In this episode of Pwned, Justin and Jack celebrate their milestone 200th episodes the best way they can…with some good old Ransomware Rye. Join the duo offsite at Mad River Distillers tasting room in Burlington, Vermont, as they review podcast excerpts from the last few years and respond with fresh takes, all while guessing who actually said it. Check out the links below on people we reference in this episode:Glen Bressner, Co-Founder and Managing Partner, Activate VP ...

In this episode of Pwned, BlackCat rises from the grave for another life full of ransomware attacks; this time targeting a healthcare organization, Change Healthcare, for a whopping $22 million. Join Justin and Jack as they look through the facts and speculate that BlackCat may not be who they say they are. If you have any questions or suggestions, send us an email at [email protected] general information, you can reach us at [email protected] you like our content,...

It’s a first, with Jack going solo, and the subject is a set of 8 recent recommendations from senior IT and security leaders at the recent e.Republic/Center for Digital Democracy Beyond the Beltway show. Panels of executives described their experience with successful security and technology communications, and Jack interprets and applies these for our Pwned cybersecurity audience. It’s a rare view into the minds and reactions of the kind of leaders that we know are fundamental to the success...

Well-known public sector executive advisor, Curt Wood (https://www.linkedin.com/in/curtis-m-wood-7bab5a84/), joins the team to talk about the role of the Cybersecurity and Infrastructure Security Agency (CISA), statewide cybersecurity, and the complex responsibilities of leaders as they understand and integrate multiple communities in their cybersecurity planning. As former executive secretary and CIO for the Commonwealth of Massachusetts and the current executive director for the 2023/2024...

Justin Fimlaid (https://www.linkedin.com/in/jfimlaid/) and Jack Danahy (https://www.linkedin.com/in/jackdanahy/) are talking about the recent 26.6B records found exposed. While the records are mainly old, the Pwned perspective is always new. Listen in for some history, some discussion of other expert views like Troy Hunt and others, and a perspective on whether this Mother of All Breaches may in fact be more of a news story and less of a new story.View Troy's article: Troy Hunt: The Data...

In a discussion covering election issues from disinformation to voter access, Justin Fimlaid (https://www.linkedin.com/in/jfimlaid/) and Jack Danahy (https://www.linkedin.com/in/jackdanahy/) are both dispelling and reinforcing listener concerns about the impact of technology and cyber threats on the upcoming elections. Tune in for an in-depth discussion on disinformation, newly proposed government/social media contact restrictions, and a look into what may come (or that the team think should...

It’s been over two years since the team examined the overuse and increased malleability of the term “XDR” and were forced to sentence that term to the Pwned terminology dungeon, the “Pit of Despair”. Well, times change, and our intrepid topical explorers are seeing signs that a reexamination is deserved, as XDR is becoming more understood, and Managed XDR (MXDR) is now a reality. Join Justin Fimlaid (https://www.linkedin.com/in/jfimlaid/) and Jack Danahy...

In honor of releasing the 2023-2024 SLED CPR, Justin (https://www.linkedin.com/in/jfimlaid/) and Jack (https://www.linkedin.com/in/jackdanahy/) take a walk down memory lane and discuss their predictions from the 2022 CPR, and how they fared in 2023. Have all 5 predictions panned out the way the duo thought, or did some fall short? Tune in to find out. Check out our annual SLED CPR (https://www.nuharborsecurity.com/annual-sled-cpr). Key Takeaways:00:00 – Title sequence00:27 – Introduction to...

In this episode, Justin (https://www.linkedin.com/in/jfimlaid/) and Jack (https://www.linkedin.com/in/jackdanahy/) are giving a sneak preview of this year’s SLED Cybersecurity Priorities Report. It’s all fresh off the presses and the team is giving a birds-eye view of the process, focus, and conclusions that the CPR is bringing to (and from) State, Local, and Higher Education leaders.If you have any questions or suggestions, send us an email at [email protected]...

The Pwned podcast leaps into 2024 with Justin Fimlaid and Jack Danahy talking about what they've were seeing at the end of 2023, some ideas on improving for 2024, and some new ideas around understanding more about predicting breach impact and exposure. The guys are looking at some new ideas like improving attack simulation, increasing visibility, and the potential application of new approaches like synthetic malware and attack campaigns. One of the results of a new Pwned term of art, based in...

To wrap up 2023, we would like to take the chance to reflect on what we’ve all seen this year, and what has headlined our coverage here at Pwned. Come on along and relive three of our past episodes that created the most activity, and join us in seeing how far we’ve all come. Our top 3 episodes from this year are: * Episode 170 - Staying on Course When You've Got Headwinds (https://www.nuharborsecurity.com/podcast/pwned-episode-170-staying-on-course-when-youve-got-headwinds) - a mailbag...

In the second part of our series on Federal AI proclamations, Justin and Jack make a point-by-point assessment of the Federal view on inalienable protections from AI misbehavior. If you’re concerned with AI’s incursions into everyday life or are interested in understanding whether our leaders have a grasp on the issues, this is an episode you can’t miss.AI is complicated. Cybersecurity is complicated. Political language is complicated. Your Pwned team is here to make things understandable....

