Security Nation

In this week’s episode of Security Nation, we had the pleasure of speaking with Stephanie Helm, director of the MassCyberCenter. In this interview, we discuss how she went from working in the Navy to becoming the director of this new initiative in Massachusetts and how her team is helping municipalities develop incident response plans and getting buy-in and budget for security amidst other priorities.Stick around for the Rapid Rundown, where Tod chats about Recog, Rumble, and the concept of contact tracing amid the COVID-19 pandemic. 

On this week’s episode of Security Nation, we spoke with John Strand, CEO of Black Hills Information Security, about how his team works remote, how they created a virtual event in just three days amid the COVID-19 pandemic and now teach others to do the same, and his predictions on the future of events. Stick around for our Rapid Rundown, where Tod explains why Zoom’s recent cybersecurity woes might not be as bad as recent news has made them seem.

In a recent episode of Rapid7’s podcast, Security Nation, we talked with Jonathan Cran, Head of Research at Kenna Security, about his side project, Intrigue, and how security professionals are spending their time while on coronavirus lockdown. And, in our Rapid Rundown news segment, Tod and Jen discuss electronic surveillance and contact tracing in the time of COVID-19.

https://gist.github.com/todb-r7/7c2c6487902c57981732124724a2ae44

How do you turn a small security conference with friends into a phenomenon? Just ask Nick Percoco! In our latest episode of Security Nation, we sit down with the founder of THOTCON to chat about how he came up with the idea for the Chicago-based conference, the challenges he has faced over the years, and how the conference has evolved over time to become what it is today.

Please note, this episode was recorded before Security Nation became aware of the allegations surfaced in the Post-Def Con 29 Transparency Report by Def Con organizers and the hacker community.Please be advised the following podcast contains sensitive subject matter.In this week’s episode of Security Nation, we sit down with Chris Hadnagy, CEO and founder of the Innocent Lives Foundation, about the charity’s work in unmasking anonymous online predators to help bring them to justice. The foundation leverages a network of OSINT-savvy volunteers to uncover people who produce and profit from child pornography and those who traffic children in order to bring those findings to members of federal and local law enforcement. Throughout the podcast, Chris talks about what inspired him to start this charity, what it took to get other people involved, how the program works, the importance of maintaining volunteers’ mental well-being, and how interested parties can get involved.Stick around for our Rapid Rundown, where To

In our latest episode of Security Nation, we talk to Tod Beebe, the Information Security Officer for an oil and gas company in Texas. Todd breaks down how he leveraged the MITRE ATT&CK framework to build an automated threat simulation system that enabled his organization to conduct daily threat simulation to validate their detective and preventive controls.

In honor of the 10-year anniversary of Rapid7’s acquisition of Metasploit, our latest episode of Security Nation features an interview with its founder, HD Moore. In it, HD gives his opinion on Metasploit’s current state and breaks down his latest project, Rumble, which makes it easy to discover what types of devices are on your network.

In this episode of Security Nation, we chat with Oliver Day about his experience embedding security into the engineering team at a medium-sized publisher. Oliver discusses the importance of understanding other people’s roles and what matters to them, and how that helps drive security efforts.Also, join Tod for the Rapid Rundown, where he digs into the latest BlueKeep attacks in everyone’s favorite segment, “BlueKeep Watch.”

In this episode of Security Nation, we sit down with Mark Geeslin, senior director of product security at Asurion, to talk about his success in building the organization’s Security Mavens program to create a culture of security. Learn about the program, how his unique approach to bringing on members has kept momentum going, and why he thinks getting buy-in from the top early was a key component to Security Mavens’ success. Also, in this episode’s Rapid Rundown, Tod talks about the various VPN breaches that were reported in mid-October and muses on why people use VPNs to begin with.

