8th Layer Insights
This is the first of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. We touched on facets of Awareness in Episode 1 and Behavior in Episode 3. These two episodes cover the cybersecurity ABCs in a very pragmatic way, with this episode covering Awareness and Behavior and Episode 10 providing a deep dive into Culture.
Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2).
In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’s “One Million Dollar Paranormal Challenge” for 15 years and is now the President of the James Randi Educational Foundation. Perry and Banachek discuss Project Alpha, the ways of fake psychics and fraudulent faith healers, and issues associated with confirmation bias and framing effects. They also discuss Banachek’s new live mentalism show in Las Vegas, which incorporates theatrical mindreading and other mentalism effects along with a storyline that explores Banachek’s life, antics, and passion for critical thinking.
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).
In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach. In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy.