Cyber Security Sauna brings you expert guests with sizzling insight into the latest information security trends and topics. WithSecure's Janne Kauhanen hosts the show to make sure you know all you need to about the hotter-than-ever infosec game. Join us as we sweat out the hot topics in security.
📻 Siste episoder av Cyber Security Sauna
Her er de nyeste episodene tilgjengelige via RSS-feeden:
086| Why showing value is more important for CISOs than ever (00:38:29)
CISOs find themselves at the forefront of safeguarding sensitive information, ensuring regulatory compliance, and protecting their organizations from constantly evolving cyber risks. Today, we are joined by Cybersecurity Strategist and Eclipz.io Inc. CISO Matthew Rosenquist and WithSecure CISO Christine Bejerasco to discuss why making senior leadership and the board clear on the value that CISOs bring to the table.
085| NIST Cyber Security Framework V.2 – Help or Hindrance? (00:44:04)
The NIST Cyber Security Framework has helped secure organizations for nearly a decade and while it's proven to be an invaluable tool, it's gotten a bit long in the tooth for a cyber security landscape that never stays static. Enter V.2 which goes a long way in identifying the increasing cyber risk in organizations and implementing more governance, oversight and senior leadership accountability. For this episode we were joined by very special guest Cybersecurity Strategist and Eclipz.io Inc. CISO, Matthew Rosenquist, and WithSecure CISO Christine Bejerasco to discuss if the new framework will be enough and whether it will help or hinder CISOs. Read more: https://www.withsecure.com/en/expertise/resources/navigating-nist-csf-2 Check out the recent webinar with Matthew Rosenquist and Christine Bejerasco for further discussions on the NIST Cyber Security Framework V.2.
084| Let's Talk About Threats Baby (00:31:05)
A successful cyber defense should protect an organization's critical assets from today's threats, not yesterday's. For this episode, we sat down with threat intelligence analysts Stephen Robinson and Ziggy Davies, two such people responsible for keeping tabs on threats and recent developments, to discuss updates on the threats currently affecting organizations. Check out the latest insights from the WithSecure Countercept Threat Intelligence team. Read the report on the professionialization of cybercrime
083| Security by design for CISOs (00:09:44)
The term Shifting Left has not been traditionally associated with cyber security. In this episode, WithSecure CISO Christine Bejerasco lays out the case for how shifting left can evolve beyond its origins in software development to be a powerful tool for successful security and business outcomes. Recorded on-site at #SPHERE23.
082| Hyped and Hacked - AI in Cyber Security (00:13:38)
As Mikko Hyppönen said recently, we are indeed in the midst of the hottest AI summer ever, and the hype level is off the charts. Yes, AI presents amazing opportunities, but unfortunately, also threats. Nowadays, practically anyone with a passing interest in using it has a lot of power at their fingertips - no PhD is necessary. Naturally, we must view all of this through the lens of the cyber security industry. We sat down with Ian Beacraft, Founder and Chief Futurist of Signal and Cipher, and Tom Van de Wiele, Principal Technology and Threat Researcher at WithSecure, to discuss if we are getting too worked up about AI and what it means for cyber defenders either way. Recorded on-site at #SPHERE23.
081| Mudge - the man, the myth, the mythbusting (00:12:54)
We have the pleasure of being joined by the one and only Peiter "Mudge" Zatko, network security expert, open-source programmer, writer, and hacker, with a rapid-fire discussion on some myths in the cyber security industry that could do with busting, sprinkled with some truths that could do with trusting. This episode was recorded on-site at #SPHERE23.
080| The Power Of Putting Security Outcomes First (00:16:19)
As security is primarily about stopping bad things from happening, victories are often silent. At the same time, failures are often very public, so how can organizations tell when their security is paying off? In this episode, we are joined by guest speaker Laura Koetzle, Vice President and Group Director at Forrester and Robin Oldham, CEO of consulting firm Cydea, to discuss assessing the value of a result that produces nothing. Recorded on-site at #SPHERE23.
