Success Criteria for Ending Ransomware
LinkedIn
July 16, 2021
Stopping ransomware from being an impactful menace is the grand goal, but what are the specific criteria for success we should be striving for? Without clear objectives, we are often consumed with trivial aspects and never attain the desired end-state.
See publication
Tags: Cybersecurity, Leadership, Business Strategy
Reevaluating the Work-Life Balance
Medium.com
May 03, 2021
My priorities are my family then my Cybersecurity career. However, I recently noticed that for more than a year, I have not taken a day off. I always make time for my children and wife, but I am also doing work, research, consulting, writing articles, producing videos, or speaking at events every day.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity is Not Reaching its Full Potential
Medium
April 22, 2021
Cybersecurity has evolved with the rapid rise of digital transformation, becoming a crucial element of trust for products and services. No longer just a function of preventing impacts and meeting regulatory requirements, cybersecurity is emerging as a cornerstone for future enhancement of user-experiences, compelling features, and growth into new fields.
See publication
Tags: Cybersecurity, Privacy, Risk Management
We Must Crush Digital Misinformation Before It Destroys Society
Medium
April 19, 2021
Digital communication is connecting people around the globe with tremendous benefits, but is also being misused in terrible ways that take advantage of the community. We are bombarded by misinformation posing as facts, leading to terrible fractures, victimization, and grief to the detriment of individuals and society as a whole.
See publication
Tags: Cybersecurity, Social, Leadership
HMG CISO Executive Leadership Summit
Medium
February 21, 2021
I am looking forward to speaking at the upcoming HMGLive CISO executive leadership event!
I encourage all cybersecurity leaders to attend and interact. This is how we build teamwork, communicate challenges, and share best practices.
See publication
Tags: Cybersecurity, Leadership
Building Smart Cities of the Future Takes a Team of Experts
Medium
February 18, 2021
Today I am honored to join the World Smart Cities Economic Development Commission Advisory Board of the World Business Angels Investment Forum (WBAF), a partner of the G20 Global Partnership for Financial Inclusion (GPFI), to support job growth, digital inclusion, and social justice worldwide.
See publication
Tags: Cybersecurity, Privacy, Smart Cities
More Supply-Chain Cyberattacks are in the Wind
LinkedIn
February 17, 2021
It appears France is the main victim for this recent attack which has several uncanny similarities to the SolarWinds exploitation that exposed thousands of U.S. government agencies, critical infrastructure organizations, and major businesses. Let me be absolutely clear (again), that these attacks have been active for years and will continue to increase in pace, scope, and boldness! According to the French cybersecurity agency Agence Nationale de la sécurité des systèmes d’information (ANSSI), this attack may have begun back in 2017.
See publication
Tags: Cybersecurity, Supply Chain
Rise in Whistleblowing Signals the Need for Formal CyberEthics
Medium
February 16, 2021
Times are changing and whistleblowing is on the rise. People are more empowered to challenge unethical situations in the workplace. Getting ahead can help manage the risks and be used to improve, identify, and resolve caustic situations before they get out of hand.
See publication
Tags: Cybersecurity
Safety Risks Rise Due to Critical Infrastructure Cyber Attacks
LinkedIn
February 09, 2021
The recent attempt by malicious hackers to poison a Florida city water supply, highlights the public risks and exposure of critical infrastructures. Luckily, this incident was detected by an observant technician and mitigated before people were hurt, but it could have turned out far worse.
See publication
Tags: Cybersecurity, Digital Transformation, Leadership
Apple’s CEO Superbly Articulates How Privacy Need Not be Sacrificed for Technology
Medium
February 08, 2021
Tim Cook, CEO of Apple, in a speech at the Brussels’ International Data Privacy Day event, beautifully articulated how technology does not need to undermine privacy.
See publication
Tags: Cybersecurity, Privacy
Another Creepy Case of Hackers Watching People in their Homes
Medium
February 01, 2021
Protect yourself from creepy hackers that watch people on their home cameras.
When it comes to cameras installed inside of homes, there is always a risk of someone else gaining access and watching over you!
See publication
Tags: Cybersecurity, Privacy
Falsely Vilifying Cryptocurrency in the Name of Cybersecurity
Medium
January 31, 2021
I get frustrated by shortsighted perceptions, which are misleading and dangerous is far easier to vilify something people don’t fully understand.
Here is another article, titled Bitcoin is Aiding the Ransomware Industry, published by Coindesk, implying cryptocurrency is the cause of digital crime.
See publication
Tags: Blockchain, Cryptocurrency, Cybersecurity
U.S. the 4th Worst Privacy Offender for Government Collection of Biometric Data
LinkedIn
January 28, 2021
Researchers ranked 96 countries by their collection and use of biometric data. Biometrics are gathered and stored as part of international travel, banking, law enforcement, healthcare tracking, and general surveillance by governments.
See publication
Tags: Cybersecurity, Leadership, Privacy
New U.S. Cybersecurity Leadership Needs More Experience Diversity
Medium
January 25, 2021
President Biden has been quick to name a number of cybersecurity leadership positions, to greatly strengthen the nations capabilities, but there are concerns with the diversity of experience.
See publication
Tags: Cybersecurity
WhatsApp Still Needs to Prove it is Trustworthy
Medium
January 17, 2021
In the aftermath of WhatsApp’s privacy notification to users, that they will again be sharing data with Facebook, there is still a lack of clarity. I see a lot of statements from WhatsApp and general chatter regarding what data they will NOT be sharing. But I have yet to find any specificity on what exact data they WILL be sharing with Facebook. That is very strange and seems misdirecting.
See publication
Tags: Cybersecurity, Privacy
Law Enforcement is Seduced by Big Cybercrime Cases
Medium
January 07, 2021
Some important aspects are changing in law enforcement, when it comes to cybercrime.
In today’s video I look at the social aspects within the law enforcement community, the criminal evolution of cybercrime, and the resulting changes in behaviors that are driving fundamental improvements to cybercrime investigations around the globe.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
China Seizes $4B in Cryptocurrency from Scammers
Medium
December 01, 2020
Governments can still pursue cybercriminals and fraudsters who use cryptocurrency. China authorities have seized over 4 billion dollars worth of Bitcoin, Ethereum, and several other cryptocurrencies as part of a crackdown on the PlusToken scheme that defrauded over 2 million people. This seizure has been approved by the courts after the ringleaders were convicted of Ponzi-type fraud.
See publication
Tags: Cryptocurrency, Cybersecurity
Police Cameras are Providing Facial Recognition Tracking to Criminals in Moscow
Medium
November 17, 2020
Criminals are offering stalking services, through the use of Moscow’s camera system, to identify and track people for $200. Customers provide a picture and the criminals will return a report of where that person has been, where they frequent, and more. Apparently, the data is being gleaned from the police facial recognition camera system, that includes over 100,000 cameras positioned to watch the city.
See publication
Tags: Cybersecurity, Privacy
U.S. Dept of Justice seizes $1 billion in Bitcoin
LinkedIn
November 10, 2020
A billion-dollar mystery has been solved. Cryptocurrency watchers were stunned when they recently saw a billion dollars of Bitcoin being moved from a very old account that has been inactive for years.
The mystery was solved as the U.S. Department of Justice unsealed court filings related to the Ross Ulbricht 2015 Silk Road case. Ulbricht, who ran the infamous dark-web site Silk Road, was convicted and his bitcoin assets seized. But before they all could be grabbed, a hacker stole 70k bitcoins from Ulbricht's accounts. As they say, there is little honor among thieves. At the time it was worth a few hundred thousand dollars, but now it has appreciated to a billion dollars!
