To The Point - Cybersecurity (Forcepoint | Global Cybersecurity Leader | Security. Simplified.)

In December 2018, the White House released it updated draft Trusted Internet Connection policy (TIC 3.0) which is a program created by the federal government to consolidate the number of external internet connections within agencies so that IT Teams can more efficiently manage security efforts. On this episode of To The Point Cybersecurity, we are joined by Next Gov’s Senior Editor to discuss the updated policy, how it will impact cloud security and what is means for government networks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e20

Stacy is a self starter with a passion for cyber security. Co-Founder of Connected Transport Business Unit at Irdeto. Evangelist and active speaker on cyber security for the connected transportation space. Strong and demonstrated Stacy Janes, Head of Security at Waymo

technical history in cyber security areas such as PKI, authentication/authorization, end-point security and ethical hacking. Proven history of building teams to solve difficult industry problems. 

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e266

This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You’ll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022.

Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School

Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense.

https://www.linkedin.com/in/josephine-wolff-1baa414b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e271

Quantum computing, Grobman's curb, upcoming election, how to prepare for the Cyber pandemic, all part of this facinating episode with Steve Grobman, Chief Technology Officer at McAfee.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e83

The next two weeks we catch up with SC Media Editor-in-Chief Jill Aitoro for a two-part discussion on the latest hot cybersecurity news drivers such as the continuing Microsoft Exchange hacker feeding frenzy and continuing discoveries from the SolarWinds supply chain attack. Both of which raise more questions than answers in how we collectively solve for these security challenges including pathways such as legal requirements for notifications, who do you notify and who is notified first, security ratings systems for software suppliers and businesses and managing such a system on a global scale across organizations small and large. We also explore the role of superadmins and where the line of offensive strategies against nation-state attackers should be drawn for enterprises. And in celebration of March 2021 as Women’s History Month, we discuss the path forward for enabling future female business leaders in security and the power of mentoring and advocacy for the up and coming generation of diverse leaders and thinkers across the industry to solve what is admittedly one of the most significant challenges of the modern era – cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e126

Marco Figueroa Cyber Threat Hunter takes us inside the mind of the #Sunburst adversary. The timeline and what he would be doing were he the adversary. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e117

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

RSA's theme this year: Human Element--very telling of what's important to the industry, we are moving away from point, event solutions to holistic, human centric solutions. Guests: Rachael Lyon, Forcepoint Director Communication and Nicolas (Nico) Fischbach, Global Chief Technology Officer at Forcepoint. https://www.forcepoint.com/resources/podcasts/e68

Richard joins us to discuss what cyber war looks like and how we can prepare for the proverbial "Digital Pearl Harbor". For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e74

This week Dickie George who worked at the National Security Agency (NSA) as a Cryptologic Mathematician for over 40 years in the Information Assurance Directorate talk about his experience in being a government "cybersecurity target" and how to be a target that is hard to hit.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e22

This week we welcome back to the podcast former co-host Eric Trexler, Senior Vice President, U.S. Public Sector at Palo Alto Networks. We examine some hot security topics for the year ahead including growing prevalence of AI/ML automation used for preventative security, continued evolution and impact of ransomware (Did you know the average dwell time is 28 days?!), increasing adoption of people/process/technology approaches, industry consolidation, state and local cybergrants coming online and the opportunities those open up, Zero Trust pros and cons, attack surface management and what’s been learned about cyberwarfare from the Ukraine conflict.

Eric Trexler, Senior Vice President, US Public Sector, Palo Alto Networks

Eric joined Palo Alto Networks in September of 2022 and oversees the US Public Sector business.

Most recently, Eric Trexler was the Vice President of Sales, Global Governments and Critical Infrastructure at Forcepoint. Eric was responsible for Global Go To Market operations to include all components of sales, sales enablement, and field and product marketing. While at Forcepoint, Eric’s team doubled the size of the business over a five year period to nearly $400M in annual sales and strategically moved a large part of the
business to the Public Cloud.

Eric has nearly 30 years of experience in technology across the public and private sectors, including Department of Defense, Civilian, and Intelligence communities, along with International governments. Eric has combined his sales savvy and technical skills with practical knowledge of leadership fundamentals to solve global cybersecurity issues for his customers and the business.

Prior to Forcepoint, Eric was the executive director for Civilian and National Security Programs at McAfee (formerly Intel Security). Earlier in his career, Eric worked at [Salesforce.com](http://Salesforce.com "‌"), EMC, and Sybase. He spent four years as an Airborne Ranger with the U.S. Army specializing in communications. Eric holds a Master's Degree in Business Administration and a Bachelor’s of Science in Marketing from the University of Maryland
at College Park.

He was the co-host of the award winning “To The Point Cybersecurity”
podcast with over 200 weekly episodes covering various cybersecurity topics, and he regularly writes bylines for cybersecurity and national periodicals.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e216

This week Rachael and Eric discuss the recently published "Defending Ukraine: Early Lessons from the Cyber War" report from Microsoft and the accompanying blog post by Microsoft President and Vice Chair Brad Smith. They share insights and raise lingering questions on the report’s findings and the five conclusions Microsoft framed from the war’s first four months. They also briefly share insights from the June 2022 cyberdefense research report "The IT Army of Ukraine" from Stefan Soesanto of the Center for Security Studies in Zurich. So much to unpack in this week’s episode! There will definitely be follow-on episodes with key players from these reports that you won’t want to miss!

Host Rachael Lyon
Rachael Lyon brings her journalistic curiosity and more than 20 years in technology working with global industry leaders and innovative start-ups to dig into today’s cyber news and trends impacting us all.

Co-host Eric Trexler
Eric Trexler is Vice President of Sales, Global Governments, Forcepoint. Eric has more than 21 years of experience in the technology industry with both the public and private sectors including the DoD, Civilian, and Intelligence components. Prior to joining Forcepoint, Eric was the Executive Director for Civilian and National Security Programs at McAfee, formerly Intel Security. Prior to joining McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC Corporation and Sybase, Inc.

Eric served as an Airborne Ranger with the United States Army for four years, specializing in communications. He holds a bachelor’s degree in marketing and an MBA with a concentration in strategy, both from the University of Maryland at College Park.

LinkedIn

https://www.linkedin.com/in/eric-trexler-8b6b39/
https://www.linkedin.com/in/rachaellyon/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e187

Part 2: Major General Joe Brendler, U.S. Army (retired) discusses Multi-Domain Operations and how Cross Domain Solutions have improved communications, how communications--especially telework has changed due to the pandemic and how IoT has made the military re-think secure communications. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e86

Joining the podcast this week is Katie Arrington is the founder of LD Innovations, LLC Cybersecurity and the former Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) to the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). We cover many interesting themes in our lively discussion including Cybersecurity Maturity Model Certification (CMMC), the impact of a cyber mentality and culture, the National Cybersecurity Strategy, the CHIPS Act, risk reduction strategies, the future of cybersecurity, China’s 100-year plan, Huawei, MITRE, Paperwork Reduction Act, and so much more. And for movie fans, there are more than a dozen movie references you’ll want to hear. Plus many book recommendations as well - some you might be surprised to learn!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e231

This week we get to the point with Chris Krebs the nation’s top cybersecurity official. We discuss his vision for the newly created DHS Cybersecurity and Infrastructure Security Agency, election security, what keeps him up at night and why he bikes to work every day.

The intersection of AI and cybersecurity with Steve Orrin, CTO of Intel Federal. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e71

2020 Final Three Predictions, Part 2 of 2: Cloud smart not dumb, Mature approach to data and privacy, Indicators of Compromise IoC to Indicators of Behavior IoB. Nicolas Fischbach, Forcepoint's CTO, Phil Goldstein of FedTech and Mike Gruss of Fifth Domain weigh in on Forcepoint Cybersecurity Predictions and Trends for 2020. For more information about this episode, please visit https://www.forcepoint.com/govpodcast/e65, and be sure to check out Forcepoint's Cybersecurity Predictions Report here: https://www.forcepoint.com/blog/x-labs/2020-forcepoint-cybersecurity-predictions

Earlier this week Forcepoint held an interactive roundtable where government leaders from agencies such as the SBA, Department of Energy and NASA shared their respective experiences in adopting the CDM program.

