Manage episode 373800287 series 2774802
It can be difficult to quantify the impact of good CISO or IT professionals. Protecting the network, infrastructure, and data is a constant effort and they’ve got to get it right 100% of the time. But the criminals breaking in only need to get it right once.
Today’s guest is Raj Samani. Raj is the Chief Scientist for the cyber security firm Rapid7. He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Raj has been recognized for his contributions to the computer security industry through numerous awards and has co-authored several books and has been a technical editor in others.Show Notes:
[1:01] - Raj explains what he does for the cyber security firm, Rapid7, and how he got into the field.
[3:40] - In the beginning of his career, cyber security was more of a hobby.
[6:07] - There is a level of transparency, but Raj explains how things have to be absolutely certain before releasing information.
[7:32] - Raj introduces the topic of cyber security as a service.
[9:11] - Without the means to physically interrogate, it is hard to confirm theories about what is happening and who is doing it.
[12:01] - “The sooner we collectively as an industry start to provide more transparency, I think the better we’ll be.”
[13:57] - We see CISOs let go when a breach takes place. It is immature as an industry since there are no metrics to measure success.
[16:54] - Raj shares the experience of the explosion of Covid-19 related scams.
[20:40] - As security professionals, the job is never done.
[21:51] - Raj compares educating your children of online safety to wearing a seatbelt in your car.
[24:10] - The odds are certainly in favor of the cyber criminals.
[26:48] - Raj explains the estimation of money saved by preventing attacks, but also explains that there’s no true way to measure this.
[28:20] - If we aren’t reporting incidents, the government isn’t going to do anything because we can’t prove the impact.
[30:29] - Because it is a global issue, international law enforcement collaboration is crucial.
[34:17] - Now that cybercrime is so lucrative, they can actually pay for marketing and make their content much more believable than a simple email with a link.
[36:30] - It is a constant case of cat and mouse.
[40:32] - Raj does not use the word “hacker” to describe the individuals behind attacks. They are criminals.
[42:18] - Raj highly recommends the book Cuckoo’s Egg by Clifford Stoll.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.Links and Resources: