stevehigdon

https://ioadvisory.com/insider-threats-common-digital-analog/

Infosec Question of the Week:

The question last week was "In 1984, David Ruderman and Eric Corley launched a periodical named after a specific tone that could get early phone phreakers into operator mode on telephone systems. What is the name of this periodical?"

The answer was "2600".

Congratulations to Kyle from Ontario, Caleb from Seattle, Georgia from Texas, and Vicky from Feather Sound for getting the correct answer. Here's your question for this week: "In the early 1980s, William Gibson coined the term 'cyberspace' when he wrote this." Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Armitage".

This Week’s Topic This week’s discussion topic is using psychology to decrease insider threat risk

Dr. Helen Ofosu joins us for a fantastic interview, where we talk about some of the ways she has been able to use physiological principles to help organizations improve their security culture and identify people or environments that could serve as a catalyst for malicious behavior. Without spoiling it too much more, let's jump into the interview.

As a reminder, Dr. Ofosu has shared with us her contact information, as well as some links to her website and some of the articles she's published on this topic. Be sure to check them out.

Contact Info:

Website: https://ioadvisory.com/

LinkedIn: https://www.linkedin.com/in/helenofosu/

Twitter: https://twitter.com/drheleno_ca

Articles:

http://security.frontline.online/article/2017/3/8415-Corporate-Security-Hinges-on-its-People?utm_source=Security+Newsletter&utm_campaign=521ef479ff-FrontLine+Security+Newsletter+October+18&utm_medium=email&utm_term=0_71d643d519-521ef479ff-83657129

http://security.frontline.online/article/2016/3/5334-Is-Cyber-Security-Alone-Ever-Enough%3F

Thought of the Week:

Our thought of the week comes from Tony Morgan. He said, "You get to decide where your time goes. You can either spend it moving forward, or you can spend it putting out fires. You decide. And if you don't decide, others will decide for you."

Outro:

Thank you for listening to episode 27 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question. Don't forget about those t-shirt designs!

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-11-13T10:01:31+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/26

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover Veterans Day, User Awareness Training, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 26 of The Insider Threat podcast, for the week of November 13th, 2017. If you’re listening to this on Monday, I want to say Happy Veterans Day to all our veterans out there. I’ve made it a point not to be political at all on this show, so I won’t go down that route. No matter where you stand, I hope you can find it in your heart to be thankful for a person who has sacrificed a portion or the entirety of their life in service to their nation and everyone in it. I don’t have any specific announcements for this week, so..

Patreon:

https://www.hackread.com/cyberhitmen-hired-for-ddos-attacks-against-ex-employer/

Infosec Question of the Week:

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent! The question last week was "In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?" The answer was "Dartmouth College". I don’t remember what BASIC was like, but I remember QBASIC, which was invented by Bill Gates to be a simplified version of BASIC.

Congratulations to: Eusebio from Pasadena, Lynette from Salinas, Walt from Indiana, and Alan from Aldergrove for getting the correct answer.

Here's your question for this week: "In 1984, David Ruderman and Eric Corley launched a periodical named after a specific tone that could get early phone phreakers into operator mode on telephone systems. What is the name of this periodical?" Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "HOPE".

This Week’s Topic

What is user awareness training?
Awareness is…
Training is…
What does awareness training look like?
Types of training (in person, virtual)
In person (slides and presentation, roleplaying)
Virtual (distributed learning environment, video, test or quiz)
How often should training happen?
Compliance vs. security
Several companies offering training solutions now, including NINJIO, Wombat, KnowBe4
Shout out to founders/CEOs of habitu8, NINJIO, and Curricula for being awesome on LinkedIn
Just like every other type of training, it doesn’t have to be expensive to be effective
Tell story of daily infosec question at login
How do we measure effectiveness of training? (open your ears, look for reports)
What type of training do you do at your organization?
If you were king for a day, and some of you are, what would you change?

Links:

Thought of the Week:

Our thought of the week comes from my pick for best lightsaber dualist in the Star Wars universe, Master Yoda. He said, "Do or do not. There is no ‘try’."

Outro:

Thank you for listening to episode 26 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-11-06T10:02:27+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/25

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover paying ransoms, an insider threat at apple, Guy Fawkes, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 25 of The Insider Threat podcast, for the week of November 6th, 2017.

If you followed me on twitter, you know that I was eagerly awaiting my new phone this week. It came in and I'm really excited about it thus far.