In this week’s  episode Eric Trexler and Arika Pierce will discuss highlights from the breakfast as well as discuss the results from a recent Forcepoint/Market Connections survey of CDM leaders across civilian government agencies to find out more about the current pulse of the program.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e4

What a fantastic year of guests, Eric and Carolyn review their top 10 guests. Be one of the first 10 to share this episode to receive your choice of one of these books (Spoiler alert):

• Cyber Nation, David Sanger
• Burn-in, Peter Singer
• Ghost Fleet, Peter Singer
• LikeWar, Peter Singer

This 2020's final episode, Happy Holidays and see you in the new year! For links and resources discussed in this episode, please visit our show notes at  https://www.forcepoint.com/govpodcast/e114

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

This week we officially welcome Petko Stoyanov as the new co-host for the To The Point podcast. Petko shares perspective on how he found his way to cyber, the origin of the name “Petko”, and differences in working in government and the private sector. We also discuss the state of cybersecurity landscape and the ongoing challenge of attribution – which is really asking the question, “Who is smarter” in executing cyber attacks. And we dive into the latest headlines on cybersecurity labels for IoT devices which Singapore started actively addressing a few years ago and has partnered with Finland and recently Germany. The US will start embracing security labels in 2023, on a voluntary basis at first, for the most vulnerable IoT devices such as routers and connected home cameras. Big implications here on the future of consumer IoT devices we’ll want to continue tracking in the year ahead.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e205

Andrew Borene, Executive Director at Flashpoint joins the podcast this week. He brings a wealth of insights on today’s state of international security affairs gleaned from his many years in the U.S. Intelligence community, and leading private sector intelligence teams. We cover hot topics including collaboration on international cybersecurity policies, NATO’s cyber defense capabilities and challenges in achieving unified, alliance-wide cybersecurity policies. We also double click into today’s much discussed topic of Open-source intelligence (OSINT) and its growing popularity (such as Ukraine conflict), benefits and potential risks it poses. He also shares the journey of his professional path to security and it is quite exciting and inspiring! You don’t want to miss this episode!

Andrew Borene, Executive Director for Global Business Development at Flashpoint National Security Solutions

Andrew Borene is an Executive Director with Flashpoint, a worldwide provider of specialized intelligence and data to allied governments, businesses, and critical infrastructure industries to help them take decisive action and reduce risk.

A seasoned advanced technology executive who led private sector intelligence teams at IBM, Symantec, and LexisNexis — Andrew is also a former senior official in the U.S. Intelligence Community where he led strategic operational planning for foreign counterterrorism on behalf of The White House National Security Council in addition to roles leading privacy policy and academic research efforts in areas from open-source intelligence to transnational crime. Borene is an attorney with deep national security law expertise, a Certified Information Systems Security Professional, and a US Marine Corps veteran.

Andrew’s previous work has been recognized for service with both the FBI Director’s Award and the ODNI Exceptional Achievement Award. He is a Life Member of the Council of Foreign Relations.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e257

For this week’s episode we catch up with LaLisha Hurt, Deputy Chief Information Security Officer for General Dynamics Information Technology (GDIT) and recognized Cyber Wonder Warrior. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e135

Want to know what this week’s episode title means? Listen to our two-part episode with Juan Andrés Guerrero Saade (aka JAGS), principal researcher at SentinelOne and Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). JAGS takes us on an exciting and educational ride through his research efforts on Moonlight Maze, one of the first widely known cyber espionage campaigns in world history, and how he came to be a featured hologram in the International Spy Museum in Washington, D.C. He also shares insights on the epic trolling endeavor through the recent “Meteor Express” wiper attack of an Iranian railway and possible ties to early versions of Stardust and Comet malware. And you won’t want to miss his perspective on monetization, Linux flying below the radar, why it’s important to get more savvy in determining what you want from vendors and how a philosophy major found his way into the threat intel space.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e270

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what’s been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can’t be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today.

Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security

Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS’s independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities.

In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels.

Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA’s role in the development of open standards for security. Sager’s awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273

Joining us from the fantastic vista of Monaco is Mark Arena, CEO at Intel 471 – and he has a great story to tell about the origins of the company name! He also breaks down the ransomware threat over the last couple decades and how they have evolved with the availability of new, faster, better technology as well as a business acumen in creating affiliate programs and Ransomware-as-a-Service. And he shares insights on cryptomixing as yet another path ransomware gangs can utilize to anonymize their ransom bounties received. (HINT: this is more like money laundering of cryptocurrency) So many great insights in this episode – including the importance of boots on the ground - you don’t want to miss it!Joining us from the fantastic vista of Monaco is Mark Arena, CEO at Intel 471 – and he has a great story to tell about the origins of the company name! He also breaks down the ransomware threat over the last couple decades and how they have evolved with the availability of new, faster, better technology as well as a business acumen in creating affiliate programs and Ransomware-as-a-Service. And he shares insights on cryptomixing as yet another path ransomware gangs can utilize to anonymize their ransom bounties received. (HINT: this is more like money laundering of cryptocurrency) So many great insights in this episode – including the importance of boots on the ground - you don’t want to miss it!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e163

Enrique Oti, Chief Technology Officer for Second Front Systems joins us for a candid discussion on the opportunities and challenges in innovating government software development, deployment and acquisition as founder of the U.S. Air Force’s Kessel Run program and co-founder of the Defense Innovation Unit in Silicon Valley. He shares insights on finding the right talent to build teams, importance of red team testing and continuous monitoring, how compliance introduces insecurity into the system, and what we could achieve when accrediting teams sit with developers. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e134

Trish Cagliostro, Head of Business Development for security - Worldwide Public Sector for Security Services at Amazon Web Services (AWS) explains Cloud security, how Threat Intelligence factors in and her Cloud wish for the future. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e318

Under this directive, agencies are continuing to prioritize cloud computing initiatives as part of their IT modernization plans.
n partnership with Ponemon, Forcepoint surveyed cloud influencers within federal agencies to find out more about current cloud adoption trends across federal government to find out where agencies are having successes and what problems they are encountering, especially as it relates to securing the cloud.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e31

Joining us this week is Jennifer Cook, Senior Director of Marketing at the National Cybersecurity Alliance and we discuss all the hot and trending online scams facing consumers today including the growing prevalence of romance scams ($1.3B in losses last year!), job seeker scams, tax fraud scams, sextortion, and the latest scam making the rounds – pig butchering scams. Jennifer shares insights on the many free resources available to consumers – and the awesome work being done by the National Cybersecurity Alliance working with partners and champions around the globe – that raise awareness of what to look for and how to avoid online and mobile scams that take advantage of our day-to-day engagement channels including email, social media and, increasingly, mobile text messages.

Jennifer Cook, Senior Director of Marketing at the National Cybersecurity Alliance

Jennifer Cook is the Senior Director of Marketing at the National Cybersecurity Alliance (NCA). Jennifer leads the development and coordination of NCA’s growing suite of campaigns and programs, including Cybersecurity Awareness Month and Data Privacy Week. She joined the National Cyber Security Alliance in 2017 and holds a degree in Marketing from Drexel University.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e272

Kevin Isaac talks how he is balancing focus on work, health, well-being and rest challenged by our “new normal” lifestyle. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e79

In this episode we dive into the complex world of cloud security with Chris Hughes, Managing Cybersecurity Consultant, Oteemo. For organizations in both the public sector and the enterprise, navigating the needed cloud acceleration the last year in the midst of mass remote work has created both significant opportunity and vast cloud security challenges. We discuss how security practitioners should be thinking about moving forward their cloud security strategy for the new normal and the key considerations every security team must take into account such as managing workloads, the needs of the workforce and building for resiliency. Additionally, we dive into themes such as reciprocity between key federal programs today including the Cybersecurity Maturity Model Certification (CMMC) and the Federal Risk and Authorization Management Program (FedRAMP) aimed at improving the cybersecurity of contractor provided services and products. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e119

Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence, joins the podcast this week to take a deep dive view into insider threat as September is Insider Threat Awareness Month. He shares insights from his many years on the counterintelligence and security front lines on what defines insider threat (Note: harm to self or others), the opportunities and challenges in available tools, information sharing and detection across organizations, the importance of leadership training and cross functional partnership to help mitigate insider threats and the criticality of sharing success stories (these really make a difference!).

