The Security Detail
The Security Detail is a podcast series by SURGe, Splunk’s strategic security research team. Every other week, co-hosts Audra Streetman and Madeleine Tauber interview security experts about the top cyber threats in different industries. Episodes will examine the cyber threat landscape in healthcare, education, manufacturing, the technology sector, retail and hospitality, telecommunications, and the public sector.
Episodes
3 days ago
3 days ago
In episode 9 of The Security Detail, hear from past interview guests about what they consider to be the most important cybersecurity skill for future practitioners.
Wednesday Apr 10, 2024
Ep. 8: Emerging Technology Predictions from Past Interview Guests
Wednesday Apr 10, 2024
Wednesday Apr 10, 2024
In episode 8 of The Security Detail, hear from past interview guests about their predictions for emerging technology, like artificial intelligence and quantum computing.
Resources:
Cipher Brief article: https://www.thecipherbrief.com/how-ai-is-helping-the-u-s-unravel-chinas-dangerous-hacking-operation
Wednesday Mar 27, 2024
Ep. 7: MITRE ATT&CK framework featuring Adam Pennington, MITRE ATT&CK Lead
Wednesday Mar 27, 2024
Wednesday Mar 27, 2024
The MITRE ATT&CK framework provides a standardized taxonomy and knowledge base of adversary tactics, techniques, and procedures (TTPs), enabling organizations to enhance threat detection, response, and mitigation strategies effectively. In this episode, Adam Pennington tells us about the origins of the ATT&CK project, how organizations can effectively leverage it, and the journey that led Adam to his current role as the project's leader.
Resources:
Mitre ATT&CK website: https://attack.mitre.org/
.conf24 agenda: https://conf.splunk.com/
ATT&CKCon Presentations: https://attack.mitre.org/resources/learn-more-about-attack/
ATT&CK Evaluations Program: https://mitre-engenuity.org/cybersecurity/attack-evaluations/
Adam's BSides Talk (Bringing Intelligence into Cyber Deception with MITRE ATT&CK): https://www.youtube.com/watch?v=eL4iLUw1ee8
Adam's DEF CON Talk (Emulating Adversary w Imperfect Intelligence): https://www.youtube.com/watch?v=cXlWY3OnjO0
David Bianco's Pyramid of Pain: https://www.youtube.com/watch?v=3Xrl6ICxKxI
Dr. Fetterman’s blog: https://www.splunk.com/en_us/blog/security/revisiting-the-big-picture-macro-level-att-ck-updates-for-2023.html
Wednesday Mar 13, 2024
Ep. 6: Electric featuring Robert M. Lee, CEO and Co-Founder of Dragos
Wednesday Mar 13, 2024
Wednesday Mar 13, 2024
Cybersecurity is crucial for the electric sector to safeguard critical infrastructure from cyber threats and potential disruptions, ensuring the reliable and secure delivery of electricity to homes, businesses, and essential services. In episode 6, Robert M. Lee, CEO and Co-Founder of Dragos provides an overview of the top cyber threats facing electric utilities and the role that Dragos plays in strengthening ICS and OT resilience.
Resources:
Dragos Community Defense Program: https://www.dragos.com/community/community-defense-program/
Dragos 2023 OT Cybersecurity Year in Review report: https://www.dragos.com/ot-cybersecurity-year-in-review/
SANS Instructor Biography: https://www.sans.org/profiles/robert-m-lee/
Sandworm book: https://www.amazon.com/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405
'U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure': https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
'Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)': https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
'A Global Police Operation Just Took Down the Notorious LockBit Ransomware Gang': https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/
'Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology': https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology
The Five ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/
SECURING OPERATIONAL TECHNOLOGY: A DEEP DIVE INTO THE WATER SECTOR: https://homeland.house.gov/hearing/securing-operational-technology-a-deep-dive-into-the-water-sector/
Wednesday Feb 28, 2024
Ep. 5: Food and Agriculture featuring Jonathan Braley, director of the Food and Ag-ISAC
Wednesday Feb 28, 2024
Wednesday Feb 28, 2024
The food and agriculture industry is a critical sector that represents nearly a fifth of US economic activity. Businesses in this sector also rely on other important industries such as water, transportation, and energy. In this episode, Jonathan Braley, director of the Food and Ag-ISAC shares the top cyber threats facing the industry, as well as the various services offered through the ISAC.