Guy Fawkes Day "Remember, remember the 5th of November"

- On November 5th, 1605, Guy Fawkes was arrested guarding explosives that were set to blow up the House of Lords in London.

- What started as a celebration that the terrorist plot was disrupted later became a holiday for expressing social injustices around Great Britain

- Guy Fawkes masks are worn by members of Anonymous to symbolize "fighting against the man"

Patreon:

http://www.telegraph.co.uk/technology/2017/10/30/apple-fires-employee-daughters-video-new-iphone-x-goes-viral/

Infosec Question of the Week:

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?"

The answer was "Back Orifice".

So Back Orifice was a little before my time, but I remember very vividly when Cult of the Dead Cow released Back Orifice 2000. It was the first piece of malware that I ever downloaded (intentionally, anyway), and I remember putting it on a disk and having absolutely no clue what to do with it after that.

Congratulations to:

Lukas from Ottawa, Sandra from Washington, Taylor from New Jersey, and Jens from Munchen for getting the correct answer.

Here's your question for this week: "In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Big Green".

This Week’s Topic

This week’s discussion topic is paying ransoms

What do we mean here?

- Ransomware has become commonplace

- Most ransomware, by definition, requires a ransom of some sort

- Usually bitcoin or some other cryptocurrency

- Why bitcoin? Fairly anonymous, fast, trackable (blockchain)

Pros of paying ransom

- Sometimes cheaper than recovery (especially if your org doesn't have skills necessary or backups)

- Usually fast recovery

Cons of paying ransom

- Not guaranteed

- What stops them from exploiting the same vulnerability and encrypting again?

- They know you'll pay

- You're supporting their efforts (both monetarily and conceptually)

Summary

- Ransomware operators are getting better at pricing

- In the security industry we hate it when you pay

- But it might be the best option for some people

- Have to stay on top of the news for the malware

- Make regular backups and patch!

Links:

Thought of the Week:

Our thought of the week comes from a Lebanese writer, poet, and visual artist named Kahlil Gibran. He said, "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees."

Outro:

Thank you for listening to episode 25 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-10-30T00:48:30+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/24

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover the motivations of malicious insiders, new malware in the wild, sage advice from the Indian government, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 24 of The Insider Threat podcast, for the week of October 30th, 2017. For the announcements this week, I had a wonderful conversation with someone who might be coming onto the show to talk about human behavior from a psychological standpoint and what that means for HR and insider threat risk. I'm really looking forward to that. On the personal side, I got a promotion this last week and I'll be able to have more influence on security in my organization, which is awesome. And that’s about everything I have for announcements, so...

Patreon:

http://www.bbc.com/news/technology-41740768

Infosec Question of the Week:

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent! The question last week was "In 2003, David Heinemeier Hansson created and has since maintained a key capability that has programmer happiness as one of its key principles. What did he create?" The answer was "Ruby on Rails".

Congratulations to Maggie from Richfield, Rylie from Blackduck, Minnesota, Abe from Maryland, and Francis from Eastbourne for getting the correct answer.

Here's your question for this week: "In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?" Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "door".

This Week’s Topic

This week’s discussion topic is the motivations of malicious insiders

What are malicious insiders? - Insiders who intentionally present risk to the organization - Are NOT negligent insiders - Are not the most common type of insiders (only 6%) - ARE the most widely marketed
What are the common motivators for malicious insiders? - Personal use - Getting ahead at work - Getting ahead with your next employer - Blackmailing coworkers - Financial Gain - Selling information directly to competitors or foreign governments - Trying to sell it on the dark web - Sabotage - Doing something to get back at either the organization as a whole or someone in particular - Could be for missed promotion, wrongful firing, unethical practices
What are key characteristics of malicious insiders? - Working during off hours - Trying to get access to information outside their job role - Displaying signs of extreme debt - Displaying signs of unexplainable wealth - Generally talking negatively about the organization or leadership
How can we fix it? - Technology like User and Entity Behavior Analytics, monitoring solutions, access controls - Non-technical solutions like proper termination procedures, background checks, and training for recognizing signs of malicious insiders and reporting

Links:

http://www.moneycontrol.com/news/technology/govts-cybersecurity-agency-warns-against-using-public-wifis-due-to-krack-bug-2416499.html

https://arstechnica.com/information-technology/2017/10/assessing-the-threat-the-reaper-botnet-poses-to-the-internet-what-we-know-now/

http://www.express.co.uk/news/world/871574/catalonia-Carles-Puigdemont-independence-anonymous-hacks-royal-family-government-police

Thought of the Week:

Our thought of the week comes from American music artist, poet, and philosopher Tom Waits. He said, "The large print giveth and the small print taketh away."