****************************************************************
Founder and CEO of the Evanina Group advising CEOs and Board of Directors on strategic corporate risk, strategy, insider threats, cyber security, geopolitical risk, intelligence centers, etc.

Instructor, University of Chicago, Graham School.

Former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence responsible for leading and supporting the counterintelligence and security activities of the US Intelligence Community, the U.S. Government, and U.S. private sector entities at risk from intelligence collection or attack by foreign adversaries.

Served as Chair of the NATO Counterintelligence Panel and the National Counterintelligence Policy Board, and the Allied Security and Counterintelligence Forum comprised of senior counterintelligence and security leaders from Australia, Canada, New Zealand, and the UK.

Previously served as the Chief of the Central Intelligence Agency’s Counterespionage Group, as Assistant Special Agent in Charge of the FBI’s Washington Field Office and spent
24 years as a Special Agent with the Federal Bureau of Investigation (FBI).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e199

This week on the podcast, we’re joined by Mark Montgomery, senior director of the FDD’s Center on Cyber and Technology Innovation and director of the CSC 2.0. Mark shares about the different physical and cyber threats faced by satellites and space networks. He also shares considerations for classifying satellites as critical infrastructure and what the legislation required to do so might look like.

Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation, where he leads FDD’s efforts to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. Mark also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Previously, Mark served as policy director for the Senate Armed Services Committee under the leadership of Senator John S. McCain, coordinating policy efforts on national security strategy, capabilities and requirements, and cyber policy.

Mark served for 32 years in the U.S. Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. He was assigned to the National Security Council from 1998 to 2000, serving as director for transnational threats. Mark has graduate degrees from the University of Pennsylvania and the University of Oxford and completed the U.S. Navy’s nuclear power training program.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e245

2020 Predictions, Part 1 of 2: On Deepfakes and 5G. Nicolas Fischbach, Forcepoint's CTO, Phil Goldstein of FedTech and Mike Gruss of Fifth Domain weigh in on how Deepfakes and 5G will affect Government Predictions. For more information about this episode, please visit https://www.forcepoint.com/govpodcast/e64, and be sure to check out Forcepoint's Cybersecurity Predictions Report here: https://www.forcepoint.com/blog/x-labs/2020-forcepoint-cybersecurity-predictions

Our hosts Vince Spina and Rachael Lyon are thrilled to welcome Kelly McCracken, Senior Vice President of Detection and Response at Salesforce. With over two decades of experience in cybersecurity and technology, Kelly dives deep into the evolving landscape of AI and its pivotal role in security operations.

We’ll explore how AI enhances detection and response capabilities, especially against phishing threats, and discuss the critical integration of threat intelligence in security programs. Kelly will shed light on the importance of tailored incident response playbooks and the necessity of training stakeholders for effective decision-making during security incidents.

Join us as we navigate key elements like risk reduction strategies, the balance between security and business enablement, and the evolving transparency in reporting security incidents. Kelly also shares insights from her experience in coauthoring a NIST guide, the shift to remote work, and the complexities of managing hybrid cloud environments.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e306

In the second of a two-part series, Forcepoint’s Dan Velez, Director of Insider Threat Consulting Services discusses the components of a well-constructed Insider Threat defense program. Dan has helped stand up insider threat programs for the US Government for over a decade. During this discussion he draws on his experience to share best practices.

Welcome to another episode of Forcepoint! In today's discussion, hosts Vince Spina and Rachael Lyon are joined by Aaron Painter, CEO of Nametag, to delve into the evolving complexities of identity verification and cybersecurity. We'll explore the limitations of current Multi-Factor Authentication (MFA) solutions, with a spotlight on the high-profile MGM attack in 2023, where social engineering compromised IT help desks. Aaron shares insights on alternatives like biometric authentication, the importance of user provisioning and recovery processes, and the balance between security and user experience. We'll also discuss privacy concerns, innovative consent practices, and the daunting challenges posed by deepfakes. Whether you're interested in the intricacies of digital identity, the impact of AI on security, or the future of secure online interactions, this episode is packed with valuable insights. Tune in and stay ahead of the cybersecurity curve!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e301

This week co-hosts Eric and Rachael are coming to you live from Cabo San Lucas! They cover hot topics including CyberWire’s new CISA Cybersecurity alerts, the impact of ransomware on a 157 year-old university in Illinois, Colonial Pipeline’s nearly $1M proposed fine by the Department of Transportation Pipeline and Hazardous Materials Safety Administration and the recent surge in tractor hacking!

Rachael Lyon
Rachael Lyon brings her journalistic curiosity and more than 20 years in technology working with global industry leaders and innovative start-ups to dig into today’s cyber news and trends impacting us all.

Eric Trexler
Eric Trexler is Vice President of Sales, Global Governments, Forcepoint. Eric has more than 21 years of experience in the technology industry with both the public and private sectors including the DoD, Civilian, and Intelligence components. Prior to joining Forcepoint, Eric was the Executive Director for Civilian and National Security Programs at McAfee, formerly Intel Security. Prior to joining McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC Corporation and Sybase, Inc.

Eric served as an Airborne Ranger with the United States Army for four years, specializing in communications. He holds a bachelor’s degree in marketing and an MBA with a concentration in strategy, both from the University of Maryland at College Park.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e183

This week Keith Krueger, CEO of the Consortium for School Networking (CoSN), joins the podcast. He shares insights on the digital inequities that exist across schools and students and the challenges they create at a time when connectivity should be a basic right for all. We also dive into the digital inequity impact on cybersecurity for school districts today – and the free resources and tools such as the CoSN developed digital equity dashboard that identifies equity gaps across school districts’ networks to help illuminate actional paths to address. Keith also updates on the Biden Administration’s new efforts to improve schools’ cybersecurity posture and prevent future cyberattacks.

Keith R. Krueger is CEO of the Consortium for School Networking (CoSN), a nonprofit organization that serves as the voice of K-12 school system technology leaders in North America. CoSN’s mission is empowering educational leaders to leverage technology to realize engaging learning environments. He was selected by Ed Tech for its 2019 30 K-12 IT influencers. In 2016 Technology & Learning selected him as one of the “big 10” most influential people in edtech, and the Center for Digital Education identified him as a Top 30 Technologist/Transformer/Trailblazer. In 2008 he was selected by eSchool News as one of ten people who have had a profound impact on educational technology over the last decade. In 2016 he received a Special Recognition award from the Council of Great City Schools.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e256

We have two guests joining the podcast this week to talk about election security - Marci Andino, Senior Director of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) at the Center for Internet Security, and Trevor Timmons, chairperson of the Executive Committee of the EI-ISAC and CIO for the Colorado Secretary of State. We cover everything from the history of election security through to present day, including the creation of the EI-ISAC in 2017, physical versus cyber security, the role of paper ballots for validating digital results, mis/disinformation during elections, insider threat among election officials, and the importance of resilient systems and chain of custody process.

Marci Andino, Senior Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) at the Center for Internet Security
As Senior Director of the EI-ISAC since October 2021, Ms. Andino has been responsible for overseeing the operation of the EI-ISAC and works with state and local election officials to increase their cybersecurity posture through the use of products and services provided by the EI-ISAC. Prior to joining the EI-ISAC, Ms. Andino served as the chief state election official and Executive Director of the South Carolina State Election Commission for nineteen years. Ms. Andino was responsible for overseeing the conduct of primary, general and special elections in South Carolina to ensure that elections are conducted in a fair and impartial manner. She was also responsible for supervising county boards of voter registration and elections and serves as agency liaison with the General Assembly. Ms. Andino also currently serves on the Council of State Government’s Overseas Voting Initiative Technology Working Group and the Bipartisan Policy Center’s Task Force on Elections Advisory Council. Ms. Andino is a former member of the U.S. Election Assistance Commission’s Standards Board, President of the National Association of State Election Directors (NASED), President of the S.C. Deputy Director’s Organization and Secretary of the S.C. Information Technology Director’s Association.

