The Security Ledger Podcasts

In this Spotlight podcast* we’re joined by Andrew Jaquith, the CISO at QOMPLX to talk about how the COVID pandemic is highlighting longstanding problems with cyber risk management and cyber resilience. We also talk about how better instrumenting of information security can help companies get a grip on fast-evolving cyber risks like human-directed ransomware campaigns. There has been much speculation about what the long term impact of the COVID 19 pandemic will be on the private sector. Already, business leaders and investors are betting that the forced, mass experiment in remote work will produce long term changes in how companies manage their workforce. Andy Jaquith is the Chief Information Security Officer at QOMPLX Inc. But one byproduct of the shift to remote work is already clear: a marked increase in cyber attacks on corporate environments that take advantage of employees’ anxiety about the virus and lax home office security. Episode 151: Ransoming the City with Cesar Cerrudo of IOActive Ransomware’s Dangerous Rise Among the most scary of those attacks are so called human-directed ransomware attacks, which have sidelined sophisticated organizations ranging from the fin-tech startup Finastra to DMI, a cyber security contractor that counts the US space agency NASA as a customer.  Episode 107: What’s Hot at Black Hat & does DHS need its new Risk Management Center? What’s to be done? Our guest In this spotlight edition of the podcast, Andy Jaquith, says that COVID is exposing some rifts in corporate cyber security. New Tech Meets Old Tools While the ways in which organizations deploy and use technology has changed dramatically in the last two decades, the ways that they measure and account for cyber risk have not.  Andy is an amazing resource on all matters cyber security. A former Managing Director at both JP Morgan Chase and Goldman Sachs, he was also the Chief Technology Officer at the firm Silver Sky, a cloud-based MSSP. Episode 185: Attacking COVID, Protecting Privacy In this conversation, Andy and I talk about how COVID is highlighting larger issues around cyber resilience. We also talk about Andy’s new company, QOMPLX, which is working to improve ways to instrument cyber security with an eye to improve both cyber defense and risk management.  To start off, I asked Andy about his storied tenure in the cyber security field including his work as an analyst for Forrester and his stint at the seminal cyber security firm, @stake. You can listen using the embedded player above, or by downloading

In this Spotlight podcast* we’re joined by Jason Fruge, the VP of Business Application Cybersecurity at Onapsis to talk about the growing attacks against critical systems like ERP and General Ledger applications by SAP and Oracle. We also talk about why these critical systems often lag on key security measures. Security experts have been banging the drum about “risk based security” for years. The idea is simple: identify the assets and data within your organization that are critical to your mission, then concentrate resources – including staff and technology spending- on securing them.  That sounds sensible, but are companies listening? By one measure, they are not. Specifically: security for critical business systems such as Enterprise Resource Planning (ERP) and General Ledger systems continues to lag. A recent survey of 430 IT decision makers by the firm IDC, for example, found that 64% of ERP deployments had been breached within the preceding 24 months. Those incidents exposed financial, sales and HR data as well as intellectual property and personally identifiable information on customers, IDC found.  Jason Fruge is the VP of Application Cybersecurity at Onapsis Report: Cybercriminals target difficult-to-secure ERP systems with new attacks With all the talk about protecting organizations’ “crown jewels,” how is it that platforms like SAP and Oracle – the IT equivalent of the Tower of London where those jewels are kept – are often left unlocked and unprotected?  To understand a bit more, we invited Jason Fruge into the Security Ledger studios. Jason is the Vice President of Business Application Cybersecurity at Onapsis and a former CISO at fashion design firm Fossil Group.    How Digital Transformation is forcing GRC to evolve In this interview, Jason and I talk about both the technical and cultural challenges of securing applications like Oracle and SAP. Those applications are so complex and bespoke that they often frustrate analysis using traditional vulnerability scanners and other security tools. We discuss the increase in attacks targeting these systems and what organizations can do to fend off attacks. We also talk about the recent Onapsis publication of a slew of vulnerabilities in Oracle Business Suite, which Onapsis dubbed BigDebIt. That publication accompanies patches issued by Oracle. If left unpatched, the BigDebit vulnerabilities could allow an attacker to launch unauthenticated attacks on Oracle EBS platforms.  (*) Disclosure: This podcast and blog post were sponsored by Onapsis. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out 

