	HOME \| SINGLE THROW \| CONTACT US \| SITE MAP

Secure IT Live

IT security host and security professional Eric Green discusses IT security issues.

Other Subscriber Options...

Special interview with newly appointed CIO of Heartland Payment Systems - Episode 35

In this episode I speak with Steven Elefant, newly appointed CIO of Heartland Payment Systems.

Steve and I covered a broad range of topics from innovation in the security industry, to the Heartland breach as well as some details of how his company has responded to this incident to greatly improve card processing security.

Heartland's CEO, Bob Carr will be presenting a keynote presentation on the topic of the breach on October 13 in NY at the SC World Congress

eDiscovery, Data Integrity and the Path to Trusted Time Stamping - Episode 34

In this episode I speak with Paul Doyle, Founder & CEO at ProofSpace and Co-Inventor of the company's Transiant Key Technology.

eDiscovery is being talked about more and more, but what does this have to do with infosec and the security professional? Data security and the security professional are indispensable elements in any organizations litigation preparedness or litigation team. Paul is a thought leader in the joint fields of information security and the law about the established importance of eDiscovery and the emerging concern about data integrity, authenticity and time as a trust anchor through Trusted Time Stamping. Paul Doyle has help write the first American National Standard for Trusted Time Stamping, helped establish the Information Assurance Consortium, co-Chairs the AIIM Evidentiary Support - Legal Standards Committee and is an active member and contributing author to work at both the Sedona Conference and the American Bar Association.

White Listing and End-to-End Trust - Episode 33

Back on the show after a number of industry ground breaking announcements is Wyatt Starnes, Founder, CEO and President, SignaCert.

In this podcast we discuss white listing and end-to-end trust; both key components of recent announcements that started at the 2009 RSA Conference with Microsoft - and then continued several weeks later with Applied Identity.

Neil MacDonald at Gartner has been doing some very interesting postings on the topic of Whitelists over the last month or so, which we discuss in this episode, and can be found here:
http://blogs.gartner.com/neil_macdonald/2009/04/03/we-need-a-global-industry-wide-application-whitelist/

For other details relating to this podcast, please visit links below:

SignaCert Patent, Whitelist:
http://www.signacert.com/company/news/press/050409.html

Microsoft/SignaCert Collaboration Announcement:
http://www.signacert.com/company/news/press/042109.html

Applied Identity/SignaCert Announcement:
http://www.signacert.com/company/news/press/051209.html

Non-Vulnerability Based Attacks - Episode 32

I was at the 2009 RSA Conference at the end of April for the whole week and was able to listen to quite a few interesting presentations, walk what I believe is the industry's largest trade show floor and indeed talk to a number of security professionals for my show.

Here is a discussion about attacks that don't exploit vulneratilities in applications but permit misuse or applications only to be detected by behavioural analysis - very interesting conversation. Called non-vulnerability based attacks for obvious reasons, Avi Chesla, Vice President with Radware explains the phenomenon.

Botnets, Malicious Code and Latest Exploit Trends - Episode 31

In this interview I discuss some of the latest trends around propagation of malicious code and botnets among other things with Righard Zwienenberg, Chief Research Officer with Norman.

We also hit on some of the latest vulnerabilities noted in Adobe and Microsoft products.

Electric Sector SCADA Security Issues and Progress - Episode 30

In this instance I was able to find a quiet spot for an interesting conversation with Walter Sikora, Vice President, Security Solutions with Industrial Defender.

Walter has some interesting experience working with some of the 1100 or so facilities that have signed on to meet the NERC CIP regulation which becomes enforcable starting in July. We are all in hopes this regulation and standard is adhered to and helps strengthen this piece of the nations critical infrastructure.

Public sector and first responder credentialing and security - Episode 29

I spent a number of days at the FOSE / GovSec show in DC put on by the 1105 Media Group and had some good conversations with a number of folks over there. The show itself like all others has clearly shrunk in size but there seemed to still be quite a bit of energy on the show floor and in the sessions.

Secure credentialing came to the forefront of all of our minds imediately after the horror of 9/11, although subsequent disasters not the least of which was hurricane Katrina kept the focus on this issue. Keeping track of who we admit to secure locations and sites becomes as important as knowing who is currently at certain secure locations and disaster sites.

There are myriad Federal regulations and standards in this space but at the heart of them all is that 'c' word...convergence. Credentialing is a classic example of the connection between physical and logical security. Now who in the agency or enterprise controls this hardware and technology, well that is a bigger debate.

Here I speak with Chris Broderick, the CEO of CoreStreet and an individual who has a great deal of experience and knowledge in this space.

A familiar device with a new twist - printer security - Episode 28

Over the years I have talked to many sharp industry luminaries about new technologies and the security issues inherent in implementing them that we need to be aware of. A classic one related to this discussion was that of VoIP and how it made IT and IS people come to learn how a phone system can have a direct, and if not properly configured and secured, devastating impact on an organizations network.

Over the last couple of years printers have moved in to the same catagory. Printers and imaging devices (copiers, etc) now are not only connected to our networks but also have a ton of storage on board, raising security, compliance and general internal ownership issues - who owns that piece of the enterprise now, is it still facilities, or is it IT or now how do the IS people fit in?

To help answer some of these questions I was pleased to be able to sit down with Michael R Howard, WW Business Development Manager for Security Solutions in the Imaging and Printing side of HP. Long title I realize, but smart guy, and bottom line, Michael is the guy in the middle of the business of securing printers.

Secure machine to machine wireless commmunications - Episode 27

The first conversation I decided to put on the show was centered around machine to machine wireless communication. This was of particular interest to me given some of the vast changes and updates to smart meter technologies in the electric sector, as well as a major government and private sector move to minimize costs associated with doing business - which includes for instance economizing car and truck fleets among other things. GPS tracking was a key part of this discussion.

To that end, I was pleased to discuss this with Tony Tarsia, Director, Public Sector - KORE Telematics Inc.

Defense in Dimension - a new way of viewing global threat data - Episode 26

In this episode we are discussing global threat analysis and discovery along with the importance of a reputational based approach.

My discussion is with Adam Mikrut, CEO and Founder of DigitalStakeout. Adam has a unique ability to be able to be behind the technology itself but also understand the business trends in the private and public sector that lead to the need for the kind of threat visibility we discuss. Adam is a trusted source for such information to many both in government and industry.

Interview with Joe Pistone, Howard Schmidt and Carlos Solari - Episode 25