Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
Checked 3d ago
Added three years ago
Content provided by Claroty. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Claroty or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Nexus: A Claroty Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/the-big-pitch-with-jimmy-carr">The Big Pitch with Jimmy Carr</a></span>
The Big Pitch with Jimmy Carr is a brand new comedy podcast where each week a different celebrity guest pitches an idea for a film based on one of the SUPER niche sub-genres on Netflix. From ‘Steamy Crime Movies from the 1970s’ to ‘Australian Dysfunctional Family Comedies Starring A Strong Female Lead’, our celebrity guests will pitch their wacky plot, their dream cast, the marketing stunts, and everything in between. By the end of every episode, Jimmy Carr, Comedian by night / “Netflix Executive” by day, will decide whether the pitch is greenlit or condemned to development hell! Where does Nick Mohammed’s mind go when asked to make an ‘Everybody’s Home For The Holidays’ film? What’s the narrative arc for Romesh Ranganathan’s ‘BRB Crying’ tearjerker? What on earth would Michelle Wolf’s ‘Coming of Age animal tale’ look like? Find out on The Big Pitch. Listen on all podcast platforms and watch on the Netflix is a Joke YouTube Channel. New episodes every other Wednesday starting May 28th! The Big Pitch is a co-production by Netflix and BBC Studios Audio.
Alexander Antukh on Cyber Risk Quantification
Manage episode 431752268 series 3308427
Content provided by Claroty. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Claroty or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Alexander Antukh, CISO of AboitizPower in the Philippines, the country's largest power and renewable energy provider, joins the Nexus Podcast to discuss cyber risk quantification (CRQ). CRQ is a popular framework used to assess the financial impact of a cybersecurity threat on an organization. Antukh is an advocate of CRQ, and discusses his approach to using it to predict risk in his organization, what level of organizational maturity is required for this approach to succeed, and how it's being applied in operational technology (OT) environments.
For more, visit nexusconnect.io/podcasts
98 episodes
Share
Manage episode 431752268 series 3308427
Content provided by Claroty. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Claroty or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Alexander Antukh, CISO of AboitizPower in the Philippines, the country's largest power and renewable energy provider, joins the Nexus Podcast to discuss cyber risk quantification (CRQ). CRQ is a popular framework used to assess the financial impact of a cybersecurity threat on an organization. Antukh is an advocate of CRQ, and discusses his approach to using it to predict risk in his organization, what level of organizational maturity is required for this approach to succeed, and how it's being applied in operational technology (OT) environments.
For more, visit nexusconnect.io/podcasts
98 episodes
All episodes
×
1 Megan Stifel on the Impact of the Ransomware Task Force 29:48
29:48 
Play Later 
Play Later 
Lists 
Like 
Liked29:48
Play Later Play Later Lists Like LikedMegan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force . The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report , laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs. Stifel covers the growth of the task force and which the of the 48 recommendations have been tackled and which remain. Listen and subscribe to the Nexus Podcast on your favorite platform .…
1 Joe Slowik on Identifying Truly 'Critical' Infrastructure 29:47
29:47 Play Later Play Later Lists Like Liked29:47
Play Later Play Later Lists Like LikedSecurity researcher Joe Slowik joins the Nexus Podcast to discuss the broad interpretation of what critical infrastructure entities are truly "critical," and how that creates an ethical wedge between protecting the well-resourced and those that are resource-strapped. Slowik acknowledges that while calling everything "critical" ensures that nothing is critical, serious discussions must be had about getting the most return in terms of defensive resources while recognizing the ethical dilemmas that some entities cannot be left behind because they're not as important to overall national and economic security. Listen and subscribe to the Nexus Podcast on your favorite platform .…
1 Danielle Jablanski on Critical Infrastructure Protection 41:26
41:26 Play Later Play Later Lists Like Liked41:26
Play Later Play Later Lists Like LikedDanielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform .…
1 Cassie Crossley on Hardware Security, HBOMs 28:20
28:20 Play Later Play Later Lists Like Liked28:20
Play Later Play Later Lists Like LikedSchneider Electric Vice President of Supply Chain Security Cassie Crossley joins the Nexus Podcast to discuss the nuances of hardware security and the growing need for hardware bills of materials (HBOMs) within critical infrastructure. Cassie covers the use cases and features that matter most within an HBOM, some of the threats and weaknesses they can illuminate for users, and how they can change the current status quo for CI sectors that have concerns about the provenance of hardware components and the threats they pose. Cassie is an experienced cybersecurity technology executive in information technology and product development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” Listen and subscribe to the Nexus Podcast here .…