In this Spotlight Edition of The Security Ledger Podcast, sponsored by Trusted Computing Group (TCG), we’re joined by Intel Fellow Claire Vishik to talk about the evolving concept of online “trust.” Vishik is a TCG Director and spent 14 years as the Director of Trusted Technologies at Intel. We talk about how the Internet of Things is rapidly changing conversations about online “trust” and “privacy,” and the challenge of securing devices from attacks. You might not have heard of the Trusted Computing Group but you have definitely used technology it helped develop and deliver. The industry consortium pioneered technologies such as the Trusted Platform Modules that are in nearly every computer and personal electronic device made today, providing a hardware based “root of trust” that validates the identity, integrity and proper functioning of the device.  But, if you haven’t noticed, computing environments are becoming more diverse and complex. The Internet of Things is invading business and home networks and the built environment. Cloud based applications and resources have dissolved the network perimeter – and that was before the COVID pandemic sent millions of workers home to work. Re-Thinking Trust Claire Vishik, Intel Fellow & Director, Trusted Computing Group For this podcast, we invited Claire Vishik into the Security Ledger studios to talk. Claire is an Intel Fellow and the Chief Technology Office at Intel’s Governments, Markets and Trade group  (GMT). She spent 14 years as the Director of Trusted Technologies at Intel and is a Director at the Trusted Computing Group. What does a concept like “trustworthiness” mean in the era of cloud computing, smart homes and cities and the Internet of Things? How are the notions of security, privacy and trust evolving? Spotlight Podcast: Securing the Enterprise’s New Normal In this conversation, Claire and I discuss the fast-evolving future of both the Trusted Computing Group and the notion of trusted computing, as both innovation and changing technology use patterns create opportunities and risks in areas like cyber security and privacy. I started by asking Claire to talk about some of her responsibilities at both Intel and TCG.  As Claire sees it, the challenge in answering that question is that concepts like “cyber security” and “online trust” are incredibly broad and resist simple or reductive solutions or formulations. How NIST Is Securing The Quantum Era Connected Jewelry to Power Stations “When the computing age started, the platforms were distinct and not connected,” Vishik notes. “Now we have a huge diversity in both the platforms and the environments. They are as different as connected jewelry and nuclear power stations and smart grid. They are as complex as smart cities or as simple as a single function, single use sensor. Both of these systems or systems of systems are connected and need to be protected, but in different ways.”

In this episode of the podcast (#186) we do a deep dive on the new IoT cyber security rating system from Underwriters’ Lab. We talk with experts from GE Appliances about the process they used to obtain UL certification for a range of smart home appliances, managing device security over the decades and how a cyber security rating system may influence consumers’ behavior. Internet of Things (IoT) devices have been cropping up on home, business and enterprise networks for years. In 2020, their security – or lack of it – has becoming a major headache.   Organizations seemed to have grasped this. A recent survey by the Ponemon Institute, in fact, found that 61% of respondents said it was “likely” or “highly likely” that, in the next 24 months, their organization would experience a data loss or theft due to an IoT devices or application that was not secure. That figure was up from just 48% of respondents who believed that in 2017.  Smart Homes May Hide Crypto Mining Schemes Consumers, also, apprehend that the security of their home surveillance cameras, connected appliances and other smart home technologies matter. Horror stories like those of the hacker who took over a Ring camera inside a small girl’s room have implanted themselves in the psyches of anxious parents – as well they should.   One Certification to Rule them All The problem to date has been that no easy way existed to measure security in these products. Absent some kind of security mark or certification, how are consumers to know which smart dish washer is running an out of date version of Linux that can’t be patched? Looked at a different way: how will they know to choose the device that has implemented security best practices in its design, default configuration and deployment?   Shawn Stover, GE AppliancesGonda Lamberink, ULJohn Ouseph, GE Appliances Enter Under Writers Laboratory., or UL. Over the past few years, the organization, which has been certifying the safety and security of products for generations, has been rolling out an IoT cyber security rating system. At this year’s CES conference, UL announced that GE Appliances would be the first to carry the UL cyber security rating.  Do Consumers Care? But what does that mean, exactly? And will consumers change their buying habit to reward cyber secure products? To talk about it, we invited representatives from both UL and GE Appliances into the Security Ledger studios to talk.  With us in the studio for this week’s podcast, we have Shawn Stover, Executive Director of SmartHome Solutions for GE Appliances, John Ouseph, Technology Senior Executive of SmartHome Solutions for GE Appliances and Gonda Lamberink, Global Senior Business Development Manager, UL.  New IoT Security Regulations on Ta...