Trevor Timmons, Chief Information Officer at the Colorado Department of State and Chair of EI-ISAC Executive Committee
Trevor Timmons has served the Colorado Secretary of State as Chief Information Officer since 2007 after eight years as Deputy CIO and Director of Software Development. During the time Mr. Timmons has served under several Secretaries of State, Colorado has gained a national reputation in several areas including elections administration, business registrations, and cybersecurity operations. In 2017, Colorado became the first state in the U.S. to implement statewide risk-limiting audits of voter-verifiable paper ballots for all federal and state elections. Colorado routinely ranks among the top states in the nation in voter participation and the percentage of eligible persons registered to vote. Mr. Timmons is the current chairperson of the Executive Committee of the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e191

This week joining the podcast is Anton (Tony) Dahbura, executive director of the Johns Hopkins University Information Security Institute and co-director of the Johns Hopkins Institute of Assured Autonomy. We deep dive into the realm of AI/ML technology and the exponential applications for it across every aspect of our lives. And the criticality of building trust, implications of bias, the realities of planning for “edge cases” that just can’t be planned for, and the growing sophistication and personalization of AI-leveraged attacks. He also shares details on the most awesome CyberCorps: Scholarship for Service program. Learn more here: https://isi.jhu.edu/scholarship-service-program/

Executive Director of Johns Hopkins - Information Security Institute and Co-Director of the Johns Hopkins Institute for Assured Autonomy

Anton (Tony) Dahbura is the executive director of the Johns Hopkins University Information Security Institute, co-director of the Johns Hopkins Institute of Assured Autonomy, and an associate research scientist in computer science. His research focuses on security, fault-tolerant computing, distributed systems, and testing.

He received his BSEE, MSEE, and PhD in Electrical Engineering and Computer Science from the Johns Hopkins University in 1981, 1982, and 1984, respectively.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e221

Welcome to the end of 2021 episode where Eric and Rachael recap highlights from guests throughout the year hitting on the key topics that dominated the headlines including Log4Shell, Sunburst, Colonial Pipeline, ransomware growth trends, the Biden Executive Order of May 12th, Zero Trust, and the many award-winning books published such as by NY Times’ Nicole Perlroth, Sheera Frenkel and Cecilia Kang. They also share a preview of 2022 topics to come including the cryptomining, the metaverse, Web3 and more.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e165

This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You’ll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022.

Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School

Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense.

https://www.linkedin.com/in/josephine-wolff-1baa414b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e168

Welcome to Part 2 of this To the Point cybersecurity podcast episode, brought to you by Forcepoint. This week, hosts Rachael Lyon and Jonathan Knepper continue their conversation with Trevor Hilligoss, Senior Vice President at SpyCloud Labs.

In this episode, Trevor provides an in-depth look at the rising use of infostealers, the changing tactics of cybersecurity adversaries, and how cybercrime enablement services are impacting organizations. He also examines the evolving role of AI and the importance of robust data protection strategies in mitigating these threats. Trevor shares valuable insights drawn from his career, including his transition from military service to becoming a leader in cybersecurity. Whether you're a seasoned professional or simply interested in cybersecurity, this discussion offers practical perspectives on the challenges and solutions shaping this critical field.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e322

Shortly after the US went into COVID 19 Quarantine David McDonald, Navy Telecommunications, Information Technology and Cyber Operations, joined us to discuss what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. 8 months later we touch base. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e109

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

Joining us this week is Peter W. Singer, a New York Times bestselling author of books including Ghost Fleet, LikeWar and the techno-thriller Burn In. He shares details on the New America volunteer, non-profit organization and its awesome #SharetheMicinCyber program helping to bring diversity of thought to the cybersecurity front lines. We also discuss the future of social media, what defines a cyberwar, Ukraine’s leverage of social media to garner global support this year, and the great work Useful Fiction is delivering to organizations to address the age old problem of translating complex themes (such as cyber) into compelling business narratives audiences understand and can learn from. And definitely take a few minutes to learn more about Passing the Mic’s cybersecurity fellowship program this week. Read more here: https://www.newamerica.org/the-thread/passing-the-mic-introducing-new-americas-cybersecurity-fellowship/

Peter Warren Singer is Strategist at New America, a Professor of Practice at Arizona State University, and Founder & Managing Partner at Useful Fiction LLC.

A New York Times Bestselling author, described in the Wall Street Journal as “the premier futurist in the national-security environment” and “all-around smart guy” in the Washington Post, he has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defense issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. No author, living or dead, has more books on the professional US military reading lists. His non-fiction books include Corporate Warriors: The Rise of the Privatized Military Industry, Children at War, Wired for War: The Robotics Revolution and Conflict in the 21st Century; Cybersecurity and Cyberwar: What Everyone Needs to Know and most recently LikeWar, which explores how social media has changed war and politics. It was named an Amazon and Foreign Affairs book of the year and reviewed by Booklist as “LikeWar should be required reading for everyone living in a democracy and all who aspire to.” He is also the co-author of a new type of novel, using the format of a technothriller to communicate nonfiction research. Ghost Fleet: A Novel of the Next World War was both a top summer read and led to briefings everywhere from the White House to the Pentagon. His latest is Burn-In: A Novel of the Real Robotic Revolution. It has been described by the creator of Lost and Watchmen as “A visionary new form of storytelling—a rollercoaster ride of science fiction blended with science fact,” and by the head of Army Cyber Command as “I loved Burn-In so much that I’ve already read it twice.”

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e274

Curt Dukes, Executive Vice President and General Manager for Security Best Practices at the Center for Internet Security (CIS) joins the podcast this week. He shares insights from his more than 30 years with the NSA and how that journey led to the CIS and the synergies between the two organizations in providing cyber resources and fostering threat intelligence information sharing. And for those not familiar with the CIS he provides a great primer on this vital organization started 20 years ago by a group of private industry and government individuals who saw the escalating cyber threat landscape ahead and decided to organize and do something about it to make the connected world a safer place. And you don’t want to miss his perspective on multi-factor authentication and its 99% success rate.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e313

Randall (Randy) Sandone, CCISO, CIRI Executive Director a Department of Homeland Security Center of Excellence discusses how CIRI is helping improve the security and resilience of our Nation’s critical infrastructure. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e67

Living Security is transforming the cybersecurity training experience through their cybersecurity escape room and other interactive exercises. Ashley Rose joins the podcast this week to discuss how they are providing organizations such as the National Geospatial-Intelligence Agency with relevant trainings rather than just checking a compliance box. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e34

Jason Retired FBI Supervisory Special Agent and digital laboratory director Jason G. Weiss is counsel in the Los Angeles office of the law firm Faegre Drinker, Biddle and Reath's cybersecurity and incident response group.has been doing cybersecurity his entire career, he pioneered a cybersecurity collaboration model 20 years ago still in use today. He shares his top cyber defense tips. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e116

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

Since the early beginnings of the internet in the 1980's, viruses and malware attacks have become far more aggressive. As a result, cybersecurity has had to greatly (and quickly) evolve to keep up with new and emerging threats. This week former CIA Executive Mark Kelton joins the podcast to discuss the differences between the 1980s-1990s and today as it relates to espionage, cyber, the adversaries, etc.

We pick up part two of our discussion with C2 Labs Co-Founder and CTO Travis Howerton looking at how the best laid plans start with the truth. And we explore the security path forward in a hyper-connected world where we move more heavily into IoT and everything is connected, dying air gaps and distributed VPNs, identity management as the new firewall, identifying clear lines of deterrence with nation-states particularly within no consequence environments, the continuing skills gap and the looming threat of quantum computing that the first one to solve will be the true winner in cyber ahead. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e123

This week Army Strategist and Lt. Colonel Arnel David joins us from the UK to discuss the intersections between people, connectivity and cybersecurity.

Michael Epley, Chief Architect, Public Sector, Red Hat discusses the challenges of secure information sharing and why cross domain security is key for enabling faster, more secure development. We talk the challenges, solutions and the tools. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e95

The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced that it is creating a cybersecurity assessment model and certification program. Roger Bache, Chief Operating Officer at Forcepoint, discusses the ins and outs of CMMC.

Peter’s new book, Burn-In: a blend of nonfiction and fiction like never before, sharing research on what is looming in AI, remote work, and tech/cybersecurity futures (which all just got accelerated by CV-19 outbreak), but mixed into a story. Of note, the project was also woven into the CyberSolarium Commission report, literally being the opening section of it. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e80

This week we welcome to the podcast Chad McDonald, Chief of Staff and CISO at Radiant Logic. He talks about the very interesting and real reality of what is becoming known as the cyber poverty line and the security vulnerabilities that funding and resource inequities can create in a supply chain and elsewhere. He also shares insights for organizations to assess where they fall on the spectrum and resources available to identify and address security gaps relative to their business. We also dive into the popular topic of Zero Trust – and ponder the philosophical questions if everything is Zero Trust is anything Zero Trust. Other topics we cover in this fun conversation include AI, deepfakes, identity and security, and what sprinkling budget dust around can get you.

