Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One legacy from Covid 19 that’s here to stay is working from home. Staff love it as it gives them flexibility, and organisations save on infrastructure costs. Still, the transition into the digital world is not smooth and comes with many vulnerabilities and risks.

Welcome to Razor Wire Podcast! In this episode, we’re joined by Claire Davies of Arriva and Keith Christie-Smith of Claroty to discuss where a CISO fits best within an organisation, a bit of the history behind it, where trends have been in recent years, and where we think it’ll going to be in future. The role of CISO has traditionally been a part of IT and they often report to the CIO. This trend has been steadily changing over recent years, but the question remains: where should the CISO sit within an organisation? With security events increasing in cost and complexity, is it time that the CISO should sit on the board? Claire, Keith and cyber security consultancy MD James Rees - your host - share their opinions on the subject from the perspective of a CISO currently in the role and with insights from an Accounts Director who deals with CISOs from multiple companies across a wide range of different sectors. The format of our show is a group of us sitting here talking like we are down the pub talking about what we do for a living. So I am inviting you to join us in this episode to learn about CISO. Listen to this episode on your favourite podcasting platform.

Stop using questionnaires to assess the risk of your business partners. Here's why: Suppose you want to hire a marketing firm to help grow your company. To assess the risk, you send them a 20-page questionnaire asking about 2-factor authentication, data encryption, etc. Even if they have a 2-factor authentication in place, e.g., you still have to ask for their company policy to verify. Not only does that result in mountains of paperwork.

Timestomping is a common anti-forensic tactic that threat actors use in order to hide their tools on a victim’s file system. Detecting and analyzing timestomping can be time-consuming for examiners, but with a combination of the Kroll Artifact Parser and Extractor (KAPE), MFTECmd and Timeline Explorer, the process is expedited, allowing examiners to focus on data instead of worrying about parsing files.

LimaCharlie's Security Infrastructure as a Service (SIaaS) approach makes it ideal for securing your CI/CD pipeline and building security solutions that make sense for you. In this video LimaCharlie founder and CEO, Maxime Lamothe-Brassard, walks through various ways to visibility and add layers of protection to your development process.

Today in our Spotlight on Technology, we look at Managed Detection and Response (MDR) with James Rees (Managing Director) of Razorthorn joined by Josh Davies (Technical Product Marketing Manager) of Alert Logic, leaders in Managed Detection and Response.

Ransomware, systemic risk & regulations are becoming leading concerns for the cyber insurance industry. Understand an underwriter's POV with respect to scrutiny & poor controls.

With the increase of ransomware attacks, underwriters are becoming more scrutinous and carriers are scaling back on cyber insurance coverage. Learn how a strong identity protection strategy can help organizations optimize their cyber insurance initiatives.

Forescout and Arista have simplified granular enforcement by orchestrating workflows across device identity, logical group creation, group-based segmentation policy design and enforcement. This accelerates zero trust policy deployment while unifying network and security management.

Greater care should be taken when transferring corporate data onto a remote user's managed endpoint. Certain types of data often require greater levels of authorization to leave the confines of the organization and managed app. When trying to download confidential information, we want to reverify the user's identity with step-up authentication. When the file is downloaded, in addition to file encryption, we also want to add a watermark and redact the confidential information.