Cybersecurity Sessions is an insightful monthly podcast covering the latest cybersecurity news and hot topics, featuring security leaders from Netacea alongside other technology experts.
At Netacea we are interested not just in the technology behind cyber-attacks, but also the intent. How do they affect different businesses, sectors, and even wider society? What stories are out there of cybersecurity woes and wins?
To find out, we invite experts from all over the tech world to share their cybersecurity experiences. No subject is off limits for discussion on the Cybersecurity Sessions.
📻 Siste episoder av Cybersecurity Sessions
Her er de nyeste episodene tilgjengelige via RSS-feeden:
Navigating Cybersecurity Leadership w/ Simon Brownhill, DWL Partners (00:37:09)
In this episode of the Cybersecurity Sessions, Andy Ash speaks with Simon Brownhill, a cybersecurity leader with a military background. Simon shares his journey from Navy weapons engineer to CISO, offering insights on leadership, risk management, and security culture. They discuss AI’s impact on cybersecurity, balancing innovation with risk, and the importance of mentorship. Simon highlights the need for proactive security, hands-on learning, and effective board communication.
Navigating Cybersecurity Leadership w/ Simon Brownhill Trailer (00:00:52)
In this episode of the Cybersecurity Sessions, Andy Ash speaks with Simon Brownhill, a cybersecurity leader with a military background. Simon shares his journey from Navy weapons engineer to CISO, offering insights on leadership, risk management, and security culture. They discuss AI’s impact on cybersecurity, balancing innovation with risk, and the importance of mentorship. Simon highlights the need for proactive security, hands-on learning, and effective board communication.
Open-Source Security Frameworks w/ OWASP Board Member Sam Stepanyan (00:42:04)
If you work in application security, you’re probably familiar with the OWASP Top 10. But open-source frameworks like those maintained by OWASP members have a lot to offer security practitioners. In this episode, Netacea CISO Andy Ash meets OWASP Global Board Member and London Chapter Leader Sam Stepanyan to find out how Sam got involved with OWASP, and the influence it has on the security world. The duo is also joined by Netacea’s Cyril Noel-Tagoe, who is a core contributor to the BLADE Framework, an open-source project focused on defining business logic attack tactics and techniques.
AI and the Human/Machine Dyad (Dr. Christoph Burtscher ) (00:40:05)
In this episode of Cybersecurity Sessions, host Andrew Ash, CISO at Netacea, is joined by Dr. Mark Greenwood, Netacea’s Chief Technical Architect, and Dr. Christoph Burtscher, AI researcher and author. Together, they explore the evolving partnership between humans and AI in cybersecurity, discussing machine-led defenses, ethical challenges, and the role of trust in AI adoption.
The conversation highlights the shift from human-led security to AI-driven systems and how generative AI is reshaping cyber defense. Christoph also shares insights from his upcoming book, Silicon Minds and Human Hearts: How to Navigate the AI Revolution.
Join us for an engaging discussion on bridging technology and the human element in cybersecurity.
Stuart Seymour (Group CISO, Virgin Media O2) (00:41:38)
In this insightful episode, Stuart Seymour, Group CISO and CSO at Virgin Media O2, joins Andrew Ash (CISO, Netacea) to discuss how his experience as a British Army Captain shaped his unique leadership style in cybersecurity. Stuart also shares his passion for building diverse, neurodiverse teams, drawing from his own experience with dyslexia. He dives into the growing importance of AI in SOCs and the complex challenges of navigating global cybersecurity regulations. A must-listen for anyone looking to understand the evolving role of a CISO in today's landscape.
Host Andy Ash (CISO at Netacea) is joined by Arve Kjoelen, who recently left a six-year stint as CISO of McAfee to join startup CynomIQ as Chief Solutions Officer. In this episode they discuss differences in how CISOs are compensated across both sides of the Atlantic, how the role is shifting to account for increased governance and regulations, and the 'left of boom' approach to preventative security. Andy and Arve also compare notes on how they first become fascinated with security and their own paths to the position of CISO.
"Bot's the Story, Morning Glory?" Oasis Ticket Scalper Bots (00:38:20)
Netacea bot experts discuss the challenges around the Oasis reunion tour ticket sales, focusing on the issues caused by bots and scalping in high-demand events. The discussion explores the technical difficulties of managing ticket sales, the tactics used by bot operators to secure tickets, and the broader implications for the industry.
The team also discuss why current methods to prevent bot activity often fail and why a multi-pronged strategy combining real-time detection, post-transaction analysis, and clamping down on secondary markets is critical.
The talk concludes with insights on how increased intelligence and understanding of attacker behavior can eventually win the battle against bot-driven ticket scalping.
Season 3 Preview: The Human Side of Cybersecurity (00:01:55)
The Cybersecurity Sessions podcast is set to return for its third season, focusing on the human side of cybersecurity.
This season will feature conversations with experts from various industries, including entertainment, fintech, and digital commerce, who will share their insights on managing human factors in cybersecurity.
Netacea CISO Andy Ash will also explore topics like the impact of AI and human factors in cybersecurity.
In the meantime, catch up on past episodes featuring notable guests from Amazon, Mimecast, the Ministry of Defence and more while awaiting the new season.
Netacea CISO Andrew Ash welcomes two special guests to the podcast this month to talk about AI adoption and managing third party risk: Thomas Ballin (CTO, Cytix) and Haydn Brooks (CEO, Risk Ledger).
In 2023 the AI genie is well and truly out of the bottle, gaining mainstream attention and usage across business, academia and in day-to-day life. As a result, AI has become somewhat of a buzzword used to sell solutions or make products appear smart and modern. As mutual advocates of AI to solve problems more efficiently for clients, Andrew and Thomas weigh in on how to define “real AI”, which solutions really benefit from incorporating AI, and how we can validate these claims.
Meanwhile, CISOs are rightly concerned with gaining as much control as possible over internal systems so that they can be secured against known and novel threats. But businesses are also reliant on their supply chain and third-party systems, which have their own potential vulnerabilities. Haydn has a wealth of experience in this area, and sheds light on the potential risks third party relationships expose and how CISOs can manage them whilst maintaining the value of these relationships.
Finally, threat researcher extraordinaire Cyril Noel-Tagoe explains why criminals use bots to mass create fake accounts on web services, the other attacks these accounts facilitate, and how businesses can cut off fake accounts before they do their damage.
Host
Andrew Ash – CISO, Netacea
Andy Ash has worked in IT Services and cyber for 21 years. He has been part of Netacea since its inception and is currently CISO, overseeing the operation and security of the technical platform and Netacea Threat and Bot Expert teams.
https://www.linkedin.com/in/andrew-ash-3963b19/
Panel
Haydn Brooks – CEO & co-founder, Risk Ledger
Originally a big four cyber risk consultant, Haydn found that current supply chain assurance programs were far from frictionless and actively caused clients and their suppliers’ headaches. This led him to found Risk Ledger, a technology platform that combines a security governance platform with a secure social network.
https://www.linkedin.com/in/haydn-brooks/
Thomas Ballin – CTO & co-founder, Cytix
The technical co-founder of Cytix, Thomas is focused on disrupting the UK security testing space. With a background in penetration testing, he has spent the past 10+ years building and innovating service lines to support businesses with their continuous security testing needs.
https://www.linkedin.com/in/thomasjballin/
Cyril Noel-Tagoe – Principal Security Researcher, Netacea
Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.
https://www.linkedin.com/in/cybercyril
https://twitter.com/cyber_cyril
To start this month’s episode, we once again weigh in on AI – this time considering the privacy implications when feeding prompts into generative AI tools like ChatGPT and Bard. We’ll discuss whether it’s safe to share company IP or your own personal information into such tools, before hearing how we approach this at Netacea from Principal Software Engineer John Beech.
