Aug 18, 2016

Quick note from Michael about the Straight Talk Framework & Program -- >

• Get your free copy at https://securitycatalyst.com/straight-talk-framework/
• Launched a new program last week… boy, did I learn a lot.
  • Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
  • If you’ve already downloaded the questions - I’d love to chat with you about your experience…
  • If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
• Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!

Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?

• http://www.techtimes.com/articles/173282/20160811/microsoft-accidentally-leaks-golden-keys-that-unlock-secure-boot-protected-windows-devices-oops.htm
• Bottom line: backdoors are always discovered, compromised
• Another take away: key management… sounds easy, is rarely so.
• If you have the need to manage keys in your enterprise, don't try to do this yourself

The Future Of ATM Hacking

• http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
• We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
• Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
• Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value

Apple will reward hackers with "bug bounty" to find flaws

• http://www.smartbrief.com/s/2016/08/apple-will-reward-hackers-bug-bounty-find-flaws-1
• The more we press on it, the more that we understand bug bounties and the like are just externally sourced (on spec) testing.
• If you caught our last interview, we continued to explore the distinctions between research and testing; and rest assured, we’ll continue. When it comes to bug bounties, then, how does Apple do relative to structuring the deal of testing their software and devices?
  

Turbulence Ahead: Delta Computer Outage Is Just The Start, Say Experts

• http://www.fastcompany.com/3062831/turbulence-ahead-delta-computer-outage-is-just-the-start-say-experts
• Have you noticed the recent reaction to just about anything? Hacking? Terrorists? Terrorists hacking? The reality? Our landscape and demands continue to evolve
• Why does it matter to security? Well, aside from getting blamed? We have an opportunity to proactively address these challenges

Risk vs reward – when good data becomes dangerous

• http://www.information-age.com/technology/data-centre-and-it-infrastructure/123461821/risk-vs-reward-when-good-data-becomes-dangerous
• I like this article because it lays out some facts and figures - useful when engaging in discussions on topic
• It does make the mistake of focusing on the breach - in words; the examples chosen do not make the same mistake…
• The balancing act is capturing what is necessary for the organization to improve, to grow; then it needs to be protected accordingly

Chief Security Officer May Be The Job Of The Future That No One Wants

• http://www.fastcompany.com/3060778/the-future-of-work/companies-are-scrambling-to-fill-data-security-jobs-that-no-one-wants-to-
• Stop with Target. Just stop.
• The solution? Leadership. This is where Michael spends just about all his time.
• I actually just wrote about this:
  • https://securitycatalyst.com/ready-improve-security-earn-respect-leadership/
• Security leaders face 3 challenges:
  • Leadership challenges
  • Security complexity
  • Organizational friction