Dark Rhino Security Podcast

#CyberHorrorStories #DarkRhinoSecurity #shorts This October we wanted to do something different. So we came up with Cyber Horror Stories. These are 2-10 minute scary stories from your favorite guests. Now hold on, You'll still have new episodes of Security Confidential every Friday at 7 am EST on your favorite Podcast app/9 am EST on Youtube. But now, you'll also have new Cyber Horror Stories every Monday, Wednesday, and Friday as well Share and spread the word! To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

#CyberHorrorStories #DarkRhinoSecurity #shorts This October we wanted to do something different. So we came up with Cyber Horror Stories. These are 2-10 minute scary stories from your favorite guests. Now hold on, You'll still have new episodes of Security Confidential every Friday at 8 am. But now, you'll also have new Cyber Horror Stories every Monday, Wednesday, and Friday at 11 am. Share and spread the word!

Ranbir Bhutani is the CEO and vCISO of CyberCulture, a partner at Ingram Advisory Group, and a vCISO at many companies. He has a master's in cybersecurity from the University of Maryland global campus.   00:00 Introduction  01:00 CyberCulture and Ingram Advisory Group: What is the mission of both companies   03:06 Why not take a corporate job?  07:25 Myth busting #1: 100% Cyber security  08:57 CyberCulture: Meaning behind the name  10:50 Penalize Employees  13:30 Myth busting #2: Achieving Compliance  16:00 Why are companies so reactionary to their cyber issues?  16:56 How to take cybersecurity from a cost sector to a revenue sector?  19:05 Zero Trust Frameworks 25:07 Cloud Infrastructure   26:35 Process steps for how the program should be operated  36:15 Mitigation vs Outsourcing of Risk  37:38 Do the boards understand 3rd party Risk?  40:50 Landscape of CyberSecurity evolving  44:00 A Message from Ranbir   To learn more a

Greg is the CEO of CryptoStopper, a ransomware protection service that automatically detects and stops active ransomware attacks. He has been a technology entrepreneur since 1998 and has founded many businesses. Including Axis Backup, a backup and disaster recovery company for the insurance industry, that he founded a few years before CryptoStopper. He is skilled in disaster recovery, Cloud computing, and Network security just to name a few.    00:00 Introduction  01:30 Starting your own businesses  02:20 Tips for future entrepreneurs   03:26 The fear of Failure  05:13 Entrepreneurship: should it be taught in schools?  07:50 Cryptostopper  11:42 Access Recovery  12:52 Getting a disaster recovery program  19:57 Wannacry  24:19 Anatomy of a Ransomware attack  25:20 When would SOC notice Ransomware  28:20 Russia  30:16 Ransomware  35:54 Layered Security  37:48 Vendor Consolidation or Defense in Depth?  40:37 Damag

Brian is the CEO of SideChannel. Creator and Host of the CISO life podcast and a professor at Boston College. Brian is a Security Confidential alum and an expert in Cybersecurity   00:00 Introduction  03:40 What’s new with SideChannel  09:02 #CISOLife  10:30 Roe v. Wade and Data  21:20 SMB: I’m not a target  23:21 Understanding Controls: A whiteboard demonstration  26:43 Top 3 things to do  37:35 Risk and Probability by Impact: A whiteboard demonstration  42:22 Upcoming News for Brian    Brians Book: https://www.wiley.com/en-us/Cybersecurity+Risk+Management%3A+Mastering+the+Fundamentals+Using+the+NIST+Cybersecurity+Framework-p-9781119816287 SideChannel on Youtube: https://www.youtube.com/c/SideChannel/videos  To learn more about Brian visit https://www.linkedin.com/in/brianhaugli/ https://sidechannel.com/team_member/brian-haugli/  To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com  SOCIAL MEDIA: Stay connecte

#SecurityConfidential #DarkRhinoSecurity Rafael is a Mentor, Motivational Speaker, Veteran, and an accomplished information and cybersecurity executive. He has many skills such as Risk Mitigation, Encryption, Vendor Collaboration, and PCI/DSS. Rafael has worked as an IT security manager and Principal Information Security Analyst for Lowes, vCiso of Fortalice Solutions, and Senior Security Architect for Sirius Computer Solutions. He is the Founder of RAYA Cyber Solutions LLC and Co-Founder of Carolinas CISO RoundTable.   00:00 Introduction  01:30 Rafaels Background  05:40 How Rafael remained positive  08:00 Motivation for everyone  09:40 Imposter Syndrome  12:20 Firing up that ego  14:00 How to motivate yourself  16:08 “It takes an entire village to keep your data safe”  21:44 Keeping Employees/Humans aware  29:41 Vulnerabilities   32:35 Friction Security   36:00 Target breach  39:29 Third Party Risk  43:30 Zero Trust and SASE  45

