Cigital » The Silver Bullet Security Podcast with Gary McGraw

David Nathans is a security professional with Siemens Healthcare where he specializes in medical device security. He has extensive experience in building security operations centers (SOCs) and cyber security programs. As the author of Designing and Building Security Operations Center and an original member of the first cyber squadron of the Air National Guard, he has established his place as a leader in the security field. Listen as Gary and David discuss security considerations when designing and building SOCs, the emergence of DevOps, and the progress that’s been made between data and security in medical devices over the past decade. Connect with David Nathans on LinkedIn Designing and Building Security Operations Center John Pennekamp Coral Reef State Park How to Win Friends and Influence People The Fine Arts Company The post Show 122: David Nathans Discusses Security Operations Centers and Medical Device Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 122: David Nathans Discusses Security Operations Centers and Medical Device Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Martin E. Hellman is Professor Emeritus of Electrical Engineering at Stanford University. A graduate of New York University, Martin went on to earn both a Master’s degree and Ph.D. in Electrical Engineering from Stanford. He is the author of over 70 technical papers, holder of 12 U.S. patents, co-inventor of public key cryptography, and the 2015 Turing Award recipient. Listen as Gary interviews Martin about his cutting-edge career, involvement in the crypto wars, and his work with nuclear non-proliferation and risk management. Horst Feistel A Mathematical Theory of Communication Defusing the Nuclear Threat (blog) The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet “Cryptography Pioneers Win Turing Award” Soaring The post Show 121: Marty Hellman Discusses Cryptography and Nuclear Non-Proliferation appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 121: Marty Hellman Discusses Cryptography and Nuclear Non-Proliferation appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

To celebrate 10 straight years of the monthly Silver Bullet Security Podcast, we’re flipping the mic. During the past decade, Dr. Gary McGraw has interviewed some of the security industry’s most influential gurus. A globally recognized authority on security and software, he is the CTO of Cigital and the author of eight bestselling books on software security—and for the 120th Silver Bullet interview, he’s not the one asking the questions. In this landmark episode, firewall inventor Marcus Ranum takes on the role of Silver Bullet host to interview Gary on a variety of topics including evolutionary biology and security, the Internet of Things, hard core cyber insurgency, advisory board work, software security, tinfoil hats, the surveillance state, and more. Watch Marcus and Gary celebrate a decade of Silver Bullet in this special video edition. Gary McGraw Boards and Advisory Boards Marcus Ranum Charles Perrow’s Normal Accident Theory Among the Ten Thousand Things The post Show 120: Silver Bullet Celebrates 10 Years! Marcus Ranum Interviews Gary McGraw appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 120: Silver Bullet Celebrates 10 Years! Marcus Ranum Interviews Gary McGraw appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