1 Christiaan Beek on Ransomware's Evolution and Economics 30:05
30:05 Play Later Play Later Lists Like Liked30:05
Play Later Play Later Lists Like LikedRapid7 Senior Director of Threat Analytics Christiaan Beek joins the Nexus Podcast to discuss the technical evolution and economic models that maintain ransomware's viability among threat actors. Ransomware became a for-profit threat more than a decade ago and has progressed into the No. 1 threat facing many critical infrastructure organizations. In this episode, Beek covers extortion characteristics, the stealthiness of some attacks, and how the future may include hardware-based ransomware that maintains indefinite persistence. Follow and subscribe to the Nexus Podcast .…
1 Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard 40:39
40:39 Play Later Play Later Lists Like Liked40:39
Play Later Play Later Lists Like LikedFlorence Hudson, working group chair of the IEEE/UL 2933 standard and framework for Clinical IOT Data and Device Interoperability with TIPPSS, joins the Nexus Podcast. Published last September, the standard establishes a framework for secure data exchanges between clinical IoT and medical devices and systems. The frameworks is based on TIPPSS principles (trust, identity, privacy, protection, safety, and security) clinical IoT such as in-hospital devices, wearable devices, investigational devices. Follow and subscribe to the Nexus Podcast .…
1 Mike Holcomb on Starting and Succeeding in OT Cybersecurity 42:40
42:40 Play Later Play Later Lists Like Liked42:40
Play Later Play Later Lists Like LikedMike Holcomb, global lead for ICS and OT cybersecurity at Fluor , joins the Nexus Podcast to discuss his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems. Mike produces and hosts a learning series available for free on YouTube called " Getting Started in ICS/OT Cyber Security " where he explains the fundamentals of this unique cybersecurity discipline On the podcast, he discusses his experience with those in IT now responsible for OT, how to best assess and mitigate risk within OT, and some of the practical threats that matter most to practitioners. Follow the Nexus Podcast here.…
1 Ron Fabela on Low-Skilled OT and ICS Threat Actors 36:33
36:33 Play Later Play Later Lists Like Liked36:33
Play Later Play Later Lists Like LikedRon Fabela of ABS Consulting joins the Nexus Podcast to dispel some of the myths surrounding threat actors targeting operational technology and industrial control systems. Groups such as the Russian Cyber Army, UserSec, and the CyberAv3ngers have different ideological motivations, and have decidedly carried out low-impact attacks on OT. Fabela covers some of their tactics, whether they're better marketers than hackers, and reminds users that their exploits still merit investigation and remediation. Listen to every episode of the Nexus Podcast here .…
1 Munish Walther-Puri on Creating a Scale for Cybersecurity Incidents 33:25
33:25 Play Later Play Later Lists Like Liked33:25
Play Later Play Later Lists Like LikedMunish Walther-Puri of the Center for Global Affairs at New York University joins the Claroty Nexus podcast to discuss a homegrown severity scale for critical infrastructure cybersecurity incidents. The Infrastructure Cyber Incident Scale, or INCI Scale, brings a Richter-Scale-like criticality index to incidents based on the intensity, magnitude, and duration of an event. Walther-Puri unveiled the scale at the S4 Conference in Tampa.…
1 Brian Foster on the Risks of a Hyperconnected Grid 27:17
27:17 Play Later Play Later Lists Like Liked27:17
Play Later Play Later Lists Like LikedBrian Foster, Senior Advisor for Grid Security at Southern California Edison, joins the Nexus Podcast to discuss a presentation he gave at the S4 Conference called . Foster covers the impending risk and host of exposures expected as smart meters and other similar devices are centrally managed online. This scenario gives attackers the ability to attack devices at scale and potentially cause catastrophic damage. Listen to every episode of the Nexus Podcast here.…
1 CISA's Matthew Rogers on Secure by Demand for OT 39:23
39:23 Play Later Play Later Lists Like Liked39:23
Play Later Play Later Lists Like LikedMatthew Rogers, ICS Cybersecurity Strategy & R&D Lead at the Cybersecurity & Infrastructure Security Agency (CISA) joins the Nexus Podcast to discuss the agency's latest publication: “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This guide features 12 cybersecurity recommendations that OT owners and operators should be looking for during procurement cycles with automation and control system vendors. Read Claroty's blog on the guide . Listen to every episode of the Nexus Podcast here .…
Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to discuss the IOCONTROL malware used by an Iranian APT actor known as the CyberAv3ngers to target civilian critical infrastructure in the U.S. and Israel. The malware acts as a Linux-based backdoor and has a modular configuration that can be adapted for IoT, OT, and SCADA devices. Read Team82's research blog: " Inside a New OT/IoT Cyberweapon: IONCONTROL " Listen and subscribe to the Nexus Podcast here .…
Claroty Team82's Noam Moshe and Tomer Goldschmidt join the Nexus Podcast to discuss the research team's latest publication on 10 vulnerabilities discovered in Ruijie Networks' Reyee OS cloud platform. A chain of these vulnerabilities could allow an attacker to remotely execute code on any device connected to the Ruijie cloud. Team82 also developed an attack they call Open Sesame which allows an attacker in proximity of a Ruijie device to use leaked device information and access the internal network. You can find the research here on Team82's website . Listen and subscribe to the Nexus Podcast here .…
1 Volexity's Steven Adair on the Nearest Neighbor Attack 37:23
37:23 Play Later Play Later Lists Like Liked37:23
Play Later Play Later Lists Like LikedVolexity founder Steven Adair joins the Claroty Nexus Podcast to discuss the Nearest Neighbor Attack, a unique attack carried out by Russia's APT 28 against a high-value target in an attempt to gain intelligence on Ukraine prior to the start of the war in February 2022. APT 28 was able to compromise the Wi-Fi network of its target without being in physical proximity of it. They did so by remotely compromising neighboring organizations, accessing their Wi-Fi networks—creating a daisy-chain of breaches and compromises—until they were able to reach their target. Volexity's blog contains additional technical details. Listen to every episode of the Nexus Podcast here .…
1 Joe Saunders on Advanced Cyberattacks Against Critical Infrastructure 34:43
34:43 Play Later Play Later Lists Like Liked34:43
Play Later Play Later Lists Like LikedRunsafe Security CEO and Cofounder Joe Saunders joins the Nexus Podcast to discuss the strategic shift from certain APTs toward destructive cyberattacks targeting U.S. critical infrastructure. Groups such as Volt Typhoon and Sandworm have aggressively focused their efforts on hacking OT, IoT, and healthcare organizations, opening new fronts that asset owners and operators, as well as manufacturers of embedded systems must now contend with.…
N
Nexus: A Claroty Podcast
1 Grant Geyer on the Business Impact of Disruptions from Cyberattacks 25:03
25:03 Play Later Play Later Lists Like Liked25:03
Play Later Play Later Lists Like LikedClaroty Chief Strategy Officer Grant Geyer joins the Nexus Podcast to discuss the results of a survey of 1,100 cybersecurity leaders and practitioners on the business impact of disruptions from cyberattacks on cyber-physical systems. The financial losses are steep from these attacks impacting connected systems that are so central to our way of life, as are the recovery costs and operational impacts such as downtime, which is often intolerable in critical industries such as manufacturing and healthcare. Geyer brings his unique insights to the discussions, including attackers' motivations in targeting CPS, why ransomware continues to impact healthcare delivery organizations, and the risks of unsecured third-party and supply chain connections to the enterprise. Get the full survey results here .…
N
Nexus: A Claroty Podcast
1 Alethe Denis on Social Engineering, Red-Teaming 43:45
43:45 Play Later Play Later Lists Like Liked43:45
Play Later Play Later Lists Like LikedBishop Fox senior security consultant Alethe Denis joins the Claroty Nexus podcast to discuss social engineering in cybersecurity and how it has become part of red-team engagements, especially inside critical infrastructure organizations. She explains the value of open source intelligence and data stolen in breaches to scammers and extortionists in creating pretexts for their schemes. She also explains how to best defend against these tactics that aid threat actors in weaponizing personal information against victims and organizations. For more, visit nexusconnect.io/podcasts .…
N
Nexus: A Claroty Podcast
1 Alon Dankner on Extracting Crypto Keys from PLCs 27:58
27:58 Play Later Play Later Lists Like Liked27:58
Play Later Play Later Lists Like LikedAlon Dankner of the Technion Institute for Technology in TelAviv Israel joins the Claroty Nexus Podcast to discuss a presentation he gave at the recent Black Hat cybersecurity conference in Las Vegas. Dankner and colleague Nadav Adir's presentation looked at the attack surface of programmable logic controllers (PLCs), in particular Siemens’ S7 protocol. Dankner and Adir developed six attacks against the encryption implementation in the protocol that expose private crypto keys and allow an attacker full control over the industrial control system. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Noam Moshe on Extracting Forensic Data from Unitronics PLCs 27:52
27:52 Play Later Play Later Lists Like Liked27:52
