Go offline with the Player FM app!
DtSR Episode 253 - Defending the Small-to-Medium Enterprise
Archived series ("Inactive feed" status)
When? This feed was archived on April 01, 2023 22:02 (). Last successful fetch was on February 21, 2023 20:16 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 183062975 series 12320
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.
- Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
- MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/
This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:
- SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
- How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
- SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
- Other challenges - including how to achieve scale
Guest:
- Shon Gerber
- Current
- CISO for multinational chemical company with approximately 10K employees
- Recent Past
- Security Operations Supervisor for multi-national company 100K employees
- Senior Security Architect with multi-national
- Air Force Red Team - Squadron Commander
- Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)
- Current
574 episodes
Archived series ("Inactive feed" status)
When? This feed was archived on April 01, 2023 22:02 (). Last successful fetch was on February 21, 2023 20:16 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 183062975 series 12320
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.
- Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
- MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/
This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:
- SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
- How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
- SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
- Other challenges - including how to achieve scale
Guest:
- Shon Gerber
- Current
- CISO for multinational chemical company with approximately 10K employees
- Recent Past
- Security Operations Supervisor for multi-national company 100K employees
- Senior Security Architect with multi-national
- Air Force Red Team - Squadron Commander
- Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)
- Current
574 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.