On today’s episode of the Security Stories podcast we discuss the history of online manipulation campaigns, and how they’re used today to try and influence political elections.
To do that, we welcome back Theresa Payton, the first female CIO of the White House and author of ‘Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth’.
Also joining us is Nick Biasini. Nick is a threat researcher within Cisco Talos and recently published a paper called ‘The Building Blocks of political disinformation campaigns’. The paper is part of Talos’ hands on research into election security.
We chat about some of the things that shocked Theresa when she was doing her research into manipulation tactics. And Nick talks about the amplification methods that are being used to spread certain lies online. Plus, we talk about what can be done to curb these campaigns with only a few weeks to go until the United States general election.
This is a really fascinating discussion, and whilst it highlighted the huge challenges that we’re facing at the moment, Nick and Theresa shared a lot of great information on how we can overcome them.
Also in this episode, Ben Nahorney shares his latest research on current threat trends. This time we rank the Indicators of Compromise that organizations have encountered grouped by particular topics, including ransomware, credential stealing, and looking at the top operating system IoCs.
Episode time stamps
0.00 Intro 03:01 Discussion on disinformation campaigns with Nick Biasini and Theresa Payton 42:45 Threat trends with Ben Nahorney 52:09 Closing remarks
I can honestly say that the two discussions featured in the latest episode of the Security Stories podcast have inspired and motivated me more than anything else has recently.
I really hope that as many people as possible get to listen to this episode. And I’m definitely not just saying that for my podcast stats
Diversity in cybersecurity discussion
Firstly, I caught up with my co-host Noureen Njoroge, as well as Leticia Gamill, Cisco’s Channel leader for Canada and Latin America, and Matt Watchinski, Vice President of Cisco Talos.
Together, we discuss a crucial topic in cybersecurity: the significance of diverse representation, and what that can do for the industry.
Leticia oversees team members based across seven countries, and is a passionate supporter of diversity in cybersecurity. Last year she created a non-profit called LATAM Women in Cybersecurity to encourage more women in Florida and Latin America to enter the field.
As the leader of Talos, the largest commercial threat intelligence group in the world, Matt oversees all the intelligence activities necessary to support our security products and services that keep customers safe.
Matt is a huge ally for diversity in cybersecurity. Within Talos, he has created a culture and a hiring policy that ensures voices from multiple backgrounds can be heard.
And of course most regular Security Stories listeners already know my co-host Noureen, but just in case this is your first time listening, Noureen is a threat intelligence customer engineer. She’s the founder of Cisco’s global cybersecurity mentoring forum, running mentoring events twice a month.
Noureen is listed among the Top 30 Most Admired Minority Professionals in Cybersecurity by SeQure World Magazine, and was recently crowned winner of the Cybersecurity Woman of the Year 2020 award.
Together, we talk about what leaders can be doing to ensure they’re hiring from a diverse pool of talent, and where they can hire people beyond the usual recruitment channels. We also discuss how organizations can build a culture of mentoring so that members of diverse teams can feel valued, and retainment levels are strong.
Meeting Mike Hanley
Our CISO story for this episode is Cisco’s new Chief Information Security Officer, Mike Hanley.
Mike steps into the role of CISO for Cisco after spending five years with Cisco Duo. He originally joined to run Duo Labs, and was soon asked by Dug Song to be Vice President of Security and to build and nurture the team around him.
During our chat, Mike talks about what the past few months have been like after stepping into the role of CISO for Cisco in the middle of a global pandemic.
A very revealing note for me: I don’t think there was an answer that Mike gave where he didn’t refer to his team. People are clearly the most important aspect of his role, and in this interview you can see exactly why.
In fact, here’s a comment Mike shared that particularly struck a chord with me:
“I’m constantly in awe of the innovative ideas that the people in my team come up with to solve problems. I have middle-school teachers, designers, engineers, and many more fields of expertise in my team – and every single one of them has brought something really unique and significant.”
From the importance of hiring diverse talent, to building a culture of appreciation, openness and fun (he used the word fun six times in the first few minutes – I was keeping count!), Mike’s interview is a fascinating listen for anyone leading a team today.
Episode time stamps
0.00 Intro 02:27 Discussion on diversity in cybersecurity 46:49 Mike Hanley interview 1h 26: Closing remarks
Myself, Ben Nahorney and Noureen Njoroge are joined by guests Mitch Neff, Marketing Lead at Cisco Talos, and Corien Vermaak, Cybersecurity Partner Sales Lead for Cisco APJC.
We each discuss on how we all got our starts in the cybersecurity industry. As it turns out, none of us took a conventional path!
The five of us also talk about the people and the mentors that helped us along the way, including some practical advice for anyone who wants to be a mentor, or gain a mentor.
We then passionately tackle the topic of job descriptions and why they might be contributing to the so called “cybersecurity skills gap”. We also talk about what hiring managers can do to make sure they’re not putting the right people off with their words.
For our main interview, I had the pleasure of chatting to Curtis Simpson, Chief Information Security Officer at Armis to discover his story.
A self taught cybersecurity geek, Curtis spent 20 years at Sysco, building a decentralized network before moving to Armis.
Curis talks about how he changed perceptions of cybersecurity being “just a cost centre”. He gave some great examples of how cybersecurity is directly tied to business outcomes, such as the productivity of the sales team.
He also touches on just how difficult a decision it was to leave after 20 years, but ultimately he knew it was the right thing.
Finally, we discuss how his organization has reacted to the global pandemic, and I learn about Curtis’ take on the current threat landscape, particularly around securing IoT devices.
We hope this episode proves that that there is no singular footpath into cybersecurity. And that’s no bad thing.
0.00 Intro 3.46 Interview with Curtis Simpson 47.26 Discussion on careers in cybersecurity 1.42.00 Close