Cybersecurity Advisors Network

Nick Kelly

The Cybersecurity Advisors Network (CyAN) connects cybersecurity experts from around the world to provide benefits and peer interactions in a siloed industry. Through CyAN, members gain access partner institutions, the expertise of their peers, and assistance with their projects. We have an abundance of stories to tell of members taking advantage of this trust network and connecting to create incredible opportunities through the complementarity of their profiles and experiences. read less
TechnologyTechnology

Episodes

50 Cent Army?  What a Bargain!  China and its Disinformation Campaigns
17-01-2024
50 Cent Army? What a Bargain! China and its Disinformation Campaigns
Join James Briscoe and John Salomon in the latest episode of the State of (Cyber)War podcast as they discuss the People's Republic of China and some of its disinformation capabilities. This informal conversation includes discussion about Chinese foreign election interference, domestic social media manipulation, Taiwan, China's foreign political and economic interests and more.   John Salomon - https://www.linkedin.com/in/johnsalomon/ James Briscoe - https://www.linkedin.com/in/jimbriscoe/ 02:10 Xi Jinping's new year's address, via CCTV:  https://youtu.be/TEd3CtcL1pU?si=MAiKGP-SPjm8cjCe 02:50 Xi Zhongxun, Chinese revolutionary leader:  https://en.wikipedia.org/wiki/Xi_Zhongxun 04:00 Taiwanese elections 2024:  https://en.wikipedia.org/wiki/2024_Taiwanese_general_election 04:08 Kuomintang:  https://en.wikipedia.org/wiki/Kuomintang 04:27 Democratic Progressive Party:  https://en.wikipedia.org/wiki/Democratic_Progressive_Party 05:45 1992 Consensus:  https://thediplomat.com/2022/07/the-1992-consensus-why-it-worked-and-why-it-fell-apart/ 07:15 These are the Valemax ore carriers:  https://vale.com/w/fleet-of-ships-serving-vale-receives-first-ore-carrier-in-the-world-equipped-with-rotor-sails 09:12 50 Cent Party:  https://en.wikipedia.org/wiki/50_Cent_Party 09:52 Nine-dotted line:  https://en.wikipedia.org/wiki/Nine-dash_line 10:04 Belt and Road Initiative:  https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 13:00 https://www.reuters.com/article/idUSSIN277923/ 13:43 NY Times article on the topic:  https://www.nytimes.com/2023/09/11/us/politics/china-disinformation-ai.html 14:15 https://en.wikipedia.org/wiki/2023_Chinese_balloon_incident 14:42 A lot of this is obviously speculation.  https://www.wired.com/story/east-palestine-ohio-train-derailment-tiktok/ 16:42 Asia Infrastructure Investment Bank:  https://www.aiib.org/en/index.html 19:35 An article about PRC influence on the Taiwanese elections:  https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence 20:32 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections 21:05 A US State Department briefing on this topic:  https://www.state.gov/briefings-foreign-press-centers/how-the-prc-amplifies-russian-disinformation 24:15 United Front Work Department:  https://en.wikipedia.org/wiki/United_Front_Work_Department 26:25 Some points about interference in US elections:  https://gdil.org/russian-and-chinese-influence-actors-and-operations-against-the-american-electorate/ 29:34 Hundred Years of Humiliation:  https://en.wikipedia.org/wiki/Century_of_humiliation 30:30 The Avoidable War, by Kevin Rudd:  https://www.avoidablewar.com/ 32:23 Natto Thoughts:  https://nattothoughts.substack.com/ 32:26 The disinformation handbook (part I):  https://nattothoughts.substack.com/p/disinformation-handbook-a-concise A few links on the topic worth reading: Chinese information operations against Taiwan: https://therecord.media/taiwan-elections-china-interference https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence https://thediplomat.com/2024/01/beijing-tries-to-capitalize-on-taiwans-controversial-rocket-alert/ https://thediplomat.com/2024/01/rip-off-the-blindfold-let-taiwanese-civil-society-learn-from-ukraine/ https://fpri.org/article/2023/12/whats-at-stake-in-upcoming-taiwan-election/ General Chinese disinfo operations: https://www.rand.org/pubs/commentary/2023/10/dismantling-the-disinformation-business-of-chinese.html https://www.defenceconnect.com.au/joint-capabilities/13356-report-massive-chinese-disinformation-campaign-uncovered-on-youtube https://medium.com/doublethinklab/propaganda-analysis-how-different-actors-in-chinas-information-ecosystem-portray-the-ukraine-war-ac82713c2f68 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics.  We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.   Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Original YouTube video at https://youtu.be/xBAJ2rBKrMc
Japan's National Cyberdefence - It's Not a Military Thing, Honest
27-12-2023
Japan's National Cyberdefence - It's Not a Military Thing, Honest
