with being uncomfortable Rob can be found on linkedin https://www.linkedin.com/in/robertoden/ Manoj Tandon can be found linkedin https://www.linkedin.com/in/manoj-tandon-drs/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com The video cast for this episo

Dark Rhino Security's Security Confidential is hosted by Manoj Tandon who is joined by guest Rob Duhart Jr. He has many years of experience in cybersecurity having worked at the Department of Energy, NSA, FBI, Ford Motor Company's Red Team, and is currently the head of Federated Security for Google.  Rob discusses: Formative experiences with the FBI and APT's, the best and most frequent bad actors, inspiration to get into cybersecurity, builders and breakers in cybersecurity, finding the genius in cybersecurity, cybersecurity as the great equalizer, bug bounty, hiring cybersecurity professionals at firms like Google, Microsoft, and Facebook. Rob also discusses cybersecurity as a business problem, quantify risk, an over reliance tools, the biggest cybersecurity asset in a company, the impact of Covid 19, unified IAM, and spirituality. Rob's twitter handle is @robduhart He https://www.icmcp.org/ and https://sharethemicincyber.splashthat.com/ To learn more about Dark Rhino Security visit https://www.darkrhi

Jeff Manhardt joins us for episode 11 of Season 3 of Dark Rhino Security's Security Confidential. Jeff is the chief project officer at Kaleida Health, president of the PMI Buffalo Chapter and an adjunct professor at Daemen College. Jeff believes in the art of the possible and the power of the why.  Jeff shares his insights on project management, cybersecurity, future direction of PMI with us. 00:46 The Power of the Why and the Art of the Possible 03:50 How has the Pandemic affected project management 05:40 Regulatory mandates and issues as result of Covid 19 07:53 Telehealth and change management 09:31 How to make cultural change happen 11:37 Have the metrics changed by which projects are measured 12:57 The future of of project management techniques 15:50 Collisions are important 16:54 How should cybersecurity be incorporated into Project Management 17:55 Is cybersecurity a business problem or IT problem? 18:49 Has cybersecurity taken a back seat in healthcare? 20:57 Project Management Institute'

The Microsoft 365 environment is complex to administer from a cybersecurity perspective. There are very expensive options from Microsoft that add advanced security elements to the 365 environment. In addition to cost, ease of use and knowledge can become limiting factors dependant on the capability of the organization when implementing Microsoft's advanced security. Dark Rhino Security and Infocyte partnered to build a managed service offering that dramatically simplifies the evaluation, compilation, and remediation of security gaps present in a companies Microsoft 365 environment. Chris Auger from Infocyte and Tyler Smith, a co-founder of Dark Rhino Security, host this episode of Security Confidential and explain how to benchmark against the CIS standards a Microsoft 365 environment and how to remediate the gaps in a simplified manner. The end result is a highly secure Microsoft 365 environment. Chapter Markers   00:14 Introduction 03:10 Microsoft 365 Security Overview 04:50 Why Microsoft 365 is diffic

#SecurityConfidential #DarkRhinoSecurity This week on Security Confidential host Manoj Tandon has Jordan Graham as his guest. Jordan has been in the cybersecurity business for over 3 years and a six sigma black belt. He is a former Marine with an extensive background in process management. Jordan is an avid Bowhunter and is a participant on the podcast "The Bowhunters Heritage".  In this episode of Security Confidential Jordan discusses how his learnings and techniques as a bowhunter apply to cybersecurity. The topics discussed in this episode are 00:10 Introduction 01:44 Why Bowhunting? 07:09 Overcoming a disadvantaged position, Cyber Insurance! 13:32 The objective SWOT analysis to get the highest chance for success 17:39 The hunters mentality for business success 19:50 Be decisive 22:14 Turning a disadvantaged position to an advantaged one 25:47 Addressing unknown-unknowns in cybersecurity 32:01 The role of patience in threat hunting 37:20 Lessons from the Marine Corp 44:32 The Bowhunters Heritage To l

On this episode of Dark Rhino Security's Security Confidential, hosts Manoj Tandon and Kevin Casey are joined by James Azar. Some of the topics discussed are: What changed with Covid for #Cybersecurity Has Covid accelerated cloud strategy? What is the cybersecurity risk in moving to the cloud? What is the cybersecurity risk in small and medium businesses? How a small innovative cybersecurity company can do business with a big company Is cybersecurity a business problem or an IT problem? How Smart CISO's monetize cybersecurity How to measure cybersecurity awareness Should the CISO be an independant function? The Chinese cybersecurity threat The dangerous precedence of the Equifax settlement Managed detection and response Vendors vs partners in cybersecurity James Azar is a CISO (Chief Information Security Officer) that works, leads, and is dedicated to the security and business mission to ensure the continuity and fluidity of cybersecurity within the business. In his experience, James has served as CTO, CIO, a

