Client Portal
| Become a Client

Episodes

AI Episode 1

AI and your organization: Making the Case for your Use Case

October 28th, 2024 With IANS Faculty ⁠Jake Williams⁠ and ⁠Jessica Hebenstreit

Join IANS Faculty Jake Williams and Jessica Hebenstreit in the first episode of IANS AI Deep Dive Series for security professionals. This episode will cover:

  • Foundational AI Concepts such as non-determinism and how to communicate these concepts to the board to build security awareness around GenAI and LLM’s.
  • What considerations need to be made in determining use cases for AI are aligned with the needs of your organization.
  • Examples of real world use cases, where security plays a role, and where security teams can leverage AI.

Interested in more AI content? Check out ⁠IANS AI Resources page⁠⁠ and sign up for our AI Playbook series.

 

Steve Martano & Nick Kakolowski

Report Sneak Peek: IANS and Artico Search CISO Comp & Budget

September 17th, 2024 With IANS Faculty Steve Martano and Nick Kakolowski
With budget planning season kicking off, we’re opening up the budget-related findings of the IANS and Artico CISO Compensation and Budget Survey ahead of our usual reporting cycle. The goal: Give you the benchmarking data you need to make a budget case. IANS Senior Research Director Nick Kakolowski and Faculty member ⁠Steve Martano⁠ will discuss:
  • Key cybersecurity budget data as reported by CISOs.
  • Overarching market trends influencing budget conversations.
  • Advice on how to navigate complex budget conversations and get the support your team needs.


Interested in learning more about IANS and Artico's budget findings? Download ⁠IANS Security Budget Benchmark Summary Report⁠!

 

Dave Shackleford and Jennifer Minella

DPRK Hackers Target Devs, CISA RansomHub Advisory, Security Cam Vuln Spreads Mirai

September 4th, 2024 With IANS Faculty Dave Shackleford and Jennifer Minella
This Episode Details:
  • North Korean Hackers Target Devs via NPM Packages - Recent reports show North Korea is intensifying its “Contagious Interview” campaign, with the latest round squarely targeting developers.
  • CISA, FBI Advisory for RansomHub Ransomware - Recent warnings from the FBI, CISA and other agencies highlight a significant uptick in ransomware attacks by the RansomHub group, responsible for over 200 incidents since February 2024.
  • Largest DDoS Attack and A New Mirai Botnet - On August 25th, Global Secure Layer reported mitigating what appears to be the largest packet rate DDoS in history. Targeting a Minecraft service, the peak packet rate of the DDoS attack reached 3.15 billion packets per second, reportedly about 3.2 times the volume of the previously largest attack.
Dave Shackleford and Shannon Lietz

Azure DDoS Attack, Cloudflare Malware Delivery, DNS Poisoning

August 7th, 2024 With IANS Faculty Dave Shackleford and Shannon Lietz
This Episode Details:
  • Azure's DDoS Outage - Microsoft experienced a major outage in its Azure service at the end of July, which it later attributed to an ongoing DDoS attack. Numerous Azure and M365 services were impacted, including Entra, Intune, Purview, Azure Policy and more.
  • Malware Delivery via Cloudflare Tunnels - Cloudflare Tunnels (similar to VPN tunnels from Cloudflare) have been heavily involved in malware dissemination campaigns. Numerous actors have used these through the TryCloudflare free service to distribute remote access trojans (RATs) like VenomRAT and Xworm.
  • ISP DNS Poisoning for Chinese Malware Delivery - A Chinese threat actor (known commonly as StormBamboo, Evasive Panda and StormCloud) has been using DNS poisoning attacks against ISPs to deliver malware through fake automatic updates. Organizations querying the legitimate automatic update domains were seeing malware delivery through modified responses.
Jessica Hebenstreit and Shannon Lietz

Twilio Authy Breach, Rockwell Automation PanelView Flaws, HealthEquity Data Exposed

July 10th, 2024 With IANS Faculty Jessica Hebenstreit and Shannon Lietz
This Episode Details:
  • Phone Numbers Leaked in Twilio Breach - On July 1, 2024, Twilio posted a security alert on their site indicating the Authy service had a security incident following an announcement by the ShinyHunters hacking group in late June on BreachForums where they disclosed the leaked data for 33M Authy users.
  • Critical Vulnerabilities in Rockwell Automation PanelView Plus - The Microsoft Defender for IoT research team was able to identify and surface vulnerabilities in PanelView Plus, determined during an investigation where application behavior and the lack of encryption raised concerns.
  • HealthEquity Suffers Data Breach - On July 2, 2024, HealthEquity filed a Form 8-K with the SEC that declared a cybersecurity incident and detailed a compromise of a partner’s account and data leak of protected health information (PHI) for its customers.
Dave Shackleford and Wolfgang Goerlich

