DrZeroTrust

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

22 Sep 2023

Contributed by Lukas

How does a CEO of a unicorn company view cybersecurity? How does the board of such a company look at the risks of cyber threats? Does insurance make s...

WTF is CNAPP and How Does It Apply to ZT

20 Sep 2023

Contributed by Lukas

Rick Moy and I discuss ZT and the cloud. How developers can and should look at security (it's not how you think). Dealing with ethereal assets, 5G...

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

15 Sep 2023

Contributed by Lukas

Should executives ever be exempt from security standards and practices, the answer rhymes with bell no. MGM got his with ransomware via a third party ...

Surf Security and RBI

11 Sep 2023

Contributed by Lukas

What is Surf's new RBI extension? How does this fit with Zero Trust strategically? Why is RBI now a "thing" in security? Is this just f...

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

08 Sep 2023

Contributed by Lukas

Data from Blackberry points to the same methods of exploitation, shocker. Some recent revelations from the National Security Agency and #china threat....

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

01 Sep 2023

Contributed by Lukas

Cyberpsychology and the hacker mindset, what should we think? Malwarebytes and their funding and layoffs, what does that indicate about the market? AI...

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

25 Aug 2023

Contributed by Lukas

Thoughts on the recent RNC candidate debate where cybersecurity never came up, super. China is using Linkedin to recruit spies, how can you know when ...

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

18 Aug 2023

Contributed by Lukas

How to defend from a "Zero Day" attack that is "not in any anti-virus" engine. Proxy wars from AT&T. Interesting data from Fla...

Weekly(ish) Cybersecurity and Zero Trust Market Analysis

04 Aug 2023

Contributed by Lukas

Insider threats are a real thing, do you have the tools to detect malicious intent before it becomes a threat? How do we know if behavior equals threa...

Weekly(ish) Cybersecurity and Zero Trust analysis

27 Jul 2023

Contributed by Lukas

Does the Veterans Affairs Administration really do all it can for Veterans? I have a tale to tell about this one folks. Sophos released a report on th...

Weekly(ish) Cybersecurity and Zero Trust Analysis

21 Jul 2023

Contributed by Lukas

SECOPs teams have faith in the their tools, but question if they will "miss" something? What? Administration releases plan for IoT security ...

Weekly(ish) Cyber News and ZT Analysis

07 Jul 2023

Contributed by Lukas

An AI girlfriend talked a kid into trying to kill the Queen of England with a crossbow, yeah. Fortinet vulnerability, how bad is it and are we patchin...

Weekly(ish) Cyber and ZT News Analysis

30 Jun 2023

Contributed by Lukas

An event in NYC with BeyondIdentity made me sad for the state of the market, why? What happened with the Supreme Court and the 1st amendment via cyber...

Cytwist and their unique method for security analytics and threat hunting!

20 Jun 2023

Contributed by Lukas

Is it possible to take a different approach to threat detection and do better? Why are endpoint security solutions missing the threats that we buy the...

Weekly(ish) Cyber and ZT News Analysis

16 Jun 2023

Contributed by Lukas

Samsung is dealing with an insider threat that tried to copy their entire chip manufacturing plant, wow! CISA issued a "binding" directive f...

Weekly(ish) Cyber and ZT News Analysis.

09 Jun 2023

Contributed by Lukas

NSA released a guide on securing remote access, cool so what should we learn from it? ILTA has produced a study about law firms and their cybersecurit...

Weekly(ish) Cyber and ZT News Analysis

02 Jun 2023

Contributed by Lukas

Youtube flagged my content for PII violations, but what did I do to get put in the penalty box? CISO's plan on investing more for cybersecurity ov...

Crowdsec and collective security conversation

30 May 2023

Contributed by Lukas

Ever wanted to learn the difference between a Lama and an Alapaca, we talk about that here. Weird but interesting. Crowdsec discusses their approach t...

DrZeroTrust Podcast for 5/24/2023

24 May 2023

Contributed by Lukas

Should we be concerned that our leaders (and former leaders) are posting deepfakes onto social media? What can we learn from the Uber case and the fin...

Weekly(ish) Cyber and ZT News Analysis 5/3/2023

04 May 2023

Contributed by Lukas

Are K-12 organizations and universities prepared for the onslaught of cyber threats? How long does it take me to find a vulnerable school district, it...

Weekly(ish) Cyber and ZT News Analysis

19 Apr 2023

Contributed by Lukas

How hard is it to use "ai" to clone your own voice? I did it and you can hear the sample on this podcast. What should we learn about the rec...

