Inside Out Security

Inside Out Security

Our podcast takes up the big questions of security, risk, and vulnerabilities. A weekly discussion with experts and the Varonis team.

  1. Thumb 1555956256 artwork

    We’d Love to Upgrade, But…

    It’s great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if you’re using a system that’s FDA approved, which makes upgrading a little more difficult. What if hackers were able to download personal data from a web server because many weren’t up-to-date and had outdated plugins. Meanwhile, here’s a lesson from veteran report, Brian Krebs on how not to acknowledge a data breach.

    By the way, would you ever use public wifi and do you value certificates over experience?

  2. Thumb 1540505127 artwork

    Statistician Kaiser Fung: Accuracy of Algorithms (Part 2)

    In part one of our interview with Kaiser, he taught us the importance of looking at the process behind a numerical finding. We continue the conversation by discussing the accuracy of statistics and algorithms. With examples such as shoe recommendations and movie ratings, you’ll learn where algorithms fall short.

  3. Thumb 1554907800 artwork

    Security on Easy Mode

    Recently in the security space, there’s been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocker recovery code is printed on a label attached to his screen. When protocols and skills compete for our attention, ironically, security gets placed on easy mode. In the real word, when attackers can potentially create malware that would automatically add “realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them.” How about that time when ethical hackers were able to access a university’s student and staff personal data, finance systems and research networks? Perhaps more education and awareness might be needed to take security out of easy mode and bring it in real-time alerting mode.

  4. Thumb 1533671831 artwork

    Statistician Kaiser Fung: Investigate The Process Behind A Numerical Finding (Part 1)

    In the business world, if we’re looking for actionable insights, many think it’s found using an algorithm.

    However, statistician Kaiser Fung disagrees. With degrees in engineering, statistics, and an MBA from Harvard, Fung believes that both algorithms and humans are needed, as the sum is greater than its individual parts.

    Moreover, the worldview he suggests one should cultivate is numbersense. How? When presented with a numerical finding, go the extra mile and investigate the methodology, biases, and sources.

    For more tips, listen to part one of our interview with Kaiser as he uses recent headlines to dissect the problems with how data is analyzed and presented to the general public.

  5. Thumb 1553541228 artwork

    The Making of the Modern CISO

    Should CISOs use events or scenarios to drive security, not checklists? It also doesn’t matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating one’s role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not be not very important. Does that defeat the leadership role of a CISO?

  6. Thumb 1491252095 artwork

    Security Expert and "Hacked Again" Author Scott Schober" (Part 2)

    Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written "Hacked Again", which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the second part of our interview, Scott talks about the benefits of "layered security" and offers additional consumer security and privacy tips.

  7. Thumb 1491252088 artwork

    Security Expert and "Hacked Again" Author Scott Schober" (Part 1)

    Scott Schober wears many hats. He's an inventor, software engineer, and runs his own wireless security company. He's also written "Hacked Again", which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of our interview, we learn about Scott's experiences with credit card fraudsters and his data security lessons for small businesses.

  8. Thumb 1551130164 artwork

    The Psyche of Data

    With data as the new oil, we’ve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individual’s identity – it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to data’s possibilities and we’re only beginning to understand the psyche and power of data.

  9. Thumb 1491252292 artwork

    More Scout Brody: Bringing Design Thinking to IoT

    By now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. This podcast episode will provide all product manufacturers and IoT enthusiasts a few important lessons.

  10. Thumb 1491252571 artwork
  11. Thumb 1549385712 artwork

    The Dance Between Governance, Risk Management, and Compliance

    The combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative developments to prepare for the year ahead. Meanwhile, businesses like Facebook and Reddit are finding their rhythm as they dance between running their business, meeting compliance requirements and keeping their users’ data safe and secure.

  12. Thumb 1511281642 artwork

    Privacy Attorney Tiffany Li and AI Memory, Part II

    Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and then explore some cutting edge areas of law and technology. Can AI algorithms own their creative efforts? Listen and learn.

  13. Thumb 1546638331 artwork

    Reflecting on Breaches, Scams and Fake Everything

    On the last week of the year, the Inside Out Security panelists reflected on the year’s biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isn’t an enemy combatant. But keep in mind as another argues, “There's an opponent who doesn't care about you, doesn't play by the rules, and wants to screw you as fully as possible.”

  14. Thumb 1510587737 artwork

    Privacy Attorney Tiffany Li and AI Memory, Part I

    Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties with getting AI to forget. In this first part, we talk about the GDPR's "right to be forgotten" rule and the gap between technology and the law.

  15. Thumb 1545686488 artwork

    When IT, Data and Security Collide

    The CIO is responsible for using IT to make the business more efficient. Meanwhile, the CISO is responsible for developing and executing a security program that’s aimed to protect enterprise systems and data from both internal and external threats. At the end of the day, the CISO makes security recommendations to the CIO has the final say. Perhaps it’s time that the CISO gets a seat at the table.

  16. Thumb 1545331873 artwork

    #2018inFiveWords [Regarding Our Security Landscape]

    We need to do better. Exhausting. Dramatic. That’s how the Inside Out Security panelists described our 2018 security landscape. We see the drama unfold weekly on our show and this week was no different. As facial recognition software becomes more prevalent, we’re seeing it used in security to protect even the biggest stars like Taylor Swift. Her security team set up a kiosk replaying rehearsal highlights. Meanwhile, onlookers who stopped were cross checked against their database of stalkers. What a stealthy way to protect one of our favorite singers in the world! And here’s a story that’s less wholesome. A few years ago, we thought it was a major threat when ransomware gained prominence. Cybercriminals upped the ante and threatened victims with a note that someone planted bombs in the building unless a bitcoin ransom is paid. Kris is right, we do need to do better. Kilian is right, it’s all exhausting.

  17. Thumb 1544828806 artwork

    A Spotlight on Technology's Dilemma

    There’s a yin and yang to technology. For instance, the exchange for convenience and ease with our data. Unfortunately Facebook is getting most of the blame, when many companies have collect many points of data as the default setting.

    Meanwhile, as quickly as diligent security pros are eager to adopt and advance security solutions with biometrics, cybercriminals are equally determined to thwart these efforts.

    We take a look at technology's dilemma in this episode of the Inside Out Security show.

    Other articles discussed: • Google’s plan to mitigate bias in their algorithm • Australia approves bill, requiring tech companies to provide data upon request

  18. Thumb 1542738199 artwork

    Security and Privacy are Joined at the Hip

    We’ve completed almost 100 podcast panels and sometimes it feels like we’re talking in circles. Over the years, the security and privacy landscape have gotten more complex, making baseline knowledge amongst industry pros ever so more important. Old concepts are often refreshed into current foundational security concepts.

  19. Thumb 1542235803 artwork

    What New Tech Can Learn From Old Tech

    Passwords are easy to use. Everyone knows how it works. However, many security pros point out the inherent design flaw in passwords as a safe form of authorization and authentication. The good news is that we can reflect upon what old technologies can teach new technologies as we’re creating new products and services. One vital concern to keep in mind are terms and conditions, particularly with DNA ownership rights.

  20. Thumb 1539202939 artwork

    Troy Hunt: The Modern State of Insecurity (Part Three)

    Troy Hunt, creator of “Have I been pwned”, gives a virtual keynote that explores how security threats are evolving - and what we need to be especially conscious of in the modern era.

