Think of the CMMC like HIPAA for companies that work with the Department of Defense. It's a seemingly-endless list of concerns to juggle when planning a CMMC compliance journey, and the guides for getting started are overwhelming. If you can make it past the Special Publications (like NIST 800-53 and 800-171), there are maturity levels to manage and DFARS requirements, and waiting at the finish line is the promise of legal ramifications if you did the whole thing wrong.
In this episode, Nate and Joshua find a loophole to bring their Tye Dye Lazer Gun business to market without going through all the hassle that comes along with CMMC. We're thankful that Joy Beland was there to talk us through our decision making process.
Joy seems to know everything about CMMC, which perfectly suites her as she travels around to meet with MSPs about their compliance concerns and runs the CMMC Boot Camp for Edwards Performance Solutions. Joy Beland is easy to find on LinkedIn, and you can find more information about her boot camp at https://edwps.com.
For more titilating CMMC content, head over to www.sittadel.com, tweet us @sittadelpodcast, and send your questions to ask[at]sittadel.com.
It's Valentine's Day, and love is in the air in the Sittadel Podcast. The birds are chirping, the phishers are rhythmically clacking away on their mechanical keyboards, and somewhere in the distance the cryptominers are buzzing away in a misconfigured S3 bucket. On this very romantic episode of the Sittadel Podcast, Joshua tricks a Board-Certified Behavior Analyst into discussing cybersecurity for a solid hour.
But this isn't just any run of the mill Security Awareness Training conversation. This is a hot and heavy discussion between Joshua "Statistically Average in Height" Sitta and Joanna "The Perfect 10" Sitta. To set the mood, Joanna explains the origins of Applied Behavior Analytics and gives us a crash course in behavior interventions.
The two discuss the fallacies of "Don't Click the Link" training and talk through two examples of pitfalls organizations wander into while dealing with the problem of phishing emails. Always searching for Joanna's approval, Joshua finishes out the show by laying out his blueprint for effective Security Awareness Training.
In this episode, we discuss Security Awareness Training, Phishing Emails, The Nigerian Prince scam, Spearphishing emails, the importance of data relevance, Hook Security, simulated phishing campaigns, and tikka masala. For more Indian food recipes, head over to www.sittadel.com or send an email to Ask[at]Sittadel[dot]com.
With Nate out on assignment for today's episode, Trafenia Flynn Salzman fills the void to kick off the conversation. We join our heroes as guests on The Community Bank Podcast, hosted by Eric Bagwell and Caleb Stevens from SouthState Bank.
The Community Bank Podcast on Apple Podcasts is dedicated to helping community bankers grow themselves, their team, and their profits. Today's clips focus on cybersecurity risk management as applied to banks and their customers, but they're relevant for any business in every vertical.
The views, information, or opinions expressed during this show are solely those of the participants involved and do not necessarily represent those of SouthState Bank and its employees.
In this episode of the Sittadel Podcast, Joshua came prepared with an extreme approach to cybersecurity incident handling. In May of 2019, Israel Defense Force (IDF) shut down the attacks of Hamas cyber operatives. Joshua had planned to talk through the implications of moving from a digital series of events to a physical series of events. His notes on what can be learned about the moments after a cyberattack would have been valuable to hear.
Unfortunately, Joshua wasn't prepared for when Nate brought up the logistics of time travel. It was all over after that. Instead of predefined communication channels or incident severity matrices and escalation procedures, the conversation never returned from space.
If only this was covered in his response plan...
We're back from our long holiday break with some exciting news about 2020's most notorious ransomware gang: REvil. X-Force, IBM's threat intelligence offering, reports that 36% of REvil's victims paid their ransom and at least 12% of victims watched as their sensitive stolen data was auctioned off to the highest bidders on the dark web between 2019 and 2020.
REvil's back in the headlines, but this time the story is a little different. After a string of law enforcement activity that pushed the gang further into obscurity, the nations of Russia and the United States have held hands to bring the ransomware group to justice. It's a story almost too good to be true.
Listen in as Nate and Joshua discuss the wild variance in numbers reported by differing news outlets, as they put on their tinfoil hats, and hear a word straight from the old timey prospector himself.
The holidays are a time to gather round the yule log with the family, reflecting on the most precious parts of your life. And when you get sick of all that, we can turn our attention to the Metaverse and build that perfect digital life. And while many analysts see the Metaverse as a 1 trillion dollar investment opportunity, cybersecurity professionals see more similarities to the Wild West.
In this special holiday episode, Nate and Joshua skim over a few notes on the holidays and discuss the future of social engineering attacks launched in the Metaverse. The anonymity of blockchain technologies and crypto currencies create hurdles for proving ownership of digital commodities. What recourse can you have when someone else's avatar is living in your digital house?
