Episodes

  • Don't Call Me Stupid!
    Nov 5 2024

    Join these two stupids, as they stupidly discuss what not to do during a security incident, because it could make you, wait for it, look stupid.

    https://www.youtube.com/watch?v=85aiUbvD-k0

    Show more Show less
    24 mins
  • CROWDSTRUCK!
    Sep 14 2024

    Join Randy and Jim as they talk about the implications of last month's CrowdStrike outage, and how you, as a security leader, can help avoid that kind of impact in the future.

    Show more Show less
    26 mins
  • I scream - you scream - RED TEAM!
    Jul 8 2024

    Join Randy and Jim as they talk about what a Red Team is, and is not, for your cybersecurity organization.

    Show more Show less
    24 mins
  • Getting our SAAS Kicked!
    Jun 4 2024

    Hey there, Leader Today. In today's episode of Security on Tap, we dive deep into the world of Software as a Service (SaaS). Join Randy and Jim as they explore what SaaS is, why it poses significant security risks, and what steps you can take to mitigate those dangers.

    We start with an eye-opening statistic: the average company used around 15 SaaS services in 2015-2016, but that number has skyrocketed to 150-200 today. This explosive growth has led to a shift where many non-core business processes are now housed outside the core business, creating a blurred network boundary and increasing vulnerabilities.

    Randy breaks down SaaS for beginners, explaining how it works and citing major providers like Workday, Salesforce, and Microsoft 365. They discuss real-world breaches involving giants like Microsoft and Snowflake, highlighting the significant risks posed by SaaS environments.

    The episode also delves into the challenges of managing third-party risk and the pressures faced by SaaS providers to grow rapidly, sometimes at the expense of robust security measures. They debate the need for industry standards or government regulations to ensure SaaS providers maintain stringent security protocols.

    Finally, Randy and Jim offer practical advice for security practitioners, emphasizing the importance of understanding your company's critical business processes, assessing the risk posed by third-party vendors, and having contingency plans in place.

    Whether you're a seasoned security leader or new to the field, this episode provides valuable insights into managing SaaS risks and keeping your organization secure.

    Show more Show less
    28 mins
  • Physician, heal thyself!
    Apr 1 2024

    On this gripping episode of Security on Tap, we undertake a detailed exploration of the recent, impactful cybersecurity incident at Change Healthcare. We outline the events that unfolded on February 21st when Change Healthcare became the latest casualty of Black Cat/Alf V's sinister ransomware service. We shed light on the monumental repercussions this episode has had on the healthcare industry, disrupting pharmacies, SMB healthcare institutions, and even Medicare.

    Additionally, we emphasize the critical importance of disaster recovery, business continuity planning, and rigorously evaluating third-party risks and supply chain vulnerabilities. We further broach topics including the security-related implications of mergers and acquisitions, and the vital need for sound identity verification and advanced authentication measures in the face of a surge in cyber threats.

    The episode also delves into more profound aspects of cybersecurity, such as 502 compliance, privileged access management, and the rising threat of social engineering. We demonstrate how essential cybersecurity training for employees can drastically minimize potential threats in sectors like healthcare.

    Show more Show less
    25 mins
  • Mission Impossible
    Mar 12 2024

    Join Randy and Jim as they try to do the impossible. How to get the tech team to do what you want them to do when they don't want to do it. It's not as hard as you think. But doing the intro to a podcast is, which you will discover if you listen in.

    Show more Show less
    27 mins
  • Gone Phishing!
    Jan 15 2024

    Join Randy and Jim as they discuss why phishing is still around and what security leaders can do about it.

    Show more Show less
    29 mins
  • Risky (Cyber) Business
    Dec 5 2023

    Join Randy & Jim as they make mistakes, manage risk, and enjoy a cold one.

    Show more Show less
    28 mins