Next, we’ll look to the news of another major data breach, as it was recently revealed that millions of stolen records from genetics testing site 23andMe were available for sale from an underground forum. The attackers even touted that the data identifies those with Jewish genealogy. 23andMe held customers responsible for reusing their passwords on other sites that had been hacked previously, but where does responsibility for protecting this kind of sensitive information lie and what can each party do to keep data safe? Having spent five years of his career in biotech, Engineering Manager Karol Horosin has plenty to add to this story.
Finally, our security researcher extraordinaire Cyril returns to tell us about freebie bots – a type of scalping bot that targets discounted goods to resell in bulk at retail prices. Sounds like a “prime” bot attack type to target recent and upcoming sales events…
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
https://www.linkedin.com/in/danielle-middleton-wren-95826767/
Panel
Cyril Noel-Tagoe – Principal Security Researcher, Netacea
Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.
https://www.linkedin.com/in/cybercyril
https://twitter.com/cyber_cyril
Karol Horosin – Engineering Manager, Netacea
As well as his role as Engineering Manager at Netacea, Karol is the founder of an AI sentiment analysis product sentimatic.io. He is a frequent conference speaker and writes online about programming, product development and startups on his personal blog.
https://www.linkedin.com/in/horosin/
https://twitter.com/horosin_
John Beech – Principal Software Engineer, Netacea
Currently a team lead for Netacea’s software engineering department, John has been working on highly scalable secure applications platforms over the span of 20 years. He’s enthusiastic about welcoming in a new era of AI and computer intelligence.
https://www.linkedin.com/in/johnbeech/
Skiplagging, CAPTCHA vs Bots, Scraper Bots (00:44:49)
This month’s episode takes off with a journey into the controversial world of skiplagging, also known as hidden city flying. Airlines and holiday businesses are taking legal action against passengers and websites like Skiplagged that exploit pricing loopholes, leaving empty seats on the second leg of multi-stop itineraries. But with scraper bots at the root of the issue, is there a technical solution to limit the practice?
On the topic of bots, a recent report from the University of California, Irvine, revealed that bots are now faster and more accurate than humans at solving CAPTCHA challenges. In this episode we discuss whether there is still a place for CAPTCHA in detecting bot traffic, and try to decipher Elon Musk’s comments about the report – Does it spell the end of bot detection, and is his X subscription model the only answer…?
To conclude, we go more in depth on scraper bots – not only do they facilitate skiplagging, but there are endless uses for scrapers, both well meaning and malicious. How concerned should businesses be about scraper bots, and does their presence often indicate more sinister attacks on the horizon?
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
https://www.linkedin.com/in/danielle-middleton-wren-95826767/
Panel
Matthew Gracey-McMinn – Head of Threat Research, Netacea
Matthew is an experienced Cyber Threat Intelligence professional with an MPhil from the University of Oxford. In his current role at Netacea, he researches and investigates the impact of malicious bots on online businesses and their customers.
https://www.linkedin.com/in/matthewgraceymcminn
https://twitter.com/mgm_cybersec
Chris Collier – Head of Solution Engineering, Netacea
Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.
https://www.linkedin.com/in/chris-collier-82588859
Gary Clarke – Solutions Engineer, Netacea
Gaz is an experienced Solutions Engineer with 12 years’ experience working in the computer and retail industries. At Netacea Gaz helps businesses implement advanced bot management solutions to work in harmony with their existing systems and prevent automated threats from attacking. Gaz gained his bachelor’s degree focused in Computing; Software and Systems from Edge Hill University.
https://www.linkedin.com/in/clarkegs/
National Risk Register, Encrypted Messaging, Residential Proxy Networks (00:48:18)
This month we begin by examining the 2023 National Risk Register, a public version of the National Security Risk Assessment, which assesses the most serious risks to lives, health, society, critical infrastructure, economy and sovereignty. Cyber-attacks on infrastructure are listed as moderate impact – Our panel discusses how businesses can use the information within the report to prepare for attacks and keep our critical infrastructure as secure as possible.