At Sittadel, we believe cybersecurity empowers business. If you're thinking about working with NFTs or setting up a storefront in the Metaverse, why not plan for your success (before your wallet is falls into someone else's hands!). Start the conversation by tweeting us @sittadelpodcast or visiting our website at www.sittadel.com
The sky is falling, and it's all because of your kids' favorite video game. The National Vulnerability Database lists the recently identified Log4j vulnerability as a perfect 10 out of 10. It's everywhere from Minecraft to iCloud, and it doesn't take any special skills to copy and paste the exploit into remote systems. This time next year, businesses all over the globe will have either proved the value of their vulnerability and patch management operations - or they will have learned the reason these ops are a critical piece of running a business in 2021.
In this episode, Nate and Joshua take a 30,000 ft view of software development and how functionality can sometimes translate to vulnerability. The two discuss how patching out functionality can work, and why businesses of all sizes are feeling the squeeze from vendor management programs.
At Sittadel, we believe cybersecurity empowers business. A mature cybersecurity program doesn't only serve to prevent losses and keep your data safe: It can also be your differentiator when bidding for work. How can cybersecurity help you stand out from the crowd? Find out at www.sittadel.com.
The grubrious emotet gang is back at it again, and rather than focus on the tricky cybersecurity wizardry necessary to go toe to toe with the threat, Joshua and Nate talk through some entry level security principles: Defense in Depth and IT Hygiene. Sometimes, it's the low hanging fruit that makes the difference between safe and sorry.
If it's time you came up with a layered defense to cybersecurity threats, check out the website at https://www.sittadel.com.
Happy Thanksgiving, Everyone.
Joshua Sitta holds several Information Security credentials, created the phishing simulations and training for a big bank with over 5000 employees, and has written the playbook for how to identify phishing emails. Throughout his career, he's blocked millions of phishing emails from ever reaching the end user and has personally received hundreds of different phishing scams. He's seen it all, from the Nigerian Prince we all joke about to the spearphishing emails crafted by the world's most successful cyber criminals - and he's never fallen for even one of them.
Until today.
As Joshua talks through his eperience in falling for the easiest-to-identify phishing email ever, Nate points out how differently the two approach failure. For Nate, failure is one of the most important tools in his toolbox.
We'd like to set you up with a safety net and take the scary out of failure. Sittadel is ready to be the group that has your back - 24 hours a day, 365 days a year. Start the conversation at www.sittadel.com or send us an email at ask[at]sittadel.com.
When cybersecurity professionals need to develop their skills and earn credentials, they turn to Ben Malisow, author of Exposed! and a number of self-paced courses on Udemy.
Ben Malisow didn't waste any time to bring his unwelcome perspective to the podcast. In Ben's mind, it's time for you to embrace a future of perfect privacy: where all of your secrets become public. Your location, your browser history, and your finances should all be at the fingertips of your neighbors. Big corporations and governments are already using this information, so why should the person you just met at the bar be left out in the cold?
It's easy to disagree with Ben.
But what if it wasn't just your secrets? What if everyone's information was available to you as well? Would you feel more comfortable meeting a stranger if you were able to review their arrest history first? As Ben points out, privacy creates opportunities for fear and distrust. Secrets lead to shame.
There are movements all over the United States to bring about transparency in politics and law enforcement. Today, cities burn in the wake of officer-involved shootings, but if the public had access to all the information, they could reach a level of comfort that the actions were justified. Or if it wasn't justified, it would be plain to see for the Good Apples who protect and serve. But this would only be possible with complete transparency. And what is transparency if not the enemy of privacy?
It's hard to disagree with Ben.
Until we reach our new future, it's up to cybersecurity practitioners to continue defending the C in the CIA triad. For more information on how Sittadel can keep your secrets safe, let's get the conversation started at www.sittadel.com.
Social Media has fostered the most interconnected and mentally unwell society in history. Communities have never been more accessible and people have never felt more alone.
Silicon Valley titans like Pinterest and Reddit have fundamentally changed the way information is shared on the Internet. For many previously marginalized voices, social media has provided platforms for collaboration and representation. And while those examples are important, the valor of social media starts to drop off from there. After another round of concerning reports on facebook's priorities, Nate has to hold the conversation that stays resident in the back of our minds: When billion-dollar businesses drive our communication, can decisions be made with the public's best interests in mind?
The social media apps that live in our pockets are treasure troves of private information. For law enforcement, that data represents an endless stream of opportunities to protect the innocent. But as we explored last week, this moral tradeoff can leave us feeling conflicted at best.
In this episode, the two discuss Social Media, facebook, Instagram, outages, transparency and accountability, the facebook whistleblower, health and wellness monitoring, and Nate started a gang.
