A Small Company Takes on the Devil Inside the Beltway (the FTC)

LabMD processes medical specimens. One day, a security services company emailed them advising that its patented searching software, which looks for problems caused by peer-to-peer applications, found a file with sensitive information.

The security company offered its services at $475 an hour in what was interpreted as a shakedown. LabMD refused to play and refused to pay, choosing to mitigate the problem themselves.

The security company turned over its finding to the Federal Trade Commission (FTC) leading to a multi-year, resource-draining battle by LabMD to try prove that they did nothing wrong.

Security Current’s Vic Wheatman spoke with LabMD’s CEO Mike Daugherty, author of The Devil Inside the Beltway: The Shocking Expose of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business. Daugherty talks about taking on a government bureaucracy over matters of principle.

Also, read Security Current’s Richard Stiennon’s review of Daugherty’s book.



Legal Issues with BYOD Security

With Bring Your Own Device (BYOD) increasing in the workplace, the question arises of employer and employee rights governing the use of these employee-owned tablets, laptops, smartphones and other personal devices. What are the rights when these devices are used for work-related activities?

How do you balance productivity and the protection of corporate intellectual property? How does labor law factor into the discussion?

securitycurrent’s Vic Wheatman speaks with Lawrence Dietz, General Counsel and Managing Director of Information Security at TAL Global Corporation on these issues.



Where are the New Security Professionals Coming From?

There is a shortage of operational security professionals, with approximately 100,000 open positions seeking technically qualified people. Supporting education in STEM, sourcing ex-military and promoting people from the ranks of general information technology are some of the ways the market is working to fill the gap.

securitycurrent’s Vic Wheatman speaks with John Pescatore, securitycurrent’s Ask Mr. Security Answer Person and the SANS Institute Director of Emerging Security Trends about the pressing nature of the problem.


How History Impacts Security Around the World

It takes a village to build a secure world. Privacy and security are intertwined. But approaches in America are subtly different than approaches taken in Europe. For Americans infrastructure security is paramount while Europeans are focused on privacy.

Do terrorists win if you don’t buy a firewall? What is the role of Fear, Uncertainty and Doubt (FUD)? securitycurrent’s Vic Wheatman speaks with Johannes Lintzen of Germany-based Utimaco about the different ways information security has evolved around the world.



Securing the API Economy: A CISO Tutorial

With the increase in APIs, and in particular usage with REST-based architecture, developers need to rethink how they secure them. So what should CISOs know about securely developing new mobile, Internet of Things (IoT) or cloud-based applications?

There are multiple security components to consider including new authentication mechanisms, link protection and hardening systems against vulnerabilities.

securitycurrent’s Vic Wheatman speaks with Roberto Medrano, Executive Vice President for SOA Software, about this emerging space.



A Secure Internet of Things Communications Ecosystem

As the Internet of Things (IoT) evolves security is often an afterthought. One of the greatest challenges facing IoT project teams is ensuring the communications links are secure.

securitycurrent’s Vic Wheatman speaks with PubNub CEO Todd Greene on the challenges of securing the IoT. Greene outlines use cases where enterprises as diverse as Coca Cola, Nike, McDonalds and Dodge are using secure data communications for a variety of IoT applications.

The podcast was recorded at the Internet of Things Expo produced by Sys-Con Events in Santa Clara, California.



PKI and Securing the Internet of Things

Whatever happened to public key infrastructure (PKI)? Despite rumors of its demise, PKI is not dead! However, it has essentially disappeared into the applications, processes and products it is now protecting.

The current iteration of PKI is being used to protect devices on the IoT. securitycurrent’s Vic Wheatman speaks with Johannes Lintzen, a security expert at Utimaco, about the evolution of PKI in a world where IP is everything.

This podcast was recorded at the Internet of Things Expo produced by Sys-Con Events in November in Santa Clara, California.



Smart Carpets and Cheney’s Heart – A CISOs Look at the Security of Things

How does a CISO approach the special security and privacy issues involved in a medical setting as the Internet of Things moves forward?

Jeff Misrahi, CISO of AdvantageCare Physicians, a multi-specialty physician practice delivering comprehensive, community-based care throughout the New York metropolitan area, discusses this topic with securitycurrent’s Vic Wheatman.

Misrahi also describes best practices on transmitting data,  wireless devices, how security should ideally be approached in a distributed enterprise and where he fits in the organizational structure.



An Interview with the First CISO, Steve Katz Formerly of Citigroup

Steve Katz, credited with being the first Chief Information Security Officer (CISO), sets the record straight on that honorific. He talks about what it was like being the first CISO, jesting that he slept like a baby, getting up every two hours and crying.

In the first of a two part interview, Katz tells securitycurrent’s Vic Wheatman how he sees the role of CISO. He suggests a new title for it and proposes a process whereby business units would be required – in writing – to accept responsibility should they take risks that the CISO advises against.

Katz now advises Deloitte in security and privacy and heads up Security Risk Solutions LLC.