Karl Sharman is head of cybersecurity of solutions and consultancy for Stott and May in North America. He has helped build and scale teams across multiple types of business including Fortune 500, Pre-IPO late stage ventures, early stage startups, security consultancies and MSSPs. Karl Sharman is often brought on by companies for either extremely difficult hires, mass hires at speed and scale or discreet leadership hires. As a contributor and a consultant to the cybersecurity sector, Karl contributes with regular white papers, podcasts and public speaking, He was was recently featured in the top 1% of Search & Staffing Professionals globally by LinkedIn. The discussion in this episode covered the following How to transition to cybersecurity from another profession Is soccer not a lot more fun than cybersecurity? Commitment, passion, and perseverance for cybersecurity personnel Why work at Dark Rhino Security vs Disney, Goldman Sachs, Nike Do people quit over money? Diverse voices and personnel engagement

This episode of Dark Rhino Security's, Security Confidential podcast and video cast features Dr. Calvin Nobles as the guest and he discusses how human factors can impact cybersecurity. The topics covered in the discussion are: How organizations should assess risk The human factor in cybersecurity Lessons learned from the aviation industry, the dirty dozen Risk frameworks in cybersecurity Cybersecurity and national security, the new underbelly The cybersecurity threat to small and medium business Business leveraging the dark web to conduct business Is cybersecurity a business problem or an IT problem? Should CISOs report to the CIO? Change the thinking on cybersecurity to be sustainable Over reliance on tools in cybersecurity, the unknown unknowns Findings in cybersecurity involving human factors You can't stop stupid Dog tired The link to the videocast About Dr. Calvin Nobles Dr. Calvin Nobles is a cybersecurity professional and human factors practitioner with more than 25 years of experience. Dr. Nobles ret

How the OITA is helping technology companies in Ohio is of relevance to all in the Tri-State Region. Nick York the president of OITA joins Security Confidential in this episode and discusses the many activities OITA is involved with. In addition to being the president of OITA, Nick is an entrepreneur and an attorney with 20 years of practice experience and a strategic advisor to large and small companies, non-profits, and educational institutions. Nick is the co-founder of and serves as the CEO of the Transom Group.  Nick has served as Vice Chair of the University of Akron Board of Trustees, focused extensively on Strategic Planning and Student Success initiatives. He has been a champion of entrepreneurship on the national level as a Board Member of the National Small Business Association (NSBA) in Washington, DC, and as Vice Chair of the Council of Smaller Enterprises (COSE) the largest small business member organizations in the country.   Nick is also a Co-founder of the Mindful Nation Foundation

Why is cybersecurity hard? Why do women make more money? These are just some the questions Karla Reffold discusses on Dark Rhino Security's Security Confidential. Karla is an experienced business owner and business leader. She has large international network in cybersecurity and is well versed on the many topics relevant to the industry. She founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined  Orpheus Cyber as the Chief Operating Officer (COO). Orpheus is a threat intelligence company with a SAAS platform that helps organizations manage their own risk, and that of their third parties, with an easy to understand cyber risk score. Karla is the host of industry interviews on the Cyber Talks media platform and the Zero Hour Podcast. She was included in SC Magazine's Top 50 Women in Security in 2019.  Karla discusses her transition from a recruiting firm to COO of Orpheus. She discusses gender differences in male dom

Healthcare IT and Innovation at the speed of life is discussed in detail with Chenoa Moss. Chenoa is a gifted Healthcare IT professional who has extensive experience in working with very large health systems on the many of IT and compliance prevalent in large complex environments. The impact of Covid has been extensive on the health systems in the United States and around the world. One of the key items Chenoa points out is the impact of the pandemic on innovation in healthcare. Large health systems are typically very slow to move and Covid forced changes at a large scale across systems resulting in great innovation. This has resulted in a paradigm shift in Healthcare and how services like Telemedicine will become more the norm than the exception going forward. Some changes are going to be permanent in Healthcare with very positive outcomes. Cybersecurity in healthcare is also discussed with the proliferation of ransomware across health systems which has resulted in denial of service in some instances to pati

