Episode 4: Ethics in Cybersecurity, Career Development, and Data Protection

In Episode 4, we are joined by Doug Salah to explore some critical topics in cybersecurity and career growth.

Key Topics

• Doug Salah’s Cybersecurity Journey: His transition into cybersecurity and current role in the industry.
• Networking in Cybersecurity: The value of building connections at cybersecurity conferences.
• TRISS (Three Rivers Information Security Symposium): Insights into TRISS, its scholarships, and its impact on the community.
• Mid-Career Development: Doug’s thoughts on transitioning mid-career, setting goals, and maintaining integrity.
• Cybersecurity Ethics: A deep dive into ethics in the industry, ethical decision-making, and creating a Cyber Code of Honor.
• The Four Agreements: How Doug relates his personal ethics to the principles in The Four Agreements.
• Featured Spirit – Compass Box Spice Tree Scotch: A review of this week’s featured Scotch.
• National Public Data Background Check Breach: Discussion of the recent breach and its implications for data protection.
• Data Protection Tips: Tips on freezing credit and using services like Delete Me to protect personal data.

Links

• Three Rivers Information Security Symposium (TRISS) - https://www.threeriversinfosec.com/
• The Four Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319
• Delete Me Service - https://joindeleteme.com/
• The Code Of Honor - Embracing Ethics in Cybersecurity

Spirits

• Compass Box Spice Tree Scotch - https://www.compassboxwhisky.com/products/the-spice-tree

Hosts

• Justin Leapline - https://www.linkedin.com/in/justinleapline/
• Joe Wynn - https://www.linkedin.com/in/wynnjoe/
• Rick Yocum - https://www.linkedin.com/in/rickyocum/

Guest

• Doug Salah - https://www.linkedin.com/in/dougsalah/

Connect with Us

• Website: Distilled Security Podcast
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 3 of the Distilled Security Podcast is here!

Join us this week as we jump into:

• CrowdStrike Incident Analysis: A deep dive into a recent mishap by CrowdStrike that led to significant financial losses and operational disruptions, including 5.4 billion in estimated losses.
• Vendor Accountability: Exploring the legal and financial repercussions of security vendor failures.
• Business Continuity Planning: The importance of preparing for security vendor failures, including considering alternate vendors and the complexities of implementing such strategies.
• Kernel-Level Security Risks: A discussion surrounding kernel-level operations in security software, focusing on the controversy between CrowdStrike and SentinelOne.
• Manual Workarounds and Legacy Systems: The challenges of maintaining business operations during security incidents.
• Ransomware Recovery vs. Vendor Failures: Comparing ransomware attacks' impact and recovery processes with security vendor-induced failures.
• Password Management Vulnerabilities: The risks associated with dependency on password management systems like Thycotic/Delinea and LastPass, and the potential fallout if these systems experience downtime.
• BSides Pittsburgh Recap: the biggest BSidesPGH event yet. Hear the notes and highlights from the conference.
• North Korean Spy Hired By KnowBe4: Hear how a spy for N. Korea got by the defenses of KnowBe4, how they caught them, and steps they implemented to avoid this in the future.
• CISOs as Scapegoats: Are CISOs being pegged as scapegoats unfairly?

Links

• Crowdstrike Incident - https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
• SentinelOne Response to Crowdstrike - SentinalOne on Crowdstrike Outage - https://www.crn.com/news/security/2024/sentinelone-ceo-on-crowdstrike-outage-not-just-an-honest-mistake
• BSidesPGH - https://www.bsidespgh.com/
• TRISS - https://www.threeriversinfosec.com/
• KnowBe4 // N. Korean Spy - https://blog.knowbe4.com/cyberheistnews-vol-14-31-how-the-whole-world-now-knows-about-fake-north-korean-it-workers
• CISO as Scapegoats - https://www.thestack.technology/were-becoming-scapegoats-how-have-cisos-responded-to-sec-cyber-risk-disclosure-rules/

Spirits

• Rabbit Hole Cavehill // Four Grain Tripple Malt - https://www.rabbitholedistillery.com/pages/cavehill/

Hosts

• Justin Leapline - https://www.linkedin.com/in/justinleapline/
• Joe Wynn - https://www.linkedin.com/in/wynnjoe/
• Rick Yocum - https://www.linkedin.com/in/rickyocum/

Connect with Us

• Website: https://distilledsecuritypodcast.com
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Episode 2 of the Distilled Security Podcast is here!

Join us this week as we jump into:

• Exploring the critical importance of tailoring security frameworks: Aligning with an organization's specific goals and objectives
• Highlighting frameworks like NIST CSF and CIS to advance security programs effectively
• Insights on aligning KPIs with the NIST CSF framework
• Complementary use of frameworks like CIS to enhance security control measurement
• Perspective on compliance and regulatory requirements
• The role of AI in security programs
• Threats posed by deepfakes: Incorporating safeguards to protect organizations from deepfake risks and effectively leverage AI within security programs

Chapters
00:00:00 - Introduction and Episode Overview
00:00:44 - Discussion on Security Frameworks
00:05:43 - Tailoring Frameworks
00:08:19 - Mapping and Compliance Challenges
00:17:16 - Tailoring for Small Organizations
00:19:15 - Upcoming Conferences
00:21:30 - Bourbon Review
00:25:00 - Audit Preparation Tips
00:27:02 - AI in Security
00:35:09 - Privacy Concerns with AI Toys
00:41:22 - Deepfakes in Security
01:05:59 - Closing Remarks

Links and references
https://securecontrolsframework.com

https://www.nist.gov/cyberframework

https://csrc.nist.gov/pubs/sp/1300/final

https://www.cisecurity.org/insights/white-papers/cis-controls-sme-guide

Drink
Whiskey Thief Door Knocker

Hosts

• Justin Leapline - https://www.linkedin.com/in/justinleapline/
• Joe Wynn - https://www.linkedin.com/in/wynnjoe/
• Rick Yocum - https://www.linkedin.com/in/rickyocum/

Connect with Us

• Website: https://distilledsecuritypodcast.com
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Welcome to the first episode of Distilled Security!

Join us as we dive into a variety of exciting topics, including:

• Is College Worth It?: We explore the value of higher education in today's world.
• Microsoft and Executive Compensation: Analyzing cybersecurity in executive pay at Microsoft.
• BSides Pittsburgh: Exciting talks are coming to BSidesPGH.
• Starting as a New CISO: Things to do first coming into a new company.

Grab your favorite cocktail and tune in for an engaging and fun-filled discussion!

Hosts

• Justin Leapline - https://www.linkedin.com/in/justinleapline/
• Joe Wynn - https://www.linkedin.com/in/wynnjoe/
• Rick Yocum - https://www.linkedin.com/in/rickyocum/

Connect with Us

• Website: https://distilledsecuritypodcast.com
• Twitter: @DisSecPod
• Email: hello@distilledsecuritypodcast.com

Join us on Distilled Security as we delve into the fascinating world of cybersecurity. Each episode, we break down intriguing topics, analyze the latest news, and engage in in-depth conversations with our hosts and invited guests. Whether you're a seasoned professional or just curious about cybersecurity, our podcast offers valuable insights and thought-provoking discussions to keep you informed and entertained. Tune in and stay ahead of the curve in the ever-evolving landscape of cybersecurity.