See publication
Tags: Cryptocurrency, Cybersecurity, Management
Managing IoT Data Security Risks: The Need to Secure Data in Modern Computing
CISO MAG
October 20, 2020
The demands to defend the information on edge devices have reached a new pinnacle and continues to grow beyond what current capabilities can handle. Legacy cybersecurity systems that ensure the confidentiality, integrity, availability and the proper use of data from edge devices are not sufficient for the growing scale of the Internet of Things (IoT) and Industrial IoT (IIoT). Innovation in technology and process is needed to deliver the robustness necessary to defend against a world of ever-evolving cyber threats.
See publication
Tags: Cybersecurity, IoT, Leadership
Should Governments be Responsible for Protecting the Internet?
Medium
October 13, 2020
Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded by citizens to protect personal access and online security?
See publication
Tags: Cybersecurity, Privacy
Microsoft’s New Tactics Disrupts Trickbot Ransomware
Medium
October 13, 2020
Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnerships to better target and disrupt future malware campaigns!
See publication
Tags: Cybersecurity
Leveraging culture for better cybersecurity?
Medium
October 05, 2020
Join the free webinar on Oct 28th 10am PST to listen to the panel discuss how culture can contribute or destroy cybersecurity!
Colleagues Jack Roehrig, Theo Nasser, and myself will be discussing the importance of weaving a positive cyber culture into organizations as part of a greater set of best-practices for effective cyber strategy.
See publication
Tags: Cybersecurity
We Don’t Want IoT Cybersecurity Regulations
Medium
September 21, 2020
It simply makes no sense to call for IoT devices to be certified safe-and-secure. Before you get bent out of shape, hear me out.
Regulations are unwieldy blunt instruments, best left as a last resort. Cybersecurity regulations are not nimble, tend to be outdated the day they are instituted, and become a lowest-common-threshold for an industry to follow. This stifles security innovation and the application of best practices. On the upside, regulations do force industries that have ignored basic security practices to meet a common standard. But history has shown those industries rarely go any farther than the regulatory requirements. All the data breaches we see in the news every week, almost all of those organization are compliant with regulations, yet they are losing data records by the billions. Compliance does not equal security!
See publication
Tags: Cybersecurity, IoT
Beware of Unified Cybersecurity Solutions Claiming to Help CISO's
CISO Platform
September 17, 2020
Many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s
See publication
Tags: Cybersecurity
Painful IoT Security Lessons Highlighted by a Digital Padlock
LinkedIn
September 15, 2020
The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.
See publication
Tags: Cybersecurity, Digital Transformation, Risk Management
EC-Council Free Online Event for Cybersecurity Skills Development
Medium
September 12, 2020
EC-Council is announcing the #TheNextBigThingInCyber skills development in a free online event on Sept 16th 9:30am EST. EC-Council’s CEO, Jay Bavisi will discuss what it means to Humanize firewalls, build a new era of ethical hackers, empower cyber defenders, and the importance of great penetration testers.
See publication
Tags: Cybersecurity, Edtech
Intel patches 9 vulnerabilities in their management platform
Medium
September 12, 2020
Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. One of them was a critical flaw in AMT that allowed remote privilege escalation CVE-2020–8758
See publication
Tags: Cybersecurity, Risk Management, Supply Chain
Defenders show up to the war on deepfakes
Medium
September 04, 2020
Digitally altered and synthetic media are becoming more of a problem. Openly available tools, including AI Deep Learning, enable the easy modification of pictures and videos for distribution on the Internet. Most are benign; clearing up acne, improving image lighting, creating a funny meme, or perhaps narrowing a waistline for aesthetic reasons. More disturbing is the generation of videos of known personalities, making them appear to make caustic statements or take part in inappropriate activities. These fakes have appeared in political posts, social satire, news media, and pornographic material. Motivations are sometimes for humor, vanity, vindictiveness, or to sway public viewpoints.
See publication
Tags: AI, Cybersecurity, Privacy
Google to offer AI Ethics services to others?
Medium
September 01, 2020
AI Ethics are very relevant and growing in importance as the world embraces artificial intelligence systems.
Google has announced it will it will launch new AI ethics service by the end of the year to help others with tricky ethical challenges involving AI.
See publication
Tags: AI, Cybersecurity, Privacy
Smart Cities Keynote: Security and Privacy After 2020
Medium
September 01, 2020
I am looking forward to a great keynote conversation and Q&A session about the new normal for digital security & privacy of smart cities. As our cities embrace digital technologies to extend and improve services to its citizens, it is important to weave in security and privacy controls to reinforce trust.
Come join my co-speakers Marcelo Peredo, the CISO of the City of San Jose, and Zulfikar Ramzan, the CTO of RSA, as we discuss the evolving cybersecurity challenges and opportunities beyond 2020.
See publication
Tags: Cybersecurity, Privacy, Smart Cities
Sacramento Opens Cybersecurity Opportunities for Covid Displaced Workers
Uptrennd
August 28, 2020
City of Sacramento is leading the way and showcasing how public/private partnerships can help the community and make the digital world safer for everyone! This is a great template for other communities to retrain Covid-19 displaced workers for a career in cybersecurity.
See publication
Tags: COVID19, Cybersecurity
How privacy can decrease safety
HelpNetSecurity
August 03, 2020
Online anonymity can undermine accountability and enable victimization. A balance needs to be struck. The second article of a 2 part series between Matthew Rosenquist and Lisa Thee explores the complexities of digital privacy and outlines some U.S. focused recommendations.
See publication
Tags: Cybersecurity, Privacy
What is privacy and why does it matter?
HelpNetSecurity
July 28, 2020
Privacy is a basic right and a necessary protection in the digital age to avoid victimization and manipulation.
See publication
Tags: Cybersecurity, Privacy
What are are the Top 5 CISO Frustrations?
CISO Platform
July 25, 2020
I was recently asked an interesting question: What are are the Top 5 CISO frustrations with the cybersecurity industry?
After a few minutes of deep thought, this is what I came up with.
See publication
Tags: Cybersecurity
Digital privacy: A double-edged sword
HelpNetSecurity
July 21, 2020
igital privacy is paramount to the global community, but it must be balanced against the proliferation of digital-first crimes, including child sexual abuse, human trafficking, hate crimes, government suppression, and identity theft. The more the world connects with each other, the greater the tension between maintaining privacy and protecting those who could be victimized.
See publication
Tags: Cybersecurity, Privacy, Social
The 10 Worst Cybersecurity Strategies
Medium
July 16, 2020
Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Will AI rescue the world from the impending doom of cyber-attacks or be the cause
mc.ai
July 08, 2020
There has been a good deal of publicized chatter about impending cyberattacks at an unprecedented scale and how Artificial Intelligence (AI) could help stop them. Not surprisingly much of the discussion is led by AI vendors in the cybersecurity space. Although they have a vested interest in raising an alarm, they do have a point. But it is only half the story.
See publication
Tags: AI, Cybersecurity
Teaching AI to be Evil with Unethical Data
Peerlyst
July 04, 2020
Artificial Intelligence has a weakness. Unethical training will result in an evil system. Now more than ever, we need a framework of AIEthics to ensure AI systems are created for the good of society.
See publication
Tags: AI, Cybersecurity, Emerging Technology
Profiling White-Hat Vulnerability Researchers
Medium.com
June 26, 2020
Bugcrowd has released some interesting survey data that provides insights into the white- hat vulnerability researcher community.
See publication
Tags: Cybersecurity
Killer Drones to be Available on the Global Arms Markets
Medium.com
June 24, 2020
Turkey may be the first customer for the Kargu series of weaponized suicide drones specifically developed for military use. These semi-autonomous devices have been in development since 2017 and will eventually be upgraded to operate collectively as an autonomous swarm to conduct mass synchronized attacks.
