The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
…
continue reading
1
Prioritisation & Decision Making in Critical Infrastructure Defence
36:00
36:00
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
36:00
Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly …
…
continue reading
KraftCERT trusselvurdering 2024 | In Norwegian only In this episode, Robby is joined by Espen Endal and Bjørn Tore Hellesøy from KraftCERT/InfraCERT - the Norwegian CERT for the energy and petroleum sectors. The trio discuss the Threat Assessment report recently published by KraftCERT/InfraCERT, and the unique challenges the Norwegian energy sector…
…
continue reading
In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers. Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber prepare…
…
continue reading
In this episode of the mnemonic security podcast, Robby is joined by Matt Cooke from Proofpoint. They discuss the evolving landscape of email security, emphasising the need for a multi-layered approach beyond traditional prevention methods, as well as the importance of pre-delivery, post-delivery, and click-time protection to combat phishing and bu…
…
continue reading
In this special, celebratory 100th episode of the mnemonic security podcast, Robby speaks with author and industry legend - Jon DiMaggio. Jon is the Chief Security Strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-sta…
…
continue reading
In this week's episode, Robby talks with his friend Keven Hendricks, a law enforcement veteran with extensive experience in dark web and cryptocurrency investigations. They explore topics like dark web forums, cryptocurrency's role in illegal activities, and the difficulties law enforcement encounters when monitoring these areas, especially with pr…
…
continue reading
Many are familiar with cybersecurity penetration testing – ethical hacking to uncover digital weaknesses. But what about the real-world threats to your company's physical security? How confident are you in your locks, cameras, and physical security measures to protect your sensitive data or equipment? In this episode, Robby speaks with Brian Harris…
…
continue reading
Have you ever worked alongside a machine learning engineer? Or wondered how their world will overlap with ours in the "AI" era? In this episode of the podcast, Robby is joined by seasoned expert Kyle Gallatin from Handshake to enlighten us on his perspective on how collaboration between security professionals and ML practitioners should look in the…
…
continue reading
1
Isolate first, Triage second, and the tools to help you do it.
45:44
45:44
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
45:44
Operationalising threat intelligence is back on topic for the mnemonic security podcast! Making a return to the podcast is Joe Slowik from MITRE Corporation, where he is the CTI Lead for MITRE ATT&CK and also Principal Engineer for Critical Infrastructure Threat Intelligence. Also joining is Jeff Schiemann, an industry veteran and CISO at one of th…
…
continue reading
When we talk about securing an organisation’s assets, we most often mean its data, devices, servers, or accounts, but are we doing enough to secure the group of people leading the company? Or the ones doing high risk work on behalf of the organisation? To discuss the importance of securing high-risk individuals, like journalists, politicians and ex…
…
continue reading
For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI). It is not too long ago since Eoin last visited the podcast, (only 7 months,) but lots has happened in the world of AI since. During the episode, he talks…
…
continue reading
Data Brokers and Data Removal Services What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies? To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a…
…
continue reading
For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security. Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set …
…
continue reading
Ethical social engineering Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed? Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and…
…
continue reading
1
A student/mentor’s perspective on AI
27:06
27:06
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
27:06
How will AI impact the next generation of people working with computer science? This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, aut…
…
continue reading
How does cybersecurity play a part in ensuring food security? As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production. During her co…
…
continue reading
Conflictual coexistence Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security. He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), i…
…
continue reading
To join Robby for this episode on Russian cybercrime and ransomware, we’re welcoming Sam Flockhart, Cyber Threat Intelligence Manager at Santander UK. Sam has a background in military intelligence from the British army, where he has spent a large part of his career looking at Russian influence in Eastern Europe. Including experience from the Britis…
…
continue reading
Metaverses Have you been to the metaverse yet? And are you among the 78% that believe the metaverse will provide a significant value to their organisation in the future? To join Robby for this episode, we’re welcoming Julia Hermann, Senior Technology and Innovation Manager at Giesecke+Devrient, where she works on identifying opportunities in the me…
…
continue reading
Defending EVE Online How does combatting botting, hacking, and fraud in a virtual game relate to fighting real cybercrime? To share his take on this, Maksym Gryshchenko joins us to share how he works as a Security analyst at CCP Games, a leading game developer based in Iceland, and the developers behind the sci-fi role-playing game EVE Online. EVE …
…
continue reading