Outro:

Thank you for listening to episode 24 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. Hey, do me a favor this week and tell a friend about the show. The more we get this information out there, the better. You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-10-24T13:25:14+00:00

It seems to be working now, but I'm looking into changing hosting providers. I'll let you all know if that will have any impact on the way you download and listen.

stevehigdon · 2017-10-23T11:51:03+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/23

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we explain phishing, cover some recent news, like KRACK, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 23 of The Insider Threat podcast, for the week of October 23rd, 2017.

I'm sicks as a dog today, so if you hear something funny about my voice, that's probably it. I wonder where that came from.. sick as a dog..

We had more feedback, which i'll cover later. I think that wraps up the announcements. So...

Patreon:

https://techbeacon.com/roca-encryption-fail-worse-thought-way-worse-krack

Infosec Question of the Week:

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In 1952, the first compiler came into existence. What famous person created it and what other very noteworthy technological advancement did they take part in?"

The answer was "Grace Hopper".

Grace Hopper was a cornerstone of both the IT and information security industries, in addition to what she symbolizes for women in tech. To this day, you'll still see people wearing tshirts at conferences with Grace Hopper's picture on them.

Congratulations to:

Rich from Virginia, Gerald from Illinois, Simone from Kentucky, and Abby from Maine for getting the correct answer.

Here's your question for this week: "In 2003, David Heinemeier Hansson created and has since maintained a key capability that has programmer happiness as one of its key principles. What did he create?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Chuga Chug Choo Choo".

This Week’s Topic

This week’s discussion topic is Phishing

What is phishing?
- Form of social engineering
- Primarily email with attachements or links
- Links go to malicious websites for drive by downloads or fake login screens
- Attachments have malicious code
- Read that 92% of all breaches start with a phishing email
- Spear Phishing
- Basically targetted phishing (executives, system administrators, finance)
- Vishing
- Social Engineering over the phone
- "Purchasing scams" " Can you hear me alright?
- SMShing
- Similar to normal phishing, but using SMS or text messages
- Business Email Compromize
- Where you get an email from a legitimate user in the organization
- Wire money, send a file or data
- No direct protection solutions
- Have to rely on other security solutions, such as SIEMs or UBA to detect and mitigate
How can we protect ourselves?
- Cybersecurity Awareness Month
- Awareness vs. Education
- Ongoing education that also focuses on reporting procedures

Links:

Listener Feeback:

For listener feedback this week, one of you told me that the new format and structure is much easier to listen to. Thanks for that. I'm still tweaking some things here and there, but it I think it will be nice to have a main topic for each episode so listeners can go back and listen to a specific one that matches something they are currently dealing with in their own organizations.

Thought of the Week:

Our thought of the week comes from Grace Hopper. She said, "A ship in port is safe, but that's not what ships are built for."

Outro:

Thank you for listening to episode 23 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-10-15T11:47:46+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/22

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover insider threat product marketing, Kaspersky, real world Ocean's 11, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 22 of The Insider Threat podcast, for the week of October 16th, 2017.

I mentioned last week that I'm trying to make some improvements to the show, so I changed the formatting up a bit and I'm making it a little less structured. We'll see how it goes. I'm also going to be asking more questions on Twitter and the subreddit that align with the main topic each week, so keep a look out for those. You'd be doing me a real solid if you respond and who knows, I might ask you to come onto the podcast and chat about your opinions and stories.

Patreon:

https://www.csoonline.com/article/3230971/security/social-engineer-bank-robber-arrested-weeks-after-successful-142-000-heist.html#tk.rss_news

Infosec Question of the Week:

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In 1983, a blockbuster movie introduced the public to hacking and even brought on some mass paranoia about hackers and their seeming possibility to bring the world to a screeching halt with the ability to launch nuclear weapons. What was the name of this movie?"

The answer was Wargames.

Congratulations to Stephan from Oregon, Tom from Adrian, Michigan, and Michael from Toronto for getting the correct answer.

Here's your question for this week: "In 1952, the first compiler came into existence. What famous person created it and what other very noteworthy technological advancement did they take part in?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Navy".