Cyber news and Zero Trust insights for 4/12/2023

13 Apr 2023

Contributed by Lukas

Can ChatGPT make me a less crappy programmer? That isn't hard to be honest, but there are implications to consider. Can you use AI (I really hate ...

Cyber news and Zero Trust insights for 4/6/2023

07 Apr 2023

Contributed by Lukas

How many vulnerable systems out there are connected to the internet with a ten year old vulnerability, with RCE, and have no authentication? Surely th...

Cyber news and Zero Trust insights for 3/29/2023

30 Mar 2023

Contributed by Lukas

Did the Pope wear a puffy jacket? So what? How might applied deepfakes be used to manipulate the collective narrative? What about our political syste...

New Approach to Security Strategy via Distributed Ledgers

21 Mar 2023

Contributed by Lukas

Not Blockchain...Or, kinda...But not really?  Anyway listen to smarter folks than me (lots of those) talk about how we can innovate around the us...

Cyber news and Zero Trust insights for 3/15/2023

16 Mar 2023

Contributed by Lukas

Did I spread misinformation about the SVB fiasco? Uh oh.  Did Ring get hit with ransomware, and are they secure?  What weird ports do Ring c...

Cyber news and Zero Trust insights for 3/8/2023

09 Mar 2023

Contributed by Lukas

30% of dark web operators are women, according to TrendMicro.  That means more women are operating in the criminal side of cyber than on the defe...

Cyber news and Zero Trust insights for 2/22/2023

22 Feb 2023

Contributed by Lukas

US SOCOM had emails exposed to the internet for weeks thanks to a cloud misconfiguration.  Surely it's not still messed up?  Is the US Treas...

Cyber news and Zero Trust insights for 2/9/2023

09 Feb 2023

Contributed by Lukas

Should we worry about the spy balloon?  Why not?  Gartner published some "research" on Zero Trust and how they don't see the strategy as a s...

Addressing the Ransomware Problem with a Bold Strategy

01 Feb 2023

Contributed by Lukas

Can we have a national and international strategy that addresses ransomware?  How would that work?  Is it better to address the "how" of tho...

Cyber news and Zero Trust insights for 1/25/2023

26 Jan 2023

Contributed by Lukas

What happens when marketing attacks and goes "bold" without really understanding their position?  Is it smart to also not pay attention to your s...

Quantum and the Potential Problems Therein

23 Jan 2023

Contributed by Lukas

What the h*ll is quantum really?  Why should we care?  Does cracking an algorithm with quantum change the balance of power globally?  I...

Cyber news and Zero Trust insights for 1/18/2023

19 Jan 2023

Contributed by Lukas

Checkpoint released a report on the wrap up from 2022, what can we learn from that analysis?  It's a super cool report by the way, ping me for th...

Is TikTok really a threat?

11 Jan 2023

Contributed by Lukas

Is TikTok really a threat to national security?  Why should we be concerned about this app?  Should your kids be on this thing?  What a...

Cyber news and Zero Trust insights for 1/4/2023

05 Jan 2023

Contributed by Lukas

Welcome to 2023 y'all.  Let's get into the new year by looking at some news you need to know.  A major FAA system went down and caused an ou...

Cyber news and Zero Trust insights for 12/21/2022

22 Dec 2022

Contributed by Lukas

Okta has an issue with their source code and a Github breach.  Does that matter, and if so why?  Is the FDA asking for more funding a real i...

Cyber Certifications - The Self Licking Ice Cream Cone of Misery

08 Dec 2022

Contributed by Lukas

Why are certs hurting the industry?  Are they really?  How much does it cost to get an entry certification?  Why so much?  Is the ...

Cyber news and Zero Trust insights for 11/30/2022

01 Dec 2022

Contributed by Lukas

Do buyers always configure vendor security solutions correctly?  Is there a magic button to push and then your organization is secure?  Do v...

What happens when two former analysts have a real conversation?

28 Nov 2022

Contributed by Lukas

A former Forrester analyst and a former Gartner analyst talk about the market and a variety of topics.  Is it a good idea for layoffs to be takin...

Cyber news and Zero Trust insights for 11/17/2022

17 Nov 2022

Contributed by Lukas

Zscaler has come up with their own certification for Zero Trust.  Is that a good thing?  What else is up with Medibank and how bad is the se...