Snowflake Fallout, OT Device Attacks, SOHO Router Hack

June 5th, 2024 With IANS Faculty Dave Shackleford and Wolfgang Goerlich
This Episode Details:
  • Snowflake Incident and the Data Breach Fallout - Snowflake, a cloud analytics and storage company, suffered an incident which led to a compromise of multiple Snowflake tenants from that point on.
  • SOHO Routers—a New Attack Surface? -Microsoft's threat intelligence team has found that attackers have increased their focus on exposed OT devices since late 2023, potentially leading to a wider range of compromise scenarios.
  • Brokewell Malware Takes Over Android Devices -In a newly published research report from Lumen Technologies, a strain of malware they’ve dubbed Chalubo was apparently responsible for a huge attack against small office and home office (SOHO) routers in 2023. This malware incident took place over a 72-hour period between October 25 and 27, rendered the infected devices permanently inoperable.
Wolfgang Goerlich and Jessica Hebenstreit

Kaiser Data Breach, Criminals Exploit CrushFTP Vuln, Brokewell Malware Takes Over Android Devices

May 1st, 2024 With IANS Faculty Wolfgang Goerlich and Jessica Hebenstreit
This Episode Details:
  • Kaiser Notifies Millions of Data Breach - 13.4 insured people and patients will be receiving breach notices that their protected health information may have been compromised - considered the largest health-related data breach of 2024 to date.
  • Criminals Exploit CrushFTP Vulnerability -Adversaries are exploiting a vulnerability in CrushFTP to gain remote code execution (RCE). The vulnerability (CVE-2024-4040) combines server-side template injection with a virtual file system sandbox escape to allow attackers to read and execute files as root on Linux systems hosting CrushFTP.
  • Brokewell Malware Takes Over Android Devices -Discovered and documented by researchers at ThreatFabric, Brokewell is malware running on Android phones and devices.
Dave Shackleford and Jennifer Minella

Stolen MSFT Source Code, Possible Chinese Crane Espionage

March 13th, 2024 With IANS Faculty Dave Shackleford and Jennifer Minella
This Episode Details:
  • Microsoft Source Code Stolen - Microsoft has revealed that the Russian 'Midnight Blizzard' hacking group gained access to source code and internal systems with harvested authentication tokens and credentials.
  • Chinese Cranes: Possible Espionage? - In March of 2023, the U.S. Pentagon reported that Chinese-manufactured cranes in U.S. ports may contain monitoring equipment used in long-range espionage. After a yearlong investigation, these concerns are proving to be accurate.
Dave Shackleford and Jessica Hebenstreit

Change Healthcare Hack, I-Soon Leaks, NIST CSF 2.0

February 28th, 2024 With IANS Faculty Jessica Hebenstreit and Dave Shackleford
This Episode Details:
  • Change Healthcare Impacted by Cyber Attack - Explore the impacts of Change Healthcare's recent BlackCat breach.
  • I-Soon Hackers for Hire Used by Chinese Government Agencies - Last week, leaks surfaced on Github that various Cinese government agencies have been using hackers for hire as part of an ongoing campaign to break into foreign governments and telecoms.
  • NIST CST 2.0 - In addition to the original five core pillars of NIST CSF, "govern" was added with the goal of helping organizations incorporate cybersecurity risk management into enterprise risk management.
Jake Williams and Gal Shpantzer

Shim Secure Boot Bypass, Fortinet CVE, Ivanti Vulns

February 14th, 2024 With IANS Faculty Jake Williams and Gal Shpantzer
This Episode Details:
  • Shim Secure Boot Bypass Vulnerability - New vulnerabilities in the Shim service are being used to securely boot on Linux. Impacted systems that use HTTP boot services risk full compromise of the device.
  • New Fortinet Vulnerabilities - Following the announcement of CVE-2024-21762 from Fortinet, CUSA quickly added the vulnerability to its Known Exploited Vulnerabilities list, indicating it has reports of threat actors using it in the wild.
  • Additional Ivanti Disclosures - Ivanti has disclosed additional security vulnerabilities in it's Pulse line of VPN products.
Jessica Hebenstreit and Jennifer Minella