Founder, CEO of Prevailion. He is the host of the podcast the introverted iconoclast. He has been in infosec since the 90s.  He was the former director of intelligence at Mandiant. He is a serial entrepreneur. In 2011, his second company, Unveillance’s, success resulted in disrupting the malicious operations of the hacker collective, Anonymous. He has been featured in news outlets throughout the country.    00:00 Introduction  01:40 Why entrepreneurship? What’s your driver? Advice?  09:10 The Introverted Iconoclast  16:20 Keeping Cyber Interesting  18:47 Unveillance   21:44 Anonymous  26:01 The minds of Bad Actors 32:14 Sea Cucumbers and Armadillos   35:22 Reducing the dwelling time  37:03 How do I know I’m a target?  42:00 Do you get threatened?  43:54 How is Prevailion doing this?  49:00 Polymorphism of Malware  52:20 Artificial Intelligence   54:50 Connecting with Karim   To learn more about Karim visit https://www.

#SecurityConfidential #DarkRhinoSecurity  Paul is an experienced Cybersecurity executive with many skills, including being an expert on Cloud Computing. He has worked as an information security leader for Truist, Head of Cloud Security for SunTrust, and Security Architecture for Capital One. He is also a contributor to CIO Review and most recently in IDGs CIO Think Tank Roadmap report on Setting the Multi-Cloud Agenda.     00:00 Introduction  01:58 Pauls Background  13:24 Learning to take risks with your job  17:31 Advice for your career  19:00 More about Paul's background   26:00 Clear Program  28:04 Malware and Bad Actors  37:20 True Stories  42:05 Microsoft, Google, Amazon  45:10 The Cloud  47:00 Top 5 tips for Companies to look at when mobilizing  49:50 Asset managers   51:45 Connecting with Paul   To learn more about Paul visit https://www.linkedin.com/in/paulhamman/  To learn more about Dark Rhino Security visit h

Dallas is a US Army Veteran and Cyber Professional. He has worked for many companies including PerimeterX, Blue Shield, and PayPal. He is skilled in Python, SQL, Information Security, JavaScript, Networking, and more.      00:00 Introduction  01:10 Did you get your skills from the military?  08:41 Transitioning to civilian life   14:25 Rules of thumb when designing a website so you’re less prone to getting hacked  21:45 Credit Card frauds  26:35 Analyze, Understand, and Influence  29:48 Ransomware Attacks  31:05 Raising employee awareness about Phishing   34:39 Making Cyber interesting  39:11 HUMAN Security  47:06 How many companies have it right?  49:20 Tips for Small Businesses  56:40 Upcoming events for Dallas   To learn more about Dallas visit https://www.linkedin.com/in/dallascbaker/    To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us o

#SecurityConfidential #DarkRhinoSecurity  Joshua is the CISO at H&R Block. He has deep experience in designing and building information security programs. He is an expert on Zero Trust. His approach to information security is to transparently support and drive business initiatives, leveraging security capabilities to differentiate companies from their competition. Josh has spoken at InfoSec World, InfraGard, and ISSA and he is a SANS mentor. In short, he is a master of helping companies reduce risk.    00:00 Introduction  01:14 Joshuas Background  05:18 Why having different backgrounds in cyber is so important  15:06 Using Cybersecurity as a competitive advantage  17:04 Brand Loyalty program  23:35 How do you measure and monitor risk?  30:30 Establishing a culture in Cybersecurity  33:10 Getting the Cyber sec people to understand the business   36:00 Understanding the WHY 37:36 Amazon, Microsoft, Google myth  40:40 Zero Trust vs SASE 45:00 Preve