Chad McDonald, Chief of Staff and CISO, Radiant Logic

Chad brings more than 20 years’ experience building and managing information security programs. Chad has leveraged his security leadership to dozens of organizations across the technology, education and medical sectors. Prior to Radiant Logic, Chad defined security and technical integrations of 5 acquisitions and attained FedRAMP-in-Process status for Digital.ai. While serving as the Executive Director of the Office of the CISO at Optiv, he defined the security strategy for a $70 billion dollar merger between two technology giants.

Chad holds a bachelor’s degree in information technology from Southern Polytechnic State University, as well as multiple certifications including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor) and PMP (Project Management Professional).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e243

We absolutely love when we have return guests on the podcast. And we are so excited to have Matt Bianco, President of FedWay Consulting joining us again to talk about one of our favorite topics – electric vehicles (EV). Or, more specifically, the move to electric vehicles across the federal government. The Biden Administration has set a goal of a 100% electrified fleet by 2027. Matt shares insights on progress being made to date and what the next few years look like to achieve the goal. We also discuss some of the inherent challenges with anything connected to the internet such as cyber threats to EV charging stations and securing federal EV infrastructure. And we talk about what a future of EVs means for places such as gas stations and why we’re not quite there yet on solar powered cars.

Matt Bianco, President at Fedway Consulting
Matt is a thought leader within the US Federal Government ecosystem related to Electric Vehicle (EV) Charging integration which includes strong knowledge of POV/GOV programs (workplace/fleet), hardware/software solutions, infrastructure, policy, etc. With partnerships across the industry including ChargePoint, Apollo Sunguard (SDVOSB), Beam Global, Freewire, etc, Matt has the ability to assist in formulating a plan that will cover every aspect of executing a flawless and easy Federal EV charging program. Other focuses include CyberSecurity initiatives and software solutions.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e241

New York Times reporter, Pulitzer prize winner and best selling author, David Sanger discusses his latest book, soon to be an HBO special "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age", which focuses on cyberwarfare. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e88

This week we sit down with Charlene Mowery, Director of Strategic Initiatives at Red Hat who shares insights and lessons learned on leadership and moving forward seemingly impossible and incredibly complex multi-stakeholder initiatives to success, such as the Ford Island Master Development Agreement. She also dives into the impact of DevSecOps in recent years, the software supply chain, importance of a cloud-first mentality, hybrid cloud and shared responsibility models, and how the Cyberspace Solarium Commission is helping bring forward the criticality of speed and agility in cybersecurity today. And, she shares her perspective on encouraging the next generation of STEM talent and why they should “Be Bold”. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e128

Richard shares what he thinks a successful SASE architecture looks like and why it will lead us to secure Cloud. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e69

Katherine “Katie” Arrington, Chief Information Security Officer for Assistant Secretary for Defense Acquisition, gets down to the nitty gritty of CMMC, Part 2 of 2 episodes. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e63

Part 2 Shortly after the US went into COVID 19 Quarantine David McDonald, Navy Telecommunications, Information Technology and Cyber Operations, joined us to discuss what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. 8 months later we touch base.For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e110

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

This week we catch up with Dustin Moody, a Mathematician in the NIST Computer Security Division who shares insights on how he found his way to NIST and cryptography through a love of elliptic curves and their beauty in numbers and patterns. Learn more about the impending quantum revolution and what that means for encryption and what (as well as how long) it takes to develop a post-quantum cryptography standard (hint: it takes several years!). And he gives us a peak into the future of crypto agility and what it’s like working with other countries and their approach to crypto. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e148

This week we catch up with Tom Kellermann, Head of Cybersecurity Strategy at VMWare to discuss the explosion in, and growing aggression of, cyber cartels and the differences in attack motives across nation-state attackers and the offer that just can’t be refused by the “untouchables”. We also dive into the little known mission of the U.S. Secret Service and mandate to investigate financial crimes dating back to the Civil War - and the tell signs that cyber financial attacks foreshadow for future government attack vectors. (Learn more by getting a copy of the upcoming "Modern Bank Heists" report.) We also also take a look at the cyber road ahead and moving away from a backward-looking prevention approach to one that is more of a clandestine cyber offense strategy akin to a SuperMax prison that takes an inside-out approach to security, while also considering how to turn the tables on cyber cartels through disinformation strategies. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e125

This week we welcome Adam Levin to the podcast. He is a long-time consumer affairs advocate with more than 40 years of experience, author of the book Swiped and formerly Chairman and founder of CyberScout as well as co-founder of Credit.com. Adam joins us at the apex of the consumer security awareness time of year as holiday shopping, COVID, flu, RSV and many other health concerns run rampant in addition to the many ongoing geopolitical security concerns that are ever present. He shares insights and stories from his more than 40 years on the consumer affairs advocacy frontlines to frame the security challenges each of us face in our daily lives – many of which are seemingly innocuous yet can have disastrous consequences and upend livelihoods. Great best practices tips here for both security pros and non-industry folks to shore up defenses in places we’ve gotten very familiar in trusting – and they aren’t all that trustworthy after all.

Adam Levin, Cybersecurity Advocate

Adam K. Levin is a consumer affairs advocate and serial entrepreneur with more than 40 years of experience. He is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance. At age 27, Levin became the youngest Director in the history of the New Jersey Division of Consumer Affairs — one of the most powerful consumer protection agencies in the U.S. He is a graduate of Stanford University and the University of Michigan School of Law.

As Chairman and founder of CyberScout, Levin built a premier global identity, data protection company, and helped pioneer the cyber insurance business. The organization was acquired in March 2021 by Sontiq, which was soon after acquired by Transunion. Levin was also co-founder of Credit.com, one of the first credit education, information and products and services companies on the Internet focused on consumer credit building. The company was acquired in 2015 by Progrexion.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e211

Dr. Richard Ford, Chief Technology Officer at Praetorian joins us on the podcast this week to share perspective on Log4Shell that's been making the headlines in recent weeks. He explains why this is the worst zero-day vulnerability the industry has seen in the last ten years, what makes it special and how Log4j's ubiquity in the java world will keep it around for a long time to come. He shares insights from the trenches on how to mitigate and warns why scanners are not proving reliable for catching everything. And he provide recommendations on how to get to ahead of the next zero day vulnerability lurking in the wings.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e164

Welcome to "To The Point Cybersecurity," the podcast where we dive deep into the most pressing issues in global cybersecurity, explore emerging threats, and discuss innovative solutions. In this episode," our hosts Rachael Lyon and Vince Spina welcome Philippe Humeau, CEO of CrowdSec, an expert in adaptive cybersecurity measures.

Philippe brings to light the evolving challenges of managing IP reputations and the complexities cybercriminals face in influencing systems globally. He critiques the traditional use of honeypots and advocates for the richer insights gained from real-world data. Philippe delves into the use of data science and deep learning to detect and block malicious IPs, emphasizing adaptive and dynamic firewall systems over static rules.

Rachael and Vince guide the conversation through various intriguing topics, from the economic and logistical difficulties of mass manipulation by attackers to the importance of crowdsourcing and collaboration in defense strategies. Philippe’s thoughts on AI's escalating role in cybersecurity, the need for shared intelligence, and the impactful concept of multiplayer firewalls are discussed at length.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e302

In this episode we explore the intersection of cybersecurity and human behavior with returning guest, Dr. Margaret Cunningham, Principal Research Scientist for Human Behavior at Forcepoint X-Labs. For public and private sector organizations, cybersecurity has always been addressed as a technology-first challenge. However as cyber threats evolve, the lack of behavioral science becomes a growing issue in today’s threat environment. We discuss the challenge of calculating and addressing risk, the importance of understanding human behavior vs. controlling it, and why most organizations fail to effectively measure and understand the true impact of cyber solutions. Additionally, we look at how the pandemic has created opportunities for expanding and diversifying the cyber workforce, and why it’s critical for us to open the aperture of traditional security to include experts in fields such as human behavior. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e121

Joining the podcast this week is Bash Kazi, CEO of Cyber Range Solutions. He shares perspective on the importance of experiential and continuous training across red team, blue team and threat hunting and creating real world environments to learn based on existing and emerging threats. He also shares some stories from the field such as a voter hacking simulation won by a 15-year-old student as well as available resources and organizations that provide veterans a place to learn cyber skills for low or no cost.

