In the real world, cybercrimes just don’t get solved as fast as they do on CSI. So we’re offering a guarantee. If we don’t catch the cyber-perpetrator in an hour (including commercial breaks) we’ll make sure you’re attacked again.



This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Jason Hill (@chillisec), lead researcher at CyberInt Research Lab.

Thanks to this week’s podcast sponsor, CyberInt

The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505’s latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

What annoys a security professional

Question on Quora asks, “What does everybody get wrong about working in the field of forensics?” There were a handful of answers from looking to TV and film dramas to that it’s only a post mortem analysis. What are the biggest misconception of digital forensics?

Why is everybody talking about this now?

Tip of the hat to Stu Hirst of Just Eat who posted this Dilbert cartoon that got a flurry of response. Read for yourself, but in essence, it’s a boss that thought technology would solve all his problems. Not realizing that people and process are also part of the equation.

All too familiar. The “I’ve been hearing a lot about __________” phenomenon. What causes this behavior and how do you manage it?

“What’s Worse?!”

How much flexibility to you require in your security team and the business?

Please, Enough. No, More.

How far can AI go? Where does the human element need to exist? What are the claims of the far reaching capabilities of AI? We discuss what we’d like to hear regarding the realistic capabilities and limitations of AI.

Every year, the Fall season sees billions of dollars being spent on home-based IoT devices. The back-to-school sales are the starting point, Cyber Monday is the clubhouse turn and the year-end holiday season is the finish line.

As usual, these devices – printers, DVRs, IP cameras, smart home assistants, are relatively inexpensive and provide plug and play convenience, to satisfy an impatient customer base.

Many of these are headless devices and cannot patch vulnerabilities or receive upgrades. They connect to the internet and to each other easily and make decisions for us at machine speeds.

None of this is news necessarily but it may serve as a timely reminder for IT that an intelligent fabric-based security architecture – the so called “learn, segment and protect” approach offers a vital bulwark against attack from seemingly innocent home-based devices. This includes ensuring mobile application controls and malware protections are built into the network to cover any device, anywhere, and using real-time threat intelligence across the board. No connected device of any type is above suspicion.

Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM.

We don’t have much time. What’s your decision?

What are the best models for crowdsourcing security? There are entire businesses, such as bug bounty firms, that are dedicated to creating crowdsourced security environments. Our guest this week is passionate about investigative work. We asked him and Mike what elements they’ve found that inspire and simplify the community to participate in a crowdsourced security effort.