    In this keynote, you’ll learn:

    • Real world examples of both current and emerging threats
    • How threats are evolving and where to put your focus
    • How to stem the flow of data breaches and protect against malicious activity

    and much more!

  21. Thumb 1491251737 artwork

    Data Privacy Attorney Sheila FitzPatrick on GDPR

    We had a unique opportunity in talking with data privacy attorney Sheila FitzPatrick. She lives and breathes data security and is a recognized expert on EU and other international data protection laws. FitzPatrick has direct experience in working with and representing companies in front of EU data protection authorities (DPAs) and sits on various governmental data privacy advisory boards.

  22. Thumb 1540939027 artwork

    Disguises, Online and Offline

    Learning about the CIA’s tips and tricks on disguising one’s identity reminded us that humans are creatures of habit and over a period of time, can illuminate predictable behavioral patterns, which are presented as biometric data. As a result, businesses can leverage and integrate these data points with their operations and sales process.

    For instance, businesses are buying data about one’s health and also creating patents to measure a user’s pulse and temperature. Others are learning about the psychology about a user and making it difficult for a user to cancel a service.

  23. Thumb 1540486406 artwork

    If You Can’t Build In Security, Build In Accountability

    Vulnerability after vulnerability, we’ve seen that there’s no perfect model for security. Hence, the catchphrase, “If you can’t build in security, then build in accountability.” But history has also shown that even if there was enough political will and funding, consumers aren’t interested in paying a huge premium for security when a comparable product with the features they want is available much more cheaply. Will that theory hold when it comes to self-driving cars? At the very least, safety should be a foundational tenet. What’s the likelihood that anyone would enter a self-driving car knowing that a number of things could go wrong?

  24. Thumb 1539201433 artwork

    Troy Hunt: The Modern State of Insecurity (Part Two)

    Troy Hunt, creator of “Have I been pwned”, gives a virtual keynote that explores how security threats are evolving - and what we need to be especially conscious of in the modern era.

    In this keynote, you’ll learn:

    • Real world examples of both current and emerging threats
    • How threats are evolving and where to put your focus
    • How to stem the flow of data breaches and protect against malicious activity

    and much more!

  25. Thumb 1539200442 artwork

    Troy Hunt: The Modern State of Insecurity (Part One)

    Troy Hunt, creator of “Have I been pwned”, gives a virtual keynote that explores how security threats are evolving - and what we need to be especially conscious of in the modern era.

    In this keynote, you’ll learn:

    • Real world examples of both current and emerging threats
    • How threats are evolving and where to put your focus
    • How to stem the flow of data breaches and protect against malicious activity

    and much more!

  26. Thumb 1538605665 artwork

    How CISOs Explain Security to the C-Suite

    After the latest Microsoft Ignite conference, the enduring dilemma of how CISOs explain security matters to the C-Suite bubbled to the surface again. How technical do you get?

    Also, when the latest and greatest demos are given at one of the world’s most premier technology show, it can be easy to get overwhelmed with fancy new tools. What’s more important is to remember the basics: patching, least privilege, incident response, etc.

  27. Thumb 1535646274 artwork

    Computational Biologist and Founder of, Lenny Teytelman (Part two)

    We continue our conversation with founder Lenny Teytelman. In part two of our conversation, we learn more about his company and the use cases that made his company possible. We also learn about the pros and cons of mindless data collection, when data isn’t leading you in the right direction and his experience as a scientist amassing enormous amount of data.

  28. Thumb 1537401188 artwork

    The False Binary of Cyber

    We’re in an impermanent phase with technology where circumstances and cyberattacks are not always black or white. Here’s what we’re contending with: would you prefer a medical diagnosis from a human or machine? In another scenario, would a cyberattack on a state’s power grid be an act of war? Officially, it’s not considered so, yet. Or, perhaps a scenario less extreme where you buy a video and then 5 years later, it disappears from your library bc the company where you bought your video from loses the distribution rights. Data ownership is an important part of data security and privacy, but there are no hard and fast rules.

  29. Thumb 1535645604 artwork

    Geneticist and Founder of, Lenny Teytelman (Part one)

    A few months ago, I came across founder Lenny Teytelman’s tweet on data ownership. Since we’re in the business of protecting data, I was curious what inspired Lenny to tweet out his value statement and to also learn how academics and science-based businesses approach data analysis and data ownership. We’re in for a real treat because it’s rare that we get to hear what scientists think about data when in search for discoveries and innovations.

  30. Thumb 1535640071 artwork

    I’m Mike McCabe, Systems Engineering Manager of SLED West at Varonis, and This is How I Work

    Systems engineering manager Mike McCabe understands that State, Local and Education (SLED) government agencies want to be responsible stewards of taxpayer’s funds. So it makes sense they want to use security solutions that have proven themselves effective. For the past six years, he’s brought awareness on the tried and true efficacy of how Varonis solutions can secure SLED’s sensitive unstructured data. In our podcast interview, he explains why data breaches are taking place, why scripts aren’t the answer, and how we’re able to provide critical information about access to SLED’s sensitive data. We also make time to learn more about what Mike does outside of work and he has great advice on figuring out what to eat for dinner.

  31. Thumb 1535567310 artwork

    Computer Scientists Aren’t Philosophers

    Our community is finally discussing whether computer science researchers should be required to disclose negative societal consequences of their work to the public. Computer scientists argue that they aren’t social scientists or philosophers, but caring about the world isn’t about roles, it’s the responsibility of being a citizen of the world. At the very least, researchers ought to be effective communicators. We’ve seen them work with law enforcement and vulnerability announcements. There must be more they can do!

  32. Thumb 1534345332 artwork

    Living Vicariously through Blackhat Attendees and Speakers

    While some of our colleagues geeked out at Blackhat, some of us vicariously experienced it online by following #BHUSA.

    The keynote was electric. They’re great ideas and we’ve seen them implemented in certain spaces. However, the reality is, we have a lot more work to do.

    There was also a serious talk about burn out, stress, and coping with alcohol as a form of escape. We learned that mental health is growing concern in the security space. As more organizations rely on technology, security pros are called on at all hours of the day to remediate and prevent disasters.

  33. Thumb 1533929150 artwork

    I’m Colleen Rafter, Professional Services Education Manager at Varonis, and This is How I Work

    Over the past six years, Colleen Rafter has been educating Varonis customers on the latest and greatest data security best practices. Share or NTFS permissions? She has an answer for that.

    Aware that security pros need to meet the latest GDPR requirements, she has been responsibly reading up on the latest requirements and developing course material for a future class.

    In our podcast, Colleen advises new Varonis customers what to do once they have our solutions and which classes to take and in what order.

  34. Thumb 1533231749 artwork

    Security Poverty Line

    This week’s podcast was inspired by chief information security officer Wendy Nather’s article, The Security Povery Line and Junk Food. It’s 2018 and we’re still struggling to get a proper security budget. Is it a mindset? Is that why when we hire pen testers to identify vulnerabilities, they’re usually able to gain admin access? On the bright side, a company with a bigger budget, Google recently declared victory with a USB key that prevented phishing for an entire year.