CEO, Cyber Range Solutions
Mubashir G. Kazi is the CEO of Cyber Range Solutions. He has over 25 years of global experience with governments and Fortune 500 companies (3M, Exxon & Xerox) in the areas of engineering, security, Information Technology and program management. Mr. Kazi holds graduate and post-graduate degrees in Engineering from McGill University in Montreal, Canada and has extensive post-graduate research and training in Advanced Project, Risk Management and Program Management skills specific to the fields of engineering and technology management from Stanford University. Mubashir has also served as a management consultant on several security programs around the world (Qatar, Israel, UAE, Pakistan, Afghanistan and USA). His expertise includes national border security, counter narcotics technology development & deployment, engineering management, cyber security training and international program management. Mubashir was the Architect and Program Manager supervising the design, management and execution for a program involving the deployment of several thousand personnel for the development of a National Data Repository, Border Security, Machine Readable Passport and Electronic Voter Registration system for the Ministry of Interior, Government of Pakistan. Mubashir has architected the creation of one of the largest citizen data repositories and overseen the national census data gathering initiative to document over 100 million individuals.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e181

This week we catch up with Lisa Donnan, Partner at Option3 Ventures to discuss the world of cyber venture capital and private equity and the importance of disruptive technology and commercialization for breaking through the white noise of the more than 3,500 cyber start-ups today. And she shares insights on why the SMB market is a $50B opportunity for cyber, why the U.S. needs a cyber moonshot to catch up, the criticality of security by design and why Cyberspace Solarium Commission is a good start but, ultimately, as we consider public/private partnerships’ success ahead who carries the stick for actions, accountability and milestones? And, Eric recommends his favorite book of the week “Think Again: The Power of Knowing What You Don’t Know” by Adam Grant. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e129

After nearly 300 episodes we have had some of the most spectacular guests on the podcast! Every once in a while we like to bring back one of our favorite episodes from the archives because we really enjoyed the conversation and think our new listeners will as well. This week we chat on the complexities and opportunities smart cities can deliver in the US and around the globe with guest Chris Teale, reporter at Smart Cities Dive. He’s spent years meeting with government and community leaders on the growth of smart cities and shares thoughts on just how fluid defining what a smart city is today. Learn which cities around the world are leading in the smart city evolution and how a patchwork of state-by-state laws and regulatory frameworks help and/or hinder progress. As well as examples of US cities you may not have expected that can share best practices and lessons learned with cities large and small across the country to help get them on the path to better utilizing technology and digitization to improve essential services (such as trash pick-up)  and quality of life. He also shares insights of the ‘hackers as city consultant’ trend and how a federal government playbook for cities could help more cities get smarter, faster.

Chris Teale, Reporter, Smart Cities Dive

Chris is a reporter at Smart Cities Dive. He came to Industry Dive in February 2018 after spells in general assignment reporting in Alexandria and Arlington, Virginia. Chris graduated from the University of East Anglia in 2013, and moved to the Washington, D.C. area shortly after.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e244

This week we catch up with Matthew Ferraro an attorney at the international law firm Wilmer Cutler Pickering Hale and Dorr and former intelligence officer. He has written extensively on national security and legal issues and most recently authored the CNN opinion piece “Ransomware attacks are about to get worse. But there are ways to stop them”. He shares with us perspective on the role of governance in the continued pursuit to thwart ransomware groups which can feel like a “whack a mole” battle. He also dives into the growing deepfakes as a service business and the differences between “the liar’s dividend” and “the zealot’s dividend”. Be sure to read his CNN op-ed on the growing ransomware threat here: https://www.cnn.com/2021/09/13/perspectives/ransomware-attacks-cybersecurity/index.html

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e156

On this week’s episode Andy Wall shares his lesson learned in transforming the cybersecurity culture of organization to better understand, measure and reduce the risks of human error on cybersecurity.

This week Noam Maital, CEO and Co-founder of Waycare Technologies, a subsidiary of Rekor, joins us to share insights on a topic we haven’t yet covered on the podcast – shaping the future of city mobility. Imagine the significant amount of data aggregation and synthesis through AI critical in the management of our roadways, traffic flow and emergency response – that also helps power and draw data from many of the mobile and in-car maps we utilize today. Noam paints a picture of the data explosion coming the next few years as more and more smart and autonomous vehicles come online – expected to generate around 4TB of data daily – and the security of that data needs to be planned for today. And yes, the growing ransomware in traffic management threat we also discuss!

Noam Maital, Co-Founder and CEO, Waycare

Noam Maital is the CEO and a Co-Founder of Waycare Technologies. Prior to WayCare, Noam led global strategy projects in technology implementation, growth strategy, and financial due diligence. Noam holds a BSc, Summa Cum Laude, from Babson College with a dual degree in Economics and Strategic Management. Prior to his studies, Noam served as a First Sergeant in the Israeli Special Forces.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e166

Juhani Hintikka, President and CEO of WithSecure joins the podcast this week to discuss Finland’s status as the newest member of NATO as of April 4, 2023. As many know this is a significant geopolitical move in the region, particularly when we remember Finland shares an 832-mile border with Russia, the longest of any European Union member. He provides perspective on speculation that such a move could increase the country’s cyber risks and shares insights on Finland’s key role in digital defense as well as the importance of outcome-based security. For anyone that has been tracking geopolitical activity related to Ukraine, Russia and possible implications as a Kremlin-perceived “non-aligned country” you won’t want to miss this very insightful podcast. Link to NATO article on Finland membership:

https://www.nato.int/cps/en/natohq/news_213448.htm#:~:text=Finland%20became%20NATO's%20newest%20member,at%20NATO%20Headquarters%20in%20Brussels .

Juhani Hintikka: CEO of WithSecure
Presently, Juhani Hintikka is President & Chief Executive Officer for WithSecure Corp. and President & Chief Executive Officer for F-Secure Cyber Security Services Oy (a subsidiary of WithSecure Corp.). He is also on the board of 5 other companies, including European Cyber Security Organisation (ECSO), Finnish Information Security Cluster (FISC), and Nordea. In his past career, Mr. Hintikka occupied the position of Chairman at Ficolo Oy, President & Chief Executive Officer for Comptel Oyj and Head-Operations Support Solutions Business at Nokia Siemens Networks Oy.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e237

Disengaged, violent, criminal employees are grown - not hired. A once loyal employee can turn into a business risk if you miss red flags and risky behavior. Why continuous discovery - NOT simply relying on a pre-hire background check - is critical to protect employees and the business at large. How exactly does an engaged, loyal employee turn into a news headline and tragedy - what goes on behind the scenes and how can HR manage and respond? For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e73

Award-winning blogger, researcher, podcaster and man who coined the phrase “the cloud is just someone else’s computer”, Graham Clulely joins this week’s podcast to discuss the many ironies in cyber today. And he deep dives into the reward system that social networks deliver for creating tribes as well as the cultural chasm being driven through misinformation, disinformation and deepfakes today and the criticality of discourse with people of differing positions. He also shares the winning formula for his wildly popular, funny and informative podcast “Smashing Security” and why he’s skeptical of future predictions such as predicting what scares you about what the next decade in cyber will bring. Can that even be predicted?! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e138

From the notorious Ticketmaster hack during Taylor Swift's ticket sales to the geopolitical cyber issues involving heavyweights like China and Israel, Maggie provides a comprehensive overview of the current cyber landscape. We'll explore the bipartisan effort needed to safeguard US infrastructure, including the vulnerabilities of our satellite systems, and the intricate dynamics of election security poised to affect the upcoming U.S. presidential election.

Maggie also sheds light on the disinformation campaigns waged by nation-states and the role of AI in shaping public perception. And, with her unique background and serendipitous journey into cybersecurity journalism, we'll get a glimpse into her fascinating career path.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e305

In today’s world of technology, terms such as artificial intelligence and machine learning are thrown against the wall like spaghetti to see what sticks. But what advances really being made with these transformative technologies and is government ready to adopt cutting edge solutions to meet new and emerging threats in cybersecurity.