079|(Mind the) Detection and Response Gap (00:31:17)
The time that an attacker spends on a network before attempting to achieve their objective is decreasing rapidly, making many organizations' typical detection and response solutions ineffective. Speed is the key, but unfortunately the gap between detection and response is growing. In this episode, we are joined by WithSecure's Threat Hunter Jojo O'Gorman and Principle Incident Response Consultant Mehmet Surmeli to discuss what we can do to solve these challenges. Read more >> https://www.withsecure.com/en/expertise/resources/how-to-identify-your-response-gaps?utm_source=libsyn&utm_medium=podcast&utm_campaign=gl-pr-response-gap-tool Check out our Response Gap Assessment tool >> https://www.withsecure.com/en/solutions/incident-readiness-and-response/identify-your-response-gap?utm_source=libsyn&utm_medium=podcast&utm_campaign=gl-pr-response-gap-tool
078| John Grant on the relationship between sustainability and cyber security (00:13:29)
The development of new sustainable technologies undoubtedly benefits society, but it also opens the door to new cyber security challenges. For this episode, we were on-site at SPHERE23 with author John Grant to discuss the challenges for organizations to be sustainable and secure.
077| Jessica Berlin and Stephen Robinson on the cyber front (00:16:59)
Russia's invasion of Ukraine changed the entire geopolitical landscape. For this episode, we were on-site at SPHERE23 with security and foreign policy analyst Jessica Berlin, and threat intelligence analyst Stephen Robinson, to discuss the use of cyber attacks and disinformation as policy instruments in the wake of the invasion.
076| What we get wrong (and right) about APTs (00:40:55)
Advanced persistent threats, or APTs, are generally seen as a sort of apex predator in the cyber threat landscape. And while they're certainly noteworthy, their reputation can distort what makes them unique, and what they may have in common with other adversaries. In this episode, we're joined by Senior Threat Intelligence Analyst Stephen Robinson, and Security Consultant Richard Suls, to shed some light on APTs and how we can protect ourselves against them. Read more:https://labs.withsecure.com/publications/no-pineapple-dprk-targeting-of-medical-research-and-technology-sector
075| Winning with outcome-based security (00:41:26)
Security protects organizations from cyber attacks. However, studies show that limiting your understanding of security to this basic premise can hinder protection efforts or even other business goals. Instead of spending more and more on security to simply keep things running, maybe it's time for a different approach. In this episode, we are joined by WithSecure Chief Information Security Officer Christine Bejerasco, and guest speaker Laura Koetzle, Vice President and Group Director at Forrester to discuss a strategy called outcome-based security.
074| Do you even patch bro? (00:38:04)
Vulnerabilities and security gaps are increasingly being identified in software and applications daily. Attackers are often quick to act when any vulnerabilities are made known - even within minutes. You may have heard of the term patching in cyber security, but what is it exactly, and how does it figure into an organization's security posture? WithSecure security consultants Katie Inns and Antti Laatikainen join us to discuss all things patching.
073| 2023 - Looking Forward (00:22:51)
In our last episode, we were joined by cyber security advisor Paul Brucciani and WithSecure Intelligence Researcher Andy Patel to discuss some notable 2022 infosec developments. Now that 2022 is in the rear-view mirror, all eyes are turning to the year ahead. What should we expect? Is there some disaster on the horizon for which we need to prepare? Conversely, are there any positive devlopments that we can look forward to? We're once again joined by Paul and Andy to discuss some of the trends we should look out for in 2023.
072| 2022 Wrap-Up (00:22:19)
As the year draws to a close, it's time for us to review and reflect on notable infosec events and trends from 2022, and also what might happen in 2023. In this episode we're joined by cyber security advisor Paul Brucciani and WithSecure Intelligence Researcher Andy Patel to hear their thoughts on the impact of Russia's invasion of Ukraine on cyber security, what they think about the changes at Twitter, and other significant developments from the last 12 months.
071| Deepfakin it: AI content in cyber attacks (00:22:41)
Until recently, AI-generated synthetic content has been more commonly used for gaming and art creation, where the tech is still relatively new, and pixel perfection is unnecessary. However, with the tech rapidly advancing in complexity and speed, it's probably only a matter of time before it's genuinely challenging to determine if something is fake or not. Unfortunately, this increase in technology will also provide many avenues for disinformation and other assorted nefariousness. Digital artist and YouTuber Nerdy Rodent and WithSecure Researcher Andy Patel join is to discuss how the technology is developing and its possible implications, good and bad.