Josh Harrington is a CISSP, CCSP certified Director of IT and Security at Wattpad. He has a degree in Information Technology with a specialization in Networking and IT Security and a minor in operations management. With nearly a decade of cyber and IT-related experience, Josh has utilized his knowledge of industry threats and emerging technologies to guide businesses in advisory roles from implementation to leadership development both internationally and in the Greater Toronto Area. 00:00 Introduction 01:22 Josh’s story 03:10 The challenge of a Cybersecurity career 04:00 How has your previous experience helped prepare you for your position today? 05:55 Hands-on Experience: required or not? 07:42 Wattpad 08:22 Security Challenges for open-source platforms 11:50 Top 3 areas of Security 15:10 Must have Security tools 16:20 The Future of Cyber: Where is it going? 21:13 3rd party risk 23:40 Key points for employees regarding security 27:32 Message for young cyber professionals 33:37 What has helped you grow in IT?

#SecurityConfidential #DarkRhinoSecurity  Kicking off Season 7 with Ron Eddings. Ron is a Cybersecurity Advocate, Creative Director, and Podcast Executive Producer. Ron has been a cybersecurity practitioner. He has worked as an architect at Palo Alto Networks and Demisto. He is currently the Creative Director for Axonius and is also the Co-founder & Executive Producer of Hacker Valley Studios.     00:00 Introduction  01:20 How did you start in Cyber?  06:13 Marcus Careys Guide to Success  07:55 Your spiritual guide to pursuing your passion  12:03 The Mind, the Body, and the Spirit  15:50 Maintaining your Sense of Wonder  19:40 Your Superpower 23:15 Learning and Teaching  28:20 Making Cyber entertaining  35:12 What is the value of Cybersecurity?  39:20 Vulnerability management  42:00 OKTA and Passwords  43:00 Infosec programs that worked and ones that didn’t  48:15 The Department of “no”  49:25 News with Ron   To learn mo

Jake is the SR. Director of Security Strategy at VillageMD. He has over 20 years of IT and Security experience building, operating, and enhancing: Risk Management, Security Awareness, and governance. He has worked with many "C-suite" executives and boards of directors. He is a graduate of the University of Pittsburgh Katz School of Business   00:00 Introduction  02:04 VillageMD  03:28 Walgreens and the Minute Clinic  05:01 How has Cyber security changed the Healthcare business?  07:50 Why is patient healthcare data worth more money than credit card information?   10:30 Making the data less valuable  16:50 What are some policy positions we could take?  18:57 What is motivating bad actors to get healthcare data?    22:50 Cyber insurance  26:40 3rd party risk  30:05 Doctors and mobile devices vs HIPAA?   39:10 More on Jake    To learn more about Jake Belcher visit https://www.linkedin.com/in/jakebelcher/  To learn mor

#SecurityConfidential #DarkRhinoSecurity Greg Schaffer joins us on this episode of Security Confidential. Greg founded vCISO services in 2017 to help SMBs. He has over 33 years of experience in IT and security including over 15 years at the CISO level. Greg is the host of the virtual CISO moment podcast and authored information security for small and mid-sized businesses. 00:00 introduction 01:37 How did you get into Cyber? 04:40 What brought you to SMB? 07:00 Equifax Breach 10:30 Defense in Depth 13:05 Doing more than just checking the boxes 19:40 Cyber insurance 24:00 Some ways SMBs get breached 28:00 Ransomware 30:40 SMB: What to do if you don’t have the resources? 36:44 How much money should SMBs spend on cybersecurity? 38:24 Should the CISO work for the CIO? 42:17 Metrics for decision-makers 45:20 Russians and the Chinese 49:00 Meeting Greg   CU Intersect conference is July 18-20. Link https://cuintersect.com/  RETR3AT Link: https://www.montreat.edu/about/events/retr3at/   Greg's podcast:

#SecurityConfidential #DarkRhinoSecurity  Eddie Thomason joins us for this week's episode of Security Confidential. Eddie is a Regional Sales Manager at DataLocker,  a bestselling author, and entrepreneur who has been featured on ABC, CBS, & FOX news affiliates. Eddie has worked with multiple Fortune 500 companies to improve their revenue and was named one of the top business professionals by the Chamber of Commerce. Eddie hosts the popular “Simply Secure Podcast” where he talks to cyber professionals about #InfoSec. When he is not talking or working in cyber, he can also be found creating cutting boards and wood furniture with his passion project ET Woodworks.    00:00  Introduction  04:07 How did you establish credibility with C-suite without trying to sell them anything?  09:02 Referring clients to other companies. Has that gotten you into trouble?   11:17 How SMBs should navigate through the sea of Cybersecurity?  15:40 Questions to ask MSSPs   19:22 F

