Matthew Rosenquist

Top 10 Things You Should Be Doing to Protect from Cyberattacks
LinkedIn
July 15, 2019

I get asked all the time for a quick answer to the question “How can I protect myself from getting attacked online?”. The simplified answer is to follow these Top 10 best practices.

Fight for Digital Privacy Rights Continue in Tech-Focused California
LinkedIn
June 27, 2019

The tech heartland of California is the latest battleground for privacy rights. Big tech companies are fighting to dilute upcoming legislation that will require more privacy protections. But is it enough? No! We need even better protections, accountability, and transparency of how our personal data is handled. This is the moment when ethical tech giants can either stand-up to do the right thing by leading the charge for the betterment of their users or lawyer-up to allow hidden practices, abuses, obfuscation, and deniability to continue for their financial gain.

Should Exploit Code be Published When Vulnerabilities are Made Public?
linkedin
April 18, 2019

On the heels of a recent report from Kaspersky Labs, discussions among security professionals have been stirred-up regarding the risks of publishing proof-of-concept code that may be helping hackers more than benefiting security. The topic has history and continues to be vigorously debated.

Invitation to Innovators for Voting Technology Security
linkedin
April 15, 2019

Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. I am looking forward to listening to all the excellent concepts for election security at the upcoming event in Sacramento CA. As India is now in the midst of having 900+ million people vote, we too need to figure a way to leverage digital tools for our democracy in a secure, private, trustworthy, and attestable way.

Role of the CISO: Top 3 Questions
linkedin
February 15, 2019

The role of Chief Information Security Officers (CISO) is evolving and requires a complex skill set. Long perceived as cost center that constrains the business in order to reduce losses from cyberattacks and to meet regulatory compliance, cybersecurity is now transforming into a critical function that must contribute to overall competitiveness.

Open Letter to the FTC – Bureau of Consumer Protection
linkedin
January 29, 2019

In December 2018 the FTC held hearings on Competition and consumer Protection in the 21st Century. A number of people spoke at the event and the FTC has graciously opened the discussion to public comments. The Federal Trade Commission has interest, certain responsibilities, and can affect changes to how data security evolves. This is our opportunity for the public to share its thoughts and concerns. I urge everyone to comment and provide your viewpoints and expertise to the FTC committee. Comments can be submitted electronically no later than March 13, 2019.

When the Wrong Person Leads Cybersecurity
linkedin
November 19, 2018

Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.

Technology Transformation for 2019
linkedin
November 15, 2018

Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.

Should Companies be Allowed to ‘Hack Back’ after a Cyberattack
linkedin
September 30, 2018

Government officials and experts are weighing in on the concept of ‘hacking back’, the practice of potentially allowing U.S. companies to track down cyber attackers and retaliate.

Beware Friendly Botnets
linkedin
September 18, 2018

The recently discovered Fbot, which finds systems infected with crypto-coin mining malware and scrubs them clean, may seem like a champion of good, but remember it is entering your system without your permission and modifying code and deleting files. We have seen other such ‘cleaner’ worms in the past, and the best advice is to be wary.

“Unhackable” Product Claims are a Fiasco Waiting to Happen
linkedin
August 17, 2018

Those who think that that technology can be made ‘unhackable’, don't comprehend the overall challenges and likely don't understand what 'hacked' means.

Slowing Innovation Should be a Cybersecurity Violation
linkedin
August 04, 2018

Risks come in many forms. Going too fast, being reckless, taking chances, etc. are easy to recognize warning signs. But what about the other end of the spectrum? Is going too slow ever bad? I say yes, especially when it unnecessarily impedes productivity, innovation, operational logistics and intentionally creates frustration of users.

Cybersecurity Fails without Strategy
LinkedIn
July 17, 2018

Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.

Companies in regulated industries and larger businesses will typically invest in an internal team to actively manage the cyber risks with a Chief Information Security Officer (CISO) at the helm. The current incarnation of the CISO position has not really been in widespread use for very long and the role has radically changed over the years. Where they report within the organization, what background and skills they possess, their overall responsibilities, and the desired experience for which they are hired varies wildly from one CISO to the next. The traditional CISO role focuses on protecting company assets, including preserving reputation, preventing downtime, securing data and financial assets, and ensuring regulatory compliance. But some companies are also using the CISO role as an external marketing ambassador to fuel visibility and drum up customers. So, in today’s world it is a mixed bag. Consequently, security teams are managed very differently and there is a major performance gap that needs to be addressed.