In this episode of the podcast (#185), DigiCert Chief Technology Officer Jason Sabin joins us to talk about how the COVID epidemic is shining a spotlight on the need for strong digital identities – for everything from virus contact tracing to remote work. The COVID pandemic is remaking everything from family relationships to schools and the workplace. It’s also accelerating the adoption of technologies and practices that previously were looked on with suspicion and concern. Jason Sabin is the Chief Technology Officer at DigiCert Consider mass digital surveillance of the kinds used in repressive countries like China and Russia. The vast networks of cameras and sensors are mostly seen as tools of oppression. But in recent months, they’ve proven very useful in enforcing quarantines: identifying the COVID sickened and tracking their movements in crowded cities. In more freedom-loving countries like the United States, calls for tools to battle COVID have been answered by firms like Google and Apple, which have stepped up to help manage contact tracing and other logistic challenges presented by COVID. But such efforts raise questions, as countries that value individual freedom and civil liberties wrestle with the question of how to attack COVID while simultaneously defending the privacy of individuals and their data.  Episode 178: Killing Encryption Softly with the EARN IT Act. Also: SMBs Struggle with Identity Our guest in this week’s podcast, DigiCert Chief Technology Officer Jason Sabin, says that public health and privacy are not mutually exclusive. One solution to the problems posed by COVID, Sabin says, is greater use of public key infrastructure (PKI) the same technology that uniquely identifies web sites, applications and billions of devices on the Internet of things. Sabin said that existing PKI technologies can and are being adapted to the challenge of tracking individuals. COVID, he said, presents unique opportunities to apply technology to solving a big public health challenge, but that governments and companies have to be mindful of both security and privacy, unless efforts to manage the spread of COVID produce a second epidemic of data and identity theft.  Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake In this conversation, Jason and I talk about how DigiCert is adapting to the post -COVID world, how PKI technology might help facilitate public health initiatives like contact tracing. We also talk about how the shift to work from home has impacted demand for PKI services.  (*) Disclosure: This podcast was sponsored by DigiCert. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations. As always,

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about COVID 19 and the security risks that go along with the “new normal” that has emerged out of the pandemic. While organizations face challenges securing remote workers, Steve also sees more than a glimmer of a silver lining to the disruption caused by the Corona Virus. For a world grown weary of COVID and “shelter in place,” there is light at the end of the tunnel. Countries in Europe, Asia and the Pacific region are beginning to re-open after months shut down to combat the COVID virus. Soccer (aka “football”) has resumed in Germany. Baseball is slated to resume in June in Japan. Bars and gyms are opening in parts of Europe. Australia and New Zealand have re-opened after nearly eliminating COVID from their populations.  Spotlight Podcast: Building Resilience into the IoT with Rob Spiger However, while many suspended activities – and life itself- will eventually resume, there are many changes brought about by the current pandemic and our fight against it that will remain. That is especially true in the business world, where remote work from home, less travel and more virtual collaboration may become the new normal.  Steve Hanna is a Senior Principal at Infineon and head of the Embedded Systems Workgroup at TCG. Spotlight: as Attacks Mount, how to secure the Industrial Internet But the new normal introduces unknowns: from bandwidth and remote access limitations to business email compromises. In this episode of the podcast, we invited Steve Hanna of the firm Infineon back onto the podcast. Steve is the co-chair of the Embedded Systems Workgroup within the Trusted Computing Group. In this conversation, Steve and I talk about the good and bad of COVID – about the dire disruptions to daily life and also how COVID is likely to accelerate some long overdue and needed changes in the way businesses, individuals and societies work.  Check out our full conversation above! (*) Disclosure: This podcast and blog post were sponsored by Trusted Computing Group. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations. As always,  you can check our full conversation in 