Volt Typhoon, Ivanti Zero Day, Cloudflare Breach, AnyDesk Hack

February 7th, 2024 With IANS Faculty Jessica Hebenstreit and Jennifer Minella
This Episode Details:
  • China Targeting U.S. Infrastructure - The director of the FBU discolsed that China's "Volt Typhoon" group is ramping up hacking operations aimed at critical infrastructure in the United States in the event of a conflict over Taiwan.
  • Ivanti: CISA Sets 48-hour Deadline for Removal - The CIA issued a directive that gave federal agencies using Ivanti Connect Secure or Ivanti Policy Secure solutions less than 48 hours to disconnect all instances and take specific steps to put it back into production.
  • Cloudflare Hacked With Stolen Okta Auth Tokens - The Okta breach of 2023 left in it's wake lost tokens and service account credentials related to Cloudflare, since a victim of nation-state actor infiltration. This is how they addressed it.

Faculty Directory

gal-shpantzer
Gal Shpantzer
gal-shpantzer

Expertise:

  • vCISO/Security Leadership
  • Security Architecture
  • Observability pipelines
  • M&A Security
  • Vendor selection
  • SIEM, Splunk, Big Data
  • Incident Response
  • Vulnerability Assessment/Management

Gal Shpantzer

IANS Faculty

Gal Shpantzer has been a full-time security consultant since the year 2000, providing (mostly good) advice to early-stage tech startups, security vendors, Ivy League universities, non-profits, and Fortune 50 clients. Gal owns and operates a boutique consultancy focused on vCISO and Observability Pipeline services that enable modern, scalable, user-friendly, auditable, and forensically ready security programs. Gal leads security programs and projects that empower business and technical leadership to prevent, detect and respond to security incidents, including threats to confidentiality (sophisticated IP theft) and availability (DDoS, ransomware).

Achievements & Noteworthy Contributions

  • Contributed to global security/privacy standards in the energy sector (NIST 7628, ES-C2M2)
  • Architected and deployed a high-speed streaming analytics data pipeline and multi-petabyte data lake for a Fortune 100 megaglobocorp, enabling drastically reduced MTTD. Provided flexible, real-time, ultra-scale observability to CISO and CIO orgs in on-prem and multi-cloud endpoint/network/server workloads and applications. Project included the largest supported MiNiFi deployment in the world.
  • Expert witness for a billion-dollar GSA protest relating to managed security services
  • SANS Newsbites co-editor since 2002. Quoted in Scientific American, eWeek, Dark Reading, Governing.com and others.

Hobbies & Fun Facts

Wildlife photography, anything on/under the water (SCUBA diving/snorkeling/swimming/kayaking), winter camping/snowshoeing, emergency first aid. Gal enjoys desert and frozen landscapes, and spoofing song lyrics with infosec themes.
wolfgang-goerlich
Wolfgang Goerlich
wolfgang-goerlich

Expertise:

  • Zero Trust
  • Identity & Access Management
  • Multi-factor Authentication
  • Single Sign On
  • Privileged Access Management

Wolfgang Goerlich

IANS Faculty

J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.

Achievements & Noteworthy Contributions

  • InfoWorld Leadership for DevOps and Cloud
  • IDG Best Practices in Infrastructure Management
  • Microsoft Most Valuable Professional (MVP) for Enterprise Security
  • Contributed to NIST standards for digital identity (SP 800-63) and zero trust (SP 800-207)
  • Former organizer of annual BSides and Converge conferences in Detroit

Certifications & Credentials

  • CISSP - (ISC)2
  • Certified Information Systems Auditor (CISA) - ISACA
Jessica Hebenstreit

Expertise:

  • Security Leadership
  • Cyber Fusion Center
  • Attack Surface Management
  • Cyber Program Development
  • Incident Response

Jessica Hebenstreit

IANS Faculty

Jessica is the Senior Director Corporate Security at Quorum Software. Before Quorum Software, Jessica served as Director of Security Operations & Infrastructure at Eptura. Previously, she held a role as Senior Associate at Booz Allen Hamilton, consulting on Cyber Fusion Centers, Attack Surface Management, other cyber defense capabilities, and cyber program development and leadership.  Jessica has consulted with many of the largest companies in the world including many Fortune 100.