Next, our Principal Security Researcher Cyril Noel-Tagoe sheds some light on the murky underworld of illicit Telegram networks, where criminals plot and discuss their attacks, or sell their ill-gotten gains. Netacea CTO Andy Lole weighs in on the Online Safety Bill and its opposition to encrypted messaging apps having no way of sharing messaged with law enforcement, before Engineering Manager Karol Horosin joins the debate to explain the technical obstacles businesses like Meta face when developing such apps.
Finally, Cyril defines our attack of the month, which is residential proxy networks. He and Karol discuss why residential proxies are becoming such popular tools for criminals, and the difficulties businesses face in blocking malicious traffic that utilizes residential proxy networks to hide behind otherwise trustworthy IP addresses.
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
https://www.linkedin.com/in/danielle-middleton-wren-95826767/
Panel
Cyril Noel-Tagoe – Principal Security Researcher, Netacea
Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.
https://www.linkedin.com/in/cybercyril
https://twitter.com/cyber_cyril
Andy Lole – CTO, Netacea
An experienced tech and product leader, Andy’s held leadership roles in digital marketplaces across real estate, travel and classifieds marketplaces. He’s developed and operated B2B SaaS tools and services, and core commercial platforms. At Netacea he focuses on expanding product delivery capabilities and customer experience.
https://www.linkedin.com/in/andylole/
https://twitter.com/andylole
Karol Horosin – Engineering Manager, Netacea
As well as his role as Engineering Manager at Netacea, Karol is the founder of an AI sentiment analysis product sentimatic.io. He is a frequent conference speaker and writes online about programming, product development and startups on his personal blog.
https://www.linkedin.com/in/horosin/
https://twitter.com/horosin_
Bots vs Consumers, Social Media API Access, Ticket Scalping Legislation (00:52:14)
In this month’s episode, we start by focusing on the real-world impact of bots (scripts used to automate tasks and exploit business logic). In the UK, bots are being used to book up every available driving test before reselling them for profit; meanwhile in the US, gig workers delivering groceries are losing out to bots that hoard the most profitable delivery jobs. Our panel explains how this happens and discusses what can be done to stop it.
Meanwhile, the social media landscape is shifting rapidly. Free, unlimited access to APIs has become a thing of the past for users and businesses reliant on Twitter and Reddit. Fake accounts are still a looming problem across platforms, forcing the much-hyped IRL to close permanently. Are social media businesses taking the right approach to data scraping, fake account creation and access to their services, and will Meta’s Threads disrupt the industry?
Finally, we take a fresh look at ticket scalping considering legislative measures taken by the State of Victoria for Taylor Swift’s tour in Australia. Will it be enough to deter the touts?
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
Panel
Matthew Gracey-McMinn – Head of Threat Research, Netacea
Matthew is an experienced Cyber Threat Intelligence professional with an MPhil from the University of Oxford. In his current role at Netacea, he researches and investigates the impact of malicious bots on online businesses and their customers.
Chris Collier – Head of Solution Engineering, Netacea
Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.
Paulina Cakalli – Lead Data Analyst, Netacea
Paulina works closely with Netacea's Data Science and Threat Research teams to develop new models for detecting anomalous web traffic, combining this with machine learning to produce recommendations for clients. She is a rising star in the world of data science, encouraging other women to enter STEM careers via various international speaking opportunities. She is co-founder of BSides Tirana, an international security conference. She received her masters' degree in mathematics and informatics engineering at the University of Tirana, where she was later an assistant lecturer.
AI Regulation & Music, Scalping for Immigration Appointments, Credential Stuffing (00:39:09)
A fresh Netacea panel of cyber experts are on hand once again to discuss the latest developments in security and bot-related news!