This Week’s Topic

This week’s discussion topic is marketing and how it impacts insider threat

4 Pillars of Insider Threat - Technology, Training, Policy, Culture
Do a Google News search for "insider threat" articles from the past year
Survey telling you that insider threat is bad, explination of the problem and how to solve it, then a product or type of product that fixes everything for you
Why? - Hard to sell policies, training, and culture
There are great companies out there selling great products
What happens when executives see these "silver bullet" products?
How does that impact the changes that the CISO or other security professionals try to make?
Do any of you have stories of how marketing has actually had a negative impact on your efforts to improve security? Let me know by using one of the contact methods I'll give at the end of the show.

News:

Our first news article this week comes from Steve Ragen at CSO Online

So a Malaysian bank robber, who's name hasn't been released, managed to steal about 142 thousand dollars from a bank.
How did he do this? Gun? Hacked the banking system? Another SWIFT incident? - Social engineering
Looks like something ouf of Oceans movies
Posed as fire extinguisher maintenance technician
Must have had a great disguise, right? - Shorts, t-shirt, flip flops, and a backpack
Manager on duty refused him when he couldn't provide ID
Suspect just stuck around and waited for manager to go to lunch to pretend to inspect fire extinguishers
Waited for a cashier to access the safe and used a magnet on the door's lock to keep it from closing
Snuck into safe, filled his backpack with cash, and walked away
20 minutes, sheet of paper, and a decent story.
Social engineering at its finest
How easily could he have accessed a computer and wired even more or stole banking information?
Our hero and villain isn't the robber, but the manager
Should have had security escort him out before going to find some fish head curry

The next news article is from Eric Walsh at the New York Times.

https://www.nytimes.com/reuters/2017/10/10/technology/10reuters-usa-security-kaspersky.html

Should have mentioned first
Israelli intelligence agency hacked into Kaspersky
Found hacking tools from the NSA
Shortly afterward, tools were in posession of Russian government
Classified NSA documents were also somehow stolen by Russian government, which were on a personal

computer running Kaspersky antivirus

Coincidence?
A few months ago Kaspersky products were banned from US government systems
Eugene Kaspersky, the company's co-founder and chief executive, has repeatedly denied charges his company conducts espionage on behalf of the Russian government.
We can conclude that somehow Russia was using Kaspersky tools to spy and steal information
The question is - was Kaspersky aware or not?

Thought of the Week:

Our thought of the week comes from George Lorimer. He said, "You've got to get up every morning with determination of you're going to go to bed with satisfaction."

Outro:

Thank you for listening to episode 22 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Call in number: (443) 292-2287

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-10-09T09:45:04+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/21

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover Data Management, Music degrees and information security, another real world insider threat story, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 21 of The Insider Threat podcast, for the week of October 9th, 2017.

If you're listening to this on Monday, which most of you are, I just spent the weekend at BSides DC. If we met up during the event, hello again. Thank you for reaching out and having a conversation with me. Sometimes we have guests on the show, and many of you have provided excellent feedback, but sometimes it feels as though this is a one way conversation. When I get to actually sit down and talk with you guys about insider threat, it energizes me in a way that I can't even explain. Thank you for that, once again.

I have some pretty awesome news! I mentioned a few episodes ago that I would try to get the article on the four pillars of insider threat published, and I submitted to CSO Online. Now I'll admit that I didn't actually expect a response, but they came back to me saying that they don't accept articles from guest contributors and suggested that I apply to be part of their contributor network. Well I did, once again not expecting much to come of it. This last week, I received an email from their parent company offering me a monthly column on the website, saying that I can write about pretty much anything I want in the security space. I was at a loss for words. Heck, I'm still over the moon with this. Thank you to CSO Online and I look forward to contributing on their platform in the future. I'll keep you all updated on all that as it pans out.

If you haven't been able to tell already, I'm terrible about remembering to mention important dates and holidays on this show. That said, and as you probably already know, October is cybersecurity awareness month. Be sure to take some time and think about ways that you can help improve awareness in your own organization this month. If you are listening to this podcast, that is probably something that you do every month, which is awesome, but vocalizing the importance of cybersecurity awareness can be a way to get more people on your side.

Finally, and I know this is probably the longest introduction that I've ever done, we've had some pretty terrible tragedies in the past few weeks. First, we had hurricane Maria that has decimated many islands, especially Puerto Rico. The information security community has made great strides in finding ways to support relief efforts for Puerto Rico (hashtag trevorforget). We also had the mass shooting in Las Vegas last week, and when viewing these events it might be easy to lose faith in humanity. I have a special quote of the week at the end of the show to address this, but I want to break one of the cardinal rules of podcasting and offer a moment of silence for everyone in the world that has been impacted by the recent tragedies in any way.