Mylobot Showcases the Evolution of Modern Malware
linkedin
June 21, 2018

The recently discovered Mylobot aggregates 9 sophisticated features, highlighting how advanced malware is evolving. Stealth capabilities make it difficult for security tools to detect and protection aspects preserve its functionality over time.

Cybersecurity Fails without Strategy
linkedin
June 17, 2018

Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.

LinkedIn Top Voices 2018: Technology
LinkedIn
November 13, 2018

These are the 10 must-know writers and creators explaining everything from artificial intelligence to battling cyber threats.

Make America Secure Again - Pitch Event
Inteligenca
May 23, 2019

Cybersecurity innovation at its finest! It was my pleasure to moderate and be a panelist at the Make America Secure Again event in Sacramento, where innovators pitched ideas to strengthen the security of America's digital voting systems.

Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. California again shows how it can reach out to the pool of great innovators to seek a variety of solutions for cybersecurity challenges. We must all work together to find ways of managing cyber risks. Outreach and innovation is key.

The Verification of Truth: The Future of Digital Forensics and its Role in Cybersecurity
2019 Techno Security and Digital Forensics Conference
March 11, 2019

As the world embraces digital services and automation of critical systems, understanding risk, attributing actions, and deciphering attack methods will be crucial to the proliferation of connected technology. Trust is key, but transparency is greatly obscured. Forensics will grow to become the verification of truth and will play an ever-increasing role in understanding responsibility and controlling the dissemination of Fear, Uncertainty, and Doubt through actuarial data. Let’s explore the new areas, challenges, and opportunities for the bright future of digital forensics

Cybersecurity Risks and Recommendations – Where Your Focus Needs to Be
http://www.securitysystemsnews.com/blog/psa-tec-wrap
May 10, 2017

Technology convergence across cyber and physical security is driving change. Protection will evolve to include digital security, physical safety, and personal privacy.

How Cyber-Attacks are Changing the Expectations of Security, Privacy, and Safety
2017 ISC West conference
April 06, 2016

Cyber-attacks are an ever increasing problem that reaches out from the digital domain and into the physical world to impact the security, privacy and safety of people, businesses, and governments. The rapid growth of technology adoption and connectivity are driving new opportunities for attackers at an accelerating rate. The result is a radical shift in expectations by consumers and organizations for more comprehensive solutions, streamlined oversight, and clear accountability.

Diversity in Cybersecurity Education
2016 ICT Educator Conference
January 07, 2016

The cybersecurity industry needs more people with greater diversity to fill the growing number of open positions. Intel is very active with internal corporate diversity efforts, establishing strong pipelines, and investing in diverse partners. Additionally, Intel is contributing to the formalization of cyber science degree standards to align educational programs to market demands.

Ransomware: The Not-So Good, Really Bad, and Truly Ugly!
SecureWorld
August 18, 2018

RECORDED LIVE ON AUGUST 28, 2018 — WATCH ON-DEMAND
Ransomware is spreading at an alarming pace and infecting networks across all industries and company sizes, primarily through phishing attacks. The cyber criminals behind the attacks are furiously innovating and keeping ahead of defenses. In this web conference, we will have an interactive discussion on the latest in ransomware threats and how to best protect your organization and yourself against this growing threat.

This session will educate attendees about the newest features of ransomware strains designed to evade detection and spread in new and creative ways. It will also cover recent attacks and how the victim organizations could have better protected themselves.

The session will examine:
• Current phishing trends
• Ransomware and how it is infecting networks
• Effective mitigation strategies
• Recovering from an attack

Harnessing Cyber-Physical Security Technologies
Cyber: Secured Forum (cybersecuredforum.com)
June 05, 2018

A great panel discussion, led by Ray Coulombe of Security Specifiers, with Donal Keating from Microsoft and Jeff Crume of IBM. As the audience is a strong mix of both physical and cyber security professionals, we will discuss how the convergence of technology across both domains will rapidly change to open up new opportunities and risks. Expect topics around Internet-of-Things (IoT), Artificial Intelligence (AI), and blockchain to be discussed by the panel and open questions from the audience.