There's no call to visit our website today. Just promise us you'll think about spending your time intentionally.
We know your location, see your pictures, listen in on your microphone, and even get into your encrypted chat. But we only use that for good! (Okay, except for that one time...)
Israeli based cyber intelligence company NSO Group is a billion-dollar business that helps law enforcement agencies and governments learn everything about innocent and guilty citizens alike in the name of protecting the virtuous.
Cyber weapons like Pegasus represent a moral tradeoff. The intended use is to curb human trafficking or intervene before violent crimes are committed, but it comes at the cost of invading the privacy of good-doing citizens. We're quick to accept this risk when weapons are wielded by the armed forces that defend countries, but the NSO Group is motivated by profits as much as any other private company.
What we called spyware in the 90s has become the way modern advertising works, and that lets platform holders more finely target the spaghetti they throw at the wall. Now it's angel hair pasta, and everything is sticking.
As Nate discusses in the episode, he often finds himself caught between the creative ambition of an artist and catering to what will sell. To pay the bills, Nate has to sacrifice a bit of creative freedom. When companies profit from circumventing the security systems that keep us safe, it's a much greater sacrifice.
In this episode, we discuss zero day vulnerabilities, Pegasus Spyware, NSO Group, Edward Snowden, Spysweeper, Privacy concerns, mobile security, law enforcement, wardriving, and WIFI security.
Use our contact form or tweet us @sittadelpodcast to start the conversation on how Mobile Device Management (MDM) solutions can play a role in protecting your information (and if you're a business, there's a good chance you're already paying for one you've never set up).
Some men see EDR as it is; others see EDR as it should be. Maxime Lamothe-Bressard joins Nate and Joshua for a discussion on the ways LimaCharlie is removing the roadblocks for working with some of the most important data points for Incident Responders and SOC analysts: file execution telemetry. Maxime brings a wealth of experience to the show, bringing insight from his time at Google-X, CrowdStrike, and a French Cafe. You can get started with LimaCharlie today for free by visiting limacharlie.io.
For more information, visit https://www.sittadel.com or tweet us at @sittadelpodcast.
Friend of the show Aaron Burns drops by the studio to talk about his experiences with scams sent straight to his phone. Aaron and Nate do their best to reinvent a few new cybersecurity terms, but Joshua wasn't having any of that nonsense. In this episode, the team discusses how Universal 2 Factor Authentication (U2A) promises big improvements by requiring login pages to prove their identity before users are permitted to login.
Happy Labor Day! Comedian Jayson "Avocado" Acevedo helps the Sittadel Podcast team celebrate with a look at 3 day weekends and the social engineering risks they introduce for businesses. Later, Jayson would weigh in on cryptographically relevant quantum computers, which could be the worst idea we've ever had. What does quantum computing have to do with drive thru terminals? Nothing, Jayson. Absolutely nothing.
If you'd like to hear more from Jayson, head over to https://jaysonavocado.com
To enjoy CrowdStrike's APT database, check out https://adversary.crowdstrike.com
To chat with the Sittadel Podcast team, tweet us @sittadelpodcast, email us at ask(at)sittadel(dotcom), or start the conversation at https://sittadel.com
In this episode, we talk about social engineering, viruses, advanced persistent threats, APTs, CrowdStrike, Jayson Avocado, Marvel, DC, comic books, and several things that had to be edited out (looking at you, Jayson).
Trafenia joins us for another trip back to the 90s to talk about the Melissa Virus, Joshua tells us about how plywood fits into cybersecurity, and Nate introduces us to Jacques.
In this episode, the trio discusses phishing, security awareness training, Kevin Mitnick, Hook Security, honest hips, business continuity, and disaster recovery.
For more on what Sittadel can do for you, head to our website at https://www.sittadel.com
Trafenia Flynn Salzman has been working with computers since the movie Rush Hour was a relevant cultural reference. She's bringing that depth of experience to the podcast and comments on the representation of women in cybersecurity, Cloud Security, Zero Trust, and CARTA. Later, Nate would be disappointed the episode wasn't titled White Van Candy Man.
Topics in this episode include diversity, Cloud Security, ZTNA, CARTA, MFA, trust algorithms, data centers, and teradactyls.
For more on what Sittadel can do for you, head over to our website at https://www.sittadel.com.
Troy Hunt created www.HaveIBeenPwned.com with the expectation that a few of his mates would use it to keep their accounts safe, but today it's the resource the world uses to monitor passwords at risk for credential stuffing attacks. Troy spends an hour on the podcast discussing password strength, his work at Pluralsight, and answering the age old question: What do squirrels have to do with cybersecurity?
We thank Troy both for his time and for making the Internet a safer place.
Joshua tries to talk about the role of executive management in a cybersecurity operation, but Nate would rather talk about movies.