Cyber news and Zero Trust insights for 11/9/2022

10 Nov 2022

Contributed by Lukas

A noted Russian "leader" openly admits to tampering with elections, does that close the book on whether or not that has happened?  An article on ...

Cyber news and Zero Trust insights for 11/2/2022

03 Nov 2022

Contributed by Lukas

Banks have paid out a massive multi-billion dollar plus to ransomware operations, but where does all that money go?  Is crypto entirely to blame?...

Cyber news and Zero Trust insights for 10/27/2022

27 Oct 2022

Contributed by Lukas

A major insurance provider for an millions of people is dealing with a compromise, surely they have buttoned up the easy stuff?  Right?  Wan...

Cyber news and Zero Trust insights for 10/19/2022

19 Oct 2022

Contributed by Lukas

How long does it take to find possible vulnerable assets online, about 21 minutes.  Yeah.  Is the OPM data breach "settlement" even worth it...

Cyber news and Zero Trust insights for 10/12/2022

13 Oct 2022

Contributed by Lukas

Dell has setup a Zero Trust Center of Excellence, that's pretty cool.  Real investment into strategic technology alignment sounds like a good ide...

Cyber news and Zero Trust insights for 9/28/2022

29 Sep 2022

Contributed by Lukas

How many VPN's are out there that might have a configuration issue?  Are there any major companies that might be piping threats into their networ...

Thoughts and Perspectives on the Twitter Whistleblower

19 Sep 2022

Contributed by Lukas

Why are security leaders going "scorched earth" when they leave employers?  How can an organization better be prepared to deliver on their promis...

Cyber news and Zero Trust insights for 9/14/2022

15 Sep 2022

Contributed by Lukas

What a wake up call this week when working with SMB's on their cyber security strategy and the reality of the space.  Do SMB's use outsourced sec...

Cyber news and Zero Trust insights for 9/7/2022

07 Sep 2022

Contributed by Lukas

Is the news media collaborating to manipulate our collective consciousness?  How would that happen?  Is local news "more true" than national...

Security for Apps and Low or No Code Systems

01 Sep 2022

Contributed by Lukas

How can you secure no code or low code applications?  Is devsecops a real thing?  Does anyone actually do this?  How should organizatio...

Cyber news and Zero Trust insights for 8/24/2022

25 Aug 2022

Contributed by Lukas

An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware a...

Selling Zero Trust at enterprise scale.

22 Aug 2022

Contributed by Lukas

Do enterprises really buy Zero Trust?  How should they think about a strategic approach to a problem.  What about rip and replace?  Are...

Cyber news and Zero Trust insights for 8/17/2022

18 Aug 2022

Contributed by Lukas

Okta's Zero Trust study.  What does it say about the market and the growth of ZT?  More cyber insurance shenanigans, why does this keep comi...

How to sell into the channel the right way.

16 Aug 2022

Contributed by Lukas

Truths about selling into the channel market with a real expert.  How should your organization go about selling to a channel?  Is the market...

Cyber news and Zero Trust insights for 8/10/2022

11 Aug 2022

Contributed by Lukas

How hard is it to find "internal use only" files with a simple crafted search?  How about spreadsheets with passwords and admin logins?  Wha...

Cyber news and Zero Trust insights for 8/3/2022

04 Aug 2022

Contributed by Lukas

Are there potential ways to attack a nuclear site via online misconfigurations?  What about water as a vital national resource, can you attack a ...

Cyber news and Zero Trust insights for 7/27/2022

28 Jul 2022

Contributed by Lukas

Can I find privacy violations with Shodan?  What companies are using hackable unpatched scada systems that are misconfigured?  Can we find o...

Applying Zero Trust to Cloud Workloads and Kubernetes.

18 Jul 2022

Contributed by Lukas

More ideas and thoughts around applying Zero Trust to cloud workloads and kubernetes.   How should we think about the inherent vulnerabiliti...

Cyber news and Zero Trust insights for 7/6/2022

07 Jul 2022

Contributed by Lukas

Marriott got hacked again, say what?  Does it mean anything?  What about their fines, didn't that teach them something?  Can I find vul...

What's up with the WAF market?

05 Jul 2022

Contributed by Lukas

What's up with the WAF market?  Talking about how we should and shouldn't use a WAF with an expert.  Is the WAF the best way to address the ...

Cyber news and Zero Trust insights for 6/29/2022

30 Jun 2022

Contributed by Lukas

Can I find medical offices open to the internet?  How hard would it be to hack them?  Why is phishing training a problem for enterprises and...