In this episode of the podcast (#184) Kyle Wiens of iFixit joins us to talk about Project BioMed: an international, crowd-sourced effort to expedite repair of medical devices by making service and repair manuals available online. In our second segment, we speak with Jonathan Krones, one of an army of volunteer engineers, archivists and librarians who took on the task of cataloguing medical device repair information. Global crises like the current COVID pandemic have a way of turning unlikely figures into heroes. Witness the daily homages of clapping hands and banging pots showered upon nurses, doctors, physicians assistants and other hospital staff as they change shifts at hospitals struggling to treat the COVID sickened.  Medical Device Repair On Life Support Kyle Wiens is the founder of iFixit. But another quiet hero might be the figure of the Biomedical technicians who have rushed into storage closets to rescue, repair and restore old ventilators and other medical equipment needed to keep desperately ill COVID victims alive.  Podcast Episode 139: the State(s) of Right to Repair and API Insecurity on GitHub For one thing, COVID patients increased the demands on equipment like ventilators beyond what is normally expected of them. COVID patients would often stay on ventilators for weeks or more before healing enough to be weened from them. All that increased use led to increased breakdowns and failures  of the equipment itself, even while any excess equipment was pressed into use.  “Like all great political fights, this boils down to money behind the scenes.” – Kyle Wiens, iFixit and Project BioMed. Alas, one of the less reported stories of this pandemic is the ways in which changes to the medical device market and increasingly draconian software licensing practices by OEMs have made servicing and repairing medical devices much more difficult.  Microsoft ‘Bluekeep’ Flaw threatens Medical Devices, IoT In this podcast, part of a series of podcasts we’re doing highlighting the global fight for the right to repair, we are shining a light on one effort to get biomedical technicians the tools and information they need to keep life sustaining devices running.  Our first guest, Kyle Wiens, is the founder of the web site iFixit. With COVID starting to spread and reports coming from countries like Italy about shortages of ventilators, Wiens and his company sprang into action and launched Project BioMed: an extensive, crowdsourced effort involving hundreds of librarians and archivists to collect, catalog and publish service and repair manuals for thousands of medical devices.  Wiens tells us that COVID has exposed a growing effort by medical device OEMs to deny hospitals and biomedical technicians access to the information they need to service equipment.  On the Front Lines: Cataloging Medical Device Repair Up Next,

You just reported a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do? Security researcher Patrick Wardle of Jamf joins us to talk about it, his recent Zoom 0day, the state of Mac (in)security and his hot date in Moscow. You just made headlines around the world for discovering and disclosing a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do?  That was the position our guest this week found himself in. Patrick Wardle is a Principle Security Researcher at the firm JAMF. In April, he made headlines for disclosing a zero day vulnerability in the Zoom client – one that could have been used by an attacker to escalate their privileges on a compromised machines. That earned him a conversation with Zoom’s CEO that took place – to Wardle’s dismay – via Zoom. Patrick Wardle is a principal security researcher at the firm Jamf.  Wardle is a former NSA hacker who is even better known as one of the premiere authorities on the security of Apple devices including its iOS and  OS X operating systems. He’s also the founder of Objective See, an open source community that has produced a wide range of security and monitoring tools for the Mac operating system. Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks Patrick joined us in the Security Ledger Studio to talk about his work exploring the security of Apple’s software and his recent analysis of the Zoom client. Along the way, we ask Patrick whether Zoom is really less secure than other web conferencing applications, hear his thoughts on the latest threat trends for Mac users and we hear about how a hot date in Moscow gave birth to a Mac security monitoring tool. Amid Security Concerns: to Zoom or not to Zoom? To start off, I asked Patrick to talk a bit about himself and his work at Jamf. Check out our full conversation above.   As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In this episode of the podcast (#182) Trammell Hudson of Lower Layer Labs talks to us about Project Airbreak, his recent work to jailbreak a CPAP machines and how an NSA hacking tool helped make this inexpensive equipment usable as a makeshift respirator.