This month, in light of OpenAI CEO Sam Altman standing before US senators and requesting regulation of AI businesses, we give our views on whether one body – or even one nation – can or should regulate this rapidly developing industry.
Universal Music Group also instigated the removal of 7% of AI-generated tracks added to the service via Boomy, opening a debate about automated music creation, artistic copyrights and privacy, how AI models learn to make music, and how humans are influenced to create and consume music.
Also, with 69 arrests made by the Spanish police over a scalper bot ring targeting immigration appointments, our panel ponders how the approach to stopping such attacks differs depending on the target and industry.
Finally, credential stuffing is our attack of the month. As long as people reuse passwords across services, credential stuffing will be a viable attack – is it time the industry moved on and found a better way to authenticate users?
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
Panel
Cyril Noel-Tagoe – Principal Security Researcher, Netacea
Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.
Chris Collier – Solutions Engineering Manager, Netacea
Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.
Andy Lole – CTO, Netacea
An experienced tech and product leader, Andy’s held leadership roles in digital marketplaces across real estate, travel and classifieds marketplaces. He’s developed and operated B2B SaaS tools and services, and core commercial platforms. At Netacea he focuses on expanding product delivery capabilities and customer experience.
RSA Conference 2023: Review & Insights from Netacea’s C-Suite (00:38:19)
In part two of our RSA Conference 2023 series, Netacea CPO Andy Still and CISO Andy Ash return from San Francisco to share their insights from the biggest cybersecurity event of the year.
As part of Netacea’s C-suite, both Andys are always looking ahead at how new threats are developing – “what’s new, scary and worth worrying about?” The rapid advancement of AI, both as an offensive threat to cybersecurity and as part of defensive technologies, was one such topic at RSA 2023, with Bryan Palma’s opening keynote speech grounding this complex issue and setting the tone for the rest of the conference.
Did their discoveries about AI & ML at RSA validate their own work at Netacea? Did they achieve their goals to explore the future of cybersecurity and confirm the direction of their own product? And did they pick up any useful swag?
Tune into this special bonus episode of the Cybersecurity Sessions podcast to find out!
Andy Still, Co-founder & Chief Product Officer at Netacea
Andy Still is a pioneer of digital performance for online systems, having authored several books on computing and web performance, application development and non-human web traffic. As Chief Product Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients.
Andy Ash, Chief Information Security Officer at Netacea
Andy Ash has worked in IT Services and cyber for 21 years. He has been part of Netacea since its inception and is currently CISO, overseeing the operation and security of the technical platform and Netacea Threat and Bot Expert teams.
AI Ethics, Ticket Scalping, Russian Disinformation, Card Cracking (00:56:00)
Welcome to a new format for the Cybersecurity Sessions! We’ve refocused our podcasts to provide insights into the latest news and trends in cybersecurity, calling on the expertise of Netacea’s threat researchers, bot specialists and business leaders.
This month, new host Dani Middleton-Wren is joined by Matthew Gracey-McMinn, Chris Pace and Tom Platt. First they discuss the ever-intriguing topic of ethics in AI, with facial recognition tech from Clearview AI and PimEyes coming under legal and moral scrutiny, followed by the practicalities of fighting back against automated ticket scalping.
The recent Vulcan files leak is next up, calling into question how much we can trust information on social media and how much rhetoric is being generated by Russian bot accounts. Finally, Matthew answers questions from the team about the mechanics and impact of credit card cracking on payment gateways, retailers and consumers.
Host
Dani Middleton-Wren – Head of Media, Netacea
Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.
Panel
Matthew Gracey-McMinn – Head of Threat Research, Netacea
Matthew is an experienced Cyber Threat Intelligence professional with an MPhil from the University of Oxford. In his current role at Netacea, he researches and investigates the impact of malicious bots on online businesses and their customers.
Chris Pace – SVP Marketing, Netacea
Chris has more than 15 years of experience in cybersecurity and SaaS at companies including Sophos, Blue Coat, Recorded Future, and Immersive Labs. At Netacea, Chris applies his expertise to telling our company and product story in ways that engage and educate the market on the challenges of protecting businesses against the threat of automated attacks.
Thomas Platt – Bot Specialist, Netacea
Tom has been instrumental in the sales growth of Netacea since its inception. He works closely with Netacea's eCommerce customers, Product and Threat Research teams to drive industry research, thought leadership and knowledge sharing. Tom’s focus is to ensure Netacea and our customers stay ahead of emerging bot threats and share this knowledge with the wider community.
RSA Conference 2023 Preview: Our Top 5 Most Anticipated Sessions (00:28:52)
We’re going to San Francisco! Netacea will once again be at the Moscone Center from 24-27 April for the RSA Conference. We’re looking forward to it so much that we decided to compile our top five most anticipated sessions on the Cybersecurity Sessions podcast.
Special host Danielle Middleton-Wren will be in sunny San Francisco, alongside her two guests for this episode: Netacea co-founder and CPO Andy Still, and Netacea CISO Andy Ash. Andy S was at RSA last year and has some insights and advice for Andy A – an RSA first timer – ahead of their trip to the Golden City.
Meet Andy Still, Andy Ash and the rest of the Netacea team at RSA Conference 2023 in San Francisco from 24-27 April! Come to booth 1367 to chat about bots, API protection and online fraud prevention, or tell us what sessions you’ve enjoyed. See you there!
Andy Still, Co-founder & Chief Product Officer at Netacea
Andy Still is a pioneer of digital performance for online systems, having authored several books on computing and web performance, application development and non-human web traffic. As Chief Product Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients.
Andy Ash, Chief Information Security Officer at Netacea
Andy Ash has worked in IT Services and cyber for 21 years. He has been part of Netacea since its inception and is currently CISO, overseeing the operation and security of the technical platform and Netacea Threat and Bot Expert teams.
Key points
Andy Still gives his thoughts on RSA 2022 and advice for Andy Ash for his first RSA this year
Our top five most anticipated RSA Conference 2023 talks and sessions
Where to find us in the Moscone Center for RSA Conference in San Francisco
Our reliance on personal mobile devices leaves us vulnerable to attack; not just from anonymous criminal groups, but in some cases, from those closest to us. Stalkerware, a category of apps designed to secretly monitor the unsuspecting victim whose device they’re installed on, are a growing concern for security and privacy advocates, as well as law enforcement agencies.
This month on the Cybersecurity Sessions podcast, we talk to Martijn Grooten from the Coalition Against StalkerWare to expose how technology has become a tool for abusers to control their victims, and hopefully shed some light on what we can do to stop this from happening.
If you or someone you know is affected by stalkerware or anything covered in this episode, you may find the following resources useful:
The Coalition Against Stalkerware: https://stopstalkerware.org
National Domestic Abuse Hotline (UK): https://www.nationaldahelpline.org.uk - 0808 2000 247
National Domestic Violence Hotline (USA): https://www.thehotline.org - 1.800.799.7233
Martijn Grooten - Digital Security Threat Analyst, Internews
Martijn Grooten, a former mathematician, has been working in IT security for 14 years. He is a Digital Security Threat Analyst at Internews and a fellow at the Civilsphere Lab. He was previously the Editor of Virus Bulletin and currently works as a consultant on several projects, many of which deal with supporting vulnerable people and groups with digital security, including the DeStalk Project and the Coalition Against Stalkerware.
Newsworthy Data Leaks - Jurgita Lapienytė, CyberNews (00:31:24)
Not a week goes by without a massive data leak being reported in the news – both in tech publications and across mainstream media. According to Atlas VPN, 5.9 billion credentials were leaked in 2021 alone. But it’s not just credentials under attack; personal data, payment information, sensitive corporate data, and even source code are all at risk of being leaked.
But how is so much data leaked so often? What do criminals do with this data once they have it? How much risk does this pose to the public, and what can be done about it?
