Hi [[ session.user.profile.firstName ]]

ITSPmagazine chats with Ted Harrington, Executive Partner, ISE

ITSPmagazine chats with Ted Harrington, Executive Partner, Independent Security Evaluators. Here are some of the highlights from the in-depth conversation:

- Independent Security Evaluators focus on IoT centered around trying to understand the various trends and security vulnerabilities that exist in the multitude of connected devices. The team then tries to articulate solutions to any adversarial challenges uncovered.

- Ted's basic definition of IoT is it is comprised of devices that are connected to the Internet. From a security standpoint, it effectively introduces vast new attack surfaces and new ways that attackers could violate the host environment.

- No matter what IoT devices anyone may be talking about, they all have implications well beyond what appears on the surface.

- Today the modern adversary uses whats called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim.

- For the average consumer, Ted recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.

- Security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don't know how to articulate it. The manufacturer should deliver the security "features" clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.

- Ted is not a proponent of regulation as a security measure. Ted sees it fail time and time again because it is usually out of date and the adversary has already evolved.
Recorded Feb 15 2017 22 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ted Harrington, Executive Partner, Independent Security Evaluators
Presentation preview: ITSPmagazine chats with Ted Harrington, Executive Partner, ISE

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • GDPR Impact on Small- and Medium-Sized Businesses (Part 3 of 3) Sep 13 2017 5:00 pm UTC 60 mins
    Moderator: Sean Martin, ITSPmagazine | Panelists: Currently being hand-selected
    Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.

    Here are some topics we will be exploring:
    - Managing cross-border data transfers
    - Dedicated data protection officers
    - Breach notification obligations
    - Data protection requirements
    - Penalties for violations
    - Vendor management
    - Code of conduct

    NOTE: Complete details for this session will be provided closer to the delivery date for this session
  • Recommended Steps to Reach GDPR Compliance (Part 2 of 3) Aug 29 2017 5:00 pm UTC 60 mins
    Moderator: Sean Martin, ITSPmagazine | Panelists: Currently being hand-selected
    Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.

    Here are some topics we will be exploring:
    - Managing cross-border data transfers
    - Dedicated data protection officers
    - Breach notification obligations
    - Data protection requirements
    - Penalties for violations
    - Vendor management
    - Code of conduct

    NOTE: Complete details for this session will be provided closer to the delivery date for this session
  • How to Operate a GDPR-Compliant Business in the EU (Part 1 of 3) Aug 17 2017 5:00 pm UTC 60 mins
    Moderator: Sean Martin, ITSPmagazine | Panelists: Currently being hand-selected
    Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.

    Here are some topics we will be exploring:
    - Managing cross-border data transfers
    - Dedicated data protection officers
    - Breach notification obligations
    - Data protection requirements
    - Penalties for violations
    - Vendor management
    - Code of conduct

    NOTE: Complete details for this session will be provided closer to the delivery date for this session
  • Outmoded, Neglected, and Misused. The “POS as a Threat Vector” Probe. Jun 21 2017 5:00 pm UTC 60 mins
    William Dixon, Stroz Friedberg | Nir Valtman, NCR Corp | Andreas Kaltsounis, Stroz Friedberg | Sean Martin, ITSPmagazine
    Point of sale (PoS) systems run a significant portion of a retail business and can be found in many other businesses outside of pure retail shops as well. Oftentimes, these systems are running outdated, unpatched operating systems and applications, leaving them wide open for a breach. What’s worse, is that these systems are often used by employees that, many times, have no other computer through which they can access their personal email and social media accounts; further opening them up to both phishing scams and insider abuse.

    In this expert webinar, we will take a deep dive into the mounds of post-breach forensics programs to uncover the commonalities, nuances, and trends that all point to these systems as being one of the top threat vectors within an organization. The findings from multiple viewpoints will lead the attendees through a discussion that prepares them for a breach (protection), how best to respond in during an incident, and how best to manage the forensics aspects after a breach.

