The White House has released another statement on their National Cybersecurity Strategy. This time Justin and Jack are supportive of the tone and some of the content. In this episode, hear about the new approach to improving cybersecurity with an emphasis on vendor responsibility, liability, opportunities, and outcomes.  Do you think the President’s directive is helpful, or do you think it lacks the specifics for these policies to succeed?   Resources mentioned in this...

In this RightSwipes episode, the unexpected union of Proofpoint and Illusive creates an irresistible combination for Justin and Jack. They're talking through the applicability of deception technology, market appetite, and Proofpoint's move to deepen their bench with Illusive. The question remains whether Proofpoint was looking to strengthen identity-based defenses or if there's a broader strategy in motion. As referenced in this episode, you can check out Ericka Chickowski's article on...

In this episode, Justin and Jack are talking about threat intelligence, from its ideal content mix to the audience, and ways to improve its usefulness and availability. Threat intel is about more than feeds. It's about hunting, sharing, and enriching our understanding of threats whenever we can. Check out our SLED Cybersecurity Priorities Report here to examine top cybersecurity priorities in SLED, what's fueling them, and how you can implement them in your organization. Check out this...

In part two of “An Old Friend, Some Old Equipment, and New Challenges All Around," we welcome back Zack Borst. Since his departure from NuHarbor Security, Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and now he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. Join the trio for the second part of this eye-opening discussion about technology, threats, aging equipment, critical services, and...

Our latest episode welcomes back Zack Borst, former co-host and co-contributor to Pwned in its earlier seasons. Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. It's an eye-opening discussion that blends technology, threats, aging, equipment, critical services, and the troubling mix of kinetic and cybersecurity emergencies. Gain insight...

In an episode that is close to Jack's heart and history, he and Justin explore a renewed interest in the security of applications. They discuss the new Application Security Center of Excellence (ASCOE) being built at the Commonwealth of Massachusetts, shifting far left of boom by prioritizing contract language, and the importance of championing the need for application security before implementing any program. Listen in for practical ways to make progress in an area that will only get...

In this episode, Justin and Jack delve into the growing trend toward increased investment in detection and response. With the rise in successful attacks and public breaches, detection and response are getting plenty of love, sometimes at the expense of preventative measures. Tune in as our duo explore the current state of affairs, share their observations on various response tactics, and provide valuable insight for listeners who are considering investing in cybersecurity capabilities to...

In this mailbag edition of PWNED, Justin and Jack are presented with a question from a listener who's feeling pressured to justify continuing cybersecurity tooling spend. They've seen this happen repeatedly and offer recommendations for responding with well-articulated tradeoffs and benefits and preparing for budget cuts during the proposal and acquisition process. Ultimately, security leaders do their best when they can maximize value from their existing tooling, or garner support from...

In this episode, Justin and Jack discuss a recent CISO dialogue around the difficulties in replacing staff that move on, and strategies for easing the impact of losing talented folks to competitors or lottery wins. From educating other team members, to succession planning and developing close relationships with vendors there are ways to prevent the unexpected loss of teammates from resulting in a corresponding loss of sleep. Check out this week's video: If you have any questions or...

In this episode, Justin and Jack respond to a note from the mailbag. A listener inquires about successful approaches to recruiting support for security initiatives, and the team shares stories about educating stakeholders, developing champions, and encouraging security program collaborators, especially when planning a multiyear, multipronged strategy. Check out this week's video: If you have any questions or suggestions, send us an email at [email protected]. For general...

Following a listener request, Justin Fimlaid and Jack Danahy are talking about successful paths forward when a CISO finds themselves in a role that’s a little larger than they expected, or an organization has a well-meaning CISO that needs a little more time to get it right. This happens all the time, and it doesn’t have to end with burning out or throwing out an otherwise capable executive. If you find yourself in that oversized chair, sit back and give a listen. Helpful links: The...

Following well-publicized comments from Zurich Insurance CEO Mario Greco on the potential demise of cyber insurance, Justin and Jack are digging deep. They describe the challenge to insurers, the potential for unlimited liability, and propose a new and more intentional model that benefits insurers, clients, and the CISOs involved. It’s a new take on a thorny problem, with lessons for all players. Links: Are Cyber Attacks Uninsurable? World Economic Forum 2020 Grim Insurance...

In this last episode of PWNED Season 3, Justin and Jack are paying off the year’s debts from infractions against the Pit of Despair, while analyzing a BlackHat announcement by a leader in the market. There are debts to be paid, and there’s a striking new example of the old security tendency to obscure, over-the-top messaging. The season is going out with a bang, and it looks like Season 4 will start with a blank slate but a full list of issues to watch for. As mentioned in this episode,...

