Episoder
-
Featuring the esteemed crypto early adopters and tech thought leaders Josh McIntyre and Brooks Clifford — this episode covers what is crypto, where does it fit in the financial ecosystem, how to spot and avoid common crypto scams, the pros and cons of different exchanges - Robinhood, Binanace.us, and Coinbase. It also discusses the complex intersection of privacy (encryption) vs. transparency, the conundrum of those getting locked out of their own crypto, the best crypto use cases for the underbanked non-developed world, and the future prospects of fintech amid regulatory unknowns. The overarching theme of this nearly hour and a half episode is tech risk education and privacy as security for improved fintech innovation. It cites a related article I wrote on this 5.5 years ago: Thought$ On The Future of Digital Curren¢y For A Better World.
Josh McIntyre is a software engineer, tech educator, and avid learner and explainer. He works full-time as a software engineer at Microsoft and runs an open-source technical education project called Chaintuts. The mission of Chaintuts is to educate anyone that wants to learn about cryptocurrencies, security, and computer science: https://chaintuts.com/.
Brooks Clifford always had a passion for both finance and technology. He started his first business at the age of 15 at the forefront of e-commerce. It was in 2013 when he first discovered bitcoin while working at Morgan Stanley and have been a strong advocate for the technology ever since. He has been working in the cryptocurrency space professionally for the last 7 years most notably as an investment manager. A few career highlights include being invited to present on bitcoin at the 2014 Minnesota State Fair by then Minnesota Secretary of State Mark Richie as well as being appointed to the Forbes Finance Council in 2017. He is the founder of a new crypto investment firm Bidwell Investment Group at: https://bidwellinvestmentgroup.com/.
Disclaimer: This podcast does not represent the views of former or current employers and/or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason-based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
Featuring the esteemed technology and risk thought leaders Donald Malloy and Nathaniel Engelsen — this episode covers threat modeling methodologies STRIDE, Attack Tree, VAST, and PASTA. Specifically, how to apply them with limited budgets. It also discusses the complex intersection of how to derive ROI on threat modeling with compliance and insurance considerations. We then cover IAM best practices including group and role level policy and control best practices. Lastly, we hear a few great examples of key CISO risk management must-dos at the big and small company levels.
Donald Malloy has more than 25 years of experience in the security and payment industry and is currently a security technology consultant advising many companies. Malloy was responsible for developing the online authentication product line while at NagraID Security (Oberthur) and prior to that he was Business Development and Marketing Manager for Secure Smart Card ICs for both Philips Semiconductors (NXP) and Infineon Technologies. Malloy originally comes from Boston where he was educated and has M.S. level degrees in Organic Chemistry and an M.B.A. in Marketing. Presently he is the Chairman of The Initiative for Open Authentication (OATH) and is a solution provider with DualAuth. OATH is an industry alliance that has changed the authentication market from proprietary systems to an open-source standard-based architecture promoting ubiquitous strong authentication used by most companies today. DualAuth is a global leader in trusted security with two-factor authentication include auto passwords. He resides in southern California and in his spare time he enjoys hiking, kayaking, and traveling around this beautiful world.
Nathaniel Engelsen is a technology executive, agilest, writer, and speaker on topics including DevOps, agile team transformation, and cloud infrastructure & security. Over the past 20 years he has worked for startups, small and mid-size organizations, and $1B+ enterprises in industries as varied as consulting, gaming, healthcare, retail, transportation logistics, and digital marketing. Nathaniel’s current security venture is Callback Security, providing dynamic access control mechanisms that allow companies to turn off well-known or static remote and database access routes. Nathaniel has a bachelor’s in Management Information Systems from Rowan University and an MBA from the University of Minnesota, where he was a Carlson Scholar. He also holds a CISSP.
More information on Abstract Forward Consulting can be found here.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason-based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
Mangler du episoder?
-
In a dynamic conversation with two thought-leading guests, Mamady Konneh and Chip Harris — this episode covers how to stay cyber defended while working remotely because of the COVID-19 pandemic. We review our article published by the ISSA Journal which covered 6 key cyberlearning from 2019. We talk at length about media disinformation identification and avoidance tips, ransomware avoidance tips, cyber hygiene education, IAM best practices in the increased work from home context, CIO/CISO strategy, and supply chain and vendor cyber risk management — in the context of cyber or health disaster planning and response.
