Tackling Barriers on the Road To Cyber Resilience – Rob Allen, Theresa Lanowitz – ESW #386
Full Audio
View Show IndexSegments
1. Tackling Barriers on the Road To Cyber Resilience – Theresa Lanowitz – ESW #386
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:
- How to identify these barriers to cyber resilience
- Be secure by design
- Align cybersecurity investments with the business
Also, be sure to check out the first two installments of this series!
- Episode 380: Cybersecurity Success is Business Success
- Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Sponsored By
Guest
Theresa Lanowitz is the Chief Cybersecurity Evangelist at LevelBlue, a strategic alliance between AT&T and WillJam Ventures, that simplifies cybersecurity for the businesses fueling our global economy.
With a distinguished career in the technology industry, she has held influential roles at companies including Gartner, Borland, Taligent, and Sun Microsystems, significantly impacting application security and emerging technologies.
Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity. Theresa frequently speaks at major industry conferences, sharing her insights on high tech trends, AI integration, and the evolving threat landscape.
Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.
Hosts
2. Stopping 0day Exploits Doesn’t Require AI or Superhuman Speed – Rob Allen – ESW #386
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Sponsored By
Announcements
Want to shape the future of identity? Identiverse 2025 is looking for dynamic speakers like you to share groundbreaking ideas with over 3,000 identity and access management leaders. Join the most influential voices in IAM and help drive innovation in our industry. Submit your presentation proposal today at securityweekly.com/idvcfp
Guest
Rob Allen is an IT Professional with almost two decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by MSP’s and their customers today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customer’s needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries.
Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks. Rob joined the ThreatLocker team in 2021 excited at the prospect of building new relationships and helping deliver ThreatLocker® enterprise-level security products to customers throughout the EMEA region.
Hosts
3. Cybersecurity from Santa, office surveillance, Apple work/life balance issues, & more – ESW #386
This week, in the enterprise security news,
- Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season”
- North Pole Security picked an appropriate time to raise some seed funding
- Breaking news, it’s still super easy to exfiltrate data
- The Nearest Neighbor Attack
- Agentic Security is the next buzzword you’re going to be tired of soon
- Frustrations with separating work from personal in the Apple device ecosystem
- We check in on the AI SOC and see how it’s going
- Office surveillance technology gives us the creeps
All that and more, on this episode of Enterprise Security Weekly.
Hosts
- 1. FUNDING: From Return on Security’s Security Funded Newsletter
FUNDING
- Upwind Secures $100M for a New CNAPP
- Tuskira Emerges from Stealth with $28.5M and challenges categorization
- Prompt Security raises $18M in a Series A
- VISO Trust raises an additional $7M for Third Party Risk Management
- 2. NEW COMPANIES: North Pole Security
Just raised a $4M Seed
- 3. NEW FEATURES: Fleet – Escrow Disk Encryption Keys
- 4. NEW TOOLS: GitHub – doxx/darkflare: DarkFlare Firewall Piercing (TCP over CDN)
Endless ways to exfiltrate data...
- 5. NEW TTPS: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
An amazing story and a no-brainer hacking technique that pen testers will never be allowed to use.
- 6. MARKET RESEARCH: Agentic Security Marketmap
A useful market map of GenAI security startups
- 7. ESSAYS: Apple: Let us be Polymacous
The Mac ecosystem - where you're still forced to log in with your personal Apple account if you want half the operating systems' features to work...
- 8. AI USE CASES: AI SOC in Action: 4 Ways Security Teams are Leveraging AI Today
No surprises here, I don't think?
- Enhancing Threat Detection
- Automating Alert Triage with AI
- Reducing Analyst Burnout
- Solving Talent Shortage Problems
- Streamlining Incident Investigation and Accelerating MTTD/MTTR
- Automatically Prioritizing Alerts and Auto-Resolving False Positives
- Augmenting Threat Hunting
- Accelerating Malware Analysis
- 9. STUDIES: Modern workplaces increasingly resemble surveillance zones
The original research is here: https://crackedlabs.org/en/data-work/publications/indoortracking
- 10. SQUIRREL: Futuristic Holodeck Display
Awesome or lame?