Play Later Play Later Lists Like LikedClaroty Team82 researcher Noam Moshe joins the Nexus Podcast to talk about Team82’s research into Unitronics Vision series integrated HMI/PLC devices. The OT devices were exploited last year in attacks against water treatment facilities in the U.S. and Israel. Team82 researched the security of these devices and developed a pair of tools that allowed them to extract forensic information from the PLCs. Both tools were released to open source on Team82’s Github page. Moshe also presented this research today at the Black Hat Briefings in Las Vegas. Read Team82’s research blog here. Download the forensics tools here. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Alexander Antukh on Cyber Risk Quantification 43:05
43:05 Play Later Play Later Lists Like Liked43:05
Play Later Play Later Lists Like LikedAlexander Antukh, CISO of AboitizPower in the Philippines, the country's largest power and renewable energy provider, joins the Nexus Podcast to discuss cyber risk quantification (CRQ). CRQ is a popular framework used to assess the financial impact of a cybersecurity threat on an organization. Antukh is an advocate of CRQ, and discusses his approach to using it to predict risk in his organization, what level of organizational maturity is required for this approach to succeed, and how it's being applied in operational technology (OT) environments. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Vincente Diaz on Using AI for Malware Analysis 27:38
27:38 Play Later Play Later Lists Like Liked27:38
Play Later Play Later Lists Like LikedVincente Diaz, Threat Intelligence Strategist on Google’s VirusTotal team and formerly the EU director of Kaspersky Lab’s Global Research & Analysis Team, joins the Nexus Podcast to discuss how artificial intelligence and machine learning is an integral part of what VirusTotal is doing around malware analysis. Vincente describes the advantages these advanced technologies bring to malware analysis, in particular how it cuts down analysis time, and improves exploit detection. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
Ahmik Hindman, Senior Network and Security Solution Consultant at Rockwell Automation, joins the Claroty Nexus podcast to discuss the challenges and success stories he's experienced in patching operational technology equipment and industrial control systems. Hindman has been at Rockwell Automation for 28 years and has expansive experience with customers solving these complex cybersecurity issues. Hindman shares some of the frameworks, tools, and approaches he's worked with, and how convergence and other recent trends have changed how organizations handle vulnerabilities. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
Dr. Bilyana Lilly , an expert on geopolitics and Russia’s codification of information warfare as a strategy, says that the war in Ukraine has only temporarily delayed Russia’s activity against the West in cyberspace. On this episode of the Nexus podcast, she reinforces the idea that despite the fact that Russia is operating under severe resource constraints, CISOs should be preparing for the inevitable. “I think it’s important to identify the conditions and the constraints that currently the Russian government is currently experiencing. Because once these constraints are lifted then I think we’ll see an increase in cyber activity, which gives us some time to prepare,” Lilly said. “That’s what I think we should be doing right now. I think we shouldn’t be letting our guard down because I think those attacks are coming.” For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Vinnie Liu on Offensive Security Testing During Incidents 29:30
29:30 Play Later Play Later Lists Like Liked29:30
Play Later Play Later Lists Like LikedBishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Diana Kelley on Protecting the AI Lifecycle 26:11
26:11 Play Later Play Later Lists Like Liked26:11
Play Later Play Later Lists Like LikedProtect AI Chief Information Security Officer Diana Kelley joins the Claroty Nexus podcast to discuss the intricacies of securing machine learning and artificial intelligence use inside the enterprise. She also explains the concept of MLSecOps and how it compares and contrasts to DevOps used in application development. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Jennifer Minella on OT Cybersecurity Convergence 29:56
29:56 Play Later Play Later Lists Like Liked29:56
Play Later Play Later Lists Like LikedJennifer Minella, founder and principal advisor of Viszen Security , joins the Claroty Nexus podcast to discuss her experiences advising organizations on operational technology implementations, risk management, and succeeding at IT/OT convergence. This episode was recorded during RSA Conference where Jennifer and Bryson Bort gave a talk on convergence from the perspectives of a defender of industrial networks, and from the viewpoint of an offensive security specialist. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Charles Blauner on the Changing Role of the CISO 31:00
31:00 Play Later Play Later Lists Like Liked31:00