Was it all worth it? Lessons learned. This week on Dark Rhino's Security Confidential Kevin Casey turns the tables and interviews Manoj Tandon, who is the regular host. Kevin presents 9 questions to Manoj. They must be answered in 3 min or less. The questions span critical lessons learned during the course of developing a career and going through life. Questions centered around regrets, failures, successes, family, education, career, and influencers in life. The listeners will find many commonalities with their own paths in life and perhaps gain an alternate perspective on achieving happiness, a concept so central to everyone's pursuit in life. This conversation is different from the regular cybersecurity discussions on Security Confidential. Both Kevin Casey and Manoj Tandon share with fellow cybersecurity colleagues and entrepreneurs some of their experiences on the journey thus far. The video for this episode can be found at https://youtu.be/UDyJi7LGqsc To learn more about Dark Rhino Security visit https:

Dark Rhino's Security Confidential is honored to have Karen Hough the founder and CEO of ImprovEdge back as a guest. This past year has presented companies and people with severe never before navigated challenges. For many, 2020 could not end soon enough. 2021 is a new beginning. Improvisation and resilience are themes from last year that carry into this year and will be with us well into the future. Cybersecurity is about helping companies become more resilient. Becoming resilient requires us to become more comfortable with improvisation. Karen helps us navigate this. The discussion focuses on improv, overcoming preconceived notions, and being resilient. There is advice and exercises that would benefit all.  Karen is a #1 Amazon bestselling author, recipient of the Silver Stevie Award for Most Innovative Business of the Year, and won both the WNBA Inspiring Woman Award and the WBENC PitchPivot Grand Prize. She is a philanthropist, Yale grad, avid hiker and lives in Ohio with her husband and 3 children.

Mind the Gap, Avoid the Prevention Paradox The more focus a company puts on prevention of cyber-attacks, paradoxically, the more unsecure it becomes. In an environment where a heavy prevention strategy is used the dwell time of attackers can be indefinite. This episode of Dark Rhino’s Security Confidential focuses on the Prevention Paradox and how to avoid it. There are three pillars of cybersecurity: prevention, detection, and response. There is a tendency, for companies, to focus extensively on prevention. In the SANS sliding scale of cybersecurity prevention is at the forefront with detection and response more to the right on the scale. Many a company following the SANS Sliding Scale end up with extensive focus on prevention for a host of reasons which are discussed. Prevention can take several forms, one of the most common being the use of endpoint protection tools like Next Generation Anti-Virus (NGAV). The advances made in these tools have been significant over the past many years with the incorporation

Warner Moore is a strategic executive leader and manager with a background in technology and information security. Warner Moore is the founder of the cybersecurity strategy firm Gamma Force. Through Gamma Force, Warner serves as a virtual CISO for clients that include Deep Lens and Smart Columbus and advises startups. He has focused his career in working with entrepreneurial growth organizations where technology is their business and product, organizations like CoverMyMeds and Bold Penguin. Warner's work has resulted in security and privacy capabilities for them and numerous other organizations across industries. Furthermore, Warner has an accomplished record of building high performing teams who embrace DevOps culture and practices. In this episode of Dark Rhino Security's Security Confidential discusses the role of the CISO, using risk a guiding factor in build an effective information security program, threat hunting, innovation in cybersecurity, and much more. He is joined by Host Manoj Tandon who is the

Nick Potts is a self made success story. He is the former CEO and founder of ScriptDrop and the current CEO of Gift Health. Nick shares his entrepreneurial journey. He discusses his past and current projects and the uniqueness behind them. Nick took ScriptDrop from zero to a highly successful self sustaining growth company. Nick discusses his latest project, giftHealth, and the potential behind it. He provides insights into the innovation he sees coming in healthcare with AI. Nick also shares some thoughts on cybersecurity in healthcare in this interview.   The video cast can be watched at  https://youtu.be/v3abJKPMRWM To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com  To learn more about Nick Potts visit https://www.linkedin.com/in/pottsnicholas/ Host: Manoj Tandon Guest: Nick Potts

Master networker, entrepreneur, and currently the Executive Director of Business and Economic Development at Slippery Rock University, Ethan Nicholas,  joins us on this episode of Security Confidential. As an entrepreneur Ethan founded the Pittsburgh Business Exchange which is the largest and fastest growing professional business networking group in the Northeastern USA. The organization has grown to over 35,000 members and subscribers and Ethan has cracked the code when it comes to bringing business owners of all sizes together for the purpose of professional development and viable community outreach.  Ethan's talk is "Business Networking Explained". He shares the concept of using FORM (Family, Occupation, Recreation, and Message) and unique outreach techniques to create a unique relationship with people who you are interested in and can further your business interests. Ethan also shares many stories of how he has successfully applied his approach to network his way into some very difficult to pene