Coming up in this special Mini-Series on Breaking Badness.
Breaking Badness hit the road again in 2024 to RSAC in San Francisco! You may remember we met with folks last year in our Stronger Together Mini Series, and we were excited to reconnect with some old friends along, meeting new ones, and putting faces to names.
As a reminder, this series is a different format from our weekly security news. Instead, this special segment on the podcast is made up of nine individual interviews with thought leaders from the infosecurity industry including:
- Allan Liska
- Aqsa Taylor
- Ben April
- David Goldschlag
- Joe Slowik
- Jori VanAntwerp
- Lawrence Gentiello
- Steve Stone
- Zack Schuler
In this mini-series, there were some clear themes, but like the tagline of the event itself, the one that sticks out the most is possibility. As many repeatedly share in their interviews, there’s a lot to be excited about within our industry and our innovation and collaboration will help give bad actors more bad days.
Jori VanAntwerp and Steve Stone
We’re excited to roll out this year’s mini-series and we’ll go in order of those we spoke with. On day one of RSAC, we got to sit down with Jori VanAntwerp, Founder and CEO of EmberOT and Steve Stone of Rubrik Zero Labs. You’ll hear from Jori in the first half of the episode and Steve in the second half.
Both will share their paths to infosec, what they’re currently excited about within the infosecurity space (and conversely, what’s concerning them).
Jori discusses what it’s like to found two start-ups including how to support the community and finding the right staff. We’ll also discuss how IT tools need to better fit the OT (operational technology) environment.
In our discussion with Steve, we talk at length about Rubrik Zero Labs’ latest whitepaper: Measuring Your Data’s Risk, especially as it pertains to the healthcare industry. We discuss why virtualization matters for healthcare and ransomware, the fallout from ransomware within the health space, and more.
Special shoutout to Steve as he pointed out our Google Form was not working initially. Without Steve, we may not have been able to meet up with the folks we met at RSAC!
Resources:
Ensuring Data Defensibility in an Era of Inevitable Breaches
Ben April and Allan Liska
We’re rolling out the next iteration of our mini-series from RSAC in this week’s episode of Breaking Badness! In this episode, we’re talking with Ben April, CTO of Maltego, and Allan Liska, Ransomware Sommelier with Recorded Future. You’ll hear from Ben in the first half of the episode and Allan in the second.
Both Ben and Allan are old friends of the Breaking Badness Cybersecurity podcast. You may remember our conversation with Ben at RSAC 2023. Allan has been on the podcast so many times, we owe him a Five Timer’s Jacket á la SNL.
In last year’s conversation with Ben, we discussed AI, which we revisit again this year. He believes the idea of AI has perhaps lost a bit of its magic, as he doesn’t see it as prominently as he did at RSAC 2023. We still discuss AI in the capacity of how it’s affecting the hiring process and how it could be impeding the progress of hiring within the cybersecurity space (especially with many currently looking for positions).
Allan had a pretty busy morning the day I caught up with him at RSAC as on May 7, 2024, law enforcement named the person behind LockBit as Dmitry Khoroshev. Targets of LockBit Ransomware cannot pay him without getting a special exception and also cannot pay anyone who works for Khoroshev. We discuss where we think the next phase of LockBit is heading now that there are sanctions against the leader. We also discuss ransomware as a trope on TV and pop culture – and speaking of pop culture, Allan has been on the podcast previously to discuss his comic book – Yours Truly, Johnny Dollar, which was sold at RSAC, but we also talk about a comic book anthology released recently that focuses on cybersecurity. Readers can expect to find stories that range from more sci-fi to the realities of dealing with burnout in the industry, and everything in between.
Be sure to listen to the episode for full details!
Joe Slowik and David Goldschlag
We are halfway through our mini-series at RSAC! This week, we’re talking with Joe Slowik, Principal Critical Infrastructure Threat Intelligence Engineer at MITRE and David Goldschlag, CEO and Co-founder of Aembit.
You may recognize Joe’s name, as he is a former DomainTools employee and has penned some of the most popular blog posts on our website, including “Analyzing Network Infrastructure as Composite Objects.” He’s a bit of a legend around here, and I was excited to meet him in person. In my interview with Joe, we talked about his background in infosec and sessions he was excited about at RSAC including “Cloud-Enabling the Electric Grid with Consequence Driven Approaches.” He also gave his own discussion at the ICS Village on how to apply a threat-focused approach to operational technology (OT).
One of the things I’m always eager to discuss with our guests is what they’re excited about or conversely, what’s grinding their gears. Joe has a torn perspective on AI because on the one hand, it will be a difference maker, but it will not be a difference maker this year, or maybe even five years. AI is not capable at the moment of creating unique solutions to novel problems. He uses AI images for presentations because he thinks it’s awesome (and hilarious).
In my conversation with David, we’re joined by perennial Breaking Badness co-host, Daniel Schwalbe. The three of us discuss David’s background (can’t have a conversation without the full back story!) If you did not know, David started in the government at the NSA and the Naval Research Lab and is the co-inventor of onion routing, which is now known as Tor.
I asked Daniel to join our conversation as he was particularly interested in hearing the backstory of Tor firsthand. For the complete details, be sure to listen to the full episode!
Zack Schuler and Lawrence Gentilello
It’s the penultimate episode of our mini-series! In this episode, we speak with Lawrence Gentilello, Founder and CEO of Optery, and Zack Schuler, Founder and Executive Chairman of the Board for NINJIO.
In my conversation with Zack, we discuss the history of NINJIO, which is a cybersecurity awareness training and social engineering company. Zack had read the report shared by IBm that 95% of security breaches are due to human error and thought, what are people doing to try to solve this? That’s where NINJIO and the idea of micro learning comes in.
In the second half of the episode, Lawrence and I discuss how to effectively protect your personally identifiable information (PII) from data brokers, which is a subject we touched on the podcast a while back in regards to personal information from therapy websites being sold to data brokers. We discuss a recent example of GM and OnStar sharing data with insurance agencies and Lawrence’s opinion.
For complete details, be sure to listen to the full episode!
Aqsa Taylor
It’s the final episode of our mini-series! In this episode, we speak with Aqsa Taylor, Director of Product Management at Gutsy! We discuss Aqsa’s path to cybersecurity (an unexpected pivot from electrical engineering!) We also talk about process security at length – you hear zero trust and AI at these conferences, but what about alerts and how you drive outcomes from there?
Diving into that topic, Aqsa details the eBook she created to get the “why” out there of transforming governance to achieve a security outcome. The idea of how we practice governance today is crucial – why are we not using the technology and advantages we already have for things like auditing? As a community we should think about the functions we do – just because something has been done in a certain way doesn’t mean we need to continue to work in that way.
One question we asked Aqsa was: is there an aversion to going back to the basics? Not necessarily – the buzzwords are catchy and that’s not wrong; we should be moving forward. But there should be parallel thinking; we can acquire new tools but we need to have a governance strategy to have a cleaner security posture.
In addition to governance, Aqsa and Kali discuss being women in cybersecurity and thoughts on how to get in front of more women to join the industry. But not just women, there’s plenty of people from all backgrounds looking to make a pivot into cybersecurity and Aqsa has a few thoughts on how to achieve that goal.
For complete details, be sure to listen to the full episode!
References:
- eBook – Process Mining: The Security Angle
- Breaking Badness Voices from Infosec: Tracy Maleeff
- Darknet Diaries – EP 144: Rachel
- Book recommendation – The Catalyst: How to Change Anyone’s Mind
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included in our blog. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!