See publication
Tags: AI, Cybersecurity, Autonomous Vehicles
Intel Designs Chips to Protect from ROP Attacks
Medium
June 16, 2020
It looks like Intel Corporation's Control-Flow Enforcement Technology (CET) will finally be making into products. If it works and is adopted, it should disrupt ROP hacks.
See publication
Tags: Cybersecurity, Emerging Technology
Curiosity Labs Opens Free Test-Track for Autonomous Vehicle Innovation
Medium.com
June 05, 2020
Enabling better security, privacy, and safety
It is always nice to see projects that are open and free to use, to advance technology in secure, private, and safe ways. Curiosity Labs provides startups and established companies a no-cost real-world testing infrastructure to innovate smart city and transportation technologies.
See publication
Tags: Cybersecurity, Autonomous Vehicles, Smart Cities
Misunderstanding the Economic Factors of Cybercrime
Medium.com
May 30, 2020
A new study by Cambridge Cybercrime Centre titled Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies concludes that cybercrime is boring and recommends authorities change their strategy to highlight the tedium in order to dissuade the growth of cybercrime.
See publication
Tags: Cybersecurity
10 Areas of Change in Cybersecurity for 2020
Medium
May 11, 2020
Cybersecurity in 2020 will be evolutionary but not revolutionary. Although there is always change and churn, much of the foundational drivers remain relatively stable. Attacks in the next 12 months are likely to persist in ways already known but taking it up-a-notch and that will lead to a steady escalation between attackers and defenders.
See publication
Tags: AI, Cybersecurity, Privacy
Pivot to Telehealth Brings New Benefits and Risks
LinkedIn
April 27, 2020
Innovations in healthcare bring great benefits but also new risks to security, privacy, and safety.
See publication
Tags: Cybersecurity, Healthtech, Privacy
Preventing a Product Security Crisis
LinkedIn
April 17, 2020
How did Zoom end up in crisis? More importantly, how can these lessons help other businesses avoid a major product security crisis that drives customers away and creates a massive opportunity for competitors consume market share?
See publication
Tags: Cybersecurity, Privacy, Risk Management
Zoom in crisis: How to respond and manage product security incidents
HelpNetSecurity
April 15, 2020
Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Managing the crisis will be a major factor in determining Zoom’s future.
See publication
Tags: Cybersecurity, Privacy, Risk Management
My Pursuit Intensifies to Secure Digital Technology
linkedin
April 01, 2020
For over 30 years I have continually sought-out new professional challenges, been enticed at opportunities to overcome near-impossible obstacles, and have taken on new roles to further the cybersecurity industry.
See publication
Tags: Cybersecurity, Privacy
Cryptocurrency Fraud Reached $4.3 Billion in 2019
LinkedIn
February 18, 2020
Cryptocurrency fraud is aggressively on the rise and topped over $4 billion last year and is shocking to those who thought they had found an incredible investment in the cryptocurrency world, yet were swindled out of everything.
See publication
Tags: Cryptocurrency, Cybersecurity
There is No Easy Fix to AI Privacy Problems
Semiwiki.com
February 08, 2020
Artificial intelligence – more specifically, the machine learning (ML) subset of AI - has a number of privacy problems.
See publication
Tags: AI, Cybersecurity, Privacy
Avast Shuts Down its Data Sales Subsidiary Due to Privacy Backlash
CISO Platform
January 31, 2020
Avast was recently caught selling user's web browsing data. Shortly thereafter the CEO made an apology and announced they were ceasing the Jumpshot data collection activities and winding down company operations. It is time that privacy regulations improve. This situation is playing out again and again for freemium type services and only hints at the greater problem.
See publication
Tags: Big Data, Cybersecurity, Privacy
Privacy Day – Yes it Matters More than You Might Think
LinkedIn
January 28, 2020
Privacy matters to everyone! In fact, more than most people realize. It underpins the very nature of liberty and is a key pillar for online security. Celebrate Privacy Day, with a little more effort in protecting your personal data and supporting a digital world that respects privacy.
See publication
Tags: Cybersecurity, Privacy
Lessons from Microsoft’s 250 million data record exposure
HelpNetSecurity
January 24, 2020
Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. As a former cyber incident commander for a major technology corporation, I can see a number of important lessons to be learned.
See publication
Tags: Cybersecurity, Leadership
There is no easy fix to AI privacy problems
HelpNetSecurity
January 23, 2020
Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems.
See publication
Tags: AI, Cybersecurity, Privacy
Banks are Developing Digital Currencies and Opening Themselves to Cyber Risk
LinkedIn
December 31, 2019
Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies. Banks are developing their own digital currencies. The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat landscape.
See publication
Tags: Blockchain, Cybersecurity, Fintech
The 7 most dangerous digital technology trends
HelpNetSecurity
December 10, 2019
As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally. But there is a catch. For every opportunity, there is a risk.
See publication
Tags: AI, Cybersecurity, Privacy
Cryptocurrency Exchange Hacks are on the Rise
Medium
December 09, 2019
Seven major cryptocurrency exchanges were victimized in 2019, totaling over $160 million in financial theft. As predicted, cybercriminal hackers targeted crypto exchanges in 2019 and the trend will continue into 2020.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Hackers Scan Massive Docker Instances to Mine Crypto
LinkedIn
November 27, 2019
Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.
See publication
Tags: Cryptocurrency, Cybersecurity
AI Based Defensive Systems Impact on Cybercriminal Strategy
PenTest Magazine
November 08, 2019
Good guys are working at a fever pitch to create pre-emptive adversarial attack models to find AI vulnerabilities. But threat actors are working just as fast to develop threats and have the resources (aka money) to build powerful cyber weapons. Who will win this race against time?
Some of California’s top security minds came together during National Cybersecurity Awareness Month to discuss the role of Artificial Intelligence (AI) in cybersecurity. Leading experts from both the private and public sectors joined our Inteligenca Cyber Salon to discuss both the promise and concern about AI. No doubt we heard during this talk that AI is controversial.
See publication
Tags: AI, Cybersecurity, Risk Management
Hacking Phones: How law Enforcement is Saving Privacy
DarkReading
October 30, 2019
In the battle between privacy and security, technology can bridge the gap allowing a healthy balance. We must not fear technology, but rather purposefully wield it in better ways with clear goals of benefits and limitations for abuse.
Here is my latest article, posted on Dark Reading, discussing one such path that may raise concerns with privacy advocates at first glance, but could result in a strategic win for everyone's privacy and security, except criminals.
See publication
Tags: Cybersecurity, Govtech, Privacy
Major Drone Attack Against Global Oil Production Showcases Weak Cybersecurity Thinking
LinkedIn
September 16, 2019
We are entering a new era for conflict that brings with it a synthesis of cyber and physical security that increases global safety risks. Attacks with connected technology, Internet-of-Things (IoT) devices, and Industrial IoT components are ramping up, now attaining levels with serious consequences. The cybersecurity industry is not prepared. It is time we revisit the deeper discussion of converged cybersecurity!
See publication
Tags: Cybersecurity, Digital Transformation, IoT
Criminals Luring in Bitcoin Sellers to Launder Money
LinkedIn
September 13, 2019
With the lure of big cash rewards, cybercriminals are luring-in the bitcoin community to become money laundering mules. This does not end well for anyone except the criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Social
Matthew Rosenquist Joins the Eclipz Advisory Board to make the World of Connected Data More Secure
LinkedIn
September 04, 2019
I am excited to announce that I am joining the Advisory Board of Eclipz! Such a great team working to make the connected world of data more secure across devices, services and even between untrusted endpoints.