  35. Thumb 1532453149 artwork

    Data & Ethics Expert Dr. Gemma Galdon-Clavell: On the Breach of Trust (Part Two)

    Dr. Gemma Galdon-Clavell is a leading expert on the legal, social, and ethical impact of data and data technologies. As founding partner of Eticas Research & Consulting, she traverses in this world every day, working with innovators, businesses, and governments who are are considering the ethical and societal ramifications of implementing new technology in our world.

    We continue our discussion with Gemma. In this segment, she points out the significant contribution Volvo made when they opened their seat belt patent. Their aim was to build trust and security with drivers and passengers.

    Gemma also points out that we should be mindful of the long-term drawbacks if you ever encounter a data breach or a trust issue - unfortunately, you’re going to lose credibility as well.

  36. Thumb 1532442983 artwork

    Gemma Galdon-Clavell: The Legal, Social, and Ethical Impact of Data and Data Technologies (Part One)

    One theme we're always discussing on the Inside Out Security podcast is the tension between law, privacy and security. When we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality.

    However, we also recognize the urgency businesses have in securing a first place finish. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others.

  37. Thumb 1531926596 artwork

    Moral Overload

    When we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others.

    To cope with moral overload, some have suggested that we start designing security and privacy controls as a gradient. Or perhaps certain controls get a toggle on/off switch.

  38. Thumb 1531419702 artwork

    When Your Security Brain Never Runs Out Of Problems To Find

    For years, technologists wondered why the law can’t keep pace with technology. Instead of waiting for the government to pass a regulation, should we enlist private companies to regulate?

    However, in a recent interview with privacy and cybersecurity attorney Camille Stewart, she said that laws are built in the same way a lot of technologies are built: in the form of a framework. That way, it leaves room and flexibility so that technology can continue to evolve.

  39. Thumb 1530202785 artwork

    Winner Takes All

    There are many advantages to being first, especially in the business world. Securing a first place finish usually rewards the winner with monopoly-like status and securing the largest and most dominant market share. A byproduct, however, of the winner takes all mentality is sacrificing security.

  40. Thumb 1491252305 artwork

    How Diversity & Inclusion Drives Innovation and Market Growth (Part Two)

    In part two of my interview with Allison F. Avery, a Senior Diversity & Inclusion Specialist at NYU Langone Medical Center, she clarified common misconceptions about Diversity & Inclusion (D&I) and offered a framework and methodology to implement D&I. She reminded me, “You should not be doing diversity for diversity sake.”

  41. Thumb 1528823367 artwork

    Cyber & Tech Attorney Camille Stewart: Discerning One's Appetite for Risk (Part Two)

    We continue our conversation with cyber and tech attorney Camille Stewart on discerning one's appetite for risk. In other words, how much information are you willing to share online in exchange for something free? 

    It's a loaded question and Camille takes us through the lines of questioning one would take when taking a fun quiz or survey online. As always, there are no easy answers or shortcuts to achieving the state of privacy savvy nirvana. 

  42. Thumb 1491252319 artwork
  43. Thumb 1528915481 artwork

    Core Security Principles Drive Us into The Future

    While reading about our latest technological advances, such as digital license plates and self-driving cars, I wondered about our industry’s core security principles that set the foundation for all our innovation. However, what about user agreements? We’re able to create incredible new advances, however we can’t get our user agreements right. Even though the agreements are for the users, it’s rare that they want to read the legalese. It’s just easier to click ‘accept’. As the author suggests, there’s must be a better way for end users to interact with tech companies.

  44. Thumb 1528751380 artwork

    Cyber & Tech Attorney Camille Stewart: The Tension Between Law and Tech (Part 1)

    Many want the law to keep pace with technology, but what's taking so long?

    A simple search online and you'll find a multitude of reasons why the law is slow to catch up with technology - lawyers are risk averse, the legal world is intentionally slow and also late adopters of technology. Can this all be true? Or simply heresy?

    I wanted to hear from an expert who has experience in the private and public sector. That's why I sought out the expertise of Camille Stewart, a cyber and technology attorney.

    In part one of our interview, we talk about the tension between law and tech. And as it turns out, laws are built in the same way a lot of technologies are built: in the form of a framework.

  45. Thumb 1523468147 artwork

    I’m Sean Campbell, Systems Engineer at Varonis, and This is How I Work

    In April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer.

    Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis channel partners. Sean also leads a team of subject matter experts(SME) for our innovative DatAlert platform.

    According to his manager Ben Lui:

    Sean Campbell is one of the most talented engineers on my team. He is the regional DatAlert SME and bridged valuable feedback from both customers and the field back to product management. Sean is also an excellent team player and excels at identifying critical data exposure during customer engagements. Overall, Sean is a key contributor to the Varonis organization.”

    The fast paced environment, challenge of data security, and the fact that the sales cycle is far from “cookie cutter” is what Sean enjoys most about his role here. He also values the relationships he has been given the ability to build up over the years on both the Varonis and customer side.

  46. Thumb 1527790685 artwork

    Data Protectionism: Friend or Foe?

    Data protectionism - restricting the movement of data between countries - will be an option that governments will elect to implement in the upcoming months and years. As the world economy become more data-driven, impacting global GDPs, they will soon find their way into trade deals, requiring data to be held in servers inside certain countries.

  47. Thumb 1526405648 artwork

    Turning People into Devices

    Medical devices are a good example of what computerized assistants might face in the future. Yes, medical devices can save lives and certainly serve a more noble cause than outsourcing tedious tasks, but the security aspect of these life-saving pacemakers and defibrillators still require firmware updates. Seems that we still haven’t learned our lesson: embed security at the initial stages of design.

  48. Thumb 1524533091 artwork

    I’m Brian Vecci, Technical Evangelist at Varonis, and This is How I Work

    If you’ve ever seen Technical Evangelist Brian Vecci present, his passion for Varonis is palpable. He makes presenting look effortless and easy, but as we all know excellence requires a complete devotion to the craft. I recently spoke to him to gain insight into his work and to shed light on his process as a presenter.

    “When I first started presenting for Varonis, I’d have the presentation open on one half of the screen and Evernote open on the other half and actually write out every word I was going to say for each slide,” said Brian.

    From there, he improvises from the script.

    “I’d often change things up while presenting based on people’s reactions or questions, but the process of actually writing everything out first made responding and reacting and changing the presentation a lot easier. I still do that, especially for new presentations.”

  49. Thumb 1525870050 artwork

    Attorney Sara Jodka on GDPR and Employee Data, Part II

    Sara Jodka is an attorney for Columbus-based Dickinson Wright. Her practice covers boths data privacy as well as employee law. She's in a perfect position to help US companies in understanding how the EU General Data Protection Regulation (GDPR) handles HR data. In the second part of our interview, Sara will talk about the relationship between HR data and Data Protection Impact Assessments (DPIAs).

  50. Thumb 1524531340 artwork

    Varonis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part Two

    In part two of my interview with Varonis CFO & COO Guy Melamed, we get into the specifics with data breaches, breach notification and the stock price.

    What’s clear from our conversation is that you can no longer ignore the risks of a potential breach. There are many ways you can reduce risk. However, if you choose not to take action, minimally, at least have a conversation about it.

    Also, around 5:11, I asked a question about IT pros who might need some help getting budget. There’s a story that might help.