Cyber news and Zero Trust insights for 6/15/2022

16 Jun 2022

Contributed by Lukas

Thoughts on RSA2022.  New research from Digital Shadows breaks down key areas of concern for us.  I find some vulnerable databases on the we...

What is Collaboration Security?

09 Jun 2022

Contributed by Lukas

Can an organization be compliant if they are using Slack to share files, passwords, and other critical and risky data?  How does an agent-less sy...

Cyber news and Zero Trust insights for 6/1/2022

02 Jun 2022

Contributed by Lukas

RSA is next week, I really need a beard trim.  See y'all out there!  Finding vulnerable hospital systems on the internet shouldn't be this e...

Cyber news and Zero Trust insights for 5/25/2022

25 May 2022

Contributed by Lukas

Can you find vulnerable stuff online from 2003?  Surely not?  Uh oh.  Do we need a cyber moonshot to get past the failures we face in c...

Cyber news and Zero Trust insights for 5/18/2022

19 May 2022

Contributed by Lukas

What matters more, targeting the "asset" (tractors) or the infrastructure for John Deere.  Can you overthrow a government with a ransomware attac...

Cyber news and Zero Trust insights for 5/11/2022

12 May 2022

Contributed by Lukas

Can we find vulnerable ICS and SCADA controls on the internet?  What about the physical doors that are in those facilities?  Have we really ...

Cyber news and Zero Trust insights for 5/4/2022

05 May 2022

Contributed by Lukas

Finding vulnerable passwords with Google dorks, it's super easy (don't do this).  How many VPN's can I find that are possibly misconfigured? &nbs...

Helping Small and Mid Sized Businesses in Cyber with Arctic Wolf

28 Apr 2022

Contributed by Lukas

What do SMB's care about in cyber?  Where do they need help?  How do they budget for this issue?  Is there value to training or is it b...

Cyber news and Zero Trust insights for 4/21/2022

21 Apr 2022

Contributed by Lukas

Why is the government looking at legislation on "quantum security"?  Can I find vulnerable systems for ICS and SCADA that have no authentication ...

Cyber news and Zero Trust insights for 4/14/2022

14 Apr 2022

Contributed by Lukas

The dog barks, like always.  What is the Zero Trust market map?  How about Microsoft's new CVE issue, is that something that we should have ...

Cyber Insurance, Truth and Consequences with an Expert

11 Apr 2022

Contributed by Lukas

Is cyber insurance worth it?  Do insurers actually know what they are doing, and why are policies not being honored?  Is a strategy useful f...

Deploying Zero Trust at the Enterprise Level

05 Apr 2022

Contributed by Lukas

Working with big enterprise ZT, how does one engage the leadership effectively?  Is this about more tech?  Who holds the keys to the kingdom...

The Devil Never Sleeps new book review

28 Mar 2022

Contributed by Lukas

"The Devil Never Sleeps" is one of the best books out there that can help us better understand how to deal with today's never ending threats.  Ju...

Conversations with an Enterprise Architect doing the work to enable ZT!

25 Mar 2022

Contributed by Lukas

Is #zerotrust happening in Australia?  What problems do the folks doing the work run into?  How does he deal with the business side of the i...

Cyber news and Zero Trust insights for 3/23/2022

24 Mar 2022

Contributed by Lukas

What should we take from the Okta situation?  More legislation to mandate training for government cyber security, really?  Too many agencies...

Cyber news and Zero Trust insights for 3/17/2022

17 Mar 2022

Contributed by Lukas

Why isn't cyber getting any better nationally with all this legislation?  How should we view CISA's new rules?  What about the Committees th...

Cyber news and Zero Trust insights for 3/2/2022

02 Mar 2022

Contributed by Lukas

Where can you go to learn how to "do" a deepfake, I'll tell you, but be careful.  My thoughts on "getting involved in the conflict" in Ukraine fr...

Cyber news and Zero Trust insights for 2/23/2022

23 Feb 2022

Contributed by Lukas

Zero Trust world was a blast, well done Threatlocker!  Microsoft has done some great work in helping people to understand Zero Trust.  Misin...

Cyber news and Zero Trust insights for 2/16/2022

16 Feb 2022

Contributed by Lukas

#cyberwarfare and first strike capabilities in the Ukraine conflict?  Finding vulnerable SCADA and electric systems in @shodan isn't hard, how mu...