Play Later Play Later Lists Like LikedCharles Blauner, Team8 operating partner and CISO in residence, joins the Claroty Nexus podcast to discuss the rapid changes in responsibilities and liability risks facing today's chief information security officers. Blauner, former CISO at JP Morgan and Deutsche Bank, describes how, for example, the new SEC rules around disclosures and incidents, along with legal action against high-profile CISOs of public companies, have some security leaders re-thinking how they operate and negotiate within their roles. He also discusses whether enterprises should brace for an exodus of those in the CISO chair today. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Mikko Hypponen on a Decade of Corporate Ransomware Attacks 32:18
32:18 Play Later Play Later Lists Like Liked32:18
Play Later Play Later Lists Like LikedCybersecurity pioneer Mikko Hypponen joins the Claroty Nexus live at the RSA Conference to discuss a decade of ransomware attacks against corporate networks. Hypponen is Chief Research Officer at WithSecure, the former F-Secure for Business. He has observed and analyzed malware from its infancy when it was a merely a means of disruption and attention-seeking to today's enormously profitable ransomware services and gangs . For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Adm. Michael Rogers on Geopolitics and Cybersecurity 27:57
27:57 Play Later Play Later Lists Like Liked27:57
Play Later Play Later Lists Like LikedFormer NSA Director Adm. Michael S. Rogers (Ret. USN) joins the Claroty Nexus Podcast live from RSA Conference in San Francisco to discuss the current geopolitical climate, its impact on chief information security officers, and how they can and should response. Rogers discusses how the doctrines of adversaries are changing and that U.S. critical infrastructure is increasingly in the crosshairs. He also brings his experience and delivers practical advice for CISOs who are not only dealing with external adversaries but also potential legal liability in the event of breaches. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Abel Archundia on Complexity in Critical Infrastructure 35:37
35:37 Play Later Play Later Lists Like Liked35:37
Play Later Play Later Lists Like LikedAbel Archundia, chief technology officer and global head of advisory for Istari, joins the Claroty Nexus podcast to discuss the nature of complexity, technical debt, and regulation, and how it influences risk decisions in critical infrastructure environments. He explains the challenges complexity brings to manufacturing, pharmaceuticals, and other CI sectors, and how owners and operators may feel outmatched by technical debt. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Greg Garcia on the Change Healthcare Cyberattack 44:35
44:35 Play Later Play Later Lists Like Liked44:35
Play Later Play Later Lists Like LikedGreg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future. Garcia has had a long career on the policy side of cybersecurity, and was the first presidentially appointed Assistant Secretary for Cybersecurity at the Department of Homeland Security. In this episode, he discusses where organizations are in terms of recovery from the impacts of the attack, longterm impacts on the healthcare sector, and how the HSCC's recently published five-year strategic plan for organizations in the crosshairs. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Ryan Pickren on New Web-Based PLC Malware Research 35:17
35:17 Play Later Play Later Lists Like Liked35:17
Play Later Play Later Lists Like LikedRyan Pickren, a Ph.D. student in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, joins the Claroty Nexus podcast to discuss a recently published research paper that explains a new web-based malware attack against programmable logic controllers. Pickren, the lead author, along with colleagues Tohid Shekari, Saman Zonouz, and Raheem Beyah, explains how embedded webservers inside modern PLCs can be attacked to give remote attackers full control over the device. Check out their paper: “Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware” For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Mike Rogers on Understanding a CISO's Personal Exposure in Cyber Incidents 37:26
37:26 Play Later Play Later Lists Like Liked37:26
Play Later Play Later Lists Like LikedHormel Foods Chief Information Security Officer and Director of Information Security and Compliance Mike Rogers joins the Claroty Nexus podcast to discuss why it's so important for CISO's to understand their personal liability during cybersecurity incidents. New regulations, including the SEC's cybersecurity rules, are driving this need for security leadership to evaluate to manage their personal exposure. Rogers provides his perspective on the SEC rules, how incident response is changing, and the ambiguity around exactly what constitutes a "material" incident. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Team82 Answers More of your OT Cybersecurity Questions 31:58
31:58 Play Later Play Later Lists Like Liked31:58
Play Later Play Later Lists Like LikedNoam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders. This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode here. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along with that expansion of capabilities comes a wider attack surface, and Piacquadio spends a good deal of time explaining not only the threat landscape he envisions, but also how giant pharmaceuticals, the supply chain, and security providers must respond. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 David Elfering on CISOs and Cyber Liability Insurance 44:19