Achievements & Noteworthy Contributions

  • Creator of the DREAMR framework
  • Appearances on podcasts such as DtSR and Detections
  • Speaker at conferences including RSA, COISSA on topics ranging from Automated Incident
  • Response to Program Building
  • Served as COO for the Diana Initiative

Certifications & Credentials

  • MSIT Information Security and Assurance from Capella University
  • BIS International Business and Spanish from Arizona State University
  • GNFA, GCIH

Hobbies & Fun Facts

Jessica can turn everyday life into a musical by simply recalling a song from something someone has said.  She enjoys baseball and spending time with her kids.

dave-shackleford
Dave Shackleford
dave-shackleford

Expertise:

  • Cloud Security
  • Virtualization and Container Security
  • Network Architecture and Security Monitoring
  • Security Operations
  • Event Log Management and Monitoring

Dave Shackleford

IANS Faculty

Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.

Achievements & Noteworthy Contributions

  • Former CSO for Configuresoft
  • Former CTO for the Center for Internet Security
  • Speaker at information security conferences such as RSA, DEF CON, and BSides
  • Author of Virtualization Security: Protecting Virtualized Environments (2012)

Certifications & Credentials

  • MBA – Georgia State University
  • BS, Computer Information Systems – Kennesaw State University
  • BS, Psychology & Microbiology – Georgia State University
  • CISSP – (ISC)2

Hobbies & Fun Facts

In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

jake-williams
Jake Williams
jake-williams

Expertise:

  • Incident Response
  • Digital Forensics
  • Threat Modeling
  • Penetration Testing
  • Security Architecture

Jake Williams

IANS Faculty

Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC
jennifer-minella
Jennifer Minella
jennifer-minella

Expertise:

  • Zero Trust and network access control
  • Network architecture and security
  • Wireless architecture and security
  • Internet of Things (IoT) Security
  • Management & Leadership
  • Medical Device & Healthcare Security
  • Applied mindfulness
  • Mobility and Communications
  • CBRS, Private LTE, Private 5G

Jennifer Minella

IANS Faculty

Author of “Wireless Security Architecture”, “Low Tech Hacking” and other titles, Jennifer (JJ) Minella has been named as a Top 10 Power Player in cyber security by SC Magazine. As an advisor to more than 50 Fortune-rated companies and hundreds of others, JJ brings a uniquely energetic approach to cyber security, blending deep technical experience with strategic guidance. Her ability to connect with audiences and articulate technical concepts in simple terms has taken her all over the world. She is also the creator of the Mindfulness-Based Leadership for Infosec workshop series. Jennifer is the founder and principal advisor of Viszen Security, offering technical strategy and coaching solutions to CXOs and practitioners.

Achievements & Noteworthy Contributions

  • Author including co-author of “Low Tech Hacking” and various CISSP courseware versions
  • International speaker including NSA Trusted Computing, RSA Conference, INFOSEC World, BruCon, Sector, Wireless Technology Forum, DeepSec, (ISC)2 Security Summit Hong Kong, Interop, Techno Security, (ISC)2 Security Congress, BSides, various local, state gov, education and healthcare conferences, various events for FBI and US Secret Service ECTF
  • Contributor to community efforts including biomedical device security task force in healthcare and security, wireless and secure networking in other vertical task forces
  • Program committee member for RSAC USA, Executive Women’s Forum (EWF) and others
  • Published writer in Dark Reading, Information Security Magazine, Network Computing and others
  • Creator of Mindfulness-Based Leadership for Infosec workshops
  • Former (ISC)2 chairperson and board member
  • Former SC Magazine Top 10 Power Players
  • Former VP of Engineering & Security for Carolina Advanced Digital, Inc.
  • Invited VIP/technical ambassador for multiple technology manufacturers including Juniper and HPE
  • Former member National Speakers Association (NSA)
  • Cyberpatriot mentor for Cyber Security in high schools
  • #4 Global Security Thought Leadership
  • Author of award-winning Security Uncorked blog

Certifications & Credentials

  • (ISC)2 CISSP
  • Google's Search Inside Yourself Leadership Training
  • Certified Wireless IoT Solutions Administrator (CWISA)
  • Numerous technical certifications around WiFi, IoT, switch/route, security, AI and AIOps

Hobbies & Fun Facts

In her spare time aside from cyber security mentorship and volunteering, Jen gets in to all kinds of things. She's a World Record powerlifter and former competitive ballroom dancer who loves reading and the outdoors. She's traded in her Ducati for a kayak and still enjoys Figment the Imagination Dragon. She can usually be lured anywhere with promises of rye whisky.

Any views or opinions presented in these recordings are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in the recordings, no liability can be accepted by IANS or our Faculty members for any actions taken in connection with such information, opinions or advice.
IANS logo

About IANS

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for making decisions and articulating risk. We provide experience-based security insights for chief information security officers and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.