Libsyn Directory

lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.

Release Date: 04/30/2023

Josh Grossman - building Appsec programs, bridging security and developer gaps

BrakeSec Education Podcast

Youtube VOD: #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process?...

Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers. Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with we did last night on . Join Mary and I as we discuss...

p2-accidentalCISO, building trust in new places

BrakeSec Education Podcast

Full Youtube VOD: Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources? What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions...

AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers. Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What...

1st show of 2024! Our 10th Anniversary...

BrakeSec Education Podcast

It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security" Check out the complete VOD at Explicit language warning

Brakesec Call to Action 2023

BrakeSec Education Podcast

Youtube Video: is the link to the survey. Your information (should you choose to identify yourself) will not be shared outside of the BrakeSec Team. Thank all of you for listening and for your input. RSS feed for the audio podcast is at website:

How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts!

BrakeSec Education Podcast

Show Topic Summary: Ms. Berlin proposes a question of how to gather more headcount with metrics, we discuss the BLUFFS bluetooth vulnerability, and “Ranty Claus” talks about CISA’s remarks of putting the onus on device product makers to remove choice for customers and implement secure defaults. #youtube VOD: Questions and topics: Additional information / pertinent LInks (Would you like to know more?): Examples of companies forcing changes - eBPF implementation in Rust Show points of Contact: Amanda...

25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people

BrakeSec Education Podcast

Subscribe on Twitch using Amazon Prime and watch us live: https://twitch.tv/brakesec Check out our VODs on Youtube: Join the BrakeSecEd discord: News:

Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: Nicole is the Chief Product Officer at Axio. Nicole has spent her career building awareness around the benefits of usable security and human-centered security as a way to increase company revenue and create a seamless user experience. Youtube VOD Link: Questions and...

John Aron, letters of marque, what does a "junior" job look like with AI?

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: John is the CEO of Aronetics. An avid climber and runner, John has spoken at many conferences about topics like ZeroTrust, BIOS/UEFI security, communication security, and malware. Aronetics is a technology-enabled service provider. Youtube VOD:...

More Episodes

Show Topic Summary (less than 300 words)
Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations are in the post-pandemic work from home environment.

Questions and potential sub-topics (5 minimum):
What is the difference between insider threat and insider risk?
Motivators of insider threat (not much different than espionage,IMO -bryan) (MICE: Money, Ideology, Compromise, and Ego.) https://thestack.technology/pentagon-leaks-insider-threat-sysadmin/
75% of all insider threats are being kicked off by HR departments. In short, it's proactive.
“How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?” UEBA? CASB? Employee surveys that are ‘anonymous’? Someone who reported others and it was dismissed? What if HR ‘gets it wrong’ or ‘it’s a hunt to find people no into ‘groupthink’ or ‘not a culture fit’? https://www.cbsnews.com/news/french-worker-fired-for-not-being-fun-at-work-wins-lawsuit-cubik-responds/
How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? https://securiti.ai/blog/hr-employee-data-protection/ )
Are companies causing the thing they are protecting against? (making an insider threat because they’ve become repressive?) (hoping there’s an ‘everything in moderation idea here… finding the happy medium between responsible ‘observability’ and ‘surveillance’)
Lots of ‘insider threat’ tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR?
Quiet Quitting - latest term for companies to use to describe “employee has a side gig”. How does this figure into insider threat? Is it assumed that people only have one ‘thing’ they do, or did the lack of a commute give people more time during the pandemic to diversify?
Solutions for employees? Separate their work and private/side gig? Learn what their contract states to keep conflicts of interest or your current/past employer from taking your cool side project/start-up idea away from you? Solutions for companies?