Welcome to episode 2 of CyAN's State of (Cyber) War series. Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies. A few notes from our chat: 02:25 US-Japan 1960 joint security treaty:  https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html 02:37 Article 9 Japanese constitution:  https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution 02:45 SCAP:  Supreme commander allied powers 02:58 Japan Self Defense Forces:  https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces 05:01 2019 US-Japan security treaty update:  https://www.mofa.go.jp/files/000470738.pdf 06:54 national security strategy end of 2022:  https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf 08:14 Lazarus Group:  https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats 10:35 Lazarus Group's cryptocurrency thefts:  https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/ 11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/ 11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on 12:47 The 2016 revision in question:  https://www.mofa.go.jp/files/000143304.pdf 13:37 The spending increase to 2% request:  https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/ 13:59 It's actually 2% as well:  https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html 14:39 CCDCOE:  https://ccdcoe.org/ 14:46 Locked Shields exercise:  https://ccdcoe.org/exercises/locked-shields/ 15:33 The official in question was former US Director of National Intelligence Dennis Blair:  https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/ 16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad.  The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen.  The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%. 16:45 The Nagoya port ransomware attack of July 2023:  https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack 17:10 The Chinese cyberattack on the Japanese defence network:   https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article:  https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/ 17:23 KillNet ceases attacks on Japan:  https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html 20:17 2023 Amendments to Telecommunications Business Act:  https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter 20:20 Unauthorized Computer Access Law (UCAL):  https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan James Briscoe on LinkedIn:  https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original YouTube video version:  https://youtu.be/Fmuno8ohJPs Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
State of (Cyber) War - Russia, Offensive Cyber Operations, and Terror, Oh My
21-12-2023
State of (Cyber) War - Russia, Offensive Cyber Operations, and Terror, Oh My
Welcome to episode 1 of CyAN's new State of (Cyber) War series. Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more. A few notes from our chat: 05:10  James' research paper on Russia/Ukraine:  https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/ 05:30  Conti ransomware group:  https://flashpoint.io/blog/history-of-conti-ransomware/ 08:55  2016 Ukraine power grid attacks:  https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ 11:15  Stuxnet:  https://en.wikipedia.org/wiki/Stuxnet 12:47  James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/ 14:35  The Dukes:  https://www.cfr.org/cyber-operations/dukes  Cozy Bear:  https://www.crowdstrike.com/adversaries/cozy-bear/  NotPetya:  https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks 18:32  Lazarus Group:  https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations 20:11  2022 Yandex Moscow taxi hack:  https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow 20:25  2023 GUR Russian state tax service hack:  https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service 23:22  2022 Belarus railway hack:  https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup 24:04  Alexander Lukashenko and the Ukraine invasion map:  https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html 25:23  Syrian Electronic Army:  https://en.wikipedia.org/wiki/Syrian_Electronic_Army 29:03  Momotarō no Umiwashi came out in 1942:  https://en.wikipedia.org/wiki/Momotar%C5%8D_no_Umiwashi Original YouTube video is at https://youtu.be/VlP_L3xX2Lo James Briscoe on LinkedIn:  https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Disinformation, AI, and Security - Dmytro Bilash
23-11-2023
Disinformation, AI, and Security - Dmytro Bilash