In this week’s episode, Milos Manic, professor of computer science and director of the Virginia Commonwealth University’s Cybersecurity Center joins the podcast to discuss the Autonomic Intelligent Cyber Sensor (AICS) he and his team have developed with funding from the Department of Energy to detect intruders, isolate them and even possibly retaliate against them.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e23

We discuss Joseph Menn's latest book, Cult of the Dead Cow which tells the story of the oldest, most respected American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley, including Mudge, WeldPond, DethVeggie and even former U.S. congressman from Texas, Beto O’Rourke (aka Psychedelic Warlord). For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e91

Joining the podcast this week is Eva Galperin, Director of Cybersecurity for the Electronic Frontier Foundation (EFF). She is also the co-founder of the Coalition Against Stalkerware and has long been a champion for providing privacy and security for vulnerable populations around the world. “What is stalkerware?” many may ask. Stalkerware is considered a more personal way of invading someone's privacy such as using malware to track a person’s activity on a device. Eva shares insights from her many years on the frontlines of digital privacy both educating the broader population on how to protect oneself while also navigating the labyrinth of new regulations and laws being created that impact digital privacy of the future. Be sure to visit StopStalkerware.org to learn more!

Eva Galperin is EFF's Director of Cybersecurity

Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Lebanon, and Kazakhstan. Since 2018, she has worked on addressing the digital privacy and security needs of survivors or domestic abuse. She is also a co-founder of the Coalition Against Stalkerware.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e203

Joining the podcast this week is Mikko Hypponen, Chief Research Officer at WithSecure. He breaks down the rise and fall of cybercrime unicorns, the effectiveness of unicorn hunting season and bounties, the impact of nations fighting back in today’s cyber war, Ukraine’s preparedness for Russian cyber war, cryptocurrencies future and how he came up with Hypponen’s Law. And be sure to keep an eye out for his upcoming book from Wiley later this summer, “If It’s Smart, It’s Vulnerable”!

Mikko Hypponen, Chief Research Officer, WithSecure
Mikko Hypponen is a global security expert. He has worked at F-Secure, now WithSecure, since 1991. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mr. Hypponen sits in the advisory boards of t2 and Social Safeguard.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e185

John Shier, Senior Security Advisor at Sophos, joins the podcast this week for a deep dive into today’s ransomware threat landscape and insights uncovered in the recent Sophos research reports, including the “2022 State of Ransomware Report” and “Active Adversary Playbook”. We explore future state themes of ransomware such as the geopolitics of ransomware, simultaneous attack and dwell time trends, will we ever get to a ransomware ‘flat fee’, increasing the resilience requirement for companies seeking cyber insurance, and industries such as healthcare that are seeing sizable upticks in attacks (and how these can be mitigated ahead).

John Shier, Senior Security Advisor at Sophos

John Shier is a senior security advisor at Sophos with more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats, and has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.

John is often consulted by press, and has been quoted in publications like Reuters, WIRED, Fortune, CNN, The Hill, Fast Co, Yahoo, and more. He’s also a frequent speaker at industry events like RSA Conference, Infosec, Cebit, Gitex, and more.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e193

Christopher Sather of Forcepoint joins the podcast this week to share his perspective on the future of cybersecurity and ways to make it less complex.

The federal government continues to face a number of complex challenges in terms of how its protects itself from cyberattacks. On this week’s episode, Eric and Arika are joined by Jason Miller of Federal News Network to discuss the current state of government cybersecurity.

• What is the government doing well?
• What could it be doing better?
• How does the lack of skilled cybersecurity workers impact government cybersecurity?

To find out more please visit http://thewellnessconnection.com/e24

Resiliency is a word that has been kicked around government for years, but what does it really mean? former Chief Security Strategist for DoD / Intelligence Community and current Forcepoint Commercial Products CTO Petko Stoyanov shares his perspectives. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e103

Have a guest you think would be great for the podcast? Please email Carolyn cford@forcepointgov.com.

Joining us this week is Dr. David Bader, a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. He deep dives into the opportunity to democratize data science tools and the awesome free tool he and Mike Merrill spent the last several years building that can be found on the Bears-R-Us GitHub page open to the public. We also discuss the vulnerabilities in open-source supply chain, what about AI security teams should be concerned about, data poisoning, AI that is fair and equitable and the discussion on regulation and self-regulation in AI. Key takeaway from the conversation -- data science is indeed growing and it holds an exciting future for those that pursue it!

David A. Bader is a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology. He is a Fellow of the IEEE, ACM, AAAS, and SIAM; a recipient of the IEEE Sidney Fernbach Award; and the 2022 Innovation Hall of Fame inductee of the University of Maryland’s A. James School of Engineering.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e251

This week we catch up with Dmitri Alperovitch, co-founder of the think tank Silverado Policy Accelerator (SPA) and co-founder of Crowdstrike. He shares details on the newly launched Alperovitch Institute at the Johns Hopkins School of Advanced International Studies offering MA-PhD programs that intertwine cybersecurity and statecraft giving students the opportunity to study adversaries’ unique motivations, capabilities and histories. We also discuss the key policy areas that SPA is focusing on including cyber trade and industrial security and eco-sec as we consider the impact and future of security. He also breaks down the CHIPS Act, why offensive strategies are important and their potential psychological impact on cyber gangs, and how cryptocurrency exchange sanctions could impact the financial incentive of ransomware gangs. On December 7th at 9:00 a.m. ET be sure to tune into SPA’s moderated discussion, led by Alperovitch and a panel of lawmakers and policy experts discussing the national security challenges stemming from America's dependence on East Asia for semiconductor manufacturing. More details are at silverado.org/events.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e160

In this episode, Eric Trexler and co-host Arika Pierce interview Forcepoint’s Chief Technology Officer George Kamis and discuss the federal government’s new Raise The Bar cybersecurity initiative.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e3

Nick Espinosa, Chief Security Fanatic, at Security Fanatics joins the podcast this week to share perspective from his many interviews with Ukraine government members and others on-the-ground in Ukraine. He also shares insights on cyber attacks against Ukraine since 2014 and how the landscape continues to shift during the current conflict, including potential cyberattack leakage outside the region. And he dives into the critical communications elements at play including Internet access that is enabling those on the ground to communicate. He closes the podcast with four recommendations for companies looking to strengthen their security defenses amidst today’s uncertain cyber landscape. Be sure to follow Nick on Twitter @NickAEsp for continuing updates from those on the ground in the Ukraine.

Nick Espinosa, Chief Security Fanatic
For over 25 years, Nick has been on a first name basis with computers. Since the age of 9 he’s been building computers and programming in multiple languages. Landing his first IT job at age 15, Nick founded Windy City Networks, Inc at 19 which was acquired in 2013 by BSSi2. In 2015 Nick created Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. An expert in cybersecurity and network infrastructure, Nick has consulted with clients ranging from the small business owners up to Fortune 100 level companies. Nick has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e172

This week, we welcome back Dustin Moody, a mathematician in the NIST Computer Security Division who teaches us about the risks posed by quantum computers and shares updates on the status of NIST’s post-quantum cryptography standardization project. As quantum computers move from sci-fi to reality, Dustin elaborates on the functionality of quantum computing and shares best practices for protecting encrypted data to withstand evolving quantum capabilities. If you’re interested in learning more about the four candidate algorithms for NIST’s standardization project, visit their website at [nist.gov](https://www.nist.gov/ "‌").

Dustin Moody, Mathematician, NIST

Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e218

Sean Kelley, Executive Vice President of Operations at Unissant leverages his 25 years experience in the Healthcare industry to weigh in on the security of the COVID 19 vaccine and healthcare in general during a pandemic. He offers the top things he would do as a CISO right now to make healthcare more secure. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e94

For this week’s episode of the podcast, we’re joined by Patrick Vandenberg, director of product marketing at Invicti Security. Patrick helps us unpack the reasons behind why 70% of security incidents start from web applications and talks us through the importance of application security and dynamic application security testing (DAST). Patrick also touches on where the future of application security testing may be heading and how scanning varies across industries.

