Hi [[ session.user.profile.firstName ]]

ITSPmagazine chats with Ted Harrington, Executive Partner, ISE

ITSPmagazine chats with Ted Harrington, Executive Partner, Independent Security Evaluators. Here are some of the highlights from the in-depth conversation:

- Independent Security Evaluators focus on IoT centered around trying to understand the various trends and security vulnerabilities that exist in the multitude of connected devices. The team then tries to articulate solutions to any adversarial challenges uncovered.

- Ted's basic definition of IoT is it is comprised of devices that are connected to the Internet. From a security standpoint, it effectively introduces vast new attack surfaces and new ways that attackers could violate the host environment.

- No matter what IoT devices anyone may be talking about, they all have implications well beyond what appears on the surface.

- Today the modern adversary uses whats called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim.

- For the average consumer, Ted recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.

- Security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don't know how to articulate it. The manufacturer should deliver the security "features" clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.

- Ted is not a proponent of regulation as a security measure. Ted sees it fail time and time again because it is usually out of date and the adversary has already evolved.
Recorded Feb 15 2017 22 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ted Harrington, Executive Partner, Independent Security Evaluators
Presentation preview: ITSPmagazine chats with Ted Harrington, Executive Partner, ISE

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Business Impact of Poor Website Usability, Performance, or Security. Apr 20 2017 5:00 pm UTC 60 mins
    Tin Zaw, Verizon Digital Media Services | Laz, InfoSec Strategist | Edward Roberts, Distil Networks | Sean Martin, Moderator
    E-commerce, partner portals, customer service portals, and other cloud-enabled business services: Websites are the new front door to many businesses, and we expect to gain access whenever we want, from anywhere in the world, and from any device.

    But what happens to the business when the website doesn’t perform as expected? And how do you protect your website(s) from nefarious traffic looking to harm your business by bringing it down, scraping content, changing content? Do you know whether your traffic is a human user - or is it a bot? Does the language (or a lack of communication whatsoever) between the business and the IT personnel leave you wondering what the potential issues might be?

    During this expert panel discussion, we will explore the business impact of an underperforming or compromised website. You will:
    - Learn more about what good website performance look likes
    - Gain a deeper understanding of traffic on websites
    - Understand how your website's performance affects other departments within the business
    - Hear practical recommendations for business leaders on how to protect your website from compromise

    FEATURED EXPERTS
    Tin Zaw, Director Security Solutions, Verizon Digital Media Services
    Laz, InfoSec Strategist and Professor
    Edward Roberts, Director of Product Marketing, Distil Networks

    YOUR MODERATOR
    Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
  • 5 Ways Cyber-Criminals are Trying to Steal From You – And What To Do About It Apr 12 2017 6:00 pm UTC 60 mins
    Kevin Haley, Director, Symantec Security Response, and Sean Martin, Editor-in-Chief, ITSPmagazine
    Most crime has become virtual and there is a lot out there you could worry about. If you want to protect yourself it hard to know where to start. This webinar will help you know where to focus by revealing the top 5 cyber crimes currently hitting consumers. We’ll discuss why they are so popular, how they work, what you can do to protect yourself from them. And the good news is that the steps to protect yourself from the top 5 threats are going to keep you safe from all the other threats as well.

    Join Kevin Haley, Director, Symantec Security Response, and Sean Martin, Editor-in-Chief, ITSPmagazine as they have a 1:1 conversation, exploring this topic touching our society in every way imaginable.

    Some of the key take-aways will be:

    - What you can and can’t do to protect yourself when a company you do business with is breached.
    - How to spot phishing in 2017, its harder than it use to be.
    - Can you do something other than panic about ransomware.
    - Learn what the next big threat will be.
  • #Vault7 Happened. There’s No Going Back. Now What? Recorded: Mar 22 2017 60 mins
    Tony Busseri/Route1, Nick Bilogorskiy/Cyphort, Darin Andersen/CyberTECH, Jonathan Dambrot/Prevalent, James Carder/LogRhythm
    It's alleged that the CIA developed tools designed to spy on people, taking advantage of weaknesses in smart connected devices such as smart phones, smart TVs, smart personal assistants, and other household IoT technologies.