Hardware-generated dynamic identifier
US Patent Office
June 29, 2017

In an example, there is disclosed an electronic apparatus, comprising: a hardware-encoded internal private key; and one or more logic elements comprising a key generation engine to: receive an third-party key; and operate on the third-party key and the internal private key to generate a hardware-generated dynamic identifier (HGDI). There is also disclosed a method of providing an HGDI engine, and one or more computer-readable mediums having stored thereon executable instructions for providing an HGDI.

SuperDataScience Podcast - SDS 273: Predict, Prevent, Detect: Cyber Security
SuperDataScience.com
June 26, 2019

In this episode of the SuperDataScience Podcast, I chat with Matthew Rosenquist, one of the top leading world experts in the space of cybersecurity. You will learn what balance in cybersecurity means and what the dark web is. You will hear how Matthew's career developed and how he thinks about the strategy of cybersecurity. You will also learn about the valuable role of data science in cybersecurity and the steps you can take to get into this space.

If you enjoyed this episode, check out show notes, resources, and more at www.superdatascience.com/273

Evolving Risks of Cybercrime with Matthew Rosenquist podcast
https://evolveetfs.com/podcasts/
June 07, 2019

Interviewed by Raj Lala, the CEO at Evolve ETFs in his podcast The Innovators Behind Disruption. In the
"Evolving Risks of Cybercrime with Matthew Rosenquist" episode, we covered a number of interesting topics, including the growing challenges in cybersecurity, rise in cybercrime, challenges of ransomware, what governments are worried about, and how to protect yourself.

Cyber/Physical Convergence
2017 InfraGard Atlanta conference
January 18, 2017

Matthew Rosenquist's presentation at the 2017 InfraGard Atlanta conference, discussing the convergence between cyber and physical security.

The True Cost of Data Breaches - Not Just a Dollar per Record
CyberEd.io
March 22, 2016

When an organization suffers a data breach, a number of challenges, impacts, and business decisions contribute to the total of all the associated costs. The scope extends beyond a fixed dollar-per-stolen-record calculation, as it invariably includes expenditures for new security measures, legal fees, third-party forensic services, changes to business processes, as well as a loss of reputation and customer goodwill.

There is a complex set of chain reactions which occur after every significant data breach, each adding its own contribution to the overall cost and business impact.

In this session we'll discuss some real-world experiences regarding data breaches, how the costs exceed the typical dollar-per-record measure, and how organizations are adapting to learn from their experiences. We will also examine what the future holds, as attackers adapt and shift towards new data manipulation methods.

Upgrading to an APT-Capable Defense: Where To Start, How To Get Funding And See Immediate Reduction In Risk
Cybered.io
February 26, 2016

A complete defense cannot be deployed overnight. There are multiple people, process and technology components to consider and implement. In this session, we will help identify where and how resources can be focused to have the biggest immediate risk reduction, discuss lessons learned from real-world deployments and learn how to gain executive sponsorship of the program as a whole, to build momentum and help guarantee success.

Prioritizing Information Security Risks with Threat Agent Risk Assessment
Intel Corp
January 05, 2010

Matthew Rosenquist, while at Intel Corp developed a threat agent risk assessment (TARA) methodology that distills the immense number of possible information security attacks into a digest of only those exposures most likely to occur. This methodology identifies threat agents that are pursuing objectives which are reasonably attainable and could cause unsatisfactory losses to Intel.

It would be prohibitively expensive and impractical to defend every possible vulnerability. By using a predictive methodology to prioritize specific areas of concern, we can both proactively target the most critical exposures and efficiently apply our resources for maximum results. The TARA methodology identifies which threat agents pose the greatest risk, what they want to accomplish, and the likely methods they will employ. These methods are cross-referenced with existing vulnerabilities and controls to pinpoint the areas that are most exposed. Our security strategy then focuses on these areas to minimize efforts while maximizing effect.