Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 82nd episode of the Silver Bullet Security Podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans. They close out the episode discussing lobster bisque. Kevin Fu and Grant Schoenebeck Join the Faculty of CSE @ Michigan Medical Device Security Center blog Health-care sector vulnerable to hackers, researchers say, Washington Post. FDA Software Patch Poster Hugo Campos fights to get his defibrillator data The post Show 082 – An Interview with Kevin Fu appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 082 – An Interview with Kevin Fu appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 82nd episode of the Silver Bullet Security Podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans. They close out the episode discussing lobster bisque. Kevin Fu and Grant Schoenebeck Join the Faculty of CSE @ Michigan The Bob and Betty Beyster Bubbler Medical Device Security Center blog Health-care sector vulnerable to hackers, researchers say, Washington Post. FDA Software Patch Poster Hugo Campos fights to get his defibrillator data

On the 81st episode of the Silver Bullet Security Podcast, Gary talks with Steve Bellovin, Professor of Computer Science at Columbia University, currently on leave and acting as CTO of the Federal Trade Commission. Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit. Steven M. Bellovin Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin Encrypted Key Exchange Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011) [PDF] TSA Pre Twitter and the FTC Usenet nn The Evil Bit RFC Permissive Action Link Steve drives a train The post Show 081 – An Interview with Steve Bellovin appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 081 – An Interview with Steve Bellovin appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 81st episode of the Silver Bullet Security Podcast, Gary talks with Steve Bellovin, Professor of Computer Science at Columbia University, currently on leave and acting as CTO of the Federal Trade Commission. Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit. Steven M. Bellovin Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin Encrypted Key Exchange Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011) [PDF] TSA Pre Twitter and the FTC Usenet nn The Evil Bit RFC Permissive Action Link Steve drives a train

On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC. In this episode, Gary and Thomas discuss how Thomas’ life as a “wandering academic” influences his work at the War Studies Department, the inevitably (or otherwise) of cyber-war, attribution, and military dictionaries and the problem of jargon. They close out their chat talking about the Barbican cultural center. Thomas Rid Cyber War Will Not Take Place Proactive defense prudent alternative to cyberwarfare, SearchSecurity.com. Barbican The post Show 080 – An Interview with Thomas Rid appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 080 – An Interview with Thomas Rid appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC. In this episode, Gary and Thomas discuss how Thomas’ life as a “wandering academic” influences his work at the War Studies Department, the inevitably (or otherwise) of cyber-war, attribution, and military dictionaries and the problem of jargon. They close out their chat talking about the Barbican cultural center. Thomas Rid Cyber War Will Not Take Place Proactive defense prudent alternative to cyberwarfare, SearchSecurity.com. Barbican

On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation. Gary and Per-Olof discuss the importance of working different positions within the same company, Sony Mobile’s software security initiative, the political concerns of software security, and the cultural challenges of working with international teams. They close out the show with a discussion of American Presidential politics. Sony Mobile BSIMM4 The post Show 079 – Software Security Initiative at Sony with Per-Olof Persson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 079 – Software Security Initiative at Sony with Per-Olof Persson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation. Gary and Per-Olof discuss the importance of working different positions within the same company, Sony Mobile’s software security initiative, the political concerns of software security, and the cultural challenges of working with international teams. They close out the show with a discussion of American Presidential politics. Transcript of this episode [PDF] Sony Mobile BSIMM4

On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO. Gary and Jacob discuss HP’s acquisition of Fortify, the technical trade-offs that have to be made to allow a tool become widely adopted, BSIMM4, and mobile security. They close out their discussion covering the impossibility of growing good tomatoes in San Francisco. BSIMM4 Fortify acquired by HP MOPS On using data to drive a scientific model – Cargo Cult Computer Security (January 28, 2010) BSIMM Community Secure Programming with Static Analysis Dancing Pigs and Security Jacob and gem’s foodie adventures The post Show 078 – An Interview with Jacob West appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 078 – An Interview with Jacob West appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO. Gary and Jacob discuss HP’s acquisition of Fortify, the technical trade-offs that have to be made to allow a tool become widely adopted, BSIMM4, and mobile security. They close out their discussion covering the impossibility of growing good tomatoes in San Francisco. BSIMM4 Fortify acquired by HP MOPS On using data to drive a scientific model – Cargo Cult Computer Security (January 28, 2010) BSIMM Community

On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International. The Garys discuss what a CISO’s day-to-day job looks like, how companies can attract and retain good security employees, whether consumers need to understand the difference between software security and security software, and how one can measure security and discuss the results with upper management. Congress should encourage bug fixes, reward secure systems Verizon 2012 Data Breach Investigations Report [PDF] The Debt Bomb

On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International. The Garys discuss what a CISO’s day-to-day job looks like, how companies can attract and retain good security employees, whether consumers need to understand the difference between software security and security software, and how one can measure security and discuss the results with upper management. Congress should encourage bug fixes, reward secure systems Verizon 2012 Data Breach Investigations Report [PDF] The Debt Bomb The post Show 077 – An Interview with Gary Warzala appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 077 – An Interview with Gary Warzala appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 76th episode of the Silver Bullet Security Podcast, Gary chats with David Evans, Associate Professor of Computer Science at the University of Virginia. Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project. They close out their discussion with a story about David’s trip to the World Cup in Korea and a choice between GEB and scheme. David Evans Jefferson’s Wheel, David’s blog Interdisciplinary Major in Computer Science Udacity Research Without Walls GEB Scheme World Cup Korea

On the 76th episode of the Silver Bullet Security Podcast, Gary chats with David Evans, Associate Professor of Computer Science at the University of Virginia. Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project. They close out their discussion with a story about David’s trip to the World Cup in Korea and a choice between GEB and scheme. David Evans Jefferson’s Wheel, David’s blog Interdisciplinary Major in Computer Science Udacity Research Without Walls GEB Scheme World Cup Korea The post Show 076 – An Interview with David Evans appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 076 – An Interview with David Evans appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the landmark 75th episode of Silver Bullet, Gary talks with Howard Schmidt, former Cybersecurity Coordinator for the Obama administration. In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech. They close the episode out with talk about Harleys. This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video): Howard Schmidt (Wikipedia) U.S. cybersecurity chief Howard Schmidt retiring White House cyber security coordinator Howard Schmidt joins Qualys