Rory Meikle hosts this episode of Security Confidential with Erika Carrara. Erika is an influential, strategic, business-focused, and highly accomplished C-Suite executive. She has accomplished many things such as being a CISO, Director of Information Technology, Penetration Tester, an IT Security Specialist, and many more. Erika is also a Veteran of the United States Army and Mentor. She is currently the CISO of Wabtec Corporation.   00:00 Introduction  00:49 How did you start your career in cybersecurity? Was it something you did while in the military?   03:03 Advice for younger individuals stepping into cyber  04:27 Advice for Veterans transitioning into Cyber  06:29 Due diligence process when looking at an acquisition?   13:40 ISO 27,001  17:04 Security Frameworks for Small Businesses   22:00 What motivates bad actors?   26:40 Are there policies that you think the government should adopt that would better deter bad actors?   34:18 Can you s

#SecurityConfidential #Darkrhinosecurity   Endre Jarraux Walls is the EVP and CISO for Customers Bancorp and Customers Bank. He provides leadership to the Bank’s technology risk, digital compliance, security operations, governance, resilience, physical security, and cyber fraud departments of Customers Bank. He has held all 3 C-level roles in the technology industry, as an award-winning CIO, CTO, and now CISO. Prior to joining the Bank, he served as an executive in Healthcare, Telecom, and more. He was recently recognized as one of the top 40 under 40 leaders in the greater Philadelphia region, is a 2021 Top 100 CISO, was recognized as a top 10 global CISO in 2020, and received an American Cyber Awards honor in 2020.  He attended both Capella University in Minnesota for his BS in Information Technology and Yale University’s School of Management for Executive Education.   00:00 Introduction  01:17 How did you start your career in cybersecurity?  03:05 Is (General Electric, Nuclear Indu

#SecurityConfidential #DarkRhinoSecurity  00:00 Introduction  01:20 Penetration testing  05:50 Walking through Risk Analysis   08:07 SQL injections   09:50 3rd Party Risk. What does it mean?  11:30 How to protect yourself when using open sourced code  15:33 Google, Amazon, and Microsoft  16:30 Being on the Cloud and in the Cloud  18:40 Communicating to the executives  20:10 Cybersecurity as a Revenue Service  25:55 MFA issues and vulnerability   29:52 Smart Phones  37:56 Penetration tests on Mobile Devices  41:37 More about Nat   To learn more about Nat Shere visit  https://www.linkedin.com/in/nathaniel-shere  Links to Nat's blogs as mentioned in the video:  https://www.craftcompliance.com/post/7-steps-to-website-security-worth-bragging-about  https://www.craftcompliance.com/post/penetration-testing-the-what-the-why-the-how  https://www.craftcompliance.com/post/getting-the-most-out-of-penetration-testing 

#SecurityConfidential #darkrhinosecurity   Brian Haugli joins host Manoj Tandon on this week's episode of Security Confidential. Brian is a Managing Partner and Chief Executive Officer at SideChannel. Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. He is also a contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.   00:00 Introduction  01:50 How do you see the threat landscape changing in cybersecurity?  05:00 Do you think the mid-market understands that cybersecurity is not an

#SecurityConfidential #DarkRhinoSecurity  Tim Chase joins host Manoj Tandon on this episode of Security Confidential. Tim Chase is a Field CISO, Professional Speaker, Author, Ethical Hacker, Certified Application Security Engineer, etc. He is also a LinkedIn Learning Instructor who writes training modules about DevOps and DevSecOp. Tim is an expert at resolving challenging security incidents with a short turnaround time. He is a graduate of Tennessee Tech and the University of Phoenix.   00:00 Introduction 01:13 The problem of Ransomware, how do you see it evolving over in the near future? 05:17 Third-Party Risk 06:21 Applications built on open source code and how to ensure their security? 11:45 What do you see as the Top 3 root causes of security incidents? 14:40 Deep Provisioning 22:22 Step-by-step on how to build a cybersecurity program for SMB 32:05 How to make Cybersecurity logical when coaching a young cybersecurity team. What foundational elements do you emphasize? 37:30 Companies use Cyberse