    In this discussion, we do a walk-through of what happened, what didn't happen, what systems and devices are impacted, and what data is involved in the leaks. Most importantly, we'll get some insight into what the larger societal impact of this could be.

    Join us for this in-depth conversation to learn:
    - Where stuff broke down.
    - Who is impacted, how are they impacted, and what’s at risk.
    - What the government can do to help.
    - What the commercial InfoSec community can do to help.
    - What consumers need to know to help (protect) themselves.

    FEATURED EXPERTS
    Darin Andersen, Chairman & Founder, CyberTECH
    Nick Bilogorskiy, Sr. Director of Threat Operations, Cyphort
    Tony Busseri, CEO, Route1 Inc.
    Jonathan Dambrot, CEO & Co-Founder, Prevalent
    James Carder, CISO & VP of LogRhythm Labs

    YOUR MODERATOR
    Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
  • Would You Like to Hear the Story of the Connected Teddy Bear, ICS, and IoT? Recorded: Mar 15 2017 60 mins
    Jamison Utter, VP Field Operations, Senrio | Sean Martin, Editor-in-Chief, ITSPmagazine
    Jamison Utter and Sean Martin will have a 1:1 discussion about what the Internet of Things actually is. We’ll be talking about way more than the consumer gizmos and gadgets people get for their birthday… we’ll be looking at some of the electronics that power our new world. We’ll also explore what it means to society if/when these devices are exploited - including the wide impact an attack can have on the large industrial supply chain. Time permitting, we’ll also go a little deeper into the dark web to see how these devices are being used beyond simple DDoS attacks, spying, and of course, ransom.

    By joining us for this conversation, attendees will have:

    1. An understanding and appreciation for all sorts of connected devices - consumer and industrial alike, including the infamous connected teddy bear

    2. A view into the risks and attacks associated with these connected devices - and the impact an exploit can have on society

    3. A sense for the business drivers behind building these devices, connecting them to the Internet, and the need to properly define and employ information security practices to the end-to-end supply chain
  • ITSPmagazine chats with Caroline Wong, VP of Security Strategy at Cobalt Recorded: Mar 10 2017 8 mins
    Caroline Wong, VP of Security Strategy at Cobalt
    ITSPmagazine chats with Caroline Wong, VP of Security Strategy at Cobalt.

    Here are a few highlights from our conversation with Caroline:

    - With traditional penetration test programs its hard to match the right skills at the right time, but the crowdsourced pool of talent offers more to choose from.

    - The Cobalt Penetration Test Metrics Report describes the key metrics needed to determine the impact of ROI of a modern penetration testing program - skill sets are matched to the technology stack.

    - It's one thing to find security issues, but it's another to integrate with development processes in order to get them fixed; Cobalt integrates with developer bug tracking systems so teams can answer the time-to-fix question.

    - A big believer in diversity promoting better workplace results, Caroline believes the crowdsourcing model supports this premise.
  • AI & Machine Learning in CyberSecurity. What Is the Difference? Recorded: Feb 22 2017 64 mins
    Sven Krasser, Igor Baikalov, Stephan Jou, Engin Akyol, and Sean Martin
    Artificial Intelligence and Machine Learning are becoming more pervasive in the cybersecurity space, but it is not the panacea everyone thinks it is. Lacking real case studies, many vendors must resort to simulated data and made-up scenarios to demonstrate their product capabilities. Moderator Sean Martin, Editor in Chief of ITSP Magazine, will ask the expert panelist to share their insights as to how AI and/or ML can be used to help address a variety of cybersecurity risks.