  51. Thumb 1525471106 artwork

    Not Everything is a No Brainer

    A popular catchphrase amongst IT pros is: “It’s a no brainer.” When an idea presented is expressed as a no brainer, it’s assumed that the idea has obvious value, when processes and strategic decisions are more complicated than it appears. So when it comes to cybersecurity, not everything is a no brainer. Far from it.

  52. Thumb 1524843569 artwork

    Attorney Sara Jodka on GDPR and Employee Data, Part I

    Sara Jodka is an attorney for Columbus-based Dickinson Wright. Her practice covers boths data privacy as well as employee law. She's in a perfect position to help US companies in understanding how the EU General Data Protection Regulation (GDPR) handles HR data. In this first part of the interview, we learn from Sara that some US companies will be in for a surprise when they learn that all the GPDR security rules will apply to internal employee records. The GPDR's consent requirements, though, are especially tricky for employees.

  53. Thumb 1524523073 artwork

    Varonis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part One

    Recently, the SEC issued guidance on cybersecurity disclosures, requesting public companies to report data security risk and incidents that have a “material impact” for which reasonable investors would want to know about.

    How does the latest guidance impact a CFO’s responsibility in preventing data breaches?  Luckily, I was able to speak with Varonis’ CFO and COO Guy Melamed on his perspective.

    In part one of my interview with Guy, we discuss the role a CFO has in preventing insider threats and cyberattacks and why companies might not take action until they see how vulnerable they are with their own data.

    An interview well worth your time, by the end of the podcast, you’ll have a better understanding of what IT pros, finance, legal and HR have on their minds.

  54. Thumb 1523476520 artwork

    Dr. Wolter Pieters on Information Ethics, Part Two

    In part two of my interview with Delft University of Technology’s assistant professor of cyber risk, Dr. Wolter Pieters, we continue our discussion on transparency versus secrecy in security.

    We also cover ways organizations can present themselves as trustworthy. How? Be very clear about managing expectations. Declare your principles so that end users can trust that you’ll be executing by the principles you advocate. Lastly, have a plan for know what to do when something goes wrong.

    And of course there’s a caveat, Wolter reminds us that there’s also a very important place in this world for ethical hackers. Why? Not all security issues can be solved during the design stage.

  55. Thumb 1523534606 artwork

    41% of organizations have at least 1,000 sensitive files open to all employees

    This week, we talk about our annual data risk assessment report and sensitive files open to every employee! 41% of companies are vulnerable. The latest finding put organizations at risk as unsecure folders give attackers easy access to business roadmaps, intellectual property, financial and health data, and more. We even discussed how data open to everyone in an organization relates to user-generated data shared with 3rd party apps. Is it a data security or privacy problem? The panelists think it’s a breach of confidence.

  56. Thumb 1523285943 artwork

    Varonis Track at RSA 2018

    We’re all counting down to the RSA Conference  in San Francisco April 16 – 20, where you can connect with the best technology, trends and people that will protect our digital world.

    Attendees will receive a Varonis branded baseball hat and will be entered into a $50 gift card raffle drawing for listening to our presentation in our North Hall booth (#3210).

    Attendees that visit us in the South Hall (#417) will receive a car vent cell phone holder.

    In addition to stopping by our booth, below are sessions you should consider attending. You’ll gain important insights into best security practices and data breach prevention tips, while learning how to navigate a constantly evolving business climate.

  57. Thumb 1522428970 artwork

    Dr. Wolter Pieters on Information Ethics, Part One

    In part one of my interview with Delft University of Technology’s assistant professor of cyber risk, Dr. Wolter Pieters, we learn about the fundamentals of ethics as it relates to new technology, starting with the trolley problem. A thought experiment on ethics, it’s an important lesson in the world of self-driving cars and the course of action the computer on wheels would have to take when faced with potential life threatening consequences.

  58. Thumb 1522255164 artwork

    I’m Elena Khasanova, Professional Services Manager at Varonis, and This is How I Work

    Prior to Varonis, Elena Khasanova worked in back end IT for large organizations. She did a bit of coding, database administration, project management, but was ready for more responsibility and challenges.

    So seven years ago, she made the move to New York City from Madison, Wisconsin to join the professional services department at Varonis.

    With limited experience speaking with external customers and basic training, Varonis entrusted her to deploy products as well as present to customers. Elena recalls, “Not every company will give you a chance to talk to external customers without prior experience….But it was Varonis that gave me that chance.”

    According to her manager, Ken Spinner: “Over the last 6 years, I’ve had the pleasure of working with Elena, first as a coworker in different departments, and most recently as the leader of our Remediation Team in our Professional Services department. Elena was uniquely qualified to lead the team as she had significant experience performing project management prior to planning and completing our first remediation projects. Elena’s knowledge was instrumental in defining the essence of the Varonis Data Risk Assessment, the process used by PS to perform remediation, as well as providing practical insight to Engineering during the development of the Automation Engine.”

  59. Thumb 1521744202 artwork

    Are Users and Third-Party Vendors Frenemies?

    In the midst of our nationwide debate on social media companies limiting third party apps’ access to user data, let’s not forget that companies have been publicly declaring who collects our data and what they do with it. Why? These companies have been preparing for GDPR, the new EU General Data Protection Regulation as it will go into effect on May 25th.

    This new EU law is a way to give consumers certain rights over their data while also placing security obligations on companies holding their data.

    In this episode of our podcast, we’ve found that even disclosures, such as Paypal’s, leave us with more questions than answers.

    But, as we’ve discussed in our last episode, details matter.

  60. Thumb 1520530350 artwork

    Details Matter in Breaches and in Business

    With one sensational data breach headline after another, we decided to take on the details behind the story because a concentrated focus on the headline tends to reveal only a partial dimension of the truth.

    For instance, when a bank’s sensitive data is compromised, it depends on how as well as the what. Security practitioner Mike Buckbee said, “It’s very different if your central data storage was taken versus a Dropbox where you let 3rd party vendors upload spreadsheets.”

    We’re also living in a very different time when everything we do in our personal lives can potentially end up on the internet. However, thanks to the EU’s “right to be forgotten” law, the public made 2.4 million Google takedown requests. Striking the perfect balance will be difficult. How will the world choose between an organization’s goals (to provide access to the world’s information) versus an individual’s right to be forgotten?

    And when organizations want to confidently make business decisions based on data-driven metrics, trusting data is critical to making the right decision. Our discussion also reminded me what our favorite statistician Kaiser Fung said in a recent interview, “Investigate the process behind a numerical finding.”

  61. Thumb 1519844590 artwork

    Innovate First, Deliver PSAs Later

    Today even if we create a very useful language, IoT device, or software, at some point, we have to go back to fix the security or send out PSAs.

    Troy Hunt, known for his consumer advocacy work on breaches, understands this very well. He recently delivered a very practical PSA: Don’t tell people to turn off Windows update, just don’t.

    We also delivered a few PSAs of our own: cybercriminals viewour linkedin profiles to deliver more targeted phish emails, whether we’d prefer to deal with ransomware or cryptomalware, and the six laws of technology everyone should know.

  62. Thumb 1518128542 artwork

    Security Alert Woes

    IT pros could use a little break from security alerts. They get a lot of alerts. All. The. Time.