    Some of the topics we will explore include:
    -Retail industry challenges with PoS systems
    -Challenges outside the pure retail space
    -Flaws in the architecture of the systems and the networks they connect to
    -Flaws and other misconfigurations that leave these system open for attack
    -Recommendations based on real-world experience pre- and post-breach
    -Review of items often missed during a breach investigation

    Expert Panelists:
    > William Dixon, Vice President Cyber Resilience, Stroz Friedberg, an Aon Company
    > Nir Valtman, Head of Application Security at NCR Corporation
    > Andreas Kaltsounis, Managing Director, Stroz Friedberg, an Aon Company

    Moderator:
    > Sean Martin, CISSP, Editor-in-Chief, ITSPmagazine
  • Google Docs Phishing, Because Some Days it’s Just Too Easy Recorded: May 16 2017 61 mins
    Perry Carpenter, KnowBe4 | Eyal Benishti, IRONSCALES | Jordan Wright, Duo Security | Sean Martin, ITSPmagazine
    There's a new threat running rampant that is tricking a lot of people into click malicious links in their emails - the emails appear to be from friends and colleagues connected to Google Docs.

    in this webinar, we'll discuss the current situation with a few experts to get their views on what's happening and what the impact is to society. Some of the topics we will likely discuss include:

    - Overview of what happened (or is still happening)
    - How to spot it before getting compromised
    - How does this impact consumers?
    - How does it impact businesses?
    - How does it introduce risk to the business given the prevalence of shadow-IT?
    - How do users know if they’ve been compromised (after the fact detection)?
    - What can user do to recover from a compromise?
    - Anything users SHOULDN’T do?

    BONUS
    In addition to the Google Docs case, the panelists have agreed to briefly review the recent WannaCry case as well.

    Moderator:
    Sean Martin, ITSPmagazine

    Panelists:
    Eyal Benishti, CEO, IRONSCALES
    Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4
    Jordan Wright, Senior R&D Engineer, Duo Security
  • The Business Impact of Poor Website Usability, Performance, or Security. Recorded: Apr 20 2017 60 mins
    Tin Zaw, Verizon Digital Media Services | Laz, InfoSec Strategist | Edward Roberts, Distil Networks | Sean Martin, Moderator
    E-commerce, partner portals, customer service portals, and other cloud-enabled business services: Websites are the new front door to many businesses, and we expect to gain access whenever we want, from anywhere in the world, and from any device.

    But what happens to the business when the website doesn’t perform as expected? And how do you protect your website(s) from nefarious traffic looking to harm your business by bringing it down, scraping content, changing content? Do you know whether your traffic is a human user - or is it a bot? Does the language (or a lack of communication whatsoever) between the business and the IT personnel leave you wondering what the potential issues might be?

    During this expert panel discussion, we will explore the business impact of an underperforming or compromised website. You will:
    - Learn more about what good website performance look likes
    - Gain a deeper understanding of traffic on websites
    - Understand how your website's performance affects other departments within the business
    - Hear practical recommendations for business leaders on how to protect your website from compromise

    FEATURED EXPERTS
    Tin Zaw, Director Security Solutions, Verizon Digital Media Services
    Laz, InfoSec Strategist and Professor
    Edward Roberts, Director of Product Marketing, Distil Networks

    YOUR MODERATOR
    Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
  • 5 Ways Cyber-Criminals Are Trying to Steal From You – And What To Do About It Recorded: Apr 12 2017 61 mins
    Kevin Haley, Director, Symantec Security Response, and Sean Martin, Editor-in-Chief, ITSPmagazine
    Most crime has become virtual and there is a lot out there you could worry about. If you want to protect yourself it hard to know where to start. This webinar will help you know where to focus by revealing the top 5 cyber crimes currently hitting consumers. We’ll discuss why they are so popular, how they work, what you can do to protect yourself from them. And the good news is that the steps to protect yourself from the top 5 threats are going to keep you safe from all the other threats as well.

    Join Kevin Haley, Director, Symantec Security Response, and Sean Martin, Editor-in-Chief, ITSPmagazine as they have a 1:1 conversation, exploring this topic touching our society in every way imaginable.