Last year, threat researchers all over the world got a sneak peek into the inner workings of the Russian defence contractor NTC Vulkan. The Vulkan files leak provided an interesting behind the scenes look at Russian cyber capabilities and scalability, and the ways state sponsored organisation work. Joe Slowik, managing threat intelligence at the cy…
…
continue reading
Cryptology is fundamental for the way the internet works today. But what exactly is modern cryptology, and what are the most common areas in which it’s being used? To guide us through this complex area, Robby’s joined by Bor de Kock, PhD. in Cryptology and Assistant Professor at NTNU. They talk about some of the main challenges to cryptology these …
…
continue reading
1
Physical Penetration Testing / Red Teaming
39:35
39:35
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
39:35
Physical penetration testing | ISACA series For this episode that is part of our ISACA series, we’re joined by Rob Shapland, Ethical Hacker/Head of Cyber Innovation at Falanx Cyber. Rob talks about what he’s learned from his 15 years of testing physical and cyber security for his clients, including more than 200 building intrusions assignments. He …
…
continue reading
Artificial intelligence (AI) and machine learning (ML) models have already become incorporated into many facets of our lives. In this episode, we discuss what happens if these models are attacked. How can the models that AI and ML are built upon be attacked? And how can we defend them? Eoin Wickens, Senior Adversarial ML Researcher at HiddenLayer, …
…
continue reading
What do you really know about your vendors? And about your vendors' vendors? To talk about supply chain attacks, and how to best mitigate and meet these risks, Robby is joined by a pair with a lot of experience on this topic: Roger Ison-Haug, CISO of StormGeo, and Martin Kofoed, CEO of Improsec. Martin and Roger discuss what a supply chain attack l…
…
continue reading
1
Experience Sharing - Bug Bounty Programs
30:23
30:23
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
30:23
How to succeed with bug bounties Responsible disclosure and vulnerability reporting have come a long way in recent years, and have gone from being feared and even something you took legal action against, to something that is appreciated for its value. Ioana Piroska, Bug Bounty Program Manager at Visma, joins Robby to share how Visma has succeeded w…
…
continue reading
Influencing the board What are some of the most effective methods of gaining a board’s support, and how do you maintain this trust and improve it over time? Our guest today has worked with a lot of boards, and joins us to share his experiences providing boards with the tools to ask the right questions when it comes to cybersecurity, and conveying t…
…
continue reading
KraftCERT trusselvurdering 2023 | In Norwegian only Our podcast guest this week is Espen Endal, previous mnemonic colleague and currently OT Security Analyst at the Norwegian energy sector CERT: KraftCERT/InfraCERT. InfraCERT is an ISAC (Information Sharing and Analysis Center) and an IRT (Incident Response Team). Mainly working to update their mem…
…
continue reading
1
Managing stress in cybersecurity (ISACA series)
47:35
47:35
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
47:35
Avoiding overload and managing stress in cybersecurity For today’s episode, Robby’s joined by Lisa Ventura, Cybersecurity Specialist, Author, and qualified Mental Health First Aider. After many years of experience from the industry, she’s become particularly interested in the human aspects of cybersecurity, especially when it comes to mental health…
…
continue reading
Asset Intelligence Imagine a scenario where your organisation discovers that a threat actor currently possesses more knowledge about your environments than you do. Let’s find a way to make sure we don’t end up there - but how? For this episode, Robby is joined by a serial entrepreneur and serial guest at the mnemonic security podcast. For the fourt…
…
continue reading
Operationalising Threat Intelligence What can you do to get the most out of your threat intelligence initiatives? A good place to start, is picking Kyle Wilhoit’s brain. Kyle’s the Director of Threat Research at Palo Alto Network's Unit 42, and author of the book Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber…
…
continue reading
Crypto Finance How does a crypto finance agency work with security? To answer this question, and provide insight into security in the world of crypto, we’re joined by Dr. Dominik Raub. He has more than 10 years of experience from the financial industry, a Doctor of Sciences in Cryptography, and works as CISO at Crypto Finance AG, an organisation pr…
…
continue reading
Office IoT Can you say for certain that you have a full overview of the IoT devices that are set up in your office environment? Smart Lighting, thermostats, locks, appliances, security cameras, sensors... perhaps even a fish tank? To talk about the importance of securing our office IoT, and specifically our printers, Robby is joined by Quentyn Tayl…
…
continue reading
Passwords and their managers How do you create your passwords? Do you get help from a password manager, or is your personal “system” bulletproof? Robby has invited two guests passionate about passwords, and how we manage them. Not surprisingly, they can with confidence say that our own “systems” are highly guessable, and not as unique as you might …
…
continue reading
Darkwebs Most of us have our ideas and perceptions of what the Dark Web is. But could it be more than just the dark side of the World Wide Web? To talk about the Dark Web, Robby is joined by Keven Hendricks, Dark Web Subject Matter Expert at The Ubivis Project. Keven has worked in law enforcement in the US since 2007, in areas such as computer and …
…
continue reading