    Leading into this actionable advice, the panel will provide additional insights, including:
    • The difference is between AI and ML
    • How AI and ML can be used for good … and evil
    • What the future of AI and ML looks like

    Moderator:
    Sean Martin, Editor in Chief of ITSP Magazine

    Panelists:
    • Sven Krasser, Chief Scientist at CrowdStrike
    • Igor Baikalov, Chief Scientist at Securonix
    • Stephan Jou, CTO of Interset
    • Engin Akyol, Co-Founder & CTO of Distil Networks
  • ITSPmagazine chats with Joe Sander, CEO from Arxan Technologies Recorded: Feb 18 2017 7 mins
    Joe Sander, CEO from Arxan Technologies
    ITSPmagazine discusses application security, autonomous vehicle security, financial services security, IoT security, and diversity with Joe Sander, CEO from Arxan Technologies
  • ITSPmagazine chats with Jack Jones, EVP and Co-Founder of RiskLens Recorded: Feb 16 2017 6 mins
    Jack Jones, EVP and Co-Founder of RiskLens
    ITSPmagazine chats with Jack Jones, EVP and Co-Founder of RiskLens and Chairman of the FAIR Institute. Here's a snapshot of the conversation:

    - The FAIR institute is dedicated to building a community passionate about advancing the field of risk management and risk measurement.

    - A common misconception about measuring risk is that it's limited to large companies with mature practices and a large budget; it's really just about thinking clearly about the problem.

    - Diversity is critical in measuring and managing risk; the practice requires a broad set of skills that can only be found by a diverse group of people.
  • ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist Recorded: Feb 16 2017 7 mins
    Demetrios Lazarikos (Laz), InfoSec Strategist, Thought Leader, and Professor
    ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist and Founder of BlueLava.

    Here are a few highlights from our conversation with Laz:

    - Laz provides three tips for CISOs as their role changes:
    1/ Start learning how to present your information in business terms to your executive leadership team and/or board. Present in terms they will understand.
    2/ Share & collaborate with other CISOs because threats are leapfrogging each other.
    3/ Attend conferences and read up on different programs & strategies. Stay current with articles and subscriptions. Take a step back and block out time for yourself.

    - Be more engaged & build relationships within your company. Partner with legal or the board. Try creating a security committee.

    - Organizations need to understand that security education is an investment that is going last a long time.

    - As an adjunct professor at Pepperdine University, Laz is coaching and mentoring the next generation of business leaders. He helps them understand IT, security, data analytics and enterprise architecture, not in technical terms but understanding why they should build this as a part of their business or framework.
  • ITSPmagazine chats with Ted Harrington, Executive Partner, ISE Recorded: Feb 15 2017 22 mins
    Ted Harrington, Executive Partner, Independent Security Evaluators
    ITSPmagazine chats with Ted Harrington, Executive Partner, Independent Security Evaluators. Here are some of the highlights from the in-depth conversation:

    - Independent Security Evaluators focus on IoT centered around trying to understand the various trends and security vulnerabilities that exist in the multitude of connected devices. The team then tries to articulate solutions to any adversarial challenges uncovered.

    - Ted's basic definition of IoT is it is comprised of devices that are connected to the Internet. From a security standpoint, it effectively introduces vast new attack surfaces and new ways that attackers could violate the host environment.

    - No matter what IoT devices anyone may be talking about, they all have implications well beyond what appears on the surface.

    - Today the modern adversary uses whats called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim.

    - For the average consumer, Ted recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.

    - Security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don't know how to articulate it. The manufacturer should deliver the security "features" clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.

    - Ted is not a proponent of regulation as a security measure. Ted sees it fail time and time again because it is usually out of date and the adversary has already evolved.
  • ITSPmagazine chats with Pierre Calais from Stormshield During RSA Conference Recorded: Feb 15 2017 5 mins
    Pierre Calais, CEO, Stormshield
    ITSPmagazine discusses innovation, collaboration, teamwork, leadership, and diversity with Pierre Calais from Stormshield
  • ITSPmagazine chats with Kathy Hickey and Hadeel Dabbagh from CA Technologies Recorded: Feb 15 2017 7 mins
    Kathy Hickey, VP Security Product Management and Hadeel Dabbagh, Dir. Security Product Marketing
    ITSPmagazine chats with Kathy Hickey, Vice President Security Product Management, and Hadeel Dabbagh, Director, Security Product Marketing, from CA Technologies. Here are some of the highlights from our conversation:

    - Security is a part of everyone's job - not just the people in IT.