    While alerts are important, a barrage of them can potentially be a liability. It can cause miscommunication, creating over reactivity. Conversely, alerts can turn into white noise, resulting in apathy. Hence the adage: if everything is important, nothing is. Instead, should we be proactive about our security risks rather than reactive?

  63. Thumb 1516809569 artwork

    Manifesting Chaos or a Security Risk?

    Regular listeners of the Inside Out Security podcast know that our panelists can’t agree on much. Well, when bold allegations that IT is the most problematic department in an organization can be, ahem, controversial.

    But whether you love or hate IT, we can’t deny that technology has made significant contributions to our lives. For instance, grocery stores are now using a system, order-to-shelf, to reduce food waste. There are apps to help drivers find alternate routes if they’re faced with a crowded freeway. Both examples are wonderful use cases, but also have had unforeseen side effects.

  64. Thumb 1516401199 artwork

    The Security of Legacy Systems

    It’s our first show of 2018 and we kicked off the show with predictions that could potentially drive headline news. By doing so, we’re figuring out different ways to prepare and prevent future cybersecurity attacks.

  65. Thumb 1526407698 artwork

    Chief Data Officer Richard Wendell: Information as an Asset (Part 1)

    The emergence of Chief Data Officers(CDO) demonstrates the growing recognition of information as an asset. In fact, Gartner says that 90% of large organizations will have a CDO by 2019. To understand the CDO role more deeply, I turned to Richard Wendell. I met Mr. Wendell last year at the Chief Data Officer Summit and […]

  66. Thumb 1513701361 artwork

    Who is in Control? The Data or Humans?

    Self-quantified trackers made possible what was once nearly unthinkable: for individuals to gather data on one’s activity level in order to manage and improve one’s performance. Some have remarked that self-quantified devices can hinge on the edge of over management. As we wait for more research reports on the right dose of self-management, we’ll have to define for ourselves what the right amount of self-quantifying is.

    Meanwhile, it seems that businesses are also struggling with a similar dilemma: measuring the right amount of risk and harm as it relates to security and privacy.

    Acting FTC Chairman Maureen Ohlhausen said at a recent privacy and security workshop, “In making policy determinations, injury matters. ... If we want to manage privacy and data security injuries, we need to be able to measure them."

  67. Thumb 1512662552 artwork

    Security and Privacy Concerns with Chatbots, Trackers, and more

    The end of the year is approaching and security pros are making their predictions for 2018 and beyond. So are we! This week, our security practitioners predicted items that will become obsolete because of IoT devices. Some of their guesses - remote controls, service workers, and personal cars.

    Meanwhile, as the business world phase out old technologies, some are embracing the use of new ones. For instance, many organizations today use chatbots. Yes, they’ll help improve customer service. But some are worried that when financial institutions embrace chatbots to facilitate payments, cyber criminals will see it as an opportunity to impersonate users and take over their accounts.

  68. Thumb 1511389956 artwork

    The Challenges and Promise of Digital Drugs

    Recently the Food and Drug Administration approved the first digital pill. This means that medicine embedded with a sensor can tell health care providers – doctors and individuals the patient approves – if the patient takes their medication. The promise of this new approval are enormous. It will ensure a better health outcome for the patient, giving caretakers have more time with the ones they love. What’s more, by learning more about how a drug interacts with a human system, researchers might find a way to prevent illnesses that was once believed impossible to cure. However, as security pros there are some in the industry that believe that the potential for abuse might overshadow the promise of what could be.

  69. Thumb 1510165877 artwork

    Bring Back Dedicated and Local Security Teams

    Last week, I came across a tweet that asked how a normal user is supposed to make an informed decision when a security alert shows up on his screen. Great question!

    I found a possible answer to that question at New York Times director of infosecurity, Runa Sandvik’s recent keynote at the O’Reilly Security Conference. She told the attendees that many moons ago, Yahoo had three types of infosecurity departments: core, dedicated and local.

    Who knew that once upon a time dedicated and local security teams existed?! It would make natural sense that they would be the ones to assist end users on security questions, why don’t we bring them back? The short answer: it’s not so simple.

  70. Thumb 1509647671 artwork

    Rita Gurevich, CEO of SPHERE Technology Solutions

    Long before data breaches became mainstream, Rita Gurevich CEO of SPHERE Technology Solutions, built a thriving business on the premise of assisting organizations secure their most sensitive data from within, And because of her multi-faceted experiences interacting with the C-Suite, technology vendors, and others in the business community, we thought listening to her singular perspective would be well worth our time.

  71. Thumb 1508866634 artwork

    The Moral Obligation of Machines and Humans

    Critical systems once operated by humans are now becoming more dependent on code and developers. There are many benefits to machines and automation such as increased productivity, quality and predictability. But when websites crash, 911 systems go down or when radiation-therapy machines kill patients because of a software error, it’s vital that we rethink our relationship with code and as well as the ethical and moral obligations of machines and humans.

  72. Thumb 1507817329 artwork

    The Anatomy of a Cybercriminal Startup

    Outlined in the National Cyber Security Centre’s “Cyber crime: understanding the online business model,” the structure of a cybercrime organization is in many ways a lot like a regular tech startup. There’s a CEO, developer, and if there are enough funds, an IT department.

  73. Thumb 1507225635 artwork

    How Weightless Data Impacts Data Security

    By now, we’re all aware that many of the platforms and services we use collect and store information about our data usage. Afterall, they want to provide us with the most personalized experience.

    So when I read that an EU Tinder user requested information about her data and was sent 800 pages, I was very intrigued with the comment from Luke Stark, a digital technology sociologist at Dartmouth University, “Apps such as Tinder are taking advantage of a simple emotional phenomenon; we can’t feel data. This is why seeing everything printed strikes you. We are physical creatures. We need materiality.”

    He is on to something. We don’t usually consider archiving stale data until we’re out of space. It is often through printing photos, docs, spreadsheets, and pdfs that we would feel the weight and space consuming nature of the data we own.

  74. Thumb 1506720459 artwork

    Penetration Testers Sanjiv Kawa and Tom Porter

    While some regard Infosec as compliance rather than security, veteran pentesters Sanjiv Kawa and Tom Porter believe otherwise. They have deep expertise working with large enterprise networks, exploit development, defensive analytics and I was lucky enough to speak with them about the fascinating world of pentesting.

  75. Thumb 1506368451 artwork

    Ofer Shezaf, Varonis Director of Cyber Security, Part II

    Ofer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this second part of the interview, we explore ways to improve data security through security by design techniques and other methods.

  76. Thumb 1505925916 artwork

    Ofer Shezaf, Varonis Director of Cyber Security, Part I

    Ofer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this first part of the interview, Ofer shares his thoughts on the changing threat landscape.

  77. Thumb 1504812018 artwork

    Dr. Tyrone Grandison on Data, Privacy and Security

    Dr. Tyrone Grandison has done it all. He is an author, professor, mentor, board member, and a former White House Presidential Innovation Fellow. He has held various positions in the C-Suite, including his most recent role as Chief Information Officer at the Institute of Health Metrics and Evaluation, an independent health research center that provides metrics on the world's most important health problems.