Dmytro Bilash joins us for a conversation about online disinformation - what it is, how it adversely affects democratic societies, who's behind it, and how we can combat this major and growing threat to social cohesion and political and economic stability. A few contextual link from our discussion: Dr. Egor Zakharov of the Swiss Federal Polytechnic Institute, Zurich (ETHZ) - AI expert, and participant in the ITBN AI&disinformation fireside chat:  https://ait.ethz.ch/people/egorzakharov John Oliver/Last Week Tonight segment on Myanmar-related hate speech on Facebook:  https://youtu.be/OjPYmEZxACM The Assault on Intelligence, by Michael V. Hayden:  https://www.penguinrandomhouse.com/books/566537/the-assault-on-intelligence-by-michael-v-hayden/ Offline, by Crooked Media - episode on TikTokers "discovering" Osama Bin Laden's "Letter to America":  https://youtu.be/kk84mCHWds8 Shaping Europe's Digital Future - Tackling online disinformation:  https://digital-strategy.ec.europa.eu/en/policies/online-disinformation Finland is winning the war on fake news - CNN, 2019:  https://edition.cnn.com/interactive/2019/05/europe/finland-fake-news-intl/ Dmytro Bilash is a cybersecurity expert and investor, and co-founder and Chief Business Development Officer of Osavul, a Ukrainian AI cyberdefence firm.  Visit them at https://www.osavul.cloud/ You can find Dmytro on LinkedIn at https://www.linkedin.com/in/dmytro-bil Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video at https://youtu.be/XQonzP3OVXU Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
The Paradoxes of Personalization, Regulation, and Trust - Kojo Osei Amoyaw-Osei Presents his Thesis
13-11-2023
The Paradoxes of Personalization, Regulation, and Trust - Kojo Osei Amoyaw-Osei Presents his Thesis
Kojo Osei Amoyaw-Osei is a master's candidate at EM-Lyon Business School.  He joins us today to discuss his thesis project for the MSc programme in Cybersecurity and Defence Management. Businesses face a growing set of challenges when building their information security maturity - specifically, Kojo has identified three core paradoxes in his research:   1) Personalisation - delivering personalised experiences while respecting privacy preferences 2) Regulation - balancing regulatory compliance with data-driven strategies and innovation 3) Trust - earning and maintaining trust by adopting transparent data practices, implementing robust data security measures, and demonstrating responsible data use This episode of the CyAN Secure-in-Mind video and podcast series turns our usual format around, as Kojo interviews John Salomon, the usual host of these sessions, based on his extensive experience in the industry, as part of his thesis research. EM Lyon MsC in Cybersecurity and Defence Management:  https://em-lyon.com/en/news/who-will-you-learn-msc-cybersecurity-defense-management-program Kojo on LinkedIn:  https://www.linkedin.com/in/kojooseiamoyawosei/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video version of this conversation is at https://youtu.be/vG1zvwDpjpo Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jillian Kwong - Cybersecurity Challenges in Small to Medium Enterprises (SME)
10-11-2023
Jillian Kwong - Cybersecurity Challenges in Small to Medium Enterprises (SME)
Thanks Jillian Kwong, Research Scientist at Cybersecurity at MIT Sloan (CAMS), for joining us today as we discuss Jillian's work in cybersecurity third party risk management and more. Jillian has a PhD in Communication from the Annenberg School for Communication at the University of Southern California, where her dissertation looked at the human and managerial side of data privacy (e.g. GDPR, CCPA) implementation within mostly small and medium sized enterprises (SMEs). She's also a participant in the Cybersecurity Advisors Network (CyAN) mentorship pilot programme.  Cybersecurity is a metrics-driven field; "soft" factors like management style, or how humans process information, are a major challenges for less mature, smaller enterprises.  This is more and more the case as regulatory and good practices requirements drive firms to understand their supply chain risk.  How can smaller organisations live up to these expectations?   Even when a tremendous wealth of information and resources are available to help such firms, doing the right thing can be a daunting, difficult process. Jillian has significant experience in understanding the day-to-day challenges of small business and their management through interviews and case studies as a complementary approach to more objective, quantifiable cybersecurity.  This has allowed her to document the interconnected, complex nature of cybersecurity activities in SMEs. Visit Jillian on LinkedIn at https://www.linkedin.com/in/jilliankwong Cybersecurity at MIT Sloan:  https://cams.mit.edu The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels via https://cybersecurityadvisors.network/media Original source video at https://youtu.be/KcSZ1l_Eoik Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Hugo Tarrida on  Cyberdefence and Information Warfare
06-11-2023
Hugo Tarrida on Cyberdefence and Information Warfare