    Some of the key take-aways will be:

    - What you can and can’t do to protect yourself when a company you do business with is breached.
    - How to spot phishing in 2017, its harder than it use to be.
    - Can you do something other than panic about ransomware.
    - Learn what the next big threat will be.
  • #Vault7 Happened. There’s No Going Back. Now What? Recorded: Mar 22 2017 60 mins
    Tony Busseri/Route1, Nick Bilogorskiy/Cyphort, Darin Andersen/CyberTECH, Jonathan Dambrot/Prevalent, James Carder/LogRhythm
    It's alleged that the CIA developed tools designed to spy on people, taking advantage of weaknesses in smart connected devices such as smart phones, smart TVs, smart personal assistants, and other household IoT technologies.

    In this discussion, we do a walk-through of what happened, what didn't happen, what systems and devices are impacted, and what data is involved in the leaks. Most importantly, we'll get some insight into what the larger societal impact of this could be.

    Join us for this in-depth conversation to learn:
    - Where stuff broke down.
    - Who is impacted, how are they impacted, and what’s at risk.
    - What the government can do to help.
    - What the commercial InfoSec community can do to help.
    - What consumers need to know to help (protect) themselves.

    FEATURED EXPERTS
    Darin Andersen, Chairman & Founder, CyberTECH
    Nick Bilogorskiy, Sr. Director of Threat Operations, Cyphort
    Tony Busseri, CEO, Route1 Inc.
    Jonathan Dambrot, CEO & Co-Founder, Prevalent
    James Carder, CISO & VP of LogRhythm Labs

    YOUR MODERATOR
    Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
  • Would You Like to Hear the Story of the Connected Teddy Bear, ICS, and IoT? Recorded: Mar 15 2017 60 mins
    Jamison Utter, VP Field Operations, Senrio | Sean Martin, Editor-in-Chief, ITSPmagazine
    Jamison Utter and Sean Martin will have a 1:1 discussion about what the Internet of Things actually is. We’ll be talking about way more than the consumer gizmos and gadgets people get for their birthday… we’ll be looking at some of the electronics that power our new world. We’ll also explore what it means to society if/when these devices are exploited - including the wide impact an attack can have on the large industrial supply chain. Time permitting, we’ll also go a little deeper into the dark web to see how these devices are being used beyond simple DDoS attacks, spying, and of course, ransom.

    By joining us for this conversation, attendees will have:

    1. An understanding and appreciation for all sorts of connected devices - consumer and industrial alike, including the infamous connected teddy bear

    2. A view into the risks and attacks associated with these connected devices - and the impact an exploit can have on society

    3. A sense for the business drivers behind building these devices, connecting them to the Internet, and the need to properly define and employ information security practices to the end-to-end supply chain
  • ITSPmagazine chats with Caroline Wong, VP of Security Strategy at Cobalt Recorded: Mar 10 2017 8 mins
    Caroline Wong, VP of Security Strategy at Cobalt
    ITSPmagazine chats with Caroline Wong, VP of Security Strategy at Cobalt.

    Here are a few highlights from our conversation with Caroline:

    - With traditional penetration test programs its hard to match the right skills at the right time, but the crowdsourced pool of talent offers more to choose from.

    - The Cobalt Penetration Test Metrics Report describes the key metrics needed to determine the impact of ROI of a modern penetration testing program - skill sets are matched to the technology stack.

    - It's one thing to find security issues, but it's another to integrate with development processes in order to get them fixed; Cobalt integrates with developer bug tracking systems so teams can answer the time-to-fix question.

    - A big believer in diversity promoting better workplace results, Caroline believes the crowdsourcing model supports this premise.
  • AI & Machine Learning in CyberSecurity. What Is the Difference? Recorded: Feb 22 2017 64 mins
    Sven Krasser, Igor Baikalov, Stephan Jou, Engin Akyol, and Sean Martin
    Artificial Intelligence and Machine Learning are becoming more pervasive in the cybersecurity space, but it is not the panacea everyone thinks it is. Lacking real case studies, many vendors must resort to simulated data and made-up scenarios to demonstrate their product capabilities. Moderator Sean Martin, Editor in Chief of ITSP Magazine, will ask the expert panelist to share their insights as to how AI and/or ML can be used to help address a variety of cybersecurity risks.