  78. Thumb 1504816883 artwork

    When Hackers Behave Like Ghosts

    We’re a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! It’s hard to recreate and retrace an attacker’s steps when there are no fingerprints or evidence of forced entry.

  79. Thumb 1504117965 artwork

    Security Doesn’t Take a Vacation

    Do you keep holiday photos away from social media when you’re on vacation? Security pros advise that it's one way to reduce your security risk. Yes, the idea of an attacker mapping out a route to steal items from your home sound ambitious. However, we’ve seen actual examples of a phishing attack as well as theft occur.

  80. Thumb 1503599827 artwork

    The Security of Visually Impaired Self-Driving Cars

    How difficult is it for you to tell the difference between fried chicken or poodle? What about a blueberry muffin or Chihuahua? When presented with these photos, it requires a closer look to differentiate the differences. It turns out that self-driving car cameras have the same problem. Recently security researchers were able to confuse self-driving car cameras by adhering small stickers to a standard stop sign. What did the cameras think they saw? 45mph Speed Limit sign.

  81. Thumb 1502828066 artwork

    Dr. Zinaida Benenson and Phishing, Part II

    Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the second part of our interview, Benenson offers very practical advice on dealing with employee phishing and also discusses some of the consequences of IoT hacking.

  82. Thumb 1502982317 artwork
  83. Thumb 1502289652 artwork

    Dr. Zinaida Benenson and Phishing, Part I

    Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the first part of our interview with Benenson, we discusses how she collected her results, and why curiosity seems to override security concerns when dealing with phish mail.

  84. Thumb 1502460908 artwork

    Are Cyber War Rooms Necessary?

    While some management teams are afraid of a pentest or risk assessment, other organizations - particularly financial institutions - are well aware of their security risks. They are addressing these risks by simulating fake cyberattacks. By putting IT, managers, board members and executives who would be responsible for responding to a real breach or attack, they are learning how to respond to press, regulators, law enforcement, as well as other scenarios they might not otherwise expect.

  85. Thumb 1501801484 artwork

    Roxy Dee, Threat Intelligence Engineer

    Some of you might be familiar with Roxy Dee’s infosec book giveaways. Others might have met her recently at Defcon as she shared with infosec n00bs practical career advice. But aside from all the free books and advice, she also has an inspiring personal and professional story to share.

  86. Thumb 1500982903 artwork

    Blackhat Briefings That Will Add to Your Tool Belt

    In this podcast episode, we discussed not only sessions you should consider attending, but also questions you should be asking as well as why certain research methods like honeypots, while important, won’t save you from insider threats or other attacks.

  87. Thumb 1500653136 artwork

    Cyber Threats Are Evolving and So Must Two-Factor

    Finally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack.

  88. Thumb 1499883836 artwork

    Budgets and Ethics

    Right now, many companies are planning 2018’s budget. As always, it is a challenge to secure enough funds to help with IT’s growing responsibilities. Whether you’re a nonprofit, small startup or a large enterprise, you’ll be asked to stretch every dollar. In this week’s podcast, we discussed the challenges a young sysadmin volunteer might face when tasked with setting up the IT infrastructure for a nonprofit.

  89. Thumb 1499462066 artwork

    Is Data Worth More Than Money?

    Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual and emotional labor? How do we assign proper value to the creative essence and spirit of what makes our data valuable?

  90. Thumb 1499357428 artwork
  91. Thumb 1498769250 artwork
  92. Thumb 1498158405 artwork

    Troy Hunt and Lessons from a Billion Breached Data Records

    Troy Hunt is a web security guru, Microsoft Regional Director, and author whose security work has appeared in Forbes, Time Magazine and Mashable. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications.

    In this podcast, we discuss the challenges of the industry, learn about his perspective on privacy and revisit his talk from RSA, Lessons from a Billion Breached Data Records as well as a more recent talk, The Responsibility of Disclosure: Playing Nice and Staying Out of Prison.

  93. Thumb 1495809207 artwork

    John P. Carlin: Emerging Threats (Part 4)

    In this concluding post of John Carlin’s Lessons from the DOJ, we cover a few emerging threats: cyber as an entry point, hacking for hire and cybersecurity in the IoT era.

  94. Thumb 1497475217 artwork
  95. Thumb 1496865497 artwork

    Security Pros and Users, We’re All in This Together

    The latest release of SANS’ Security Awareness Report attributed communication as one of the primary reasons why awareness programs thrive or fail. Yes, communication is significant, but what does communication mean?

  96. Thumb 1496698550 artwork

    Taking The Long View, Investing in Technology and Security

    Hypothetical questions that used to be debated on the big screen are questions we’re now debating on our podcast. Will we be able to maintain an appropriate level of privacy within our homes? What are some positive and negative applications of a new technology? Should we extinguish our identification cards so that we can authenticate with biometrics?

  97. Thumb 1495739899 artwork

    John P. Carlin: Ransomware & Insider Threat (Part 3)

    We continue with our series with John Carlin, former Assistant Attorney General for the U.S. Department of Justice’s National Security Division.

    This week, we tackle ransomware and insider threat.

  98. Thumb 1495734503 artwork
  99. Thumb 1495570359 artwork

    Our Post WannaCry World

    After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security.

  100. Thumb 1495487840 artwork

    Winning Security by a Landslide

    Even though it feels like France’s presidential election seems like ages ago, it was a very public security win. The Inside Out Security show panelists – Kris Keyser, Mike Buckbee, and Kilian Englert synthesize how it all unfolded. They also weighed in on the FBI director’s release from his duties. What’s relevant in this story in the infosec space is what happens after someone leaves an organization.

  101. Thumb 1494951700 artwork

    Attorney and GDPR Expert Sue Foster, Part 2

    Sue Foster is a London-based partner at Mintz Levin. In the second part of the interview, she discusses the interesting loophole for ransomware breach reporting requirements that's currently in the GDPR However, there's another EU regulation going into effect in May of 2018, the NIS Directive that would still make ransomware reportable. And Foster talks about the interesting implications of IOT devices in terms of the GDPR.

  102. Thumb 1494963933 artwork

    Pick Up Music, Pick Up Technology

    Last week, when the world experienced the largest ransomware outbreak in history, it also reminded me of our cybersecurity workforce shortage. We can never have too many security heroes!

  103. Thumb 1494433743 artwork

    Attorney and GDPR Expert Sue Foster, Part 1

    Sue Foster is a London-based partner at Mintz Levin. She has a gift for explaining the subtleties in the EU General Data Protection Regulation (GDPR). In this first part of the interview, she discusses how US companies can get caught up in either the GDPR's extraterritoriality rule or the e-Privacy Directive's new language on embedded communication. Privacy and IT security pros should find her discussion particularly relevant.

  104. Thumb 1494363713 artwork

    John P. Carlin: Lessons Learned from the DOJ (Part 1)

    John P. Carlin, former Assistant Attorney General for the U.S. Department of Justice’s (DOJ) National Security Division, spent an afternoon last week sharing lessons learned from the DOJ.

  105. Thumb 1494270494 artwork

    Security Learn-It-Alls

    Rather than referring our weekly podcast panelists as security experts, we’re now introducing them as security practitioners.

  106. Thumb 1493393509 artwork

    Presenting Cybersecurity Ideas to the Board

    There’s been a long held stigma amongst our infosec cohort and it’s getting in the way of doing business. What’s the stigma, you ask? “Know-it-all” techies who are unable to communicate. Unfortunately, this shortcoming also puts our jobs at stake.