    - We need to raise awareness, especially for the young people, that there are many different skills and passions that can be brought to a security role.

    - We have to rethink the solutions we create in order to cater to the new buying patterns and new adopters of applications.

    - A hybrid IT environment is seen by CA Technologies as an opportunity vs a challenge; a chance to extend and leverage the new technologies and benefits the cloud brings.

    - A diverse team enables the company to be more creative in thinking and to think more outside the box - bringing to the table different perspectives and ideas to meet the needs of hybrid environments.

    - The market is changing rapidly with the adoption of cloud and increasing the attack surface.
  • ITSPmagazine chats with Jim Shaeffer, CEO from JSC & Associates, Inc. Recorded: Feb 15 2017 7 mins
    Jim Shaeffer, CEO from JSC & Associates, Inc.
    ITSPmagazine chats with Jim Shaeffer, CEO from JSC & Associates, Inc. Here are a few highlights from our conversation with Jim:

    - Jim and his team at JCS and Associates have seen tremendous change in the 26+ years of being in business serving banks and credit unions with a collection 15 vendor InfoSec solutions.

    - Some of the smaller customers JCS serves don't have the staffing budget to properly deploy, tune, and monitor a slough of security products - this is where JCS and team come in as a virtual CISO.

    - Jim is co-author of a new InfoSec book called Wolves, Sheep, and Sheepdogs - it took only 4 months to write and have it published.
  • ITSPmagazine chats with Alex Horan, Director of Product Management, Onapsis Recorded: Feb 15 2017 10 mins
    Alex Horan, Director of Product Management, Onapsis
    ITSPmagazine had a chance to chat with Alex Horan, Director of Product Management, Onapsis during RSA Conference 2017.

    Here are a few highlights from our conversation with Alex:

    Onapsis is in the business of helping organizations keep their ERP systems secure and compliant, systems that are often left alone due to their criticality and complexity.
    When it comes to responsibility and ownership of security for ERP systems, there is often a chasm in expectations between various groups.
    There is no one way that a person looks that matters when it comes to managing information security; diversity, and the value it brings, is driven by what's inside.
  • ITSPmagazine chats with Ruoting Sun, Principal Product Marketing Manager, DuoSec Recorded: Feb 15 2017 11 mins
    Ruoting Sun, Principal Product Marketing Manager, Duo Security
    ITSPmagazine chats with Ruoting Sun, Principal Product Marketing Manager, Duo Security.

    Here are some of the highlights from our discussion:

    - Ruoting discussed the need for integrated security that incorporates core system hygiene and policies with trusted application access control

    - The launch of Duo Beyond, is the first commercial implementation of Google’s Beyond Corp that moves toward a consistent access model regardless of the applications being accessed

    - The launch of a free anti-phishing training tool from Duo to help raise awareness – it’s not a one-time checklist, it’s an ongoing requirement – visit insight.duo.com

    - The more diversity you have, the wider perspectives you bring to the table – Duo encourages the inclusion of all backgrounds to help solve the security solution
  • ITSPmagazine chats with Lisa Xu, CEO, NopSec Recorded: Feb 15 2017 10 mins
    Lisa Xu, CEO, NopSec
    ITSPmagazine chats with Lisa Xu, CEO, NopSec. Here are some of the highlights from our conversation:

    - NopSec is in the space of vulnerability prioritization, designed to leverage both human and machine intelligence. The company's direction is to automate pen testing; applying machine learning to automate the tedious process and to then leave the human component for the remaining high level intelligence activities associated with complex exploitations.

    - The problem with vulnerability management comes in three key areas: data overload, lack of context and difficulty prioritizing remediation.

    - Lisa feels that diversity is not just limited to gender or demographic, it is about all different perspectives. As an industry, we can collectively do better by taking a broad collaborative approach and taking advantage of the skill sets and knowledge that comes from a broader universe - this will help us to stay ahead of the adversary.