To find out, we’ve invited Jurgita Lapienytė, Chief Editor of CyberNews, to talk us through some of the most notable data leaks reported in the media in recent years.
Jurgita Lapienytė – Chief Editor, CyberNews
Jurgita Lapienytė aims to bring the most complicated cybersecurity topics to a broader audience, hoping that more and more people will find themselves chatting about ransomware over dinner. Before joining CyberNews, Jurgita spent more than a decade in business journalism. Her investigative pieces have brought more justice and transparency to the transport, showbiz, retail, and catering sectors.
Key points
How cyber-warfare has influenced cybercrime in the past 12 months
The shift from record-breaking to modest ransomware demands
GDPR and how our right to privacy has affected our perception of data leaks
The Behavioral Science of Cybersecurity - Si Pavitt & Steve Dewsnip, MOD (00:41:08)
If a stranger walked into your workplace and asked you your name and email address, would you co-operate? What if they asked you to open a door for them, or to use your laptop or phone, all whilst wearing a shirt that said “CHALLENGE ME” on it?
This is the malicious floorwalker, an example of the behavioral interventions staged by the UK Ministry of Defence to educate their workforce about security threats and put their teachings into practice. In this episode, Cyril speaks with Si Pavitt (Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture Team) and Steve Dewsnip (Behavioural Scientist at Atkins) to find out how gamifying psychological theory delivers surprising results across as diverse an organization as the UK’s Ministry of Defence.
Guests
Si Pavitt
Si Pavitt is the Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture (CyAB&C) team under the 2* Directorate of Cyber Defence and Risk (CyDR). He is primarily responsible for setting the strategic direction for socio-behavioural change as it relates to cyber-secure behaviour across Defence. He also provides consultancy to Defence human vulnerability and social engineering activities.
Stephen Dewsnip
Stephen Dewsnip is a Behavioural Scientist and Organisational Change Consultant from Atkins Global. Working in the highly collaborative MOD Cyber Awareness Behaviours & Culture (CyAB&C) team, Stephen is responsible for the design and delivery of behavioural interventions to promote cyber-secure behaviours.
Key points
Why you should incentivize positive actions rather than police security best practices
How to use social engineering to reinforce the need to challenge suspicious behavior
The importance of protecting psychological wellbeing during behavioral exercises
How Skewed Analytics Leads to Bad Marketing - Matt Wilkinson, Spike (00:23:38)
In a recent Netacea report, 60% of businesses reported a minor financial impact caused by bots skewing their analytics, and with the busiest eCommerce period of the year fast approaching, businesses need to fight back.
How do bots affect businesses’ data, marketing campaigns and paid media planning? Host and Principal Security Researcher Cyril Noel-Tagoe is joined by Spike’s Head of Paid Media Matt Wilkinson to discuss the effect bots will have on marketing analytics this Black Friday and how to keep your enterprise’s analytics safe from automated threats during periods of peak traffic.
Tales from Tracking Cybercriminals - Matthew Gracey-McMinn, Netacea (00:31:01)
Illicit forums and dark web marketplaces are so closely guarded that it’s almost impossible to know how many stolen user accounts, digital assets, or data leaks are exposed, let alone who is responsible. But the more we can uncover, the better we can defend against attacks and hold threat actors accountable.
In this bonus episode, Cyril is joined by his boss and Netacea’s Head of Threat Research, Matthew Gracey-McMinn. They swap stories from the trenches of cyber-threat intelligence gathering, where they infiltrate criminal forums and marketplaces to root out attackers and their tactics in stealing accounts, data and digital resources from businesses and individuals.
Matthew Gracey-McMinn, Head of Threat Research at Netacea
Matthew is an experienced cyber threat intelligence professional with an MPhil from the University of Oxford. Matthew leads the Threat Research team at Netacea, which researches and investigates the impact of malicious bots on online businesses and their customers, both augmenting Netacea’s bot management solution and providing distinct threat intelligence services.