As the Chief Architect for Security Products at NetSuite, Jacob West leads research and development for technology to identify and mitigate security threats. West has over a decade of experience developing, delivering, and monetizing innovative security solutions. Prior to his role at NetSuite, he served as the CTO for Enterprise Security Products (ESP) at HP where he founded and led HP Security Research. West is the co-author of Secure Programming with Static Analysis, and is a founding member of the IEEE Center for Secure Design. Listen as Gary and Jacob discuss secure design, the critical difference between bugs and flaws, and wearable device security. Connect with Jacob West on LinkedIn SB Show 78: An Interview with Jacob West BSIMM Community Software Security Analysis for Wearables with Jacob West Secure Programming with Static Analysis SB Show 101: Software Security with the Founders of the Center for Secure Design Coi The post Show 119: Jacob West Discusses the IEEE CSD, Bugs, Flaws, And Wearable Devices appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 119: Jacob West Discusses the IEEE CSD, Bugs, Flaws, And Wearable Devices appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to Jack Daniel, a leading technology community activist, about the evolution of the community-driven BSides Con, changes in the security field over the last decade, and his thoughts on where good security people come from. Jack is currently a Strategist for Tenable Network Security, and has over twenty years of experience in network and system administration and security. He also has twenty years of mechanical experience in the automotive domain. Jack co-hosts the Security Weekly podcast and produces the Uncommon Sense Security blog. Listen as Gary and Jack kick things off with the topic of the importance of diverse security communities. Connect with Jack Daniel on LinkedIn Follow Jack Daniel on Twitter Security Weekly Uncommon Sense Security Security BSides Show 3: The Computer Security Plateau with Marcus Ranum Show 111: An Interview with Marcus Ranum Three Dots and a Dash The post Show 118: Jack Daniel Discusses Security BSides, Communities, and the Big Picture of Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 118: Jack Daniel Discusses Security BSides, Communities, and the Big Picture of Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to Jamie Butler, a self-proclaimed “coder at heart,” about the importance of an offensive security approach, attack patterns, and his specialization in rootkit development. Jamie is currently the CTO and Chief Scientist at Endgame where he leads research on advanced threats, vulnerabilities, and attack patterns. He has directed vulnerability research teams at a number of prominent companies. Jamie holds a MS in Computer Science and has over 17 years of operating system security experience in the government and private sectors. Listen as Gary and Jamie discuss the attribution problem and his research focusing on how to think like a hacker in an effort to turn their work against them with an offensive security stance. Connect With Jamie Butler On LinkedIn Follow Jamie Butler On Twitter Rootkits: Subverting the Windows Kernel Show 96: An Interview With Nate Fick Exploiting Software: How To Break Code Black Hat Review Board Hackers For Charity The post Show 117: Jamie Butler Discusses Security Research, Thinking Like a Hacker, And Rootkit Development appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 117: Jamie Butler Discusses Security Research, Thinking Like a Hacker, And Rootkit Development appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to Dr. Doug Maughan about scientific research in computer security and its relationship to wider government efforts in security.  Maughan is currently the Cyber Security Division (CSD) Director for the Homeland Security Advanced Research Projects Agency. With a Ph.D. in Computer Science and over 10 years of experience working with the Department of Homeland Security (DHS), Maughan focuses his expertise on advancing the state of security technology through the research “valley of death.” Listen as Gary and Doug discuss tech transfer, the relationship between scientific research and government funding, and the widening gap between scientific computer security results and the insufficient computer security measures attempted by the government today. Connect with Doug Maughan on LinkedIn Tech transfer A case study from the lab to the world Maughan on tech transfer  Cal Ripkin, Jr. The post Show 116: Doug Maughan Discusses the Current State Of Cyber Security In the U.S. Department Of Homeland Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 116: Doug Maughan Discusses the Current State Of Cyber Security In the U.S. Department Of Homeland Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to Peiter Zatko, better known as “mudge” in hacker and security circles, about the evolution of the L0pht hacker collective and how his work in security influenced key agencies within the U.S. government to ramp up their cybersecurity efforts. During his time as a Program Manager with DARPA, mudge worked to fund much needed research for the speedy development of technology that would allow the government to protect against cyberattacks. From his experience with the L0pht and the Cult of the Dead Cow, to federal and commercial tech-industry giants including Google, mudge shares his experience and lessons learned along the way. Connect with Peiter “mudge” Zatko on LinkedIn Hacker ‘mudge’ gets DARPA job A Disaster Foretold—And Ignored Technology Transfer Silver Bullet Episode 50 (Richard Clarke) Frank Zappa – Inca Roads The post Show 115: Peiter “mudge” Zatko Discusses the L0pht and Government Influence appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 115: Peiter “mudge” Zatko Discusses the L0pht and Government Influence appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to the Chief Information Security Officer of Qlik, Peter “Pete” Clay, who holds 20+ years of experience in technology growth and its relationship to security from a risk management perspective.  Pete brings federal, public, private and start-up insight into the global security space. He shares personal lessons he has learned as a consultant and CISO, and gaps he has identified within the ever-changing security industry. Listen as Gary and Pete discuss the evolution of the CISO role, reactive approaches to security and the potential for cyber warfare. Connect with Peter Clay on LinkedIn Leveraging innovation to boost security The New Rules of Cyber Warfare by Peter Clay Beyond compliance: Protecting data with automated security playbooks A World Lit Only by Fire by William Manchester The Last Lion: Winston Spencer Churchill by William Manchester The post Show 114: Peter Clay Discusses the Evolution of the CISO Role appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 114: Peter Clay Discusses the Evolution of the CISO Role appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Gary talks to Cigital’s Chandu Ketkar. With 20+ years of experience as a developer prior to getting into security, Chandu brings a unique and enlightened view to software security. Chandu shares his insight into why developers and security experts struggle to get along, and offers a solution from the world of economics. He also provides lessons from the healthcare industry and aviation that he believes can improve security processes, particularly when it comes to threat modeling and architecture risk analysis. Listen in for Gary and Chandu’s take on threat modeling, risk analysis, the principal-agent paradox, the checklist manifesto and more. Related Links Software [in]security and scaling architecture risk analysis McGraw on assessing medical devices: Security in a new domain Principal-agent problem The Checklist Manifesto: How to Get Things Right Kishori Amonkar, Jaipur Gharana singer Raga Rageshree The post Show 113: Chandu Ketkar Discusses Software Security Best Practices appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 113: Chandu Ketkar Discusses Software Security Best Practices appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