See publication
Tags: Cybersecurity, Emerging Technology, Startups
NATO’s Collective Defense for Cyber Attack Remains Fragile
LinkedIn
September 03, 2019
NATO is far from implementing "collective defense" for cyber-attacks. Much work is still to be done before Article 5 is an effective deterrent.
See publication
Tags: Cybersecurity, Govtech, Leadership
Cryptocurrencies Should be Enabled to Blacklist Criminal Holdings
LinkedIn
August 28, 2019
Cryptocurrencies like Bitcoin are heavily targeted and exploited by cybercriminals. There may be something that can be done to assist law enforcement in revocating illicit assets, aid victims, and still preserve the fierce independence autonomy of public blockchain cryptocurrencies.
See publication
Tags: Cryptocurrency, Cybersecurity, Innovation
Do Not Pay Ransomware – A Lesson for Municipalities
Medium
August 19, 2019
Ransomware is getting worse, in part because victims are paying. Poor decisions of certain municipalities is having an impact on their peers. Stop paying criminals! They will be back, stronger than before.
See publication
Tags: Cybersecurity, Govtech
Joining the Advisory Board for the Techno Security & Digital Forensics Conference
LinkedIn
August 15, 2019
I am excited to announce I have accepted a position on the Techno Security & Digital Forensics Conference Advisory Board. I am honored to be part of this team to help drive education, awareness, training, and ethics across the digital forensics and cybersecurity industries.
See publication
Tags: Cryptocurrency, Cybersecurity, Digital Transformation
Binance Cryptocurrency Exchange Refuses to Pay Blackmailers Over a Possible Data Breach
LinkedIn
August 08, 2019
A blackmailer attempted to extort $3.5 million from the Binance cryptocurrency exchange, stating they would release confidential KYC (Know Your Customer) data. Binance has refused to pay the demands and is working with law enforcement to track down the cyber criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Insider Threats in the Digital World are Sinister
LinkedIn
August 07, 2019
The compromise of AT&T is another example of the serious risks posed by insider threats. In this case an external attacker leverages the access and authority of internal people through bribes. Especially in digital environments, trusted insiders have incredible potential to do harm, cause disruption, and undermine trust. They are the submerged part of the cyber risk iceberg that we all must deal with.
See publication
Tags: Cybersecurity, Risk Management
Does Home Depot Respect Customer Privacy?
LinkedIn
July 29, 2019
Raising an issue with the privacy practices at HomeDepot. Why are they unnecessarily gathering personal information of its customers? A privacy savvy community should raise and amplify such issues to drive change.
See publication
Tags: Customer Experience, Cybersecurity, Privacy
Cryptocurrency Exchanges are Cyber Hackers Next Targets
LinkedIn
July 22, 2019
Where will online criminal hackers look next? Cryptocurrency. There are already hacks going on, but this will ramp up significantly as some of the more highly competent criminals are targeting cryptocurrency exchanges.
See publication
Tags: Cryptocurrency, Cybersecurity, Risk Management
Top 10 Things You Should Be Doing to Protect from Cyberattacks
LinkedIn
July 15, 2019
I get asked all the time for a quick answer to the question “How can I protect myself from getting attacked online?”. The simplified answer is to follow these Top 10 best practices.
See publication
Tags: Cybersecurity
Fight for Digital Privacy Rights Continue in Tech-Focused California
LinkedIn
June 27, 2019
The tech heartland of California is the latest battleground for privacy rights. Big tech companies are fighting to dilute upcoming legislation that will require more privacy protections. But is it enough? No! We need even better protections, accountability, and transparency of how our personal data is handled. This is the moment when ethical tech giants can either stand-up to do the right thing by leading the charge for the betterment of their users or lawyer-up to allow hidden practices, abuses, obfuscation, and deniability to continue for their financial gain.
See publication
Tags: Big Data, Cybersecurity, Privacy
Should Exploit Code be Published When Vulnerabilities are Made Public?
linkedin
April 18, 2019
On the heels of a recent report from Kaspersky Labs, discussions among security professionals have been stirred-up regarding the risks of publishing proof-of-concept code that may be helping hackers more than benefiting security. The topic has history and continues to be vigorously debated.
See publication
Tags: Cybersecurity, Privacy
Invitation to Innovators for Voting Technology Security
linkedin
April 15, 2019
Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. I am looking forward to listening to all the excellent concepts for election security at the upcoming event in Sacramento CA. As India is now in the midst of having 900+ million people vote, we too need to figure a way to leverage digital tools for our democracy in a secure, private, trustworthy, and attestable way.
See publication
Tags: Cybersecurity
Role of the CISO: Top 3 Questions
linkedin
February 15, 2019
The role of Chief Information Security Officers (CISO) is evolving and requires a complex skill set. Long perceived as cost center that constrains the business in order to reduce losses from cyberattacks and to meet regulatory compliance, cybersecurity is now transforming into a critical function that must contribute to overall competitiveness.
See publication
Tags: Cybersecurity
Open Letter to the FTC – Bureau of Consumer Protection
linkedin
January 29, 2019
In December 2018 the FTC held hearings on Competition and consumer Protection in the 21st Century. A number of people spoke at the event and the FTC has graciously opened the discussion to public comments. The Federal Trade Commission has interest, certain responsibilities, and can affect changes to how data security evolves. This is our opportunity for the public to share its thoughts and concerns. I urge everyone to comment and provide your viewpoints and expertise to the FTC committee. Comments can be submitted electronically no later than March 13, 2019.
See publication
Tags: Cybersecurity, Privacy
When the Wrong Person Leads Cybersecurity
linkedin
November 19, 2018
Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.
See publication
Tags: Cybersecurity, Privacy
Technology Transformation for 2019
linkedin
November 15, 2018
Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.
See publication
Tags: Cybersecurity, Privacy
Should Companies be Allowed to ‘Hack Back’ after a Cyberattack
linkedin
September 30, 2018
Government officials and experts are weighing in on the concept of ‘hacking back’, the practice of potentially allowing U.S. companies to track down cyber attackers and retaliate.
See publication
Tags: Cybersecurity, Privacy
Beware Friendly Botnets
linkedin
September 18, 2018
The recently discovered Fbot, which finds systems infected with crypto-coin mining malware and scrubs them clean, may seem like a champion of good, but remember it is entering your system without your permission and modifying code and deleting files. We have seen other such ‘cleaner’ worms in the past, and the best advice is to be wary.
See publication
Tags: Cybersecurity, Privacy
“Unhackable” Product Claims are a Fiasco Waiting to Happen
linkedin
August 17, 2018
Those who think that that technology can be made ‘unhackable’, don't comprehend the overall challenges and likely don't understand what 'hacked' means.
See publication
Tags: Cybersecurity, Privacy
Slowing Innovation Should be a Cybersecurity Violation
linkedin
August 04, 2018
Risks come in many forms. Going too fast, being reckless, taking chances, etc. are easy to recognize warning signs. But what about the other end of the spectrum? Is going too slow ever bad? I say yes, especially when it unnecessarily impedes productivity, innovation, operational logistics and intentionally creates frustration of users.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
LinkedIn
July 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
Companies in regulated industries and larger businesses will typically invest in an internal team to actively manage the cyber risks with a Chief Information Security Officer (CISO) at the helm. The current incarnation of the CISO position has not really been in widespread use for very long and the role has radically changed over the years. Where they report within the organization, what background and skills they possess, their overall responsibilities, and the desired experience for which they are hired varies wildly from one CISO to the next. The traditional CISO role focuses on protecting company assets, including preserving reputation, preventing downtime, securing data and financial assets, and ensuring regulatory compliance. But some companies are also using the CISO role as an external marketing ambassador to fuel visibility and drum up customers. So, in today’s world it is a mixed bag. Consequently, security teams are managed very differently and there is a major performance gap that needs to be addressed.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Mylobot Showcases the Evolution of Modern Malware
linkedin
June 21, 2018
The recently discovered Mylobot aggregates 9 sophisticated features, highlighting how advanced malware is evolving. Stealth capabilities make it difficult for security tools to detect and protection aspects preserve its functionality over time.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
linkedin
June 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
See publication
Tags: Cybersecurity, Privacy
Future of Offensive Attack Simulation: Strategies, Tools, and Techniques
CISO Platform
November 24, 2020
In our recent Fireside chat episode in association with FireCompass, between Matthew Rosenquist, CISO Eclipz, and Bikash Barai, Co-Founder, FireCompass, we discussed a bunch of things related to the cybersecurity practices that are gaining momentum and about what the future holds.