Key points
Building an effective threat research team and function
How threat researchers gain access to criminal communities
The team’s most interesting findings and successful investigations
How threat intelligence strengthens other areas of security like bot management
Shining a Light on Bots (Bonus episode from 'Phishy Business') (00:30:47)
Bonus episode: Cybersecurity Sessions host Cyril Noel-Tagoe was recently featured on the Mimecast podcast series Phishy Business. Cyril joined hosts Alice Jeffery and Brian Pinnock, plus fellow guest, Mimecast Senior Product Manager Dr Kiri Addison, for a fascinating conversation about bots and what they are used for (both good and bad).
About Phishy Business
Fed up with the same old cybersecurity stories? Come with us on a journey that explores the lesser-known side. Whether it’s social engineering, taking criminals to court or the journalists hunting down hackers — our new podcast series, Phishy Business, looks for new ways to think about cybersecurity. Mimecast’s very own Brian Pinnock and Alice Jeffery are joined by guests from a range of unique security specialisms. Each episode explores tales of risk, reward and just a dash of ridiculousness to learn how we can all improve in the fight to stay safe. For more tales of risk, reward and ridiculousness, subscribe to Phishy Business on iTunes, Spotify, Anchor or wherever you get your podcasts.
Mimecast.com
Mental Health & Neurodiversity - Lisa Ventura, Cyber Security Unity (00:28:20)
Stress and burnout in cybersecurity is widespread, especially since the pandemic. The cyber skills gap and increasingly aggressive attacks have led to workloads growing massively. This is on top of long-standing worries like workplace bullying, long hours spent in front of screens, and the expectation to be available to work ‘whenever and wherever’.
Cyril Noel-Tagoe invites security awareness consultant and mental health coach Lisa Ventura to the podcast to offer helpful advice and information to those working in cybersecurity. She also shares her own experiences as a neurodiverse person, which comes with its own challenges and advantages within the industry.
Lisa Ventura, Founder at Cyber Security Unity
Lisa Ventura is an award-winning cyber security awareness consultant and is the Founder of Cyber Security Unity, a global community organization that is dedicated to bringing individuals and companies together to help combat growing cyber-threats. She is also a mindset and mental health coach with specific experience supporting those in cybersecurity with their mental health and managing stress and burnout.
Key points
How we can manage the stresses of working in cybersecurity to look after our mental health
The harm bullying causes in workplaces and how to approach this issue
Challenges and advantages of building a cybersecurity career as a neurodiverse person
Cyber-criminals are relentless, and the number of attacks is growing. Businesses are increasingly turning to ethical hackers to find bugs and exploits before attackers do, offering financial incentives for their efforts.
As a security researcher, our host Cyril Noel-Tagoe is always on the hunt for new vulnerabilities. He’s joined for this episode by ethical hacking enthusiast and Daily Swig reporter Jessica Haworth, who has a finger firmly on the pulse of the latest bug bounty programs and developments.
Jessica Haworth, Cybersecurity Reporter at The Daily Swig
Jessica Haworth focuses on technical research papers, bug bounty news, and hacker community stories. Her interest also includes writing about new exploits and covering the ethical side of hacking. Jessica has over 10 years’ experience working in journalism. Before she covered cybersecurity she was at the Mirror and Daily Star on Sunday where she covered breaking news, crime and foreign correspondence.
Key points
Ethical vs non-ethical hacking: Why join the good guys?
The benefits for businesses enlisting bug bounty hunters to hack them
Mitigating the risks when inviting bug bounty hunters to hack your site
How to get into ethical hacking and where to find the best bug bounty programs
The Cybersecurity Sessions podcast is presented by Netacea - The world's first fully agentless bot management solution.
Side 1 av 1
Cybersecurity Sessions - Gratis RSS Feed for Norsk Podcast | OpenPodMe | OpenPodMe - Åpen RSS for Norske Podcaster