    Leading into this actionable advice, the panel will provide additional insights, including:
    • The difference is between AI and ML
    • How AI and ML can be used for good … and evil
    • What the future of AI and ML looks like

    Moderator:
    Sean Martin, Editor in Chief of ITSP Magazine

    Panelists:
    • Sven Krasser, Chief Scientist at CrowdStrike
    • Igor Baikalov, Chief Scientist at Securonix
    • Stephan Jou, CTO of Interset
    • Engin Akyol, Co-Founder & CTO of Distil Networks
  • ITSPmagazine chats with Joe Sander, CEO from Arxan Technologies Recorded: Feb 18 2017 7 mins
    Joe Sander, CEO from Arxan Technologies
    ITSPmagazine discusses application security, autonomous vehicle security, financial services security, IoT security, and diversity with Joe Sander, CEO from Arxan Technologies
  • ITSPmagazine chats with Jack Jones, EVP and Co-Founder of RiskLens Recorded: Feb 16 2017 6 mins
    Jack Jones, EVP and Co-Founder of RiskLens
    ITSPmagazine chats with Jack Jones, EVP and Co-Founder of RiskLens and Chairman of the FAIR Institute. Here's a snapshot of the conversation:

    - The FAIR institute is dedicated to building a community passionate about advancing the field of risk management and risk measurement.

    - A common misconception about measuring risk is that it's limited to large companies with mature practices and a large budget; it's really just about thinking clearly about the problem.

    - Diversity is critical in measuring and managing risk; the practice requires a broad set of skills that can only be found by a diverse group of people.
  • ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist Recorded: Feb 16 2017 7 mins
    Demetrios Lazarikos (Laz), InfoSec Strategist, Thought Leader, and Professor
    ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist and Founder of BlueLava.

    Here are a few highlights from our conversation with Laz:

    - Laz provides three tips for CISOs as their role changes:
    1/ Start learning how to present your information in business terms to your executive leadership team and/or board. Present in terms they will understand.
    2/ Share & collaborate with other CISOs because threats are leapfrogging each other.
    3/ Attend conferences and read up on different programs & strategies. Stay current with articles and subscriptions. Take a step back and block out time for yourself.

    - Be more engaged & build relationships within your company. Partner with legal or the board. Try creating a security committee.

    - Organizations need to understand that security education is an investment that is going last a long time.

    - As an adjunct professor at Pepperdine University, Laz is coaching and mentoring the next generation of business leaders. He helps them understand IT, security, data analytics and enterprise architecture, not in technical terms but understanding why they should build this as a part of their business or framework.
  • ITSPmagazine chats with Ted Harrington, Executive Partner, ISE Recorded: Feb 15 2017 22 mins
    Ted Harrington, Executive Partner, Independent Security Evaluators
    ITSPmagazine chats with Ted Harrington, Executive Partner, Independent Security Evaluators. Here are some of the highlights from the in-depth conversation:

    - Independent Security Evaluators focus on IoT centered around trying to understand the various trends and security vulnerabilities that exist in the multitude of connected devices. The team then tries to articulate solutions to any adversarial challenges uncovered.

    - Ted's basic definition of IoT is it is comprised of devices that are connected to the Internet. From a security standpoint, it effectively introduces vast new attack surfaces and new ways that attackers could violate the host environment.

    - No matter what IoT devices anyone may be talking about, they all have implications well beyond what appears on the surface.

    - Today the modern adversary uses whats called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim.

    - For the average consumer, Ted recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.

    - Security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don't know how to articulate it. The manufacturer should deliver the security "features" clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.