In today's Secure-in-Mind episode, we talk about cyberwarfare with Hugo Tarrida. Hugo recently finished his master’s with a focus on cyber and hybrid warfare and the impact it has on security, at King's College London. Cyber and hybrid warfare are rapidly evolving domains of conflict that encompass a wide array of threats and tactics. These strategies involve cyberattacks aimed at disrupting critical infrastructure, which includes power grids, financial systems, and communication networks, posing significant risks to national security. To counter these threats, effective strategies have to be developed and improved to counter an ever-growing digitalised and interconnected word.   We delve into the impact of public-private collaboration aimed at fortifying defences, sharing threat intelligence, and developing resilience to mitigate the impacts of cyber warfare. In this ever-changing landscape, understanding these concepts and fostering cooperation is paramount for safeguarding our digital future.' Visit Hugo on LinkedIn at https://www.linkedin.com/in/hugo-tarrida-ortega-32915a204 King's College London:  https://www.kcl.ac.uk/ The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels at https://cybersecurityadvisors.network/media Original video version available at https://youtu.be/oRHIzDjdfjM Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Florian Hantke - pen tester, vulnerability researcher, cybersecurity doctoral candidate
27-09-2023
Florian Hantke - pen tester, vulnerability researcher, cybersecurity doctoral candidate
Today's Secure-in-Mind episode features a discussion with (soon to be Dr.) Florian Hantke, a candidate in the pilot intake of the CyAN mentorship pilot programmed.   Florian is conducting advanced research on vulnerability management and information security trends as part of the secure web applications group at CISPA Helmholtz, a major German academic research network.  He is an accomplished penetration tester, capture-the-flag contestant, and ethical hacker. Among the topics we visit today are an overview of his current project on using "web archeology" - using web archives to evaluate past cybersecurity trends, Florian's views on the effectiveness of information security topics in German academia and how what it entails, and his recent experience in finding and reporting a number of embarrassing web vulnerabilities.   We talk about generational differences in spotting fraud and security issues, getting into cybersecurity as an area of interest and career choice, and more. Florian's LinkedIn:  https://www.linkedin.com/in/florian-hantke-59ba0522b/ Website: https://fhantke.de/ Twitter: https://twitter.com/fh4ntke  CISPA Helmholtz Center for Information Security - https://cispa.de/ "You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements" - https://swag.cispa.saarland/papers/hantke2023archaeology.pdf Florian's blog post describing his experiences reporting web vulnerabilities in wedding photo sharing sites:  https://fh4ntke.medium.com/till-breach-do-us-part-the-uninvited-guest-at-your-wedding-2aed35755456 Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original YouTube video: https://youtu.be/zwMSUbDeYfU Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
From Academia to Cybersecurity Career - A Chat with Emlyon Business School
13-07-2023
From Academia to Cybersecurity Career - A Chat with Emlyon Business School
The cybersecurity employment market is in a unique situation - teams are often underfunded and overtaxed, while layoffs at big tech and other security-reliant critical firms have left insecurity in the industry - as regulatory requirements and evolving threats require ever more attention to the topic.   Meanwhile, academic institutions are continuously challenged to improve their approaches to developing the next generation of talent.  Cyber- and information security are broad topics, and benefit from a wide range of knowledge, experiences, and areas of study - not just hard core hands-on tech skills. This raises questions about how aspiring cybersecurity experts should direct their studies, and how academic leaders and institutions can support them in this journey.   Today we welcome Dr. Gergely "Greg" Dzsinich, CyAN board member and professor at Emlyon business school in Lyon, France, and Florian Muntner, a masters degree candidate embarking on a cybersecurity career later this year who is supporting a privacy project led by Prof. Dzsinich.   Join us as we talk about a wide range of considerations when aiming for a cybersecurity career via various academic disciplines, as well as the unique project approach of the Emlyon team to create continuity among successive "generations" of students aiming for careers in the cybersecurity field. You can find Dr. Dzsinich on LinkedIn here - https://www.linkedin.com/in/gdzsinich/ ...and Florian Muntner here:  https://www.linkedin.com/in/florian-muntner/ This episode of Secure-in-Mind is also available in video form at https://youtu.be/yQWF1DNubbU Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Fraud, Scams, and Other Assorted Awfulness - Jorij Abraham, Global Anti-Scam Alliance
02-07-2023
Fraud, Scams, and Other Assorted Awfulness - Jorij Abraham, Global Anti-Scam Alliance
