Cyber Kumite

Evan Perotti has created Dredd to help automate the process of analyzing detection rules. This is a free tool downloadable from Github. Chris and Evan discuss its inspiration and many use cases.

Owen Zacharias discusses the benefits and challenges of cloud security. There are many tools and applications available to help secure your cloud environment but it is still up to you to configure and maintain the controls properly.

Nick Ascoli discusses differences between SIEM and UBA platforms, and debunks common misconceptions about UBA tools.

Tim and Chris discuss the usefulness of cybersecurity TTX and how to keep the exercises fresh. Find out how to make the most of these simulations, who should be there, and how frequenly they should be performed.

Mick Baccio, former CISO for Pete Buttigieg, talks about how he became the first Presidential Election Campaign CISO and what security challenges will be faced in the upcoming 2020 election.

Disclaimer: The views and opinions expressed in this production are those of the participants and do not necessarily reflect the official policies or positions of any other agency, organization, employer, or company.

Blue Teams specialist John Fung joins us to discuss Security Operations Metrics. Are they useful for measuring the security program? Which metrics are actually good? Learn how to avoid hyperbole and instead focus on manageable metrics that you can control.

Disclaimer: The views and opinions expressed in this production are those of the participants and do not necessarily reflect the official policies or positions of any other agency, organization, employer, or company.

Cybersecurity’s recruiting, development, and retention playbook sucks. This Culture, Talent, and Skills mini-series will discuss moving away from tired ideas to gutsy practices that yield high-performing and sustainable capabilities. Please enjoy these discussions with a few of our favorite security leaders, with tips to help you shape your team’s culture and resilience in the face of numbers and skills shortages.

Special guest Mamani Older joins us for this episode. We discuss building custom strategies and technologies vs. using templated or commercial resources. Are custom technologies just making more work for us? Which parts of your cyber program should be custom and which can be commercially bought?

Special guest Matt McHugh drops knowledge on CASB technology, and discusses how it compares to DLP, where the technology is limited, and if it delivers on everything the vendors have promised.

Tim & Chris discuss the differences between NIST CSF and MITRE ATT&CK frameworks, common misconceptions about each, and how companies should use the frameworks as part of their cybersecurity program.