See publication
Tags: Cybersecurity
How DevOps and Security Can Work Together
Endpoint.tanium.com
November 18, 2020
Software developers and security pros need to overcome their differences. It’s harder than it sounds, but best practices are emerging.
See publication
Tags: Cybersecurity
2020 Cyber Innovators Summit: Future Threat Panel
The Cyber Institute YouTube Channel
October 31, 2020
Future Cybersecurity Threats In 2021 & Beyond. Matthew Rosenquist, the Chief Information Security Officer (CISO) for Eclipz.io, a Cybersecurity Strategist, and an industry advisor speaks at the 2020 Cyber Innovators Summit's Future Threat panel.
See publication
Tags: Cybersecurity
The Role of Cyber Culture in a Cyber Strategy
RightHand Cybersecurity
October 29, 2020
Watch the recorded webinar "The Role of Cyber Culture in a Cyber Strategy". John (Jack) Roehrig, CISO at Turnitin, and Matthew Rosenquist, CISO and Cybersecurity Strategist at Eclipz.io, share insights on how to incorporate Cyber Culture as part of an organization's Cyber Strategy.
See publication
Tags: Cybersecurity
Podcast: From Reactive To Proactive — The Evolution Of Security And Of The CISO Role | With Matthew Rosenquist
ITSP Magazine
September 16, 2020
EPISODE SUMMARY
Once upon a time —not that long ago—the Information Security field had no rules, definitions, tools, or framework, and it was a new frontier to be discovered and conquered. Now, looking back, we sure have come a long way.
See publication
Tags: Cybersecurity, Leadership, Risk Management
The Only 2 Kinds of Cybersecurity Victims
Innovation Nation Podcast
August 11, 2020
We’re all working from home not thinking about cybercriminals at all.
They’re thinking about us, though.
In this very first episode of Innovation Nation, I interview Matthew Rosenquist, CISO at Eclipz.io, about cybercrime in the time of COVID-19.
What we talked about:
Hardware vs. software vs. wetware (people)
We’re vulnerable during quarantine not because technology but our behaviors
Cybersecurity issues that SMBs need to consider with IOT
Security fears that we have & education that we need
See publication
Tags: Cybersecurity, Privacy, Startups
What's next in Cybersecurity - and how SMEs can protect themselves - Episode #20
TÜV SÜD Safety First podcast
July 31, 2020
In this episode, Matthew Rosenquist, an internationally renowned US-American cybersecurity expert, shares his views on the new normal in cyber security with a special look at SMEs. All too often they are still an easy target for attackers. But with a few basic measures they can protect themselves more effectively. And this is not primarily a question of expensive IT technology.
See publication
Tags: Cybersecurity, Management, Risk Management
Crucial Tech, by Lou Covey - Matthew Rosenquist talks ethics, facial recognition and the potential benefits of AI
Crucial Tech
July 06, 2020
Matthew Rosenquist talks ethics, facial recognition and the potential benefits of AI. He provides an optimistic view of AI ethics and facial recognition, but we are still further than some might think from a successful deployment in the west.
See publication
Tags: AI, Cybersecurity, Privacy
'Cyber Risk Leaders' Tell All @ The Global Virtual Book Club EP 2
YouTube
May 29, 2020
Join Carmen Marsh, CEO of Inteligenca, and 'Cyber Risk Leaders' Author, Shamane Tan as they sit down with featured Cyber Risk Leaders from the book to discuss current cyber security challenges and share from their industry experiences.
In this episode, we meet with Matthew Rosenquist, CISO at Eclipz.io Inc in California who will be talking about the Artificial Intelligence's impact on Cyber Security Strategy.
AI is a tremendously powerful tool that is evolving at a ridiculous rate and being leveraged by both cyber attackers and defenders. It will radically change the cybersecurity strategies that protect our digital world.
See publication
Tags: AI, Cybersecurity
Cybersecurity Issues and Trends - Interview with CybxSecurity
CybxSecurity.com
March 24, 2020
My recent interview with Mark Byrne, from Cybx Security, covered a great range of cybersecurity questions, including new threats and solutions, Artificial Intelligence, DevSecOps, cybercrime, security impacts of Coronavirus, and the future of cybersecurity.
See publication
Tags: Cybersecurity, Risk Management, COVID19
The Entanglement of AI and Cybersecurity Podcast
linkedin
March 10, 2020
The boundaries of cybersecurity will be manipulated by the advances in Artificial Intelligence, the evolution of digital threats, and on ever-adapting leadership.
I had a great time being interviewed by Vaishali Lambe [Lisha] in her podcast SoLeadSaturday because we talked about how cybersecurity and AI are intertwined, how leadership is crucial, and the fact that technology tools are being used for both good and malicious purposes. The growing demands for a security-savvy workforce led us to explore the vast opportunities in the field. Emerging factors magnify the interesting swirls of competing challenges. To cap the discussion, we visualized the future of the industry and discussed the risks.
See publication
Tags: AI, Cybersecurity, Leadership
Past and Future Challenges for Security: ThinkTech Interviews Cybersecurity Strategist Matthew Rosenquist
ThinkTech: Hawaii
December 10, 2019
A look back at some of the missteps in 2019 across the convergence of cyber and physical security, with discussions on what challenges are ahead for the next year.
Thanks to Andrew Lanning for hosting me as a guest on the ThinkTech livestream show! Great questions and unscripted dialog about the evolving risks and opportunities of Artificial Intelligence, privacy, cybercrime, automation, and connected devices. Security matters!
Watch on YouTube: https://youtu.be/KQjuHVc3lbM
See publication
Tags: AI, Cybersecurity, Privacy
Thinkers360 Predictions Series – 2020 Predictions for Cybersecurity
Thinkers360
November 25, 2019
Having recently published our Top 50 Global Thought Leaders and Influencers on Cybersecurity, we asked a selection of our Thinkers360 global influencers about their predictions for Cybersecurity in 2020. Here’s what they told us…
See publication
Tags: Cybersecurity, Digital Transformation, Predictive Analytics
Humans, complacency, ignorance delay AV deployment
EEWeb
November 05, 2019
We have a long way to go before we see autonomous vehicles on the roads in any number
Is the autonomous vehicle (AV) going to be widely distributed in our lifetimes? Sure, just as soon as you eliminate human involvement, complacency and ignorance (was that repetitive?) from development. Until then, AVs are just going to be a rarity on the roads.
See publication
Tags: AI, Cybersecurity, Autonomous Vehicles
Winning the security fight: Tips for organizations and CISOs
HelpNetSecurity
October 09, 2019
For large organizations looking to build a robust cybersecurity strategy, failure to get the fundamentals in place practically guarantees a disaster. If you ask Matthew Rosenquist, a former Cybersecurity Strategist for Intel (now independent), overcoming denial of risk, employing the right cybersecurity leader, and defining clear goals are the three most critical objectives for avoiding a negative outcome.