Many of us have fallen victims to scams.  Most of us know someone else who has.  Fraud did not start with the Internet, but it has unfortunately become an integral part of the online experience. Jorij Abraham is Managing Director of the Global Anti-Scam Alliance (GASA), a non-profit organization based in Amsterdam and a partner to CyAN.   In today's Secure-in-Mind episode, we talk about GASA's mission fighting scams of all sorts.  What is a scam?  What types of scams are most common around the world, who are the victims, and who are the major perpetrators?   Jorij shares his experience in helping to fight abuse, whether it involves fake work visa promises, business email compromise, as well as subscription, romance, crypto, and many other scams that defraud innocent victims of their money.  How are we working with law enforcement?  What are tech companies doing to fight scams?   And, as always, we ask Jorij his views on what the future will bring. CyAN strongly endorses GASA's mission; visit them at https://gasa.org, as well as their https://scamadviser.com service where you can check whether something is a known scam.   Consider also register for GASA's annual summit in Lisbon, Portugal, on Oct 18-19 2023 - https://www.gasa.org/event-details/4th-global-anti-scam-summit-2023 You can find Jorij on LinkedIn at https://www.linkedin.com/in/jorijabraham/ The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - This episode is available as a video at https://youtu.be/XidPnG6SmaY All our various media channels are here: https://cybersecurityadvisors.network/media Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Cyber Risk Insurance - Myths and Considerations, with Anthony Hess
19-06-2023
Cyber Risk Insurance - Myths and Considerations, with Anthony Hess
In today's episode of the Secure-in-Mind series, I'm joined by Anthony Hess, CEO of co-founder of cyber crisis management and response firm Asceris. Anthony has a wealth of experience working with insurance firms, especially in the field of cybersecurity and cyber risk insurance, and combines a strong technologist's background with a wealth of knowledge around insurance logic, policy types, underwriting methodologies, and more. Cyber risk insurance has been a growing topic over the past decade, and in our conversation today, we seek to address several misconceptions about this type of service, while giving you a basic understanding of what you need to know when considering such a service. For example, we talk about - what types of policies are there? - what's all the hubbub around Lloyds of London's much-discussed "cyber acts of war" exception? - what's the relationship between insurance and regulatory risk management requirements? - what types of services to insurance firms offer to their customers? ...and many more. Visit him on LinkedIn at https://www.linkedin.com/in/anthonyhess/ You can find Asceris at https://www.asceris.com/ Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/ Our YouTube channel is at https://youtube.com/@cybersecadvisors Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Dr. Mischa Hansel on Zero Days, Cyber Vulnerability Policy and More
13-06-2023
Dr. Mischa Hansel on Zero Days, Cyber Vulnerability Policy and More
In the latest episode of the Good Faith Cybersecurity Researches' Coalition dialogues, we speak with Mischa Hansel, head of the research focus on international cybersecurity at the IFSH - the University of Hamburg institute for peace research and security. In our conversation, we cover topics such as - stockpiling and weaponizing of cyber vulnerabilities by state actors - vulnerability reporting requirements to national authorities - handling of cyber vulnerabilities by authoritarian governments - the impact of free discourse around vulnerabilities on liberal democracy - vulnerability-as-a-service providers - the role of academia and free research in the uncovering of cyber vulnerabilities A few links Mischa provided that are relevant to this conversation, and to IFSH's work: - International Cybersecurity Made in Hamburg:  https://international-cybersecurity.com/ - A paper published in Just Security around strengthening cybersecurity researchers https://www.justsecurity.org/81293/empowering-security-researchers-will-improve-global-cybersecurity/ - the IFSH newsletter (Jan's Cyber Hotchpotch) " offering an entertaining weekly summary of what is going on in cybersecurity" - subscribe via https://ifsh.us6.list-manage.com/subscribe?u=2fda1cac544809b12bab70663&id=d8ad8ab2a0  - A paper on the peace and security implications of cybercrime: https://ifsh.de/file/publication/Research_Report/012/Research_Report_012_EN_web.pdf IFSH is at https://ifsh.de/ You can find Mischa Hansel on LinkedIn at https://www.linkedin.com/in/mischa-hansel-7207ba1a2 Visit us at https://gfcrc.org - and check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Also check out the GFCRC video series at https://youtube.com/@gfcyber Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
