Tag Archives: podcast

Closing the gender gap at cybersecurity conferences

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry.

This week’s Risk & Repeat podcast looks at the lack of women at cybersecurity conferences and explores what can be done to improve those numbers, as well as to increase diversity as a whole in the infosec industry.

Earlier this year, RSA Conference came under fire for having just one woman keynote speaker among nearly two dozen keynote spots. The criticism led members of the infosec community to form a new event, dubbed Our Security Advocates, or OuRSA. And while cybersecurity conferences such as Black Hat 2018 will prominently feature women infosec professionals as keynote speakers, there is still a significant gender gap at cybersecurity conferences.

Why aren’t more women speaking at industry events? How can organizations increase the number of women attending and participating in these events? Is the lack of women at cybersecurity conferences a symptom of the larger gender gap in infosec or a contributor to it? SearchSecurity editors Rob Wright and Maddie Bacon discuss those questions and more in this episode of the Risk & Repeat podcast.

U.S. government eyes offensive cyberattacks

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries.

The prospect of the U.S. government using offensive cyberattacks against foreign adversaries appears to be gaining steam.

According to the New York Times, the Pentagon approved a policy that empowers the U.S. Cyber Command to initiate constant offensive cyberattacks designed to disrupt foreign networks. The Times report details a vision statement from military leadership that calls for cyber activities that are “short of war” to retaliate against hacking campaigns from adversarial nation states. The Pentagon’s new strategy for the U.S. Cyber Command, which has traditionally led the nation’s cyber defensive efforts, comes in the wake of many recent high-profile cyberattacks attributed to the governments of Russia, North Korea and Iran.

The concept of “hacking back” against cyber adversaries has gained momentum in both the private sector as well as the government. Some cybersecurity experts, however, have warned that the risks and unintended consequences of offensive cyberattacks can put private enterprises in the crosshairs of nation-state hackers.

What are the implications of the U.S. Cyber Command turning its attention to offensive hacking? What activities would be considered short of cyberwarfare? Could the Pentagon’s policy lead to an escalation of cyberattacks? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

More trouble for federal cybersecurity

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent federal cybersecurity report, which found the majority of agencies have significant security gaps.

The latest government report on the state of federal cybersecurity brought more bad news for Washington, D.C.

The Federal Cybersecurity Risk Determination Report and Action Plan, which was commissioned by the Office of Management and Budget and the Department of Homeland Security, found the vast majority of government agencies have significant gaps in their security postures. Specifically, the report found that 59 of 96 agencies are considered to be at risk, while 12 agencies are at high risk.

Key issues, according to the report, included ineffective and outdated identity and access management processes, a lack of communication between security operations centers, and a lack of accountability for agency leadership. The report also found that just 16% of agencies have deployed encryption for data at rest.

How serious are the federal cybersecurity report’s findings? What steps should be taken to improve the situation? What are the primary causes of the poor state of security in Washington? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Call center artificial intelligence trends drive chat, decision-making

Listen to this podcast

ICMI’s Brad Cleveland has seen call centers integrate email, chat, IVR — automated FAQ answering — and social media. None reduced call volume. Chatbot tech may bring similar results.

ORLANDO, Fla. — The call center is not immune to artificial intelligence trends that are sweeping every industry and many aspects of our personal lives.

Where AI will ultimately be used the most by call center agents, their supervisors and executive leadership using it is up for debate — and it was debated fiercely in the halls and in sessions at this year’s ICMI Contact Center Expo.

Some call center workers worry that automatons will take their jobs; others wouldn’t trust a chatbot with a customer because losing customers on the service side of a business is one of the fastest ways out of a job.

Brad Cleveland, ICMIBrad Cleveland

ICMI founding partner Brad Cleveland started leading the call center industry as automated switchboards, or interactive voice response systems, were de rigueur, and he has witnessed the rise of the internet and email, social media, and chat channels — all of which were supposed to spell doom for the call center.

Yet, call volume remains the same or is growing. In this Pipeline podcast, we discuss artificial intelligence trends for the call center universe and how they might help front-line agents better care for customers who are contacting companies for service in higher numbers than ever before.

Also, workforce management teams might benefit from helping to balance the bottom line with the ever-tenuous divide between productivity, volume and agent needs.

Some of the artificial intelligence trends may include chatbots or software that creates answers to common — or even thorny — questions agents can adapt for call or chat conversations. One thing’s for sure: The technology is still in its infancy, so there’s much room for debate and speculation.

Breaking down the Efail flaws

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws.

The unveiling of the Efail flaws in encryption client software led to spirited debates about the rocky disclosure of the vulnerabilities and who, ultimately, was responsible for them.

The vulnerabilities, which were discovered by a team of academic researchers in Germany and Belgium, affect some client software that implements two popular protocols for email encryption in Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/Mime). The Efail flaws could allow threat actors to obtain the plaintext of messages encrypted with the affected client software.

The researchers’ technical paper pointed to faulty email clients rather than the protocols themselves, which sparked a debate about who was responsible for the Efail flaws. While some infosec experts argued the developers were on the hook, others such as Matthew Green, professor at Johns Hopkins University’s Information Security Institute, criticized organizations like GnuPG for not taking a more active role in addressing the problem. Additionally, a broken embargo for the branded vulnerabilities led to questions and concerns about coordinated disclosure processes.

Was there an overreaction to Efail? Who takes the majority of the blame for these vulnerabilities? Did the Efail disclosure actually fail? SearchSecurity editors Rob Wright and Peter Loshin discuss these questions and more in this episode of the Risk & Repeat podcast.

The Bitcoin boom and its infosec effects

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency’s rising value could affect the cybersecurity landscape.

The bitcoin boom that saw a dramatic rise in the cryptocurrency’s value in recent weeks could have big implications for information security.

In the last month, the price of a single bitcoin tripled, jumping from approximately $5,700 to more than $17,000. A number of factors, including interest in the opening of the first regulated bitcoin futures exchanges and a hard fork in the cryptocurrency, could be contributing to the bitcoin boom beyond a general increase in buying and selling volumes.

But the surge also comes at a time of rampant global ransomware attacks, many of which demand payment from victims in bitcoin. While some enterprises have disclosed ransomware attacks, experts generally believe that many more attacks are kept quiet.

Could cybercriminals and ransomware attacks be contributing to the bitcoin boom? What will the rising price of the cryptocurrency mean for the cybercrime economy? Will the high value of bitcoin lead to more cyberattacks on bitcoin owners and exchanges, like NiceHash, which recently lost approximately $80 million in bitcoin following a massive data breach?

SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the bitcoin boom in this episode of the Risk & Repeat podcast.