Welcome to episode #4 of the webcast. A weekly livestream, video feed and podcast from Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. Hosted by Shawn Valle, Exec Director and CISO of Cybersecurity Growth.

In this fourth cast/stream, Shawn takes learnings from Microsoft, NIST and NSA about the topic of “zero trust”, puts them together into a single stream, presents the topics and gives his real world commentary on it. If you are new to Zero Trust, or confused like many others, give this a watch/listen, to help you get more familiar with the topic.

Watch on YouTube:

Listen right here:

Tune in live weekly by following the account at Twitch.tv/CybersecurityGrowth

Subscribe in your favorite podcatcher: https://feeds.captivate.fm/cybersecurity-growth/

Welcome to episode #3 of the webcast. A weekly livestream, video feed and podcast from Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. Hosted by Shawn Valle, Exec Director and CISO of Cybersecurity Growth.

In this third cast/stream, Shawn shares his personal approach for building a “cyber” security strategy and organization. This deep dive, circulates around the early days of being hired into a security leadership role, and what steps are/should be taken within the first 100 days in the role. Maybe there is something in here that you’ll find valuable.

Watch on YouTube:

Listen right here:

Tune in live weekly by following the account at Twitch.tv/CybersecurityGrowth

Subscribe in your favorite podcatcher: https://feeds.captivate.fm/cybersecurity-growth/

Initially posted at: https://www.nisos.com/podcast/know-your-adversary-episode-3/

I had the privilege to (virtually) sit with my industry colleague, Landon Winkelvoss (co-founder, Nisos) to discuss cyber adversaries I have encountered, and lessons learned.

Excerpt from the initial post:

In Episode 3 of Know Your Adversary, our discussion takes a look into the world of online platform abuse and fraud. We explore threat actors’ use of bots to make bulk purchases online. We also tell the story of a security researcher on the wrong side of the law. Learn about the path he took from disclosing a breach to demanding a ransom payment. Shawn tells us about two major threats he faced prior to taking on his current role. Each of those threats warranted different levels of attribution. In the first case, he was faced with bot programmers who abused the platform to “cut in the digital line” when major retailers were having online sales. In the second case, he was faced with a security researcher who compromised a third-party supplier, exfiltrated sensitive data, and threatened to go public if a ransom payment was not made. Our guest is former Chief Information Security Officer at Rapid 7, Shawn Valle.

Here are some of the key takeaways from the episode:

Different types of fraud, but similar techniques. While fraud on technology platforms differs from fraud against other industries, many of the techniques used to combat the abuse is the same. This is especially true when it comes to threat actor engagement.

Whether we are discussing “Trust and Safety” issues related to online platforms or fraud related to scams against employees, applications, or customers, both types of exploits result in reduced consumer confidence. In both cases, as Shawn explains, organizations must take aggressive steps to engage directly with threat actors to stop and attribute the fraud and ensure confidentiality, integrity, and availability of services.

Not all levels of e-crime require attribution and unmasking. The extent to which a victim will pursue threat actors varies. Many fraud prevention programs exist simply to identify the tactic being used to commit the fraud and ensure the fraud stops so the product or service can function properly. In many cases, the effort necessary to identify, pursue, and arrest the fraudsters is simply not worth expending resources.

Many levels of loss and reputation impact do require the attribution. As we discussed in last month’s episode with Randy Pargman, when security researchers or insider threats make contact with a victim and threaten a sizable payment or face public disclosure, attribution that goes beyond tactics and techniques is necessary. Shawn discusses another real-world example.

Securing the Resources, Accounts and Permissions of the Cloud Identity Perimeter

The dynamic and ephemeral nature of cloud environments makes traditional security perimeter approaches insufficient for managing risk. To reduce risk, companies must view identity in the cloud as a new perimeter. Strong cloud IAM governance is the key to preventing data breaches and limiting the blast radius should a security incident occur.

Watch the recording to hear Doug Cahill, VP and Group Director of Cybersecurity at ESG Global, Shawn Valle, CSO of Rapid7, and Chris Hertz of DivvyCloud by Rapid7 discuss why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how companies are governing cloud IAM to reduce risk and the chance of a data breach.

https://divvycloud.com/iam-webinar-reg/

During the very early days of the COVID-19 pandemic, I took every opportunity I could, to get cybersecurity thoughts out for the newly minted, global WFH workforce. Not just my teams, but any/every team across the world. This is one of those opportunities, where I got together with colleagues to get some raw ideas out to the world, as we all navigated the new WFH world.

Stay home, stay safe, and keep your organizations secure with our #RemoteWork webcast series. Join Rapid7’s Eric Reiners, Shawn Valle, and Katie Ledoux tomorrow as they answer the question: How can you ensure that security remains a top priority, while maintaining business continuity?

I was thinking end of last week, “what I would tell my friends and family about being safe online while being forced to work from home”. I started writing a few ideas (nothing Earth shattering), and then released those thoughts this morning in a blog post. If you find it useful at all, please share with those who may get value out of it.
#cybersecurity #rapid7 #onlinesafety

Article from Rapid7 Blog: https://blog.rapid7.com/2020/03/16/how-to-wfh-and-keep-your-digital-self-safe/

We have rapidly entered a new era of living with a global pandemic. As a result, many are working from home – at kitchen tables, sitting on the sofa, or typing at a desk next to the bed. With very little notice, our work and personal lives have changed, and we don’t know how long this will last. Without any talk of FUD (fear, uncertainty, doubt), it got me thinking about how we can stay safe online in this new world.

BE ON HIGH ALERT FOR ONLINE SCAMS

In times of uncertainty, we should anticipate bad actors looking for an opportunity to capitalize. This could be through phishing emails, financial scams, or other tactics that prey on human nature. Fortunately, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is monitoring and notifying the general public on cybersecurity scams related to COVID-19 and has provided the following guidance:

• Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
• Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
• Review CISA Insights on Risk Management for COVID-19 for more information.

While at home, it may be a good time for you to review your company’s security awareness communication regarding remote working and stay up to date with any new guidance as company plans and protections are likely to evolve over the coming days and weeks. Although it may be tempting or seem appropriate to “fast track” or “bypass” some of the processes or controls laid out, I advise against it. Internal controls and processes are in place for a reason and must be followed to avoid scams and in some cases, ensure compliance with external regulations.

MAKE SURE YOUR CORPORATE PASSWORDS ARE NOT ABOUT TO EXPIRE

Everyone’s experienced some challenges when it comes to changing passwords and it can get even more difficult and complex to change your password when you are NOT in the office.  Check to see if your password is expiring in the near future and make sure you know how to change it. Also consider checking with your IT team beforehand to ensure all systems for remote password changes are in order. The risk here is that your password expires while you are out of office. Once you’re locked out from the corporate network, it can be difficult to get yourself back online while remote.

CHECK YOUR WIFI CONNECTION

As many of our work laptops or mobile devices auto-connect to WiFi networks, check to ensure that you are connected to your home network (or intended hotspot). You might be surprised that you are connected to a public hotspot offered by a broadband provider, or a nearby neighbor’s WiFi network. To ensure you have the utmost privacy, just check your WiFi settings and ensure you are on the network you intend to be on.

CHECK YOUR VPN CONNECTIONS

Everyone does remote work a little differently, but most of us have some kind of VPN solution that gets us to critical internal systems we need to do our jobs. Please resist the urge to rig up your own RDP, VNC, or ssh tunnel (okay, maybe that last one, but only if you *really* know what you’re doing). Those solutions tend to mean poking holes in your firewall, exposing stuff you don’t mean to, and you probably haven’t instrumented your endpoints with logging, brute force resistance, or otherwise hardened them for the wild and wooly internet. Even if it’s “just temporarily” open, there’s nothing quite so permanent as a temporary fix. I promise, your IT department is there for you, and probably has a few extra licenses for a professionally managed VPN solution. And, if you haven’t exercised your VPN in a while, now is a great time to test it out. Better to find out that your VPN is busted now rather than later when the support requests really start to pile up.

If you have any questions about any of the above, I strongly recommend you reach out to your IT or security teams, who will be seeking ways of making remote working more practical for the organization during this difficult time. By being aware of the factors above and vigilant for malicious activity, you should be able to embrace remote working with confidence, hopefully reducing one area of stress relating to the COVID-19 pandemic.

Shawn is a participating member of the Cyber Resilience Think Tank. The Cyber Resilience Think Tank is an independent group of industry influencers dedicated to understanding the cyber resilience challenges facing organizations across the globe, and together, providing guidance on possible solutions.

Excerpts from eBook: “Transforming the SOC: Building Tomorrow’s Security Operations, Today”

Introduction

“The Cyber Resilience Think Tank gathered at RSA Conference to explore building out security operations center strategies. Read the report to get more insight on the four main trends they uncovered.”

“When you think of a security operations center (SOC), what
comes to mind? Is it an organized team of security analysts and
engineers who detect, analyze, and respond to incidents, always
working in lockstep with business managers to execute on the
security strategy? Or, is it a few analysts who spend their days
reactively responding to unprioritized security issues with a
variety of point tools at their fingertips?”

The human element

“The skills gap in cybersecurity is well documented; a 2019 study by (ISC)2 showed the cybersecurity workforce gap in the U.S. is approximately 500,000, and by estimating workforce gaps in 11 major economies around the world, it is believed that we have a cybersecurity talent shortage of just over 4 million.”

The idea of mapping cybersecurity threat trends is certainly not new, but it can be difficult to achieve when the number of incidents is too high for humans to manage. According to Shawn Valle, Chief Security Officer at Rapid7, the amount of times he’s heard that an external SOC is three or four hours late to report an incident is unacceptable.

“We all know that if it’s ransomware or some other malicious code,” Valle said. “It’d take milliseconds to spread across your entire network. Usually I hear that lack of manpower is the culprit, but it’s akin to having a home alarm system that goes off after the police file their report and leave your house.”

The argument for zero, partial, or a fully outsourced SOC staff may never be resolved, but experts agree that when SOC analysts and engineers are tuned into your organization’s cybersecurity strategy, business processes and overall business, the relationship is no longer transactional. Instead, the relationship and the outcomes of the SOC are directly tied to the security needs of the business.

Full report here: https://www.mimecast.com/globalassets/cyber-resilience-content/transforming-the-security-operations-center.pdf