In this episode, Justin and Jack are reviewing the recent presidential executive order on AI. While there are plenty of good ideas in the mix, the team is taking some time to examine their feasibility, their value, and their likelihood of execution in our current, fast-paced, AI environment.  Stay tuned for part two on the Blueprint for an AI Bill of Rights!Check out the resources we referenced in this episode:FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy...

Following Justin (https://www.linkedin.com/in/jfimlaid/)'s work with members of the press on the recent Kansas City court system ransomware shutdown, he and Jack (https://www.linkedin.com/in/jackdanahy/) are talking about the potential impacts and repercussions of increasing cyberattacks against the judiciary. There are issues of timely judgements, sealed records, even courts paying criminals, as the Pwned team judges the situation and brings some new evidence to the discussion of causes and...

In this episode of Pwned, Justin (https://www.linkedin.com/in/jfimlaid/) and Jack (https://www.linkedin.com/in/jackdanahy/) discuss the recent acquisition of automation firm Revelstoke by managed security vendor Arctic Wolf. With a lot of cash on the line, is this deal a right swipe, or do they think Arctic Wolf will be left in the dark when the lights come up? Tune in for the details. Key Takeaways: 00:00 – Title sequence 00:28 – Introduction to acquisition 02:04 – Financial details 04:53 –...

In this episode of Pwned, Justin (https://www.linkedin.com/in/jfimlaid/) and Jack (https://www.linkedin.com/in/jackdanahy/) tackle Cybersecurity Awareness Month 2023. Coming at you with three unconventional tips to keep in the back of your mind, the duo dive into the world of security for vendors, purchasers, and members of the public.  Key takeaways00:00 – Title Sequence00:34 – Introduction to Cybersecurity Awareness Month01:36 – What does security awareness mean?02:40 – More heightened...

In this episode of Pwned, Justin and Jack are evaluating a four-step process for developing a cybersecurity strategy and end up creating one of their own. If you’re looking for some ideas or a blueprint for your own planning, it’s probably worth a listen. Stay tuned for our upcoming blog: 4 Steps to a Rock-Solid Cybersecurity Strategy for an in-depth look at what we came up with! As a recap, here are our four steps to a cybersecurity strategy: Step 1: Ask and UnderstandThe single most...

(https://www.nuharborsecurity.com/wp-content/uploads/2023/01/PWNED-Logo_General-300x300.png)In this mailbag episode of Pwned, Justin (https://www.linkedin.com/in/jfimlaid/) and Jack (https://www.linkedin.com/in/jackdanahy/) respond to a listener question that has all the earmarks of a well-known security problem: a new leader starting in an organization with what feels like a random mix of products and problems. By talking through the different elements of the situation, the team offers...

This week, Justin and Jack are talking AI with one of the security industry’s most well-known experts and influencers, Diana Kelley of Protect AI. The topics, like the growth of AI, are all over the place, from the impacts of AI on security teams to secure AI development, and even a quick mention of the rights of sentient AI. Come hear what’s new in ML SecOps and high-integrity AI, and some well-informed predictions for the future. If you want to get in touch with Diana, you can find her...

In this breach of the week episode, Justin and Jack look into the recent attacks targeting the GitHub developer community. Developers are increasingly being targeted by North Korean state-sponsored threat actors to use and execute poison code. Tune in to get the scoop. The DarkReading article can be found here: North Korean Cyberspies Target GitHub Developers (darkreading.com) CISA’s request for comment can be found here: Request for Comment on Secure Software Self-Attestation Common...

Multifaceted French security and defense firm, Thales, has acquired longtime application and availability cybersecurity pioneer, Imperva, in a major acquisition from U.S. cybersecurity private equity leader, Thoma Bravo. In this RightSwipes episode of Pwned, Justin and Jack review the histories of both Imperva and Thales, adding valuable context to the market analysis. There’s plenty to talk about and factor into this week’s thumbs-up/thumbs-down conclusion. Check out the following links...

In Massachusetts, a group of communities are banding together to improve IT acquisition effectiveness. In this episode of Pwned, Justin and Jack explore the benefits of this alliance, ideas on the cybersecurity impact, and the relationship between this effort and other regional and whole-of-state strategies. It’s a feel-good episode of Pwned, and the team is bringing positive vibes. Learn more about the North Shore IT Collaborative here: North Shore IT Collaborative | Danvers, MA...

In this episode Justin and Jack are taking a question from the mailbag on choosing regional or private security operations centers (SOCs). The conversation quickly turns to finding the best SOC for your needs, the most beneficial preparation before engaging with vendors, and the right of any organization to demand answers in language they can understand and apply. Watch this week's video: If you have any questions or suggestions, send us an email at...

From ChatGPT to predictive analytics, AI techniques are changing all industries and knocking on the door of cybersecurity.  Justin and Jack are answering with an episode examining potential advancements and limitations that we’ll likely encounter over the next few years. If you’re interested in an experienced, optimistic, but grounded view on what AI can do for your security operation, this is an episode for you. Check out this week's video: If you have any questions or suggestions,...