The importance of identity within our field has been established. According to analysis from CrowdStrike, 8/10 attacks are identity-based. But what does that actually mean? How do we even define identity these days, and how has it changed? To look into this, Robby has invited an expert within the field, Peter Barta. Peter works as a Senior Cloud Se…
…
continue reading
Bots; they can be both helpful assistants and harmful pests, and you’ll find them all over the internet targeting most public facing applications in some way or another. But what actually are they? To explore the bad bots on the Internet, Robby is joined by someone that has spent the last seven years studying them, Dan Woods, Global Head of Intelli…
…
continue reading
House of Pain: new EU cyber regulations NIS2, DORA, the Cyber Resilience and Artificial Intelligence acts; have you started to familiarise yourself with the new EU cyber regulations that are coming into force? In this episode, Robby welcomes Rolf von Roessing, former Vice Chair of ISACA Global, and CEO of FORFA Consulting, a German company speciali…
…
continue reading
This episode is for anyone working within cybersecurity that has ever had to explain what they actually do, or defend why they are investing in security. We’re happy to welcome Jeff Barto back to the podcast, to go through his presentation “We are Defending” that he presented at mnemonic’s C2 summit this summer. Jeff is the CISO of a large hedge fo…
…
continue reading
1
Insider threats to ransomware groups
30:33
30:33
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
30:33
What happens when cyber criminals don’t get what they believe they're owed? For this episode, Robby is joined by John Fokker, Head of Trellix Threat Intelligence. John shares from his long experience fighting cybercrime, where he among other places has worked for the Dutch National High-Tech Crime Unit (NHTCU), the Dutch National Police unit dedica…
…
continue reading
1
Network detection and response (NDR): the value of evidence
33:51
33:51
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
33:51
Network detection and response (NDR): the value of evidence What exactly is NDR, how have these technologies changed over the years, and are they more relevant now than ever? To help answer these questions, Robby is joined by Jean Schaffer. She’s had, to say the least, an interesting career with more than 33 years of experience from the US Departme…
…
continue reading
Industrial Control Systems (ICS) in the cloud Can the cloud fundamentally revolutionise Operational Technology (OT) security? To help Robby understand some of the nuances of OT security and help connect the dots between IT and OT, we’re joined by Vivek Ponnada from the OT, ICS & IoT security company Nozomi Networks. Vivek shares from his 24 years o…
…
continue reading
Enterprise Security Architecture Most organisations find it challenging to protect themselves against the ever-evolving list of risks and threats. The fact that most of us do this with a limited set of resources makes this even more complicated. Knowing what you should spend your time and efforts on is far from straight forward. But hopefully this …
…
continue reading
1
Azure / Office365: monitoring & hardening
37:23
37:23
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب
37:23
Azure monitoring & hardening What is the best way to build and automate security in the world of Azure? For this episode, Robby has invited someone that spends all their time doing exactly that, or more specifically, identifying all the things that can go wrong within the Microsoft ecosystem; Rik van Duijn, Hacker & Co-Founder of the Dutch cybersec…
…
continue reading
Who are the people helping us to keep the lights on? And what are our adversaries doing to get in the way of this? This episode of the mnemonic security podcast is directing some love and attention toward the people working with Operational Technology (OT) / Industrial Control Systems (ICS). To help him navigate this field, Robby is joined by Micha…
…
continue reading
What does mobile security mean in 2022? And what are defenders doing to keep the bad guys out of our pockets? To provide some insight into these questions, Robby has invited someone who has worked his entire career in Android security; Dario Durando, Android Malware Analyst at the Dutch security company ThreatFabric. During their conversation, they…
…
continue reading
As a follow up from last week’s episode on the malicious use-cases of drones with Mario Bartolome Manovel, Robby chats with Pablo Ruiz Encinas, Security Consultant at mnemonic. He recently did a course on drone security – the Drone Security Operations Certificate (DSOC) by DroneSec - and hence has a lot to say on the subject. Pablo did not only bri…
…
continue reading
Drones: malicious use-cases and how to counteract them. As unmanned aerial vehicles (UAVs), or drones, are growing in popularity commercially, their use-cases are also growing in numbers. To discuss them from a security professional’s view point, Robby has invited Mario Bartolome Manovel, Offensive Security Engineer at Telefonica. Mario talks about…
…
continue reading
Application Programming Interfaces (APIs) Why is Gartner predicting that API-based attacks will become the most frequent attack vector for applications? Although APIs deserve the credit for a lot of digital transformation and innovation, they’re also an attractive target for bad actors. To explain how APIs are being used these days, and why they ar…
…
continue reading
From the 14th to the 16th of November, the annual Industrial Security Conference will take place in Copenhagen, Denmark. Are you interested in Operational Technology and Industrial Control System security, and wonder what's going on in that part of our industry? Or just curious about the conference, and some of the speakers that will be there? Robb…
…
continue reading