Cyber news and Zero Trust insights for 2/8/2022

08 Feb 2022

Contributed by Lukas

More ways cyber insurers are getting out of paying.  Two students hack a school system and ask for a job, awesome.  Microsoft talks about th...

Cyber news and Zero Trust insights for 2/2/2022

02 Feb 2022

Contributed by Lukas

Interesting points on a Zero Trust report by Illumio.  How to stop the majority of ransomware, it's not that hard.  How did we allow the US ...

Threat intelligence and the cyber security market with Brian Kime.

24 Jan 2022

Contributed by Lukas

What is threat intelligence, and what is the value in data?  Does brand defense make a difference?  Do his customers worry about deepfakes? ...

Cyber news and Zero Trust insights for 1/19/2022

19 Jan 2022

Contributed by Lukas

The new memorandum on cyber security for the federal government and Zero Trust.  Drones are used to attack an airport in the Middle East.  L...

Cyber news and Zero Trust insights for 1/12/2022

12 Jan 2022

Contributed by Lukas

Predictions from vendors for 2022.  Are the leaders on Capitol Hill actually doing anything on the cyber front?  The first log4j malware att...

A look back at the major hacks of 2021

07 Jan 2022

Contributed by Lukas

A look back at 2021 and the major hacks we endured.  How did they happen?  What should we learn?  Where did it all go wrong?  Can ...

Disinformation and Narrative Intelligence in Cyber

27 Dec 2021

Contributed by Lukas

Is disinformation actually affecting people?  What is narrative intelligence?  Should corporate organizations defend their brand from trolls...

Big Dollars and the Cyber Security Market...

22 Dec 2021

Contributed by Lukas

Do the crazy valuations of companies help them or hurt them?  Does big money in cyber security investing fix the problem?  Why do some peopl...

Why Golf is the best strategy sport there is...and how it relates to cyber security.

15 Dec 2021

Contributed by Lukas

What can we learn from the game of golf and security strategy?  What telemetry matters most?  Do you practice right in cyber or in your golf...

Cyber news and Zero Trust insights for 12/06/2021

06 Dec 2021

Contributed by Lukas

Is cyber insurance a rip off?  What do insurance providers do to get out of paying their policy holders?  Does cyberwar affect small busines...

Multi Spectrum Warfare and how US loses in the future

01 Dec 2021

Contributed by Lukas

What is multi spectrum warfare?  Is the US the global superpower anymore?  How do state and local governments look at cyber versus federal? ...

People, cyber and all the issues therein...

22 Nov 2021

Contributed by Lukas

What does empathy really mean?  How do you deal with the "brilliant jerk"?  Where is the line on terminating an employee who endangers your ...

#killthepassword with Simon Moffatt

16 Nov 2021

Contributed by Lukas

What do consumers really think about passwords?  Can technology solve the problem of unsafe passwords?  Where does the market go for better ...

IdRamp and SSI in the consumer and business space.

08 Nov 2021

Contributed by Lukas

Can I download and configure an SSI app during a live recording?  Is SSI useful for the average consumer use case?  How should we look at th...

Cyber news and Zero Trust insights for 10/27/2021

27 Oct 2021

Contributed by Lukas

Disinformation with lobsters?  What about the Missouri Governor and "hacking" that website?  Does the new ransomware plan make much differen...

Conversation with an advisor to fortune 100 executives.

25 Oct 2021

Contributed by Lukas

How does he advise companies to select technology?  What does he think about strategy?  What is a non starter for him?  How do board me...

Cyber Dollars and Market Shenanigans with an Industry Icon.

18 Oct 2021

Contributed by Lukas

Richard Stiennon (the OG Curmudgeon) and I discuss investments and market dynamics in cybersecurity.  He provides his views on a variety of topic...

Cyber news and Zero Trust insights for 10/13/2021

13 Oct 2021

Contributed by Lukas

Stealing secrets via PB&J?  What is the MSSP market for ZT?  When is hacking not hacking?  Thoughts on the USAF Chief Software Offi...

Cyber news and Zero Trust insights for 10/6/2021

06 Oct 2021

Contributed by Lukas

Cybersecurity awareness month at the White House, so what?  Big dollars for ZT in the DoD, really?  The demographics of cybercrime and what ...

Chat with a master of brand building and design.

04 Oct 2021

Contributed by Lukas

Discussions on how a brand builder and designer worked to build one of the most successful brands in all of cybersecurity.  How valuable is cultu...