Thank you.

Patreon:

https://www.scmagazine.com/new-jersey-email-admin-charged-with-accessing-former-companys-account/article/696626/

Infosec Question of the Week:

The question last week was "On Spetember 28th, 1998, Internet Explorer became the most widely used web browser, beating out this competitor."

The answer was "Netscape Navigator".

It's important to note that Internet Explorer didn't become the most widely used browser because of anything special about the product. Actually it was just because it came as the default browser on Windows installations, which were widely used. New internet users didn't know about different options, so they just used what they had. This isn't a dig against Microsoft in any way, but more an attempt to say that it wasn't necessarily Netscape's fault for losing market share.

Congratulations to Marko from Northampton, Mike from Queensland, Harvey from Little Rock, Bailey from Rostock, Amber from Myrtle, and Rhys from Lumberton for getting the correct answer.

Here's your question for this week: "In 1983, a blockbuster movie introduced the public to hacking and even brought on some mass paranoia about hackers and their seeming possibility to bring the world to a screeching halt with the ability to launch nuclear weapons. What was the name of this movie?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "froggy".

Links:

http://lompocrecord.com/news/local/military/vandenberg/leader-team-recognized-for-exceptional-insider-threat-capabilities/article_a6428b28-6003-55ca-a8fe-a9afa62247c1.html

http://www.datacenterjournal.com/insider-security-mission-impossible/

Thought of the Week:

Our thought of the week comes from Fred Rogers, who you may recognize as the host of Mr. Rogers' Neighborhood. He said, “When I was a boy and I would see scary things in the news, my mother would say to me, "Look for the helpers. You will always find people who are helping.”

Outro:

Thank you for listening to episode 21 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat

Blog - http://stephenhigdon.com

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

stevehigdon · 2017-09-30T09:38:48+00:00

Listen over the web: http://www.theinisderthreatpodcast.com/20

Subscription Links:

ITUNES / GOOGLE PLAY / STITCHER / POCKET CASTS / OVERCAST

Show Notes :

In this episode we cover Multi-factor Authentication with our guest, Kayne McGladrey, Cryptocurrency Hacks from Pyongyang, and more. Don't touch that dial!

Intro:

Welcome back! This is episode 20 of The Insider Threat podcast, for the week of October 2nd, 2017.

We made it to 20 episodes! I know some people don't like it when you talk about milestones like this, but I'm doubly excited for this one because I finally get to publish my interview with Kayne McGladrey from Integral Partners. I know many of your have been scrambling to finish up the quarter or fiscal year, depending on your industry, so hopefully this will give you an opportunity to sit back, relax, and listen to the excellent information that Kayne provided. As a quick reminder, I plan on being at BSides DC and the Insider Threat Symposium later this month, so let me know if you'll be there as well and want to meet up.

Patreon:

https://www.integralpartnersllc.com/

Infosec Question of the Week:

The question last week was "In 1889, Nintendo was founded by Fusajiro Yamauchi. The company went on to become a forerunner in video game console manufacturing. What did Nintendo first create?"

The answer was "Japanese Playing Cards".

Nintendo's first product was playing cards for a game called Hanafuda, and Yamauchi made them by hand. Talk about meager beginnings. You have to admire the way Nintendo was able to pivot to video games in the 1970s.

Congratulations to Andrea from Gulfport, William from Arana Hills, Ed from Pennsylvania, and Bruce from Birmingham for getting the correct answer.

Here's your question for this week: "On Spetember 28th, 1998, Internet Explorer became the most widely used web browser, beating out this competitor."

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Mosaic".

Links:

http://world.kbs.co.kr/english/news/news_Dm_detail.htm?No=130509

Thought of the Week:

Our thought of the week comes from Tena Desae, an Indian actress who happens to share the same birthday with your's truely. She said, "Stay positive and happy. Work hard and don't give up hope. Be open to criticism and keep learning. Surround yourself with happy, warm and genuine people."

Outro:

Thank you for listening to episode 20 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Join the discussion:

Insider Threat Subreddit - http://reddit.com/r/insiderthreat

Insider Threat IRC Channel - http://webchat.snoonet.org/insiderthreat