Cyber Security Sauna: Breaking Views – The Vastaamo case (00:31:55)
In this Cyber Security Sauna special edition podcast, we cover new developments in the data breach of Finnish Psychotherapy provider Vastaamo in 2020. This case has recently hit the news again, with the Finnish authorities arresting a suspect in absentia. The suspect in the breach and subsequent leaking of patient data is a 25-year-old Finnish citizen. Officials believe he is at large somewhere in Europe. Neglect by Vastaamo system administrators prior to the incident has also been called out by officials and cyber security experts. Cyber Security Sauna host Janne Kauhanen is joined by WithSecure™ CRO Mikko Hypponen and CISO Erka Koivunen to discuss the history of the attack, what possibly drove the subject to the dark side, and the ethics of securing data within a fast-growing company.
070| Crowdsourcing Security with Bug Bounties (00:42:53)
Bug bounties (also known as vulnerability reward programs) crowdsource security expertise to address vulnerabilities in products or services before attackers exploit them. Many companies have adopted reward programs and sometimes offer hefty rewards for finding vulnerabilities. It's a great way for white hat hackers to make some money and showcase their talents for a possible job, and for companies to improve their security. In this episode, we're joined by Intigriti's Head of Hackers, Inti De Ceukelaire, a bug bounty expert that connects organizations with the ethical hacking community, and WithSecure's Chief Information Security Officer Erka Koivunen. https://www.intigriti.com/
069| Cyber conflicts, Corporations and Collateral damage (00:31:59)
Geo-political conflicts are increasingly being played out in cyberspace, and organizations, whether they are aware or not, are often caught in the crossfire. Janne Taalas and Johannes Laaksonen from CMI - Martti Ahtisaari Peace Foundation and WithSecure™ Chief Technology Officer Christine Bejerasco joined us to discuss how we can resolve these conflicts and try to make cyberspace a safer place for everyone. CMI – Martti Ahtisaari Peace Foundation
SPHERE SESSION | Johanna Småros on winning the algorithmic retail (00:09:32)
Co-founder & CMO at RELEX Solutions, Johanna Småros, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on supply chain management, both in retail and in a broader aspect.
SPHERE SESSION | Matthew Rosenquist on why value is the cybersecurity blindspot (00:13:01)
CISO and cybersecurity Strategist, Matthew Rosenquist, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on why we should aim to maximise value in cybersecurity.
068|The other TTPs: Tools, technologies, and people (00:25:40)
In this episode, we're joined by Frank Fransen, Senior Scientist in Cyber Security at TNO, and Technical Coordinator of the EU's SOCCRATES project, which is developing a new cybersecurity-oriented decision-making platform, and John Rogers, Global Head of Incident Response for WithSecure™, to discuss the role automation can and should play in cyber defenses. SOCCRATES website https://www.soccrates.eu/ SOCCRATES final event: 'Innovation for Next Generation SOCs' is on 19 October 2022ools, technologies, and people SOCCRATES final event: 'Innovation for Next Generation SOCs' - Soccrates SOCCRATES Vision Paper https://www.soccrates.eu/wp-content/uploads/2022/05/SOCCRATES-Vision-Paper.pdf
SPHERE SESSION | Sari Stenfors on AI, humanness and positive futures (00:09:25)
Serial entrepreneur, scientist and futurist, Sari Stenfors, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on the importance of looking to the future with a positive mindset.
SPHERE SESSION | Risto Siilasmaa on trust as the building block for businesses (00:09:18)
Chairman and Founder of F-Secure & WithSecure, Risto Siilasmaa, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on why trust is the foundation upon which successful and meaningful business partnerships are formed.
SPHERE SESSION | Christine Bejerasco on the development of ransomware (00:08:56)
WithSecure CTO, Christine Bejerasco, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on how she has seen the development of ransomware families throughout her career.