We thought the “crypto wars” were resolved in the late 1990s. But the introduction of encrypted devices­—specifically the release of iOS 8 and the growing number of available encrypted communication channels through public services such as Facebook and Snapchat—has resurfaced the debate. FBI Director Comey and other law enforcement groups are concerned about what they call “going dark” and are stressing the need for back door access (called extraordinary access). But is this really a good idea? Didn’t we already fight this battle during the first crypto wars? Matthew Green and Steve Bellovin, two authors of the recently released Keys Under Doormats paper, discuss the dangerous ramifications of this request. Keys Under Doormats paper Show 81: Interview with Steve Bellovin Show 90: Interview with Matthew Green Thoughts on Encryption and Going Dark: Counterpart The rise of the new Crypto War The post Show 112: “Crypto Wars II” with Steve Bellovin and Matt Green appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 112: “Crypto Wars II” with Steve Bellovin and Matt Green appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security. He is the inventor of both the proxy firewall and early-advanced intrusion systems. Gary and Marcus discuss the current state of software security, firewalls, de-perimeterization, and hackers. Marcus also shares how he stays on the cutting edge of security and who his biggest influences are. Gary closes the show with an unexpected “dirty, brilliant trick.” Marcus Ranum’s website Episode 3: Marcus Ranum 6 Dumbest Things in Computer Security’ The post Show 111 – An Interview with Marcus Ranum appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 111 – An Interview with Marcus Ranum appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 110th episode of The Silver Bullet Security Podcast, Gary talks with Paul Dorey, founder of CSO Confidential and Visiting Professor at the University of London. Gary and Paul discuss the modern role of the CSO and the ideal background for a CSO, Paul’s biggest win and biggest mistake as a CSO, and the role of building security in as part of a CSO’s strategy. They close out the episode with discussion of Paul’s favorite piece of humorous fiction. CSO Confidential Prof. Paul Dorey The post Show 110 – An Interview with Paul Dorey appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 110 – An Interview with Paul Dorey appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 109th episode of The Silver Bullet Security Podcast, Gary is joined by Bart Preneel. Bart is a full professor at the KU Leuven, one of the oldest universities in the world. Gary and Bart discuss the differences in approaches to security between the EU and the US, what the picture of building security in looks like around the world, quantum cryptography, and the implications of the Snowden revelations on cryptography. They close out their chat discussing Bart’s Dixieland band. Bart Preneel Prof. Dr. Bart Preneel, KU Leuven / iMinds (video) Mathematicians Discuss the Snowden Revelations Journal of Craptology The post Show 109 – An Interview with Bart Preneel appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 109 – An Interview with Bart Preneel appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

In the 108th episode of the Silver Bullet Security podcast, Gary talks with Katie Moussouris, Chief Policy Officer of HackerOne. Gary and Katie discuss her first program (a piece of interactive fiction in the Choose Your Own Adventure category written in Basic), bug bounty programs, how financial services and healthcare firms might approach vulnerability management, breaking versus building (and how to teach breakers to think more like builders), and the challenges of being a woman in security and why Katie dislikes being asked about it. They close out their discussion with some talk of various libations. Katie Moussouris HackerOne Choose Your Own Adventure The post Show 108 – An Interview with Katie Moussouris appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 108 – An Interview with Katie Moussouris appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.