See publication
Tags: Cybersecurity, Leadership, Risk Management
SuperDataScience Podcast - SDS 273: Predict, Prevent, Detect: Cyber Security
SuperDataScience.com
June 26, 2019
In this episode of the SuperDataScience Podcast, I chat with Matthew Rosenquist, one of the top leading world experts in the space of cybersecurity. You will learn what balance in cybersecurity means and what the dark web is. You will hear how Matthew's career developed and how he thinks about the strategy of cybersecurity. You will also learn about the valuable role of data science in cybersecurity and the steps you can take to get into this space.
If you enjoyed this episode, check out show notes, resources, and more at www.superdatascience.com/273
See publication
Tags: Analytics, AI, Cybersecurity
Evolving Risks of Cybercrime with Matthew Rosenquist
podcasts.apple.com
June 07, 2019
The Innovators Behind DISRUPTION - Episode 27 by Evolve ETFs
Evolving Risks of Cybercrime with Matthew Rosenquist
- Growing systemic challenges in cybersecurity
- How the public sector can protect itself from cybercrime
- The NSA and its role in the recent Baltimore ransomware attack
- Opinions on Baltimore’s decision not to pay their cyber attackers
- CEOs recognizing cybersecurity as a major business risk
- Cybersecurity demand and spend
- Government concerns about cyber threats
- Advice on how to protect yourself from cyber attacks
See publication
Tags: Cybersecurity, Risk Management
Don't trust a company to keep you safe
Podcasts.apple.com
March 12, 2019
Interview of Matthew Rosenquist, Cybersecurity Strategist. Podcast by Lou Covey
A range of topics, including nation state attacks, data breaches, ransomware, Artificial Intelligence, dark web, and the perception of perfect security
See publication
Tags: AI, Cybersecurity, Privacy
Why REvil Ransomware Group Suddenly Disappeared
Medium
July 20, 2021
The notorious REvil ransomware cybercriminal group suddenly disappeared without explanation, spurring lots of speculation in the cybersecurity community. In this week’s video, we go over the results of a recent poll among security professionals that revealed what they believed was behind the REvil’s disappearance and if they will be back.
See publication
Tags: Cybersecurity
Ransomware Explained — Ending Ransomware
Medium
July 16, 2021
Stopping ransomware from being an impactful menace is the grand goal, but what are the specific criteria for success we should be striving for? Without clear objectives, we are often consumed with trivial aspects and never attain the desired end-state.
See publication
Tags: Cybersecurity
Ransomware Explained — 3 Fundamental Ways to Stop Cyberattacks
Medium
July 07, 2021
There are only 3 fundamental ways to stop attacks from motivated and intelligent adversaries.
Let’s identify and explore those options, and discuss how they may be applied to undermine Ransomware.
This video is the latest installment of a multi-part series on Ransomware. The series is free on the Cybersecurity Insights YouTube Channel.
See publication
Tags: Cybersecurity
Ransomware Cybersecurity Fireside Chat
Medium
June 29, 2021
See publication
Tags: Cybersecurity, Privacy, Risk Management
Ransomware Explained — Understanding the Attackers
Medium
June 24, 2021
Understanding the attackers is the first step in identifying an effective, efficient, and sustainable paths to mitigating the risks of ransomware.
See publication
Tags: Cybersecurity, Privacy
Ransomware Explained Video Series
Medium
June 09, 2021
Ransomware is a rising threat to every organization, device, and person connected to the Internet. All the products, services, and critical infrastructures are at risk of being victimized. We are all being impacted by this type of cybercrime and it is only the beginning.
See publication
Tags: Cybersecurity, Risk Management
2 Biggest Factors Driving the Future of Cybersecurity
YouTube
June 03, 2021
Cybersecurity can appear random and chaotic, but there are basic fundamentals that drive the course of cyberattacks.
In today’s video, I dive into the two biggest factors that shape cybersecurity risks, attacks, and what drives the direction of the security industry.
See publication
Tags: Cybersecurity, Social, Business Strategy
Paying Ransomware Should be Illegal
Medium
May 26, 2021
Ransomware is a growing problem that must be STOPPED! Cybercriminals are accumulating fortunes by impacting individuals, businesses, critical systems, and digital services. Some victims are paying ransoms in the tens of millions of dollars.
See publication
Tags: Cryptocurrency, Cybersecurity
The Colonial Pipeline Cyberattack Might be Good for America
Medium
May 17, 2021
The Colonial Pipeline ransomware attack, that caused fear of fuel shortages on the US East Coast, might be exactly what the nation needed to improve Critical Infrastructure security!
See publication
Tags: Cybersecurity, Privacy
Top 10 Things the Industry Can Do Now to Mitigate Digital Supply-Chain Attacks!
Medium
May 11, 2021
The SolarWinds and Exchange supply-chain attacks have highlighted how vulnerable 3rd party and vendor security is for every organization.
See publication
Tags: Cybersecurity, Supply Chain
Where Should a CISO Report Into?
Medium
May 03, 2021
Where should a CISO report into within an organization? No common standard exists as we can find them operating under many different organizations, including IT, Legal, the CTO, and CEO just to name a few.
See publication
Tags: Cybersecurity, Management, Risk Management
What’s Broken with M&A Cybersecurity
Medium
April 26, 2021
Cybersecurity for Mergers and Acquisitions is a mess. There are a surprising number of significant unforeseen risks that can wreak havoc on M&A deals. In this week’s fireside chat, I am joined by Justin Daniels, General Counsel/Cybersecurity/Data Protection SME at Baker Donelson, and Alex Rayter, Principal at Phoenix 2.0 Inc, to discuss the due diligence, risks, and recommendations to better understand and manage the challenges.
See publication
Tags: Cybersecurity, Privacy, Mergers and Acquisitions
Good and Bad of Google’s Project Zero Vulnerability Disclosure Changes
Medium
April 19, 2021
Google’s infamous Project Zero vulnerability research team recently announced it is changing its disclosure policy to be more friendly to product vendors. But is that good for cybersecurity?
See publication
Tags: Cybersecurity, Privacy
Zoom Critical Vulnerability Discovered
Medium.com
April 12, 2021
A new vulnerability has been discovered in the popular Zoom online conferencing tool that allows an attacker complete remote control over the targeted system, without any involvement by the user. As vulnerabilities go, this is pretty bad. But there is some very good news about this exploit.
See publication
Tags: Cybersecurity, Privacy
Stopping the Runaway Ransomware Epidemic
Medium.com
April 06, 2021
I see many government politicians positioning a ban of cryptocurrency as a solution for ransomware. That would simply not world. It would create an obstacle for cybercriminals, but one they would pursue to overcome. At most, it would be a temporary setback for cybercriminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Chaining Exploits are Taking Vulnerabilities to a New Level
Medium
March 30, 2021
Cyberattacks are leaping ahead in sophistication and the industry is not prepared.
As an example, Google Project Zero team recently detected attackers that exploited a combination of seven previously unknown vulnerabilities (0-days) to hack fully patched Windows, Android, and IOS systems.
See publication
Tags: Cybersecurity, Privacy
A Simple Solution to Crush Digital Misinformation
YouTube
March 22, 2021
Digital communication is connecting people around the globe with tremendous benefits, but is also being misused in terrible ways that take advantage of the community.
See publication
Tags: Cybersecurity, Digital Transformation, Privacy
DeepFakes — the Digital Future of Forgery
Medium
March 18, 2021
DeepFake technology is readily accessible and rapidly increasing in its capabilities. It will be used for both entertainment and malicious activities. In today’s short video I talk about some of the misuse we are already seeing and how there are counter-efforts to identify deepfakes.