Mamady Konneh is a senior information security professional, speaker and mentor with 10+ years of relevant experience in security, risk management, and project management in the healthcare, finance, and retail industries. He is a dynamic team player who leads by taking initiatives in developing efficient risk mitigation and situational awareness tactics. He is proficient at assessing the needs of the business and providing the tools to resolve challenges by enhancing the business process. He holds an MSST (Master of Science in Security Technologies) degree from the U of MN where he researched global I.D. card best practices for the country of Guinea.
Chip Harris has an extensive background in government and business InfoSec engineering and red team planning and operations — with over 25 years of experience designing and managing IT systems. His expertise is in identifying and solving problems by delivering projects and solutions. His experience includes serving as the IT lead and project manager within the business unit, evaluating system performance, helping business leaders and non-technical clients understand how technology can improve workflow, developing and enforcing standard IT practices, and ensuring IT compliance with regulations such as NERC CIP, PCI, GDPR, HIPAA, and SOX. He has a Ph.D. in Cyber Security and Cyber Operations from the United States War College, a Masters in Cyber Security and Cyber Crime from the United States War College, and a Bachelors in Computer Science and Animation from Memphis College of Art. He has the following certifications: MCE, MCSE, NCE, MCSA, MCM, MCT, Security +, SUSE Novell Linux, Open SUSE Enterprise, Ubuntu Server Admin, PICK WMS, Backtrack 5, Netools 5, Dell Kace 3000 and 1000, IBM Q-Radar, Carbon Black, Tenable Security Suite, Dark Trace, Q-Radar, IBM Guardium, OWASP, Check Point, RHL, Kali Linux Certified, C|EH, C|PT, C|HFI, CCE, GIAC Rated, Barracuda, and he is even Tripwire Certified.
More information on Abstract Forward Consulting can be found here.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
In this episode, we cover IAM best practices, the BrrCon mission, self-care amid fire drills, creativity in security, IOT security considerations, the MITRE ATT&CK framework, hr participation in cyber geek culture, and social media (disinformation) and electronic voting considerations — with the remarkable Chris Roberts plus special guest Mamady Konneh.
Since the late 90’s Chris Roberts has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attacks. Prior to that, he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. Before that, he managed to get various computers confiscated by a number of European entities. As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, several documentary films, and numerous others have covered him in the media. He also gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control systems.
Mamady Konneh is a senior Information Security professional, speaker and mentor with 10+ years of relevant experience in security, risk management, IAM, and compliance in the healthcare, finance, and retail industries. He is a dynamic team player who leads by taking initiative in developing efficient risk mitigation and situational awareness tactics. He is proficient at assessing the needs of the business and providing tools to resolve challenges by enhancing the business process. He holds an MSST (Master of Science In Security Technologies) degree from the U of MN where he researched global I.D. card best practices for the country of Guinea.
More information on Abstract Forward Consulting can be found here.Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
In this episode, we are joined by two senior cyber liability risk thought leaders, Greg Coon and Tim Olish, having a lively discussion on the 10 Things IT Executives Must Know About Cyber Insurance! Some of which includes business context and definition, heightened duty to protect data and systems, ongoing asset, risk and coverages evaluation, demystifying first and third party losses, and likely coverage exclusions and sub-limits. Compliance, privacy, and assessing vendor risk is also discussed.
More information on Abstract Forward Consulting can be found here.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
In this episode, we are joined by Grant Wood of KNotion Labs. Wood is a stand-out advanced innovation visionary, hands-on innovator, with direct experience delivering class-beating and world-first products for Fortune 500 and startup clients alike. His work has opened multi-billion dollar markets to companies, created entirely new product categories, hit performance benchmarks measured in nanoseconds and been protected in dozens of patent claims applicable to advertising, retail, payments, reconfigurable computing, finance, and consumer and industrial products.
This episode covers what’s wrong with how most organizations think about innovation, how to measure innovation, best practices in new product design, and the importance of having 4-5 moonshot projects to incubate innovation. We also discuss the Fortnite hack, applying the NIST Cyber Security Framework, how organizational bureaucracy hampers creativity and what to do about it, why cybersecurity is not like basketball because the rules always change, and lastly, machine learning use cases in both data breach detection and metallic glass engineering research.
More information on Abstract Forward Consulting can be found here.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
-
In this episode, we have a deep conversation about the project management leadership, John Kotter’s 8 step change management model, team dynamics, change management planning and communication, the impact of company culture on change, using vulnerability to get team stakeholders to open up, and a few stories related to project leadership and change management best practices and pitfalls to avoid.
Susanne Madsen is an internationally recognized project leadership coach, trainer, speaker and consultant. She is the author of “The Project Management Coaching Workbook” and “The Power of Project Leadership”.
