SON OF A BREACH!

Critical Start

A cybersecurity podcast by Critical Start. Security Experts get candid about hacking, breaches, and other cyber threats impacting a company's security. Plus, the occasional pun.

Rated XDR with Ann Johnson, CVP Security, Compliance, and Identity at Microsoft
Aug 4 2021
Rated XDR with Ann Johnson, CVP Security, Compliance, and Identity at Microsoft
We’ve all seen the negative news about the latest security breaches and ransomware attacks. But we must not forget that the cybersecurity industry prevents many more cyberattacks every day that don’t make headlines.Companies like Microsoft are building security into their tech offerings, securing organizations that increasingly turn to technology to protect against business disruptions.In this second of a series of SON OF A BREACH! podcast episodes focused on extended detection and response (XDR), CRITICALSTART CTO Randy Watkins welcomes Microsoft Corporate Vice President of Security, Compliance, and Identity Ann Johnson, to give us a look behind the scenes of Microsoft’s security strategy, including:·       How Microsoft raised its credibility in the security industry and continues to stay competitive ·       Why Microsoft wants their Azure Sentinel – a cloud-native SIEM and XDR delivery platform – to become the master brain of your security operations center·       The role of XDR in solving alert fatigue caused by overly excited detection logic·       How Microsoft prioritizes their efforts given the constantly evolving threat landscapeAs the change agent who ushered Microsoft to the top of the security industry, Johnson oversees Microsoft’s long-term investment and partnership strategies for security, compliance, and identity. She discusses core areas shaping the cyber landscape on her podcast, Afternoon Cyber Tea.
#BadgeLife
Jul 15 2021
#BadgeLife
Conference badges have evolved from paper and plastic to collectable mini-computers of all shapes and sizes, coveted and collected by security professionals and enthusiasts. The rise of #Badgelife signifies one of the most creative offshoots of security conferences, with its underground culture of hardware art and ingenuity.  In this episode of SON OF A BREACH!, CRITICALSTART CTO Randy Watkins welcomes badge creator Florida Man, a/k/a Jonathan Singer, to celebrate the allure of #Badgelife, reveal how deep the culture runs, and share tips on how to get started in the community. Tune in to learn:·       The colorful, flashy history of #Badgelife·       How unofficial conference badges have come to symbolize the security culture’s uniqueness and sense of community ·       Steps to start collecting or creating digital badges that people want to take home and talk about·       What tools and techniques you need to design and produce your own #Badgelife creationBoth fun and functional, digital badges celebrate computers and the security around them at the hardware level. Many are intentionally hackable so you can take control of the lights, noises, and other built-in features. Singer shares some favorites from his extensive badge collection, which you can see by watching the recorded video of this podcast episode on YouTube.Jonathan Singer is SIEM and SOAR Practice Lead at GuidePoint Security, with certifications including GPEN, GWAPT, GCIA, GCFE, and CEH. He is a self-taught badge creator, who launched his first digital badge at Bsides Orlando 2013. Singer also shares his passion for cybersecurity and hardware on his YouTube channel.
Ransomware:  Dive Into Cyber Insurance Coverage.
May 3 2021
Ransomware: Dive Into Cyber Insurance Coverage.
What’s rocking the insurance industry by creating the highest severity and most frequent losses for insurance carriers? One word: ransomware. Unlawful hackers take control of systems and try to force companies to pay huge amounts to unlock them. The average ransomware payout has grown to nearly $234,000 per event, according to the Coveware Quarterly Ransomware Report (Q3 2020). One cybercriminals gang extorted at least $75 million from private sector companies, local governments, and hospitals, a former NSA contractor determined in a months-long study released this month. Episode 6 of our SON OF A BREACH! podcast series dives deep into the world of cybersecurity insurance and the ramifications of ransomware. Senior Vice President and Principal at RHSB Insurance Doug Jones joins CRITICALSTART Chief Technology Officer Randy Watkins and brings his expertise in insurance risk management that began more than 30 years ago. Jones has focused on technology-oriented risk and cybersecurity insurance for more than 20 years.The ransomware risk is real, so tune in for clear explanations and practical insights on: The insurance implications of ransomware to your business, and why you shouldn’t assume your current cyber liability policy fully covers ransomwareWhich security measures and cybersecurity services can help your company more easily access insurance coverage and receive better ratesWhat to emphasize to your insurance carrier if you’ve had a security-oriented lossWhat to look for in third-party warranties provided by cybersecurity product providers
Celebrating Women in Cybersecurity with Didi Dayton
Mar 16 2021
Celebrating Women in Cybersecurity with Didi Dayton
While women’s numbers in cybersecurity lag behind men, female leaders in our industry continue to pioneer the way forward. Episode 4 of our SON OF A BREACH! podcast series celebrates International Women’s Month with security visionary Didi Dayton, who joins host and CRITICALSTART Chief Technology Officer Randy Watkins for some timely insights into security growth investments and the expanding female influence in cybersecurity.  Dayton is a partner at Wing Venture Capital, responsible for Customer Markets and Programs. She has held executive positions in sales, channels, and alliances for more than 20 years across multiple successful cybersecurity companies, including hyper-growth organizations such as Websense, FireEye, and Tanium. She successfully led sales and channel teams at companies such as Symantec, Arrow, and Cylance (now Blackberry) through 12 M&A and integration activities. Didi has received CRN’s prestigious Channel Chief award four years running, and she was named to the 50 Most Influential Channel Chiefs and the Power 100 Women of the Channel.  Tune in for expert perspectives on: Security investment strategy and trends Which leadership traits are most important for sales and channel leaders Mistakes CIOs and procurement teams need to avoid Why organizations benefit from women’s style of decision-making Dayton’s advice to women for success in leadership  Dayton and Watkins also deliver shout-outs to some of the leaders who have influenced them most in their careers – who just happen to be women. Watkins also provides highlights of how SolarWinds testimony before the Senate Intelligence Committee became a blame game, plus the recent attack against Microsoft Exchange Servers by a suspected Chinese-based attack group.
Chuvakin be kidding me
Feb 10 2021
Chuvakin be kidding me
In Episode 2 of our new SON OF A BREACH! podcast series, host Randy Watkins, Chief Technology Officer at CRITICALSTART, looks at President Biden’s initial moves on cybersecurity, the new normal of advanced persistent threats, and why organizational security starts with individual users (hint: more than 3 billion passwords have hit the web in a massive collection called the COMB).  Watkins also welcomes special guest Dr. Anton Chuvakin to talk about the world of threat detection, including models, challenges, and how to do it right.Dr. Chuvakin currently focuses on security solution strategy for Google Cloud. He previously was head of solution strategy at Chronicle, an Alphabet company acquisition. For several years he covered a broad range of security operations and detection and response topics at Gartner, where he was Research Vice President and Distinguished Analyst at Gartner’s Technical Professionals (GTP) Security and Risk Management Strategies team.Dr. Chuvakin is a recognized security expert in the field of security information and event management (SIEM), log management, and Payment Card Industry Data Security Standard compliance. He has authored several books and published dozens of papers on those topics.Tune in for Dr. Chuvakin’s expert commentary on topics including: How to get the most value and ROI from SIEMTips for approaching SIEM and detection use casesWhat to look for in extended detection and response (XDR) modelsAdditional perspectives on detection and telemetry  Additional Resources:Look for more content to come from CRITICALSTART. We continue to research with our own facilities and team of experts to gather insights and discoveries around these issues, and we will continue to share our perspective on how to better secure your enterprise.