Blog

Exponential Organization Security Using API’s

6 years ago, a book by Salim Ismail came out called “Exponential Organizations,”  In it, he talked about the importance of CIOs dominating APIs. Ismail wrote about APIs from the perspective of using them for data transfers between businesses. Fast-forward to today, and APIs have become very important in the security world.

In our Security Talk Show with James Crifasi, CTO at RedZone Technologies discussed how modern CIOs should tailor the APIs they focus on based on their discipline: “So if the CIO is being focused on IT administration and security and infrastructure, that’s really the API they should be worried about, is their authentication API. Everything bridges from that.”

#173: Hacking Multifactor Authentication – Interview With the Best in the World at Computer Security Defense – Roger Grimes

Roger Grimes‘ expertise in the field of computer security is unparalleled. He describes himself as the best in the world when it comes to computer security defense- and he has the credentials to back up this assertion.

He works with Kevin Mitnick who he calls the best Offensive Security guy in the world, but he calls himself the best when it comes to Defense.

As all of you know by now I love Offense and Defense Innovation so this interview falls squarely into the category of Defense Innovation for sure.

With more than 40 computer certifications and twelve books authored or (Co-authored) on computer security, Roger has spent over three decades imparting his knowledge to audiences worldwide.

His current title is Data-Driven Defense Evangelist at KnowBe4. He is the author of the new book, Hacking Multifactor Authentication.

Roger is a 33-year senior computer security architect and cybersecurity veteran specializing in general computer security, identity management, PKI, Windows computer security, host security, cloud security, honeypots, APT, and defending against hackers and malware. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee, and Microsoft.

In this time of remote workforces and distributed endpoints, Roger advocates for Multi-Factor Authentication. However, MFA is not the end all be all for security. The vast majority of hacking doesn’t care about your MFA. It’s all about reducing your risk, according to Roger.

Throughout his many years in the industry, Roger a universal mission that drives all of his actions- to make the internet a safer place. Roger says if he leaves the Earth without accomplishing that feat, he has failed.

I also provide how you can connect with him on Linkedin. He has over 25k followers.

We’ve been sold by the industry that MFA is a Warm Blanky and Panacea for all security ills.

Learn more deeply about this topic as it is critical to your distributed security architectures moving forward

I’m excited to share this conversation with such a distinguished and world-renowned Security Defense Specialist.

Continue reading

The Power of Mentors in Developing Award Winning CIO Leaders

I love the concept of mentors and mentorship. I’ve talked a lot about the value that my mentors have provided me both personally and professionally. I don’t know where I would be without their wisdom and guidance.

This prompted me to ask Sarah Angel-Johnson, CIO at Save the Children, former CIO at Year Up, about her experience with mentors.

Sarah tells a story of her early days at IBM in Poughkeepsie, New York, where an attempt at teambuilding could have gone awry but didn’t, thanks to her mentor in HR. Sarah says, “And it was because of this incredible person that entered into my life, who could have pushed me out of IBM completely. And she didn’t. She coached me; she helped me understand the different options that I have to make this a win-win for everybody.”

Security Strategy Education For Integrated Cloud App Security, SSO, MFA and Conditional Access

“In today’s world you have to look at [your Salesforce] because with everyone leaving the building, and with more and more cloud being implemented, and there’s always some difficulties with cloud logs hitting your SIEM the same way on-prem logs used to hit your SIEM, that you really have to look at that to make sure you have the right data set.”

This quote from RedZone Technologies‘ CTO James Crifasi speaks to the importance of getting your third-party security service correct because of the change in the working dynamic. Getting out of the “if it isn’t broke, don’t fix it” mindset and always striving for constant improvements will help ensure you have a more defensive overall security posture.

 

ATO Account Take Over Protection Must Be Integrated With SSO,MFA And Conditional Access

You aren’t just protecting yourself with Account Takeover Protection- you’re protecting the people you know from your accounts as well.

Things like ACH wire transfer frauds and phishing occur when your accounts have been compromised, and bad actors impersonate you to harm the people you know.

To prevent this from happening, you need security in layers. Account takeover is integrated with SSO, Conditional Access, and MFA. All of these things work together to prevent there from being backdoor ways to access your information.