44:19 Play Later Play Later Lists Like Liked44:19
Play Later Play Later Lists Like LikedDavid Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings insight on that perspective, how carrier cybersecurity requirements align with risk reduction, red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict. For more, visit nexusconnect.io/podcasts…
N
Nexus: A Claroty Podcast
1 Team82 Answers Your Vulnerability Research Questions 28:47
28:47 Play Later Play Later Lists Like Liked28:47
Play Later Play Later Lists Like LikedTeam82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems.…
N
Nexus: A Claroty Podcast
1 Mandiant on Sandworm APT Attacks in Ukraine 30:27
30:27 Play Later Play Later Lists Like Liked30:27
Play Later Play Later Lists Like LikedNathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine. Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a power outage. That outage also coincided with missile attacks by Russia against critical infrastructure in Ukraine. Read Mandiant's Sandworm paper here .…
N
Nexus: A Claroty Podcast
1 Don Weber on Security Culture in Control Environments, STAR Methodology 44:41
44:41 Play Later Play Later Lists Like Liked44:41
Play Later Play Later Lists Like LikedDon Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR: IACS STAR Calculator IACS STAR GitHub…
N
Nexus: A Claroty Podcast
Misha Belisle and Blaine Jeffries of MITRE join the Claroty Nexus podcast to discuss Caldera for OT, a new set of operational technology plugins for the open source core Caldera adversary emulation platform. Caldera for OT supports the Modbus, BACnet, and dnp protocols, and Belisle and Jeffries hope to add future support for additional protocols. Red and purple teams may use Caldera for OT for adversary emulation in order to understand the exposure of these protocols to attacks. Caldera for OT is available here.…
N
Nexus: A Claroty Podcast
Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems. Labonty also shares his experience during his time at Pfizer in securing the development of Pfizer's Covid-19 vaccine, and how not only security of the manufacturing process took top priority, but also supply chain security.…
N
Nexus: A Claroty Podcast
1 Stephen Reynolds on Protecting the CISO During Incident Investigations 33:46
33:46 Play Later Play Later Lists Like Liked33:46
Play Later Play Later Lists Like LikedStephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, joins the Nexus Podcast to discuss some of the concerns and questions CISOs and other security executives may have about their personal liability and exposure during breach investigations. The short of it: Don’t panic, but don’t be unprepared either. In this case, preparation equates to having personal legal counsel available, and document everything during an incident. Reynolds and Eli Lilly associate VP and assistant general counsel Nick Merker presented on this topic at Black Hat under the context of the case and conviction of former Uber CISO Joe Sullivan . Sullivan was convicted of obstruction of justice and misprision of a felony for his role in covering up a breach at Uber. Reynolds cautions that CISOs always remember that corporate counsel represent the company, and any attorney-client privilege is to the company and not the individual. He also reminds leaders to document the facts and information available at the time key decisions were made during an incident.…
N
Nexus: A Claroty Podcast
1 Team82 on NAS Research, OPC UA Exploit Framework 34:30
34:30 Play Later Play Later Lists Like Liked34:30
Play Later Play Later Lists Like LikedTeam82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON disclosing vulnerabilities in Synology and Western Digital NAS cloud connections and the unveiling of a unique OPC UA exploit framework. In this episode of the Nexus podcast, researcher Noam Moshe explains how both research initiatives came to be, the implications of each for users, and how the respective ecosystems have been made safer. Read our Synology research Read our Western Digital research Read about our OPC UA exploit framework Download the framework…
N
Nexus: A Claroty Podcast
1 Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk 26:30
26:30 Play Later Play Later Lists Like Liked26:30
Play Later Play Later Lists Like LikedIn this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities. Petro and Vargas explain a number of protocol weaknesses and vulnerabilities that defeat OSDP's promise of encryption and security. Through the attacks they describe, they're able carry out—among others—replay or downgrade attacks, which are enabled by severe key exchange vulnerabilities or weakened crypto keys as described in the protocol. Petro and Vargas unveiled this research during a presentation at Black Hat USA in Las Vegas.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to Nexus: A Claroty Podcast
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
