Shadow AI is already happening -- now what?

This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wisdom from the Experts." We had so much fun talking and it was a great interview! ------------------------------------------- Documentation: Colors of Infosec: https://podcasts.apple.com/us/podcast/colors-of-infosec-podcast/id1531541552 Book: https://www.amazon.com/Things-Information-Security-Professional-Should/dp/1098101391 Christina on Twitter: https://twitter.com/divinetechygirl https://www.christinamorillo.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

25 Huhti 202234min

Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as a different way of thinking about how to access internal applications and some vendors in the space already. ------------------------------------------- Youtube Video Link: https://youtu.be/N8CxB84f50A ------------------------------------------- Documentation: https://www.blastwave.io/posts/house-of-cards-your-guide-to-getting-hacked-using-vpns https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy https://www.microsoft.com/security/blog/2020/01/23/microsoft-zscaler-help-organizations-implement-zero-trust-model/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

18 Huhti 202231min

This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and an interesting tactic cybercriminals are using to get sensitive data out of organizations. Finally, they chat about the new PCI 4.0 standard and what's different from the current standard. ------------------------------------------- Youtube Video Link: https://youtu.be/Dja0bWaARQU ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/ https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/ https://www.darkreading.com/edge-articles/what-s-new-in-pci-dss-4-0-for-authentication-requirements ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

11 Huhti 202233min

This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets. ------------------------------------------- Youtube Video Link: https://youtu.be/w-7RPcOl8HE ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/ https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

4 Huhti 202241min

This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also talk about CISA's advisory on misconfigured MFA and Russia's new root certificate. ------------------------------------------- Youtube Video Link: https://youtu.be/igcF6dLvq4E ------------------------------------------- Documentation: https://www.cisa.gov/uscert/ncas/alerts/aa22-074a https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

28 Maalis 202229min

This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and accounts. Listen in as they talk about things to think about when driving towards a zero trust model for helpdesk security. ------------------------------------------- Youtube Video Link: https://youtu.be/6WPDH9W8UOQ ------------------------------------------- Documentation: https://www.linkedin.com/pulse/password-tickets-consume-31-40-help-desks-time-roy-verberne/?articleId=6627845881985146880 https://specopssoft.com/product/secure-service-desk/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

21 Maalis 202229min

This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus on in this heightened state of cybersecurity risk. ------------------------------------------- Youtube Video Link: https://youtu.be/a2452Yd0--g ------------------------------------------- Documentation: SANS Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know! https://www.youtube.com/watch?v=bZoHePqoBtM https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

14 Maalis 202231min

This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of Windows Hello for Business by removing the requirement for any PKI infrastructure. If you've been waiting to try this passwordless solution to authenticate to Windows PC's, now is the time. There are benefits even if you are using Azure AD Joined devices. Listen in on how to get started today! ------------------------------------------- Youtube Video Link: https://youtu.be/9e7XyVWIPk8 ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

7 Maalis 202226min