After much work and a little fanfare, the 2022 SLED Cybersecurity Priorities Report has been publicly released.  Justin and Jack are giving a quick overview of the findings, along with their usual, and unavoidable, take on some of the results. For those of you who have participated in the research or have been following the lead-up to this day, you’ll be glad to hear that the result does not disappoint. Here's the announcement: SLED Leaders Find Roadmap for 2023 Success in Groundbreaking...

In this episode of PWNED, Justin springs an unexpected topic, based on his deep affection for social media. Seeing a post from a security leader who feels he has been unfairly held accountable by his company, he’s bringing it to the podcast. We’ve got victimhood, CISO expectation setting, transparency, and disappointment, all in one episode as Jack and Justin take this common feeling apart. As referenced in this episode, you can find the book, "Can't Hurt Me", by David Goggins here: Can't...

In this episode, Justin and Jack are talking about the trends, common concerns, and research done to support the soon-to-be-released 2022 SLED Cybersecurity Priorities Report. Input from hundreds of sources has been combined with insights from major vendors and the NuHarbor team to deliver some surprising conclusions about the state of the SLED cybersecurity landscape and the leaders that are transforming protection of public services and public trust. As referenced in this episode, check...

Following the news that Twitter, now owned by Elon Musk, is charging users for a "blue check" next to their name -- an icon that once signaled a verified and authentic user, Justin and Jack discuss the cybersecurity implications behind this new phenomenon, and clear away the confusion and chaos that comes with it. If you have any questions or suggestions, send us an email at [email protected]. If you like our content, please like, share, and subscribe! We'll catch you on the...

In this RightSwipes episode of Pwned, Justin and Jack start with an analysis of the recent CrowdStrike acquisition of Reposify, and while they may not agree on the love match, it starts an interesting new debate on "Best-in-Breed" versus "Combined Value" players in cybersecurity. It's an important point of inflexion for companies, and maybe for the cybersecurity market, so listen in. If you have any questions or suggestions, send us an email at [email protected]. If you like...

  In this final episode with Justin and Jack speaking to a group of state security leaders, the PWNED team is talking about a series of topics from new, more successful awareness campaigns to the challenges of avoiding being a target in the first place. This entire session is driven by audience questions, and you may hear one that you’d have asked were you there. If you have any questions or suggestions, send us an email at [email protected]. If you like our content,...

In their second episode in front of a group of public sector tech execs, Justin and Jack are talking about the challenge and risks of application security, including the cascading exposure from supply chain vulnerabilities like log4j. They also spend some time talking about the attack trend towards automation and the ubiquitous threats that indiscriminately target organizations regardless of size or specialty. It’s another episode driven by listener questions and current events, with a focus...

In this first installment of a three-part series, Justin and Jack are speaking with public sector leaders about the unique challenges and successes of securing platforms and systems within the State, Local, and higher Ed (SLED) community.  They’ve got plenty of experience and plenty to say as they answer questions about current threats, new approaches, and the patterns of success that NuHarbor has seen over the past few years. If you have any questions or suggestions, send us an email at...

Following another school system breach and some pretty dire reporting, Justin and Jack are reviewing current events and talking about the current environment of risk and impact to K-12. There is plenty to discuss, but the result is a much more balanced view and some thoughts on applying a reasonableness filter to the stories we're hearing. If you have any questions or suggestions, send us an email at [email protected]. If you like our content, please like, share, and subscribe!...

In a new two-for-one Breach of the Week, Justin and Jack discuss a couple of controversial events from the news this week.  First, the recent disclosures by Twitter’s Pieter (Mudge) Zatko and a follow-on article by long-time security icon Edward Amoroso, have our hosts sharing two different points of view on what the story means.  Second, we get back to a harmonious Pwned cast as Justin and Jack discuss the recent LastPass source code breach, which was handled quickly and effectively by the...

Justin and Jack join John Egan, founder of Mad River Distillers, for a chat about his thoughts on cybersecurity acquisitions, and his own experience as a lawyer in the technology field. Special thank you to John, Mad River Distillers President Mimi Buttenheim, and General Manager/Head Distiller Alex Hilton for welcoming the team and giving their time. To view the Mad River crew, click here. Justin and Jack took the time to write out reviews of some of the beverages from Mad River. Those...

We've got more mail! Thank you to Mike for sending in this intriguing question about how to decide what cybersecurity college program to attend to get the most for your future. Justin and Jack have an answer for you, and it's a little more complicated than you would think; take a look at a program's past and present successes to determine what you want your future to be. If you have any questions or suggestions, send us an email at [email protected]. If you like our content,...