See publication
Tags: Cybersecurity, Privacy
Cyber Threats Porting Malware to Apple Chips
Medium
March 10, 2021
Cyber threats are adapting their malware to work on new Apple chips that will power their products. The shift to a multi-architecture design will allow attackers to target the next generation of Apple systems and potentially exploit any discovered vulnerabilities.
See publication
Tags: Cybersecurity, Privacy, Risk Management
What SMB’s need to know about Cybersecurity
Medium
March 08, 2021
Small and medium businesses aren’t paying attention when it comes to cybersecurity. They are being targeted. Even with limited resources SMB’s can greatly improve their cyber defense. Many free resources are available that identify good practices to bolster cybersecurity of any sized organization.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Who do Executives Blame for Cybersecurity Failures?
Medium
March 03, 2021
My rant in response to the former CEO of SolarWinds pointing the finger of blame at an intern in an attempt to redirect cybersecurity responsibility, highlights a lack of understanding and accountability within the c-suite.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Nation State Cybercriminals are a Risk to Everyone
Medium.com
March 01, 2021
Most nation-state activities are focused on intelligence gathering, political manipulation, interference with critical infrastructure, and subverting military capabilities. These indirectly affect everyone, but don’t represent a direct threat to everyday citizens.
See publication
Tags: Cybersecurity, Risk Management
Not Paying Ransomware is the Only Way We All Win
Medium.com
February 22, 2021
Ransomware is on the rise because cybercriminals are being rewarded. Those who are impacted have been paying the ransoms, thereby funding and encouraging attackers to expand and target others.
See publication
Tags: Cybersecurity, Risk Management
If I Were a Nation-State Hacker Looking to Conduct Supply Chain Attacks
Medium
February 10, 2021
Cyber threats are racing to find and exploit the next big Supply-Chain hack. Compromises like that of SolarWinds represent a tectonic shift in the Cybersecurity world, where the compromise of a single software supplier can expose all their customers for victimization by attackers.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Top 3 Missions of a CISO
Medium
February 03, 2021
Every Chief Information Security Officer should have a strategic plan that defines the key deliverables to enable success.
See publication
Tags: Cybersecurity, Edtech, Privacy
Cautious Optimism and Grave Concerns as Intel Integrates Cybereason into Chips
Medium
January 27, 2021
Intel and Cybereason just announced that they are working to integrate Cybereason to collect data from hardware to software levels, with the goal of protecting users from ransomware.
See publication
Tags: Cybersecurity
Finding the Next SolarWinds Type of Supply Chain Attack
Medium
January 20, 2021
The SolarWinds compromise showed that supply-chain attacks are possible and the ramifications can be tremendously impactful. Other nation states will be investing in efforts to duplicate this success. That makes IT tools, security products, hardware & firmware vendors, and cloud service providers prime targets for exploitation.
See publication
Tags: Cybersecurity, Supply Chain
Cybersecurity Value is About Protecting Intangible Assets
Medium.com
January 14, 2021
Intangibles now account for 90% of the S&P’s total assets and it is no accident that the core of cybersecurity has evolved to protect those aspects of the business. It is a natural progression for security to align with protecting the most important assets. This is a crucial element when communicating the value and relevance to audiences.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Why are Cybersecurity Roles Confusing
Medium.com
January 11, 2021
The cybersecurity field is dynamic and the roles and responsibilities are ever changing. People coming into the cybersecurity field often expect clearly defined positions and are surprised at the significant variance when looking at job descriptions or talking with professionals.
See publication
Tags: Cybersecurity, Management, Privacy
The CISO Dilemma - When Leadership Ignores Risks
YouTube
December 24, 2020
What should a CISO do when the executive leadership chooses to ignore critical cyber risks? If the C-Suite and board are well informed of imperative vulnerabilities and yet choose a path to ignore security, the CISO is put in a position where they are incapable of effectively managing risk, yet still responsible when incidents occur.
Let’s break down the problem, from what a CISO must do, how people disposition risks, and finally the recommended actions.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Objectives of Nation State Cyber Attackers
YouTube
December 21, 2020
It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.
Today I discuss the 4 primary reasons why Nation States conduct cyber warfare activities and evaluate that against what we currently know of the SolarWinds hack to gain a better sense of the scale and strategic value to the infiltrators.
See publication
Tags: Cybersecurity
Leaders and Losers of the SolarWinds Hack
YouTube
December 20, 2020
The SolarWinds hack has had a significant ripple effect on the cybersecurity community, with over 18k organizations discovered to be severely vulnerable and at the mercy of nation-state hackers. The security community realized some of the biggest companies, most sensitive government agencies, and critical infrastructure were at risk. Some organizations have shown leadership, most have remained quiet, and a few have decided to take advantage of the fear to sell their wares and pursue profits.
Time to call out the leaders and deceivers.
See publication
Tags: Cybersecurity
Missing the Big Picture from the SolarWinds Hack
YouTube
December 15, 2020
The cybersecurity industry is consumed with scale and effectiveness of one of the biggest hacks in recent memory. The emerging narrative and stories are missing important pieces of the puzzle. The attackers, likely a nation-state, gained unprecedented access to the U.S. government, military, critical infrastructure, and most major businesses. The full scope and reasons are not clear, but it is imperative to figure out. The mystery must be solved, for the benefit of everyone, so we can prepare for what is next.
See publication
Tags: Cybersecurity
Evolution of Law Enforcement is Driving Changes Cryptocurrency
LinkedIn
December 14, 2020
There is an important transition that is happening with law enforcement’s adaptation to digital currencies. Authorities are seizing billions worth of criminal’s cryptocurrency and their improving skills are proving crypto is not the safe haven that criminals thought it to be.
See publication
Tags: Cryptocurrency, Cybersecurity
FireEye Hacked – A Stark Reminder of Cybersecurity Risks
YouTube
December 10, 2020
Even the best security organizations can be hacked! Watch my message to both the cybersecurity industry as well as those attackers that hacked FireEye and stole the RedTeam tools. This skirmish went to the hackers, but the battle continues.
See publication
Tags: Cybersecurity
Apple App Store Will Require Privacy Transparency
YouTube
December 07, 2020
Apple is instituting new privacy requirements, for all new applications being listed in the App Store, to enhance transparency and educate users. It is an important step, but additional measures are needed to ensure compliance.
See publication
Tags: Privacy
Why TrickBot Malware may be a Game Changer for Cybersecurity
YouTube
December 04, 2020
Cyber attackers continue to move down the compute stack with the latest variant of TrickBot now targeting firmware for malicious manipulations. This is when it gets serious.
See publication
Tags: Cybersecurity
Some Justice for Phone Scammers
YouTube
December 02, 2020
Some justice was delivered to the leader of a major phone scam ring based out of India. You are probably familiar with those spam calls that threaten money is owed to the IRS and if you don’t pay over-the-phone you will be arrested. Total scam. This criminal will be spending some quality time behind bars, thanks to the U.S Dept of Justice and international cooperation. A good day.
See publication
Tags: Cybersecurity
Top 3 Recommendations to Avoid Online Holiday Fraud and Scams
YouTube
December 01, 2020
The holidays are a time for increased online fraud and scams. All of us need to follow the best security practices to keep our holiday from turning into a digital disaster.
The Cybersecurity Infrastructure Security Agency (CISA.Gov) has some good tips for safe online shopping https://www.cisa.gov/shop-safely
See publication
Tags: Cybersecurity
Disable Amazon Sidewalk for Now
YouTube
November 25, 2020
Amazon is releasing their Sidewalk network feature that opens users home network to connect with neighbors that also have Amazon products like the Echo devices and Ring security cameras. Amazon is turning Sidewalk ON by DEFAULT! That is concerning. Such a network could enable a host of new capabilities but might also introduce new cyber risks to participants.