In this episode of Security Nation, we speak with Rob Graham, founder of Errata Security Consultancy, well-known security blogger, and soon-to-be book author. In it, he talks about the process of creating (and naming!) BlackICE, and his new efforts to write a book “out of spite” to right the security wrongs he is seeing in the industry. Rob also shares some of his writing process and advice for others looking to take on similar projects.Also, join Tod for the Rapid Rundown where he discusses how security pros can weigh in on election security through the Election Assistance Commission’s 2020 Election Administration and Voting Survey (2020 EAVS) and IT-ISAC’s request for information in the Election Industry SIG. Tod also reveals some key findings from Rapid7’s latest Industry Cyber-Exposure Report (ICER), which examines the level of exposure in top German organizations.

Security Nation returns this week with a new episode that's all about collaboration. We are joined by Katie Trimble of the Department of Homeland Security and Chris Coffin of MITRE for a discussion about their contribution to the CVE Project. The two talk how they got their start in their respective organizations, why the CVE Project is so important for security professionals, challenges they've faced to get this project off the ground and optimize their operations, and how others can pitch in as a CVE Numbering Authority (CNA). You'll also hear from Tod in our Rapid Rundown, where he compares and contrasts the the InfoSec world's response to the vBulletin and Internet Explorer zero-days this past week, and (as usual) brings you the latest in our BlueKeep Watch.

In this episode of Security Nation, Richard Kaufmann discusses what it took to drive digital transformation and improve security approches at Amedisys, a home health, hospice, and personal care provider. He dives into what inspired him to join Amedisys and help further their mission, why security works best when it's not seen, tactics he's learned to help empower other members on his team, and what his favorite dinosaur hacker movie is.In our Rapid Rundown segment, you'll also hear Tod and Jen run through the biggest security news of the week, including our continued BlueKeep watch and the security implications of phone number-based security measures. We publish new podcast episodes every two weeks, so stay tuned for future episodes, and if you like what you hear, please subscribe below! Our next podcast will be released on Friday, Sept. 27. 

In this episode of Security Nation, we chat with Wendy Nather, head of advisory CISO services at Duo Security, about her work bringing awareness around the unspoken issue of the Security Poverty Line (aka, how difficult it is for organizations to build effective security programs when they lack the resources to make it happen). Wendy talks about how budget, expertise, capability, and influence can influence an organization’s security standing, the issues that arise when security pros can’t agree on what’s needed to be “secure,” and the importance of empathy in understanding why organizations may make decisions that are considered less secure.In our Rapid Rundown, Tod and Jen share their biggest takeaways from Black Hat and DEF CON and discuss being on "BlueWatch" (*cue the "Baywatch" theme song*) for RDP vulnerabilities such as DejaBlue. 

In this episode, Beau Woods of I Am the Calvary, the Atlantic Council, and Stratigos Security and Meg King of the Wilson Center discuss their mission to improve collaboration between policymakers and the security community and better educate congressional staff on industry issues. Central to this mission is immersing congressional staff in the tech world by having them travel to Hacker Summer Camp in Las Vegas so they can learn and absorb all things cybersecurity.Learn what it takes to put a program like this together, what challenges Beau and Meg have encountered along the way, and what advice they would give people who want to get involved and work with policymakers.We also chat with Patrick Kiley of Rapid7 about his recently released research on the security of CAN bus systems in small aircraft, and Tod breaks down what you need to know about RDP and BlueKeep.

In this podcast, David Rogers breaks down his journey into the world of security, and how his IoT security standards got him recognized by the Queen of England. Tod and Jen also zoom through the recent Zoom vulnerability disclosure, and discuss what to look forward to in Las Vegas during Hacker Summer Camp.

In this episode of Security Nation, we catch up with Lee Brotherston, director of security at IoT startup ecobee, to chat about what it takes to launch a security program and get buy-in from leadership. 

In this episode of Security Nation, we sit down with Zate Berg, senior manager of security at Indeed.com, to discuss how he and his team avoided becoming a bottleneck in their software engineering team’s high-velocity process by integrating in automated application security. Zate shares his successes, challenges, and learnings for building a scalable, progressive appsec process. We wrap up with our "Rapid Rundown," in which Tod Beardsley, director of research at Rapid7, highlights the top three cybersecurity headlines you should be paying attention to this week.