In this episode of the podcast (#181), we’re joined by Shashi Prakash, Chief Scientist at the firm Bolster.ai, to talk about the surge in COVID 19-themed scams and phishing attacks in recent weeks and what individuals and companies can do thwart COVID-themed scams and attacks. The novel corona virus, COVID 19, is on the move: stalking Americans inside and outside their homes, with more than half a million sickened in the U.S. and 25,000 dead, as of this posting. But Corona virus isn’t just affecting people in the physical world. It’s also having a big impact online, where cyber criminal gangs and fraudsters have jumped on fear of the virus to facilitate phishing attacks and scams involving the sale of personal protective equipment (PPE) including masks, gloves and hand sanitizer. Opinion: AI and Machine Learning will power both Cyber Offense and Defense in 2020 Shashi Prakash is the Chief Scientist and Co-Founder at Bolster.ai (fka RedMarlin). What are some of the COVID scams that are most prevalent and what can businesses and consumers do to protect themselves from falling victim to them? To find out we invited Shashi Prakash, the Chief Scientist at the security firm Bolster AI (FKA RedMarlin). The company, which uses machine learning technology to identify and track online scams and other illegal behavior, has seen a more than 200% increase in phishing attacks compared with the same period last year, and a flood of COVID-19 themed scams in just the last month. Do Cities deserve Federal Disaster Aid after Cyber Attacks? To track them, Bolster created a Coronavirus Phishing Scam Tracker that now counts more than 130,000 scams related to COVID and more than 11,000 suspicious domains. I invited Shashi into the studio to talk about the trends that they’re seeing in COVID related scams and how organizations can protect themselves and their workers at a time when hardly anyone is working from an office anymore. Check out our full conversation above. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In this Spotlight edition of the podcast, sponsored* by RSA Security, we go deep on public sector cyber risk with two interviews from the most recent RSA Conference: Kelvin Coleman, the Executive Director of the National Cyber Security Alliance (NCSA) and Sean McHenry, the CISO of the Utah State Board of Education. In our second segment, we shift focus to the Pacific. Robert Carey the Vice President of Global Public Sector Solutions at RSA Security joins us with the man known as “Dr. AA”: Dr. Aswami Ariffin who is the head of response at Cybersecurity Malaysia. If anyone doubted it, the sudden emergence of the COVID 19 virus in the early months of 2020 has reminded us all about the vital importance of public sector organizations – from first responders and hospital workers on the front lines, to public departments of health to schools and educators. Despite that, public sector organizations frequently find themselves in the cross hairs of sophisticated cyber criminals and nation state actors these days. Around the world, threats like ransomware have crippled everything from municipal governments to hospitals to public transit networks, disrupting lives and economic activity for hundreds of millions of people. Add to that the acuity of a global pandemic or other natural disaster and the damage could be even greater. Rethinking the Role of Public Sector Workers What are public sector organizations doing about it? At the recent RSA Conference in February, I had a chance to meet with subject matter experts from industry and who have boots on the ground in the public sector to talk about the changing threat landscape. In this month’s spotlight podcast, we’re bringing you those interviews. In our first segment, we’re joined by Sean McHenry, the CISO at the Utah State Board of Education and Kelvin Coleman, who is Execuitve Director of the National Cyber Security Alliance (NCSA). (L-R) Kelvin Coleman is the Executive Director of NCSA. Sean McHenry is CISO of the Utah State Board of Education. Industry 4.0 Driving Public Sector Cyber in Malaysia Malaysia is in a busy neighborhood when it comes to cyber security. The Pacific nation of 32 million people sits smack dab in the middle of the rapidly developing South China Sea, pressed up against Indonesia and in the shadow of emerging Super Power China. But the country is also developing rapidly: embracing industry 4.0 and the Internet of things as it seeks to modernize its government and economy. That makes managing the country’s CERT a challenging job for one of our next guests, Aswami Ariffin (or Dr. AA) the Senior Vice President of the Cybersecurity Responsive Division at Cybersecurity Malaysia. Dr. AA was joined by Robert Carey, Vice President of Global Public Sector Solutions at RSA Security. (L-R) Aswami Ariffin isthe Senior Vice President of the Cybersecurity Responsive Division at Cybersecurity Malaysia. Robert Carey is the Vice President of Global Public Sector Solutions at RSA Security. (*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Secur...

In this episode of the podcast (#180), Gary McGraw of the Berryville Institute of Machine Learning joins us to talk about the top security threats facing machine learning systems. [Transcript] As long as humans have contemplated the idea of computers they have contemplated the idea of computers that are capable of thinking – reasoning. And as long as they’ve contemplated the notion of a thinking machine, they’ve wondered about how to contend with the consequences of computers’ faulty reasoning? Spotlight Podcast: How Machine Learning is revolutionizing Application Fuzzing Stories about machines acting logically – but based on faulty or incorrect assumptions – are the fuel for science fiction tales ranging from 2001: A Space Odyssey (Arthur C. Clark) to Minority Report by Philip Dick, to the 1980s cult classics like the movies War Games and The Terminator. Gary McGraw is the Co-Founder of the Berryville Institute of Machine Learning. So far, these warnings have been the stuff of fiction. But advances in computing power and accessibility in recent years has put rocket boosters on the applications and abilities of machine learning technology, which now influences everything from multi-billion dollar trades on Wall Street, to medical diagnosis to what movie Netflix recommends you watch next. As machine learning and automation fuel business disruption, however, what about the security of machine learning systems? Might decisions be manipulated and corrupted by malicious actors intent on sowing disruption or lining their own pocket? And when machine decisions go awry, how will the humans impacted by those decisions know? Adversarial examples such as altered street signs can poison machine learning algorithms with bad data. (Photo courtesy of Cornell University.) Facebook opens up on System that ‘protects Billions’ Our guest this week, Gary McGraw, set out to answer some of those questions. Gary is the founder of the Berryville Institute of Machine Learning, a think tank that has taken on the task of analyzing machine learning systems from a cyber security perspective. The group has just published its first report: An Architectural Risk Analysis of Machine Learning Systems, which includes a top 10 list of machine learning security risks, as well as some security principles to guide the development of machine learning technology. In this conversation, Gary and I talk about why he started BIML and some of the biggest security risks to machine learning systems.   Transcription 00:00:00 – 00:05:02 Paul: Hello this is the Security Ledger Podcast. I’m Paul Roberts Editor in Chief at the Security Ledger. In this week’s episode of the Podcast number 180: [Sound Clip from 2001: A Space Odyssey – HAL talks to astronauts] As long as humans have contemplated the idea of computers,