See publication
Tags: Cybersecurity
Intel in Denial of the Latest SGX Secure Enclave Vulnerability
YouTube
November 19, 2020
Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology. The most disturbing aspect is not the vulnerability itself, but rather how Intel has responded to researchers and news outlets. Pure denial.
As a shareholder and former employee, I am gravely disappointed!
See publication
Tags: Cybersecurity
New Zealand Releases a Privacy Data Breach Self Test Tool
YouTube
November 16, 2020
The small country of New Zealand is showing great privacy leadership by releasing a tool to help businesses determine if a cybersecurity incident is considered a Data Breach.
See publication
Tags: Privacy
Inaccurate Predictions about Cybersecurity is Dangerous
Medium.com
November 12, 2020
I may offend some people, so for those who don’t want to hear my rant, skip this video.
Recent cybersecurity predictions aren’t just wrong, they are dangerous
I am disappointed in the recent comments that Michelle Zatlyn, the co-founder and COO of Cloudflare, made regarding the future of cybersecurity.
She stated Cybersecurity would be “a thing of the past the next decade” and that instead it will work like a water filtration system.
She is wrong. Dead wrong.
See publication
Tags: Cybersecurity
Deloitte's 'Test your Hacker IQ' Proves Vulnerable to being Hacked
YouTube
November 10, 2020
A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked. This incident showcases a number of important lessons for every organization that wants to avoid such embarrassment.
See publication
Tags: Cybersecurity
U.S. Dept of Justice seizes $1 billion in Bitcoin
YouTube
November 09, 2020
A billion-dollar mystery has been solved. Cryptocurrency watchers were stunned when they recently saw a billion dollars of #Bitcoin being moved from a very old account that has been inactive for years.
U.S. Dept of Justice unsealed court filings related to the Ross Ulbricht 2015 Silk Road case. This is momentous! Such a seizure puts most others to shame and it will likely drive some changes in law enforcement. In the video, I discuss how this case will change enforcement and criminal practices moving forward.
See publication
Tags: Cryptocurrency
Intel’s Secret Key to Decrypt Microcode Patches is Exposed
YouTube
November 02, 2020
Vulnerability researchers hacked Intel’s update process and captured the secret key that decrypts Intel microcode updates. This important finding exposes another layer of security that protects CPUs from malicious manipulations. Intel’s response downplays the true significance, seeking to pacify concerns, while ignoring the strategic implications.
See publication
Tags: Cybersecurity
Cybersecurity Awareness Month – Accept My Challenge
YouTube
October 25, 2020
October is Cybersecurity Awareness Month. It is a time to consider the risks we accept everyday when using computers and what we can do to better protect ourselves.
I have a challenge for each and every person. Something that will help people individually and everyone collectively.
See publication
Tags: Culture, Cybersecurity, Social
NSA Reveals the Top Vulnerabilities Exploited by China
YouTube
October 23, 2020
The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data.
The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information from foreign companies and countries.
See publication
Tags: Cybersecurity, Risk Management
Charges Against Russian Nation-State Hackers Sends a Message
Medium
October 22, 2020
The U.S. Department of Justice filed charges against six Russian agents, identified as members of the APT group known as Sandworm. The unsealed documents reveal that the six suspects are all current or have former ties to the Russian foreign intelligence agency, the GRU. The charges outline how this group is supported and coordinated by the Russian government to conduct hacks against people and governments around the world, including taking down the Ukraine power network and unleashing NotPetya malware, one of the most damaging in history.
See publication
Tags: Cybersecurity, Govtech
Cyber Threats Enhance Phishing with AI and Worm Functions for Rapid Disruption
Medium
October 20, 2020
New phishing malware leverages Artificial Intelligence and worm functionality to rapidly spread to contacts of victims. By leveraging previously established relationships the malware can bypass technical controls and easily fool new targets into becoming infected.
See publication
Tags: AI, Cybersecurity
Apple T2 Chip Vulnerability Challenges the Industry
Intel Corp
October 18, 2020
Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched! The announcement adds to the growing concerns and shifting perceptions about hardware security.
See publication
Tags: Customer Experience, Cybersecurity, Privacy
Is Paying Ransomware Now Illegal?
Medium
October 16, 2020
Security experts say don’t pay ransomware, but now the U.S. Treasury Department is now declaring it illegal! Every company on the Internet must deal with the threat and emerging regulations.
Ransomware continues to be a growing problem because victims have been rewarding the attackers. If regulations expand, the option to pay-off the criminals will no longer be viable. We must address ransomware in a more proactive way. It is time to get focused and start thinking strategically.
Subscribe to my new YouTube channel for more Cybersecurity Insights, rants, news, and perspectives.
See publication
Tags: Cybersecurity
Microsoft's New Tactics Disrupts Trickbot Ransomware
YouTube
October 13, 2020
Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnerships to better target and disrupt future malware campaigns!
See publication
Tags: Cybersecurity
Should Governments be Responsible for Protecting the Internet?
YouTube
October 12, 2020
Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded by citizens to protect personal access and online security?
See publication
Tags: Cybersecurity, Digital Transformation, Privacy
Cyber Security Initiative Strategic Council
EC-Council International Advisory Board for CISOs
Helping Academia Succeed So Cybersecurity Can Thrive
Matthew Rosenquist Joins the Eclipz Advisory Board to make the World of Connected Data More Secure
Matthew Rosenquist Joins the Advisory Board for the Techno Security & Digital Forensics Conference
Contributing to the SIA Education @ ISC Advisory Board
Joint Task Force on Cybersecurity Education
Honored to Join the HMG CISO Advisory Board!
Brandeis University Graduate Professional Studies Advisory Board Member
Received a 2021 Global Leadership Award
Top Writer in Privacy by Medium
2019 ADA award for Outstanding Leadership in Protecting People’s Information
LinkedIn Top Voices 2018: Technology
Make America Secure Again - Pitch Event
The Verification of Truth: The Future of Digital Forensics and its Role in Cybersecurity
Cybersecurity Risks and Recommendations – Where Your Focus Needs to Be
How Cyber-Attacks are Changing the Expectations of Security, Privacy, and Safety
Diversity in Cybersecurity Education
2021 HMG Strategy Silicon Valley CISO Executive Leadership Summit
Speaking at the HMG Atlanta Virtual CIO Summit
The Role of Cyber Culture in a Cyber Strategy
VShield 2020 Cybersecurity Conference
Modern Successful SOC & Artificial Intelligence round-table
Shared Pain Points & Opportunities for Secure Smart Cities
Ransomware: The Not-So Good, Really Bad, and Truly Ugly!
Harnessing Cyber-Physical Security Technologies
Hardware-generated dynamic identifier
Good Data Morning Show — LIVE!
Focus of Cybersecurity is to Manage Digital Risk
Can Google’s New AI Ethics Service Be Of Any Help?
Demystifying Internet of Things Security: Successful IoT Device/Edge and Platform Security Deployment
Confident Data Skills: How to Work with Data and Futureproof Your Career
Wireless Health: Remaking of Medicine by Pervasive Technologies
HMG Live! CISO Virtual Summit
Evolving Risks of Cybercrime with Matthew Rosenquist podcast
Cyber/Physical Convergence
The True Cost of Data Breaches - Not Just a Dollar per Record
Upgrading to an APT-Capable Defense: Where To Start, How To Get Funding And See Immediate Reduction In Risk
The Next Disruption: Hybrid Working
Future of Offensive Attack Simulation: Strategies, Tools & Techniques
McAfee Labs 2017 Threats Predictions
Prioritizing Information Security Risks with Threat Agent Risk Assessment
Cybersecurity Strategy Advisement and Event Speaker