This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic. A leading voice in organizational resilience, Heather has spent over two decades shaping recovery and continuity programs at world-class healthcare institutions. In this episode, she explains why true resilience begins with leadership, not technology, how to prioritize when everything feels critical, and what it takes to build organizations that can adapt and thrive through disruption.

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com. Widely known as “Dr. Zero Trust”, he’s the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict. In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult.

This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity. A founding member of Cohesity’s Security Center of Excellence and the Cyber Event Response Team, Jonathon has over 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to separate mission critical operations from mission critical response, and why resilience depends as much on people and process as on technology.

This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA. With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident. In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected.

This episode features Jake Hildreth, Principal Security Consultant at Semperis. With nearly 25 years in IT, Jake warns that Active Directory Certificate Services, often misunderstood and left running for years, has become one of the most dangerous weak points in enterprise identity. In this episode, he explains why AD CS is so intimidating, how small misconfigurations can give attackers the keys to the kingdom, and what steps every security leader should take to get ahead of the risk.

This episode features Ed Amoroso, CEO of TAG Infosphere and former AT&T Chief Security Officer. With decades of experience securing complex infrastructures, Ed joins during a period of unprecedented change in the U.S. federal government, a moment he warns is ripe for cyberattacks. In this episode, Ed explains why rapid organizational shifts create prime openings for adversaries, and why Active Directory, often poorly understood and “orphaned” in ownership, is the first place attackers look for the keys to the kingdom.

In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.

Microsoft describes its Detection and Response Team (DART) as the "cybersecurity team we hope you never meet." In this episode of the HIP Podcast, Sean speaks with Shiva P, a Senior Consultant with Microsoft DART. Together, they delve into the tactics used by threat actors and share best practices for minimizing risk. Drawing from his extensive experience in incident response at Microsoft, Shiva takes us through the cyber kill-chain, from initial access to ransomware extortion, providing essential tips and insights.

Sean talks with Tuna Gezer, Senior Product Manager for Semperis Disaster Recovery for Entra Tenant (DRET), about how Entra ID data recovery differs from on-premises Active Directory. Don’t be caught unprepared; listen to this episode for this important discussion. BONUS: HIP Podcast listeners get a special 20% discount off HIP Conf 24 tickets! Use promo code HIPConfPod. Register now at https://register.hipconf.com/event/1b968c66-a916-4330-a5a3-577cc76dcc6b/summary.

This week, the HIP Podcast revisits HIP Global 2023! Listen in as our hybrid identity protection experts present lessons learned in the field, helping some of the world’s largest organizations remediate and recover from cyberattacks that targeted Active Directory. Joining Sean in this expert panel: · Benjamin Cauwel, Security-Senior Manager, Accenture · Jeff Wichman, Director of Incident Response, Semperis · Marty Momdjian, Healthcare Strategist-IR, CDW · Guido Grillenmeier, Principal Technologist, EMEA, Semperis

Anyone who has dealt with the technological side of a merger or consolidation can tell you: Years of technical debt in Active Directory can turn the process into a real headache. In this episode, Michael Masciulli (Managing Director for Migration Products and Services, Semperis) talks with Sean about the necessary steps to keep Active Directory secure during a migration, consolidation, or modernization project; why such efforts fall apart; and some tips and tools to help streamline the process.

Cyberattacks against K-12 schools have soared, tripling between 2018 and 2021 and continuing to climb. With many school districts balancing legacy technology, budget restrictions, and limited staff, fighting off cyber threats can be a daunting challenge. This week, Sean speaks with BJ Welsh, Director of Tech Services for the Carrollton-Farmers Branch Independent School District. CFBISD comprises 25,000 students and 4,000 staff across dozens of schools and service centers throughout North Texas. They discuss lessons learned about incident response from an attempted breach of CFBISD’s Active Directory.

What are in-the-trenches pros observing when it comes to Active Directory and identity security in 2023? Ravenswood Technology Group Principal returns to the HIP Podcast to provide updates on current challenges and trends, including Active Directory hardening, PKI, and Tier 0 infrastructure protection.

“[Attackers] don’t hack in, they log in.” In this episode of the HIP Podcast, Sean talks with Jason Rebholz, Corvus Insurance CISO and host of the TeachMeCyber YouTube channel. Jason and Sean discuss the cyber threat landscape the ins and outs of cyber insurance, including what to do (and what not to do) when applying for and utilizing cyber insurance and how to build a strong incident response plan. Want more great HIP content? Join us for the HIP Global conference in NYC, August 23-24. The best part? It's free to attend! Register today: accelevents.com/e/hip-global-2023.

This episode of the HIP Podcast revisits 2022’s HIP NYC conference, where Sean sits down with Andy Greenberg, award-winning author of Sandworm and Tracers in the Dark. As a senior writing covering security, privacy, information freedom, and hacker culture at WIRED magazine, Andy speaks with Sean and the HIP audience about tracking cyber crime, current cyber threats, and more.

Who really has access to your applications and critical infrastructure? You’ve probably heard that identity is the new security perimeter. But how far does that perimeter extend? The key is knowing which assets are in Tier 0—the critical control plane that must be secured to protect your organization from cyber threats—and which potential attack paths lead to those assets, including Active Directory (AD). Semperis Senior Director of Security Product Management, Ran Harel, discusses the challenges of AD security and attack path management in hybrid AD environments.

Budgets are tight in 2023. Where should CISOs focus their spending to best promote cyber and operational resilience? In this episode of the HIP Podcast, Sean Deuby talks with Semperis CISO Jim Doggett about the importance of focusing on the fundamentals, how to optimize cyber insurance, and how best to determine priorities in tight economic conditions.