    - Ted is not a proponent of regulation as a security measure. Ted sees it fail time and time again because it is usually out of date and the adversary has already evolved.
  • ITSPmagazine chats with Pierre Calais from Stormshield During RSA Conference Recorded: Feb 15 2017 5 mins
    Pierre Calais, CEO, Stormshield
    ITSPmagazine discusses innovation, collaboration, teamwork, leadership, and diversity with Pierre Calais from Stormshield
  • ITSPmagazine chats with Kathy Hickey and Hadeel Dabbagh from CA Technologies Recorded: Feb 15 2017 7 mins
    Kathy Hickey, VP Security Product Management and Hadeel Dabbagh, Dir. Security Product Marketing
    ITSPmagazine chats with Kathy Hickey, Vice President Security Product Management, and Hadeel Dabbagh, Director, Security Product Marketing, from CA Technologies. Here are some of the highlights from our conversation:

    - Security is a part of everyone's job - not just the people in IT.

    - We need to raise awareness, especially for the young people, that there are many different skills and passions that can be brought to a security role.

    - We have to rethink the solutions we create in order to cater to the new buying patterns and new adopters of applications.

    - A hybrid IT environment is seen by CA Technologies as an opportunity vs a challenge; a chance to extend and leverage the new technologies and benefits the cloud brings.

    - A diverse team enables the company to be more creative in thinking and to think more outside the box - bringing to the table different perspectives and ideas to meet the needs of hybrid environments.

    - The market is changing rapidly with the adoption of cloud and increasing the attack surface.
  • ITSPmagazine chats with Jim Shaeffer, CEO from JSC & Associates, Inc. Recorded: Feb 15 2017 7 mins
    Jim Shaeffer, CEO from JSC & Associates, Inc.
    ITSPmagazine chats with Jim Shaeffer, CEO from JSC & Associates, Inc. Here are a few highlights from our conversation with Jim:

    - Jim and his team at JCS and Associates have seen tremendous change in the 26+ years of being in business serving banks and credit unions with a collection 15 vendor InfoSec solutions.

    - Some of the smaller customers JCS serves don't have the staffing budget to properly deploy, tune, and monitor a slough of security products - this is where JCS and team come in as a virtual CISO.

    - Jim is co-author of a new InfoSec book called Wolves, Sheep, and Sheepdogs - it took only 4 months to write and have it published.
  • ITSPmagazine chats with Alex Horan, Director of Product Management, Onapsis Recorded: Feb 15 2017 10 mins
    Alex Horan, Director of Product Management, Onapsis
    ITSPmagazine had a chance to chat with Alex Horan, Director of Product Management, Onapsis during RSA Conference 2017.

    Here are a few highlights from our conversation with Alex:

    Onapsis is in the business of helping organizations keep their ERP systems secure and compliant, systems that are often left alone due to their criticality and complexity.
    When it comes to responsibility and ownership of security for ERP systems, there is often a chasm in expectations between various groups.
    There is no one way that a person looks that matters when it comes to managing information security; diversity, and the value it brings, is driven by what's inside.
  • ITSPmagazine chats with Ruoting Sun, Principal Product Marketing Manager, DuoSec Recorded: Feb 15 2017 11 mins
    Ruoting Sun, Principal Product Marketing Manager, Duo Security
    ITSPmagazine chats with Ruoting Sun, Principal Product Marketing Manager, Duo Security.

    Here are some of the highlights from our discussion:

    - Ruoting discussed the need for integrated security that incorporates core system hygiene and policies with trusted application access control

    - The launch of Duo Beyond, is the first commercial implementation of Google’s Beyond Corp that moves toward a consistent access model regardless of the applications being accessed

    - The launch of a free anti-phishing training tool from Duo to help raise awareness – it’s not a one-time checklist, it’s an ongoing requirement – visit insight.duo.com

    - The more diversity you have, the wider perspectives you bring to the table – Duo encourages the inclusion of all backgrounds to help solve the security solution
At the Intersection of IT Security & Society
ITSPmagazine is an online publication that focuses on Information Technology Security and the influence that it has on our everyday life, as Individuals and as the Society we live in. And, for a change, the other way around.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ITSPmagazine chats with Ted Harrington, Executive Partner, ISE
  • Live at: Feb 15 2017 5:00 pm
  • Presented by: Ted Harrington, Executive Partner, Independent Security Evaluators
  • From:
Your email has been sent.
or close