AI - Risk Management, Good Practice, and Common Sense
22-05-2023
AI - Risk Management, Good Practice, and Common Sense
In today's episode of the Secure-in-Mind series, Joe Cozzupoli and I confront some burning topics around how to deal with artificial intelligence (AI) when confidential or critical data is involved. On the CyAN blog, Joe recently wrote about the need to balance privacy and security in AI systems - you can find that article here:   https://cybersecurityadvisors.network/2023/05/03/balancing-privacy-and-security-in-ai-systems-navigating-the-cybersecurity-conundrum/ As a follow-up to this piece, we address considerations in ensuring the security and confidentiality of critical data whenever AI is used...including the idea that fundamental concepts of responsible use of data don't go away just because it's a new technology.  How should existing information security policies and good practice be updated to take these new capabilities into consideration?  How are regulators around the world trying to ensure that AI doesn't introduce unacceptable risk? Joe is a Senior Information Security Advisor at Microsoft in Australia, and CyAN member.  All views expressed in this conversation are his personal opinions and not those of Microsoft. Visit him on LinkedIn at https://www.linkedin.com/in/jcozzupolicissp Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/ Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Gender- and Neurodiversity in Cybersecurity - Talking Equity with Dr. Jacqui Taylor
12-04-2023
Gender- and Neurodiversity in Cybersecurity - Talking Equity with Dr. Jacqui Taylor
Dr. Jacqui Taylor and John Salomon talk about the state of diversity in the cybersecurity industry.   What is the state of women in the sector, and how are neurodiverse professionals represented in information security positions?  What are the current challenges facing underrepresented groups in industry, how do we see this developing in the coming years, and how can we help address current imbalances? In this conversation, we explore why, aside from it being the right thing to do, companies actually benefit from a more representative workforce.   Employers with access to a broader range of skills, backgrounds, and attitudes are likely to be much more capable of managing and mastering cybersecurity risk.We also explore how younger generations are approaching this topic.   How has the digital native experience of Millenials, Gen Z, and beyond shaped their attitudes towards equity, diversity, and better representation of different population groups in the technology / cybersecurity arena?  How can the current generations of professionals talk to these groups and encourage them to take an interest in cybersecurity? Dr. Jacqui Taylor is CEO and founder of FlyingBinary, a UK-based deep tech innovation firm.  Among numerous other activities, she is a frequent public speaker on a variety of topics around technology, geopolitics, and beyond. Check out FlyingBinary - "The home of our Cyber Security Work across the world" at https://flyingbinary.com/contact/, and on LinkedIn at https://www.linkedin.com/company/1202052 -  You can find Jacqui on LinkedIn at https://www.linkedin.com/in/dr-jacqui-taylor/ For Jacqui's website "The home of the Empathy Economy and my equity mission", please have a look at https://jacqui.online CyAN's mentorship programme is announced here:  https://cybersecurityadvisors.network/2023/04/12/cyan-announces-mentorship-programme/ Visit us at https://cybersecurityadvisors.network
Wim Hafkamp - Healthcare Cybersecurity Challenges in the Netherlands, Europe, and Beyond
29-03-2023
Wim Hafkamp - Healthcare Cybersecurity Challenges in the Netherlands, Europe, and Beyond
Welcome Wim Hafkamp, Managing Director of Z-CERT, the Dutch healthcare CERT, and Quartermaster / Chairman of the European Health ISAC.  Wim brings many years of information security leadership experience in the financial sector to his current organisation's role of supporting the cybersecurity resilience of the Dutch medical and healthcare community.   In the latest in our Secure in Mind series, we discuss the issues currently facing health institutions and providers in defending against cyberattacks, complying with regulations, and working together across borders and with public sector partners. A few of the concepts mentioned in the video: EU Cybersecurity Act: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act EU Cybersecurity Certification Framework: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework NIS2 Directive:  https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333 Attacks on Irish Health Service Executive attacks: https://en.wikipedia.org/wiki/Health_Service_Executive_ransomware_attack Ransomware attacks on hospitals in Victoria (Australia): https://www.abc.net.au/news/2019-10-01/victorian-health-services-targeted-by-ransomware-attack/11562988 (Actually I was referring to an earlier campaign but this one's more recent and equally relevant) André Mignot attack (2022):  https://www.france24.com/en/france/20221205-french-hospital-suspends-operations-after-cyber-attacks Brussels ransomware case:  https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre 2023 Barcelona hospital ransomware case: https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/ Z-CERT's homepage:  https://www.z-cert.nl/ EU Health ISAC (via the Empowering EU ISACs initiative):  https://www.isacs.eu/european-isacs Find Wim on LinkedIn at https://www.linkedin.com/in/wimhafkamp/ Visit us at https://cybersecurityadvisors.network