Patrick Vandenberg, Director of Product Marketing at Invicti

A seasoned cybersecurity leader, Patrick Vandenberg is the Director of Product Marketing at Invicti Security. He works closely with security and DevSecOps stakeholders to understand today’s cybersecurity pain points so we can continue to help our customers solve their application security challenges. As an alumnus of several cybersecurity companies, including Hunters, Snyk, and IBM Security, Patrick brings over 20 years of experience in cybersecurity across product marketing and product management roles. Patrick holds a degree in Systems & Computer Engineering from Carleton University and, in his free time, continues a longtime passion for coaching and playing hockey.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e234

We’re excited to welcome back Derek Weeks, recognized as the world’s foremost researcher on the topic of DevSecOps and securing software supply chains, to the podcast! Derek shares insights on just how little has changed relative to securing software supply chains and using SBOMs in the two years since we last caught up with him. For those new to SBOMs, they are like the nutritional label on a cereal box except for open source software (OSS). We're we’re seeing astronomical growth in organizations’ use of OSS to the tune of 3+ trillion downloads in 2023. And even with events such as Log4j within the last year, we still haven’t had the cataclysmic event to act as a forcing function for more organizations to embrace SBOMs. This has opened the door for the U.S. Government to bring to the table the Securing Open Source Software Act of 2022. Derek also shares perspective on the importance of automation, accountability for supply chain security, investment range for industry to improve the security of code the next two years, and today’s realities for those buying cyber insurance.

Derek Weeks, Cybersecurity Advocate

Derek E. Weeks is the world’s foremost researcher on the topic of DevSecOps and securing software supply chains. For the past seven years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. Derek is also the co-founder of All Day DevOps, an online community of 95,000 IT professionals. In 2018, Derek was recognized by DevOps.com as the “Best DevOps Evangelist” for his work in the community.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e204

Joining us this week are Richard Grabowski, Acting Program Manager for CISA’s CDM Program, and Jonathan McBride, Chief of Adversary Pursuit for CISA’s Threat Hunting Subdivision. We dive into the hot topics of threat hunting, adversary pursuit, the evolution of CISA over the years including the growth and maturity of the organization, the power of public/private partnerships, and the drive for innovation. They also share perspective on the recent Cyber Executive Order as well as how the CDM program is increasing visibility into the federal cyberattack surface and security posture. We also dig into the continued talent gap challenge and modernizing the approach to talent recruitment (hint: four-year degrees aren’t a requirement!). It truly is an exciting time to be in cyber! And, for those interested in a career move it is a VERY exciting time to be at CISA!

Richard Grabowski is the Acting Program Manager for the Continuous Diagnostics and Mitigation (CDM) at CISA

As Acting Program Manager for the CDM program, Richard has specific responsibilities for managing portfolios to deliver CDM capabilities to agencies, engineering deployment and architecture-related activities, program support and acquisition, and outreach activities. Through partnerships with agencies and industry, the CDM Program fortifies the cybersecurity of civilian government data and networks by providing capabilities that deliver relevant, timely and actionable information. CDM enables cybersecurity professionals to manage risks by providing innovative tools, processes, governance and training required to defend against cybersecurity threats and vulnerabilities. Prior to Richard’s current role, he led the CDM Program’s Architecture and Technology Integration Section. He started with CDM in 2014 as a Systems Engineer supporting the CDM Dashboard and Dynamic and Evolving Federal Enterprise Network Defense (DEFEND; formerly Task Order [TO2]) Group C agencies. Previous to this, Richard spent over nine years providing client/server and virtualization integration services to the Federal government. Richard holds a B.S. in Systems and Information Engineering from the University of Virginia and a M.S. in Systems Engineering from The George Washington University.

Jonathan McBride Chief of Adversary Pursuit, CISA’s Threat Hunting subdivision 

McBride oversees CISA's federal persistent hunt mission and services, driving innovation in service delivery, sensing solutions, detection, and advanced analytics. He previously served as an engagement lead within the Host Forensics Section of CISA’s Threat Hunting Subdivision, leading rapid response personnel on incident response activities supporting the federal government, states, local tribes, territories, and critical infrastructure. Mr. McBride has reached this point in his career by a non-traditional path. A third-generation US Army veteran where he served the special operations community as a military intelligence specialist. Completing multiple deployments to Iraq, Afghanistan, and Africa focused on counter-terrorism and counter-insurgency operations. Upon leaving the US Army he transitioned into the cybersecurity workforce as a computer network defense (CND) intrusion analyst and quickly excelled. Highlights include CND Operations lead for the Missile Defense Agency’s Ground-Based Midcourse Defense Intercontinental Ballistic Missile system and senior Fusion Analyst for Defense Information Systems Agency – Europe supporting the Department of Defense’s European and Africa Combatant Commands, Information Assurance Branch Chief for the Executive Office of the President – Office of Administration, and Incident Response Manager for the Federal Communications Commission. He is an avid outdoorsman and dabbles in ultramarathon running.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e202

Joining us this week is Jarod Koopman, Acting Executive Director of Cyber and Forensic Services for the Internal Revenue Service (IRS) – Criminal Investigation division. He takes us inside the exciting world of cyber crimes and digital forensics – truly the investigations carried out by this team would make for an endless franchise of action thriller films or book series. So what did we talk about with Jared who has the most fascinating job at the IRS – the Bank Secrecy Act, all things cryptocurrency including crypto mixing, Frosties NFT, NFT wash trading, catching criminals through chipped tooth photos submitted for insurance claims, and so much more! You will definitely learn a lot of crypto lingo after listening to this episode! You don’t want to miss it!

Jarod Koopman, Acting Executive Director of Cyber and Forensic Services for the IRS - Criminal Investigation

As the Acting Executive Director, Jarod Koopman is responsible for the establishment of the newly formed HQ section - Cyber and Forensics Services. As such, IRS-CI aligns the existing sections of Cyber Crimes, Digital Forensics and the National Forensic Lab to create necessary efficiencies and streamline the investigative efforts. Jarod oversees all global operations involving Cyber and Forensic activities, including policy, procedures, budget and investigative services. In addition to this role, Jarod will lead the establishment of a new centralized facility - the Advanced Collaboration and Data Center (ACDC), which will act as a mission centric hub for cyber projects, crypto compliance efforts, training, investigative support and concentrated knowledge. Jarod and his team will look to dismantle cyber-criminals through innovative tradecraft.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e184

Part 2 - Data Scientist and Psychologist Margaret Cunningham breaks down the "human" factors of a cybersecurity breach.

Joining us this week is Danny Jenkins, CEO and Co-founder of ThreatLocker, an Orlando-based cybersecurity firm providing zero-trust endpoint security. Danny shares insights on the challenges facing critical infrastructure, particularly water systems that continue to be targeted with today’s latest headline grabbing financial + idealogical threat of ransomware. And he poses the question, “Will we get to a point where we have to stop drinking tap water?” He also provides perspective around the nuances of compliance (note: listen for the motorcyclist example!) versus regulation and getting on a path to proactive versus reactive security while moving to a collective mindset of ‘what can I do to improve security this week’? And you don’t want to miss ThreatLocker’s must read report on protecting water infrastructure from cyber attacks available here on our show notes at https://www.forcepoint.com/govpodcast/e153

Joining us this week is Avi Bashan, CTO of Kovrr sharing perspective on quantifying the elusive risk elements of business today. Great insights he shares on new methodologies and tools security teams, Risk Officers and others can leverage today to start putting risk into an understandable and quantifiable business perspective. And no conversation on risk is complete without discussion on cyber insurance - and we take a quick trip from the insurance industry’s beginnings through to present day cyber insurance.

Avi Bashan, Chief Technology Officer
Avi is CTO at Kovrr and leads engineering and research efforts. He started his career in an elite Israeli intelligence technology unit. Following his service, Avi advised Fortune500 companies on cybersecurity. Following his consulting period, Avi led research and development efforts at Lacoon Mobile security focusing on discovering novel new attacks and building state of the art malware detection engines. Lacoon Mobile Security was acquired by Check Point. Avi is a lecturer at Bar Ilan University's Business School and holds a B.Med.Sc from the Hebrew University of Jerusalem.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e173

Thirty-year technology industry veteran Kevin Isaac of Forcepoint joins Eric and Arika to discuss how the cybersecurity landscape has evolved over the past 20 years.