Resources:
Food and Agriculture ISAC website: https://www.foodandag-isac.org/
Cybersecurity Guide for Food and Ag Small and Medium Enterprises: https://www.foodandag-isac.org/resources
CISA publication on Chinese-manufactured UAS: https://www.cisa.gov/resources-tools/resources/cybersecurity-guidance-chinese-manufactured-uas
Wednesday Feb 14, 2024
Wednesday Feb 14, 2024
In this episode of The Security Detail, we explore the complex domain of election cybersecurity with Marci Andino, senior director of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC). From international interference threats to localized phishing attacks, discover the varied challenges election offices face and the strategies deployed to safeguard the integrity of electoral processes.
Resources:
EI-ISAC Resources: https://www.cisecurity.org/ei-isac
Marci Andino Bio: https://safeelections.org/marci-andino/
EI-ISAC's Essential Guide to Election Security: https://essentialguide.docs.cisecurity.org/en/latest/index.html
How Investigators Solved the Biden Deepfake Robocall Mystery (Bloomberg): https://www.bloomberg.com/news/newsletters/2024-02-07/how-investigators-solved-the-biden-deepfake-robocall-mystery
Splunk research on generative AI spear phishing email translation: https://www.splunk.com/en_us/blog/security/old-school-vs-new-school.html
Wednesday Jan 31, 2024
Ep. 3: Media with Runa Sandvik, security researcher and founder of Granitt
Wednesday Jan 31, 2024
Wednesday Jan 31, 2024
Cybersecurity is crucial for journalists and newsrooms to safeguard sensitive information, protect sources, and ensure the integrity of their reporting in an increasingly digital and interconnected media landscape. Episode 3 of The Security Detail features an interview with Runa Sandvik, a security researcher and founder of Granitt, a consulting firm that focuses on digital security for journalists and other at-risk people.
Resources:
Granitt Website
Runa's Website
Follow Runa on X
Runa's blog posts
Tor Project
Google Summer of Code
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware
Columbia Journalism Review profile on Runa
Citizen Lab
Amnesty International
Wednesday Jan 17, 2024
Wednesday Jan 17, 2024
Water treatment facilities are part of the critical infrastructure that supports essential services. A cyberattack on these facilities could disrupt the supply of clean water, leading to severe consequences for public health, safety, and the economy. In this episode, two representatives from the US Cybersecurity and Infrastructure Security Agency, or CISA, share strategies to defend the water sector from cyberattacks. They also provide an update on CISA's investigation into an Iranian-linked campaign targeting Israeli-made Programmable Logic Controllers (PLCs) at a number of US water utilities.
Resources:
CISA Risk and Vulnerability Assessments program
CISA Security Advisors
Top Ten Cybersecurity Misconfigurations (NSA and CISA Advisory)
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA Advisory)
CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs (CISA Alert)
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords (CISA Alert)
States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (Associated Press)
CVE-2023-6448 (NIST NVD)
CISA's Known Exploited Vulnerabilities Catalog
Report a cyber issue to CISA
Water and Wastewater Cybersecurity toolkit (CISA)
China’s cyber army is invading critical U.S. services (Washington Post)
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)
Stop Ransomware website (CISA)
The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos)
Cybersecurity for Rural Water Systems Act
Energy Circuit Riders Act
Wednesday Jan 03, 2024
Ep. 1: Tour of Cyber Coalition 2023, NATO’s flagship cyber defence exercise
Wednesday Jan 03, 2024
Wednesday Jan 03, 2024
Season 2 of The Security Detail kicks off with an inside look at Cyber Coalition 2023, NATO's flagship cyber defence exercise. Audra Streetman traveled to Tallinn, Estonia to tour the exercise and interview creators and participants about the knowledge and collaboration needed to defend the Alliance from cyber threats.
Links:
Cyber Coalition 2023 NATO Blog
Wednesday Dec 13, 2023
Ep. 14: Cybersecurity Career Advice from Past Interview Guests
Wednesday Dec 13, 2023
Wednesday Dec 13, 2023
Wrapping up Season 1 of The Security Detail, episode 14 features interviews with a number of past guests about the best advice they've received in their career along with the failures they've learned the most from.
Stay tuned for Season 2 of The Security Detail, which kicks off on January 3, 2024 with an episode about Cyber Coalition 2023, NATO's flagship cyber defense exercise. Audra Streetman traveled to Tallinn, Estonia to tour the exercise and interview creators and participants about the knowledge and collaboration needed to defend the Alliance from cyber threats.