In this episode of the podcast (#179), Kayne McGladrey of IEEE and Pensar Development joins us to talk about the cyber risks posed by COVID and why COVID-themed phishing emails shouldn’t be your only concern. The emergence and spread of the COVID 19 virus has upended societies and economies around the world. In just one sign of the impact of the virus, the U.S. Congress this week is voting on a two trillion (with a “T”) dollar bailout for families and businesses idled by quarantines and lockdowns. Even for those whose work hasn’t ground to a halt, COVID has transformed the work you’re doing: offices are closed and tens of millions of Americans are telecommuting -some for the first time. And, right on cue, security firms have been quick to jump on that change, talking up the cyber risks of telecommuting and remote meetings. But how much of that is marketing hype and how much is real? Kayne is a member of IEEE and the CISO of Pensar Development. To get a sober assessment, we invited Kayne McGladrey an IEEE member and CISO of Pensar Development into the studio to talk about the variety of risks that remote working introduces. At the 10,000 foot level, Kayne tells me, there isn’t much new about the threats remote workers face and those faced by workers in traditional office settings. Phishing emails hyping COVID 19 cures and sensational headlines are more of the same. There are, however, some new risks that companies need to account for: from remote access bottlenecks to prying eyes in insecure home offices to insecure home workstations. In this conversation, Kayne and I talk about how companies can best manage the cyber security risks of our “new normal.” As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In this episode of the Security Ledger Podcast sponsored* by LogMeIn and LastPass: the EARN IT Act is slouching its way to passage on Capitol Hill, alarming privacy and civil liberties experts. Andrea Little Limbago the Chief Social Scientist at the firm Virtu joins us to talk about why EARN IT is so dangerous. Also: small and medium sized businesses are the majority of businesses in the U.S., but they are often overlooked by the companies marketing and selling security solutions. Rachael Stockton of LogMeIn and LastPass joins us to talk about a new survey of SMBs that reveals struggles to manage identity and authentication challenges.

In this Spotlight* podcast, Sayed Ali the Head of Cyber Security Risk Management & Business Continuity at DU TELECOM in the UAE joins us to talk about how digital transformation is shaking up the once-staid telecommunications industry and how his company is staying on top of both the risks and opportunities created by digital transformation. There are lots of terms to describe the way that technology is transforming businesses around the globe. Business leaders talk about Industry 4.0, Internet of Things and, increasingly, Digital Transformation. But for every benefit that flows from innovations like mobility, cloud computing, DEVOPS and agile development or the Internet of Things, there is a challenge. More than ever new, nimble competitors find it easier to leverage new technologies and disrupt legacy businesses. At the same time, cloud based applications and mobile workers strain the ability of legacy security and monitoring tools to keep threats at bay. Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side Sayed is Head of Cyber Security Risk Management & Business Continuity at DU Telecom. One of the industries feeling the weight of these changes is telecommunications, where profitable legacy businesses like fixed line telephony and text messaging are falling victim to technology fueled changes. Meanwhile, a roster of ambitious, disruptive startups stands poised to snatch away even more business, should circumstances, regulations and consumer preferences permit it. So how are telecommunications firms addressing both the business and IT risk that digital transformation brings? We sat down with Sayed Ali, the Head of Cyber Security Risk Management & Business Continuity at DU TELECOM in the United Arab Emirates. DU is one of just two telecommunications firms offering fixed line, mobile telephony, internet and digital television services across the UAE. In this conversation, Sayed and I talk about the changing risk landscape that incumbents like DU face, as well as how best to manage the growing cyber risk that goes along with digital transformation initiatives. (*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You