Vulnerabilities, Threats, Lions, Tigers, and Bears, Oh My - With Eward Driehuis, of CSIRT.global
21-03-2023
Vulnerabilities, Threats, Lions, Tigers, and Bears, Oh My - With Eward Driehuis, of CSIRT.global
Welcome Eward Driehuis, chairman of the board of CSIRT.global.  Eward has a long and diverse history in the information security sector, and currently supports the mission of CSIRT.global, a not for profit vulnerability and incident management collective based in the Netherlands. Today, we talk about a wide range of topics, including - various types of malware - the evolution of visibility into different types of threat actors - different "use cases" of malware, and different perspectives of public vs. private sector defenders - objectives, tactics, techniques, and procedures (TTPs) of purely commercial criminal gangs vs. those of spies - supporting cybersecurity preparedness and resilience in small to medium size enterprises (SMEs) - Internet structural vulnerabilities - how not to annoy customers when selling information security products and solutions - the impact of cybercrime and disinformation on societal stability, and how different generations deal with this Some links to topics mentioned in the video: GameOver Zeus malware: https://www.cisa.gov/news-events/alerts/2014/06/02/gameover-zeus-p2p-malware Dyre banking trojan:  https://www.secureworks.com/research/dyre-banking-trojan Dridex malware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-339a Kaseya vulnerability (CVE-2021-30116):  https://www.cvedetails.com/cve/CVE-2021-30116/ REvil ransomware attack:  https://blog.qualys.com/product-tech/2021/07/08/kaseya-revil-ransomware-attack-cve-2021-30116-automatically-discover-and-prioritize-using-qualys-vmdr The Dutch Institute for Vulnerability Disclosure:  https://www.divd.nl/ CSIRT.global homepage:  https://csirt.global/ Eward's LinkedIn profile:  https://www.linkedin.com/in/ewarddriehuis/ Visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Safe Harbour Laws for Cyber-Vulnerability Researchers, with Inti de Ceukelaire
20-03-2023
Safe Harbour Laws for Cyber-Vulnerability Researchers, with Inti de Ceukelaire
CyAN welcomes Inti de Ceukelaire, ethical cybervulnerability researcher, and Chief Hacker Officer at Intigriti, a Belgium-based bug bounty platform. We talk about a wide range of topics relevant to legal protections of responsible vulnerability researchers and disclosure, using the recently implemented Belgian safe harbor law as a basis for discussion.  Industry and society depend on timely awareness of software vulnerabilities from reliable,. ethical sources such as white hat hackers.  Meanwhile, obsolete computer misuse laws in many countries make  A few relevant links to topics mentioned in the video: OECD recommendations for coordinated vulnerability disclosure:   https://one.oecd.org/document/DSTI/CDEP/SDE(2021)9/FINAL/en/pdf https://www.oecd.org/digital/encouraging-vulnerability-treatment-0e2615ba-en.htm OECD paper on vulnerability treatment: https://one.oecd.org/document/DSTI/CDEP/SDE(2020)3/FINAL/en/pdf Good Faith Cybersecurity Researchers Coalition: https://gfcrc.org Vulnerability reporting to the Centre for Cyber Security Belgium (CCB): https://ccb.belgium.be/en/vulnerability-reporting-ccb Intigriti blog on Belgian safe harbor framework: https://blog.intigriti.com/2023/01/19/new-belgian-legal-framework-gives-safe-harbor-to-ethical-hackers-and-bug-bounty-hunters/ Marcus Hutchins:   ttps://en.wikipedia.org/wiki/Marcus_Hutchins St. Louis Post-Dispatch web "hacking" case:   https://www.washingtonpost.com/media/2021/10/14/mike-parson-st-louis-post-dispatch-hacker/ Gold Standard Safe Harbour Initiative:  https://www.hackerone.com/press-release/hackerone-announces-gold-standard-safe-harbor-improve-protections-good-faith-security Bonus old school cultural phenomenon mentions: Doom II:  https://en.wikipedia.org/wiki/Doom_II The Cuckoo's Egg, by Cliff Stoll:  https://www.goodreads.com/book/show/18154.The_Cuckoo_s_Egg Inti's LinkedIn profile:  https://www.linkedin.com/in/intidc/ Intigriti:  https://www.intigriti.com/ Visit us at https://cybersecurityadvisors.network and https://gfcrc.org Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/