    - As a woman CEO and an accomplished woman in tech, Lisa's advice to women in the industry is to just be fearless and prove yourself.
  • ITSPmagazine chats with Sarah Noyes, Director of Talent, Speak with a Geek Recorded: Feb 15 2017 18 mins
    Sarah Noyes, Director of Talent and SWAG Inclusive Diversity at Speak with a Geek (SWAG)
    ITSPmagazine chats with Sarah Noyes, Director of Talent and SWAG Inclusive Diversity at Speak with a Geek. Here are some of the highlights from our conversation:

    - SWAG - or Speak with a Geek, is a technical talent platform that started as a means to foster a tech talent community in which they provide opportunities: short term, full time, contract or project-based. They now have a couple million geeks in their network and their emphasis is really on community. Geek is used as an endearing term.

    - SWAG often times uses a blind resume process where the administrative details, such as gender, age, or even their last name, are excluded from the resume. This really helps promote diversity and break down biases during the interview process.

    - SWAG are constantly recruiting new talent every day through partnerships with resume bases, a great referral program, and even just word of mouth.

    - Diversity is very important to SWAG and diversity and inclusion are not just a mission for minorities, it's for everyone. In SWAG's view, diversity creates better business.
  • ITSPmagazine chats with Michael Liu, Director of DevOps, RealtyShares Recorded: Feb 15 2017 8 mins
    Michael Liu, Director of DevOps, RealtyShares
    ITSPmagazine chats with Michael Liu, Director of DevOps, RealtyShares. Here are some of the highlights from our conversation with Michael:

    - RealtyShares is a crowd-funded platform for investing in real estate projects. It allows you to invest in a large geographical area and in projects that could otherwise be out of reach.

    - Michael finds diversity in his company helps them in a lot of respects. They not only look for diversity in things like ethnic backgrounds but also job histories.

    - RealtyShares likes to use third-party products to help prove whether they are doing something they have promised to their customers, such as making sure their applications are safe and secure. One third party they have been using for 10 months and has really helped with their critical pen testing efforts is Cobalt.
  • ITSPmagazine chats with Jennifer Steffens, CEO, IOActive Recorded: Feb 15 2017 8 mins
    Jennifer Steffens, CEO, IOActive
    ITSPmagazine spoke with Jennifer Steffens, CEO, IOActive. Here are a few highlights from the conversation:

    - IOActive has been around for 20 years; they are a research driven security consultancy with a mission to make the world a more secure and safer place.

    - IOActive work with different universities and independent researchers, looking to bring together the best and brightest minds, wherever they can find them.

    - We are fighting an ever-changing adversary and building a diverse team to counter this threat is very important to IOActive.

    - It is a race to market right now with IOT devices and often security takes a back seat to revenue.
  • ITSPmagazine chats with Jim Reavis, Co-Founder and CEO, Cloud Security Alliance Recorded: Feb 15 2017 15 mins
    Jim Reavis, Co-Founder and CEO, Cloud Security Alliance
    ITSPmagazine chats with Jim Reavis, Co-Founder and CEO, Cloud Security Alliance. Here are some of the highlights from the conversation:

    - The Cloud Security Alliance is a not-for-profit organization where research is the foundation of what they do and is free for everyone to access.

    - CSA's CCSK certification was recently named by Certification Magazine as being the most valuable IT certification.

    - Jim has coined the phrase "Self-Driving Info Security" meaning making pieces of the information security process autonomous while enabling people to do more with less.

    - Diversity is critical to understanding different constituencies; it helps the CSA learn from so many different people based on their past experiences.

    - CSA encourages their chapters to do personal outreach and get in front of kids to help raise awareness and make an impact.
At the Intersection of IT Security & Society
ITSPmagazine is an online publication that focuses on Information Technology Security and the influence that it has on our everyday life, as Individuals and as the Society we live in. And, for a change, the other way around.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ITSPmagazine chats with Ted Harrington, Executive Partner, ISE
  • Live at: Feb 15 2017 5:00 pm
  • Presented by: Ted Harrington, Executive Partner, Independent Security Evaluators
  • From:
Your email has been sent.
or close