Prior to setting up her own business, Susanne worked for 17 years in the corporate sector managing and rolling out large change programs of up to $30 million for organizations such as Standard Bank, Citigroup and JPMorgan Chase. Susanne is a PRINCE2 and MSP Practitioner and a qualified Corporate and Executive coach. She is also a Member of the Association for Project Management (APM). -
In this episode, we have a deep conversation with CISO Consultant Chip Harris. We start with an overview of network scanning, both free open source tools like OpenVAS and other more costly options like Tenable. We then talk about red teaming, issues with data security lakes, the Equifax data breach, how leadership impacts security, and how threat actors are better at innovating than defenders typically are. We also cover the evolution of messaging, mobile device application hype and exploits, mobile application containerization, how the cyber kill chain came about, and a few things about the future of incident response.
Harris has an extensive background in government and business InfoSec engineering and red team planning and operations — with over 25 years of experience designing and managing IT systems. His expertise is in identifying and solving problems by delivering projects and solutions. His experience includes serving as the IT lead and project manager within the business unit, evaluating system performance, helping business leaders and non-technical clients understand how technology can improve workflow, developing and enforcing standard IT practices, and ensuring IT compliance with regulations such as NERC CIP, PCI, GDPR, HIPAA, and SOX.
He has a Ph.D. in Cyber Security and Cyber Operations from the United States War College, a Masters in Cyber Security and Cyber Crime from the United States War College, and a Bachelors in Computer Science and Animation from Memphis College of Art. He has the following certifications: MCE, MCSE, NCE, MCSA, MCM, MCT, Security +, SUSE Novell Linux, Open SUSE Enterprise, Ubuntu Server Admin, PICK WMS, Backtrack 5, Netools 5, Dell Kace 3000 and 1000, IBM Q-Radar, Carbon Black, Tenable Security Suite, Dark Trace, Q-Radar, IBM Guardium, OWASP, Check Point, RHL, Kali Linux Certified, C|EH, C|PT, C|HFI, CCE, GIAC Rated, Barracuda, and he is even Tripwire Certified.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC. -
In this episode, we have a deep conversation with Sr Cyber Security, I.T. Audit, and Third Party Risk Management Consultant, James Redman. Redman helped roll out HITRUST (The Health Information Trust Alliance) policies and procedures for a large health insurer to executive accolades. He also spent time in I.T. Audit at two respected accounting firms and even was a construction project manager. He has the following certifications: CISA, CISSP, HITRUST CCSFP. Jeremy Swenson has an MBA and a Masters Degree in Security Technologies which covers frameworks generally. He has been a cybersecurity writer/commentator/thought leader for 5 plus years, and an I.T. consultant for more than a decade at many companies.
We also cover the history of HITRUST as a security framework for healthcare, how to apply it, and how it differs from frameworks like NIST. We also cover how to manage third party or vendor risk as a company grows, the right mix of cloud vs. on-premises infrastructure, how to overcome checkbox compliance, and where companies make mistakes with cyber risk and cyber defense.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast is not associated with or sponsored by HITRUST, nor is it marketing of HITRUST. It is a public discussion about cyber-security frameworks including HITRUST based on the subjects experience with many frameworks at many companies, including unique research, and publicly available research. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC. -
In this episode we have a deep conversation with security data scientist Jay Jacobs concerning the reliability of breach reporting, long tail curves, future trends, and the business of ransomware. Jacobs enjoys digging into data to find the insight and knowledge to tackle hard problems for customers,
partners and the community at large. He is currently Partner & Co-Founder of the Cyentia Institute, a security data analytics consultancy. Although he’s taken on many projects, he’s best known for strong contributions to Verizon’s annual Data Breach Investigations Report series and his book Data-Driven Security: Analysis, Visualization and Dashboards. He is a founding member of the Society of Information Risk Analysts, and remains an active proponent of improving how we measure and manage risk.
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC. -
In this episode, renowned governance, risk, and compliance critical infrastructure security and resiliency expert Jim Danburg joins us for a candid and thought-provoking conversation on data classification including a funny story doing a project for a CISO (chief information security officer).
More specifically, we discuss the four types of data classification vs. only three, data over-classification, data mis-classification, governance risk and compliance, data security, role based access control (RBAC), need to know policy, litigation discovery risk, the declining cost of data storage: disk vs. solid state, outsourcing data and PCI risk, mapping dependencies, the relationship between executives and data policy compliance, bring your own device (BYOD) containerization: corporate vs. personal data with privacy implications, the secure destruction of data and hardware – and what it takes to improve all this!
Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.