  107. Thumb 1493049154 artwork

    When Security is a Status Symbol

    As sleep and busyness gain prominence as status symbols, I wondered when or if good security would ever achieve the same notoriety.

  108. Thumb 1492547540 artwork
  109. Thumb 1492107611 artwork

    Evolving Bank Security Threats

    It was only last week that we applauded banks for introducing cardless ATMs in an effort to curb financial fraud. But with the latest bank heists, it may help to turn up the offense and defense. Why? Hackers were able to drill a hole, connect a wire, cover it up with a sticker and the ATM will automatically and obediently dispense money. Another group of enterprising hackers changed a bank’s DNS, taking over their website and mobile sites, redirecting customers to phishing sites.

  110. Thumb 1491530430 artwork

    Americans’ Cyber Hygiene

    Recently, the Pew Research Center released a report highlighting what Americans know about cybersecurity. The intent of the survey and quiz was to understand how closely Americans are following best practices recommended by cybersecurity experts.

  111. Thumb 1491251324 artwork

    What CISOs are Making, Reading and Sharing

    Besides talking to my fav security experts on the podcast, I’ve also been curious with what CISOs have been up to lately. Afterall they have the difficult job of keeping an organization’s network and data safe and secure. Plus, they tend to always be a few steps ahead in their thinking and planning.

  112. Thumb 1491251527 artwork

    No Data Left Behind

    Over the past few weeks, we’ve been heavily debating on a user’s threshold for our personal data seen in the public domain. For instance, did you know that housing information has always been public information? They are gathered from county records and the internet has just made it less cumbersome.

  113. Thumb 1491252312 artwork
  114. Thumb 1491252299 artwork

    Security Courts the Internet of Things

    As more physical devices connect to the internet, I wondered about the responsibility IoT manufacturers have in building strong security systems within devices they create. There’s nothing like a lapse in security that could potentially halt the growth of a business or bring more cybersecurity awareness to a board.

  115. Thumb 1491252287 artwork

    Proper Breach Notification

    I recently came across an article that gave me pause, “Why Data Breaches Don’t Hurt Stock Prices.” If that’s the case and if a breach doesn’t impact the sale of a company, does security matter?

  116. Thumb 1491252273 artwork

    Gambling with User Data

    The debate between users volunteering their data for better service versus being perceived as a creepy company who covertly gathers user data remains a hot topic for the Inside Out Security panel –Kris Keyser, Mike Buckbee, and Kilian Englert.

  117. Thumb 1491252605 artwork
  118. Thumb 1491252247 artwork

    Security Monk vs. Emperor Palpatine

    This week, we continue our ongoing ransomware discussion with the Inside Out Security Show panel - Kilian Englert, Mike Buckbee, and Mike Thompson.

  119. Thumb 1491252254 artwork

    Professor Angela Sasse FREng on Human-Centered Security

    Lately, we’ve been hearing more from security experts who are urging IT pros to stop scapegoating users as the primary reason for not achieving security nirvana. After covering this controversy on a recent episode of the Inside Out Security Show, I thought it was worth having an in-depth conversation with an expert.

  120. Thumb 1491252560 artwork

    An Extra Factor of Authentication

    Inspired by [this tweet][1], I asked the Inside Out Security Show panelist – Kilian Englert, Mike Buckbee, and Alan Cizenski -  if they could add an extra factor of authentication, what would it be?

  121. Thumb 1491252269 artwork

    Medical Privacy Expert Adam Tanner (Part II)

    Adam Tanner is the author of "Our Bodies, Our Data", which tells the story of a hidden dark market in drug prescription and other medical data. In this second part of our interview, Adam explains how data stripped of personal identifiers can be associated back to the consumer.

  122. Thumb 1491252234 artwork

    Parents of Security

    While I thought we could ride on our recent successes for just a bit longer, attackers are back in full swing, filling my twitter feed with latest jaw dropping security news. As I waded in worry, I stumbled upon an interesting Benjamin Franklin quote, “Distrust and caution are the parents of security.” Should distrust and caution be the parents of security? Who or what should the parents of security be?

  123. Thumb 1491252457 artwork

    Security Pros Bring Out Their Game Face

    It’s not often that we hear about security successes. With ransomware and data breaches driving headlines, it can feel like security pros are always one step behind. Recently, however, I found a few stories that I thought were worth celebrating.

  124. Thumb 1491252220 artwork

    Medical Privacy Expert Adam Tanner (Part I)

    Adam Tanner is the author of "Our Bodies, Our Data", which tells the story of a hidden dark market in drug prescription and other medical data. In this first part of our interview, we learn from Adam how this business in selling medical information got started and why it's legal under HIPAA.

  125. Thumb 1491252214 artwork

    More Ann Cavoukian: GDPR and Access Control

    In this segment, she talks about the importance of involving customers in the decisions that the business make.

    Based on her experience, Cavoukian tells us that once you’ve involved your customers in the decision making process, “You won’t believe the buy-in you will get under those conditions because then you’ve established trust and that you’re serious about their privacy.”

    We also made time to cover GDPR as well as three things organizations can do to demonstrate that they are serious about privacy.

  126. Thumb 1491252206 artwork


    Next month, the world will be talking security at the annual RSA Conference, which will be held in San Francisco on February 13th to the 17th. When it comes to discussing security matters, experts often tell us to take stock of our risks or to complete a risk assessment. However, perhaps before understanding where we might be vulnerable, it might be more important to consider exactly what threats we’re really faced with.

  127. Thumb 1491252172 artwork

    Dr. Ann Cavoukian on Privacy By Design

    I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD).

    What’s more, she came up with PbD language that made its way into the GDPR, which will go into effect in 2018. First developed in the 1990s, PbD addresses the growing privacy concerns brought upon by big data and IoT devices.

  128. Thumb 1491252179 artwork

    Fireside Chat with the Future

    Meanwhile the Inside Out Security Show panel – Kilian Englert, Forrest Temple and Mike Buckbee - also speculated on a few things of their own based on a few articles they’ve read the news recently – hackers guessing your credit card information in less than six seconds, the security implications of the Amazon Go Grocery Store, and more malvertising. Plus, we also continued our never ending debate on privacy.

  129. Thumb 1491252185 artwork

    Is Security a Benefit or a Feature?

    I recently came across a tweet that was shared during the Infosecurity Maganzine Conference in Boston, “Security is a benefit, but not always a feature.” The reason? You can spend a lot of money and still be hacked or not spend a dime and not be hacked. Agree or Disagree. Listen to what the panel had to say.

  130. Thumb 1491252193 artwork
  131. Thumb 1491252200 artwork

    A Technologist’s Hippocratic Oath

    Last month, there was a thought-provoking article on programmers who were asked to do unethical work on the job. We often talk about balancing security with precaution and paranoia, but I wondered about the balance of ethics and execution. As always, I was curious to hear the reactions from the Inside Out Security Show panel – Cindy Ng, Mike Buckbee, Kris Keyser, and Mike Thompson.

  132. Thumb 1491252165 artwork

    Password expert Per Thorsheim On Life After Two Factor Authentication

    Based in Norway, Per Thorsheim is an independent security adviser for organizations and government. He is also the founder of, a conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference is a gathering security professionals & academic researchers worldwide to better understand and improve security worldwide.

  133. Thumb 1491252424 artwork

    Life of an IT Pro

    Like many in IT, you can probably commiserate with this week’s Inside Out Security Show panel – Mike Buckbee and Alan Cizenski – on elaborating when someone asks you, “What Do You Do for a Living?” Whether you’re a programmer or a sysadmin, the scope of your role is often multi-faceted and complex.

  134. Thumb 1491252150 artwork

    The Election is Over…Back to Work?

    On election day, I stumbled upon an article that described presidential candidates’ newfound ability to influence voters with big data. Not health, financial or sensitive data, but data from loyalty cards, gym memberships etc. Rather than a financial exchange as the end goal, the purpose of using big data to influence end users would be for a vote on November 4th.

  135. Thumb 1491252144 artwork

    More Sheila FitzPatrick: Data Privacy and the Law

    In the next part of our discussion, data privacy attorney Sheila FitzPatrick get into the weeds and talks to us about her work in setting up Binding Corporate Rules (BCR) for multinational companies. These are actually the toughest rules of the road for data privacy and security.

  136. Thumb 1491252135 artwork

    The Case for Giving IT a Raise

    At the awesome O’Reilly Security Conference, I learned from world-leading security pros about the most serious threats facing IT. Hmm, sounds like that would make a great topic for discussion with the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Peter TerSteeg.

  137. Thumb 1491252439 artwork

    DDoS Rhapsody

    In this episode of the Inside Out Security Show panel – Mike Buckbee and Mike Thompson – shared their thoughts on the latest botnet attack.

  138. Thumb 1491252032 artwork

    Making Security Great Again!

    Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”.

  139. Thumb 1491251956 artwork
  140. Thumb 1541622120 artwork

    When Security Is Low, How Do We Go High?

    So how low can security go? To start, our music, email, and our new favorite toy, the internet of things(IoT) have been hijacked. What?! Also in our "Thinking Like A Hacker" segment, we try to explain SQL Injection using analogies even a five year old would understand. And our tool this week for Sysadmins - Fiddler, the free web debugging proxy for any browser, system or platform.

  141. Thumb 1540562104 artwork

    IoT Pen Tester Ken Munro: Security Holes (Part 1)

    If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s […]

  142. Thumb 1541622128 artwork

    Six Degrees of Kevin Bacon (Security Edition)

    Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. […]

  143. Thumb 1540560624 artwork
  144. Thumb 1541622135 artwork

    Attraction of Repulsion (to Ransomware)

    When it comes to ransomware, we can’t stop talking about it. There’s a wonderful phrase for our syndrome, “the attraction of repulsion,” meaning that something is so awful you can’t stop watching and/or talking about it. How awful has ransomware been? According to the FBI, in the first three months of 2016, ransomware attacks cost their […]

  145. Thumb 1540505658 artwork

    Statistician Kaiser Fung: Fishy Stats (Part 3)

    Over the past few weeks, Kaiser Fung has given us some valuable pointers on understanding the big data stats we are assaulted with on a daily basis.  To sum up, learn the context behind the stats — sources and biases — and know that the algorithms that crunch numbers may not have the answer to your […]

  146. Thumb 1540560595 artwork

    Attorney and Data Scientist Bennett Borden: Data Analysis Techniques (Part 1)

    Once we heard Bennett Borden, a partner at the Washington law firm of DrinkerBiddle, speak at the CDO Summit about data science, privacy, and metadata, we knew we had to reengage him to continue the conversation. His bio is quite interesting: in addition to being a litigator, he’s also a data scientist. He’s a sought after speaker on […]

  147. Thumb 1540504853 artwork

    Chief Data Officer Richard Wendell: Skills to Cultivate (Part 2)

    In this second podcast, Mr. Wendell continues where he left off last time. He explains the skills you’ll need in order to be an effective Chief Data Officer and we learn more about MIT’s International Society of Chief Data Officers.  

  148. Thumb 1541622141 artwork

    Bring Your Geek To Court

    Last week, Alpesh Shah of Presidio joined us to discuss law firms and technology. With big data, ediscovery, the cloud and more, it’s of growing importance that law firms leverage technology so that they can better serve their clients. And in doing so, law firms can spend more time doing “lawyerly things” and, um, more billing. Hallmarks […]

  149. Thumb 1541622150 artwork

    The Vulnerability of Things

    We were thrilled when Pen Testing veteran, Ken Munro joined our show to discuss the vulnerabilities of things. In this episode, Ken reveals the potential security risks in a multitude of IoT devices – cars, thermostats, kettle and more. We also covered GDPR, Privacy by Design and asked if Ken thinks “The Year of Vulnerabilities” will be hitting […]

  150. Thumb 1541622157 artwork

    Go Open Source!

    Whether you’re a proponent of open-source or proprietary software, there’s no doubt that the promise of open-source is exciting for many. For one thing, it’s mostly free. It’s built and maintained by passionate developers who can easily “look under the hood”. The best part is that you’re not married to the vendor. Yes, there are many helpful […]

  151. Thumb 1541622163 artwork

    Moods and Motives of a Smooth Criminal

    After reading about an IT admin at large bank who went rogue, we put on our empathy hats to understand why. And in this episode, we came up with three reasons: Instead of being recognized as a revenue generator, IT is seen as a cost center Despite all the tests and certificates,  IT people aren’t as […]

  152. Thumb 1541622170 artwork

    Excellent Adventures at Black Hat

    Hackers, Executives, Military Folks, IT People who work in Insurance, even Cab Drivers all had something to teach us about security and privacy at the latest Black Hat event in Vegas.

  153. Thumb 1541622176 artwork

    More Articles on Privacy by Design than Implementation

    Going from policy to implementation is no easy feat because some have said that Privacy by Design is an elusive concept. In this episode, we meditated on possible solutions such as incentivizing and making privacy as the default setting. We even talked about the extra expense of having a Privacy by Design mindset. What do you […]

  154. Thumb 1541622182 artwork


    If there’s something strange on your network, who should we call? The security team! Well, I like to think of them as Threatbusters. Why? They’re insatiable learners and they work extremely hard to keep security threats at bay. In this episode, we talk about awesome new technologies(like computer chips that self-destruct and ghost towns that […]

  155. Thumb 1541622189 artwork


    When technology doesn’t work when it should, is it a tech fail? Or perhaps because humans are creating the technology, fails should be more accurately called a human fail? In this episode, we discuss various types of “fails”, including the latest popular Pokémon Go, why we can’t vote online and the biggest fail of all, […]

  156. Thumb 1541622065 artwork

    Layered Security

    Layered security refers to the practice of combining various security defenses to protect the entire system against threats. The idea is that if one layer fails, there are other functioning security components that are still in place to thwart threats. In this episode of the Inside Out Security Show, we discuss the various security layers. […]

  157. Thumb 1541622037 artwork


    We’ve been writing about the GDPR for the past few months now and with the GDPR recently passed into law, we thought it was worth bringing together a panel to discuss its implications. In this episode of the Inside Out Security Show, we discuss how the GDPR will impact businesses, Brexit, first steps you should […]

Back Home