Created with Sketch.
Data Security and Privacy with the Privacy Professor
51 minutes | May 7, 2022
How Stalkers & Assaulters Track & Find Victims with IoT Tech
Assaulters and stalkers are increasingly using technologies to target, surveil, and attack their victims. IoT tech in particular is increasingly being used. • What types of IoT tech are being used to track down and ultimately attack the targeted victims? • What types of popular, tiny, inexpensive IoT devices are increasingly used by assaulters and stalkers for surveilling and then tracking down victims to abuse and assault? • In what ways are a variety of different types of IoT tech devices being used for these nefarious purposes? • How common are these types of attacks where IoT is used to facilitate these crimes? • In what ways do IoT devices provide a sense of false security, that then actually makes weaponizing them to commit crimes easier? • Why don’t more of the victims know that their IoT devices are being used by abusers and stalkers to track them down? • What aren’t there more publicized criminal court cases for these incidents where IoT tech was used to facilitate attacks on the targeted victims? • What can people do to keep from being victims of assaults through the IoT devices they use? Tune in to hear Adam Dodge, founder of Ending Technology-Enabled Abuse (EndTAB), provide answers to these and many more questions, along with valuable insights and advice. See more about Adam Dodge at https://endtab.org/about-hayden #IoT #IoTPrivacy #IoTSecurity #DomesticAbuse #AdamDodge #EndTAB #AirTags #Stalkerware #DigitalLiteracyAgainstDigitalViolence
55 minutes | Apr 2, 2022
What Do UNIX, Linux & Dirty Pipe Have in Common? Listen To Hear!
A lot of news has been released lately about the Dirty Pipe vulnerability in the Linux OS. How is this related to UNIX? Listen in to hear Rik Farrow, the world’s most experienced and knowledgeable expert on UNIX and Linux, explain! Rik will provide his advice about careers in UNIX and Linux security, and answer a wide range of questions Rebecca has received from listeners about these topics. A few of the questions covered include: • How many versions of UNIX are there? • What makes Linux different than UNIX? • Which has more security capabilities; UNIX, Linux, Windows, Android or iOS? • How many web servers run UNIX? Or Linux? Why? • Basically, what is the Dirty Pipe vulnerability? • What types of devices are impacted by Dirty Pipe? • How to avoid being a victim of the Dirty Pipe exploit? • What about running shell scripts? Can that be done securely? Tune in to hear Rik provide valuable insights to these and many more questions. See more about Rik Farrow at http://rikfarrow.com/about/ #UNIX #Linux #DirtyPipe #Cybersecurity #PersonalData #RiskManagement #Privacy #TechCareers #SecurityCareers
55 minutes | Mar 5, 2022
Transportation Cybersecurity & Privacy: Highway to Digital Hell?
There have been many reports about over-the-road trucking delays causing problems throughout the full supply chain and delaying deliveries of critical products throughout all industries. However, what about the cybersecurity and privacy risks within the transportation industry? There has been little, if any, thoughtful public discussion of the wide range of surface transportation cybersecurity and privacy risks. Cybersecurity vulnerabilities could cause many more disruptions within this critical part of infrastructures within all countries! And privacy risks within the transit system are many, but usually not recognized. These weaknesses and vulnerabilities could be exploited in ways that cause a vast array of significant harms. Hear the world’s most experienced expert in transportation cybersecurity and privacy, David Elfering, discuss the issues in this episode. We will cover: • The largest cybersecurity risks within over-the-road trucking/transit systems and supporting physical structures • The greatest privacy risks within the transportation industry • The complexity of the systems used within all components of the transportation industry, including the widespread and increasing use of IoT throughout, which also increases risks • The risks that third parties and othats within the supply chain bring to the transportation industry • Some significant cybersecurity and privacy risks and challenges with personnel in the transportation industry, that are not found in most other industries. See more about David Elfering at his LinkedIn page: https://www.linkedin.com/in/aroundomaha/ #Transportation #TransportationRisks #Cybersecurity #PersonalData #RiskManagement #Privacy #TruckingRisks #CriticalInfrastructure
55 minutes | Feb 5, 2022
A Synthetic Data Deep Dive: Privacy Protector, Foe or Other?
Synthetic data has increasingly been in the news in recent years. It is being used for many purposes, such as training artificial intelligence (AI) models, and for more thoroughly testing software. It is also being described as a new type of privacy enhancing technology (PET). In what other ways is synthetic data being used? Do data protection regulations and other laws and legal requirements apply to synthetic data? E.g. do the associated individuals need to provide consent for organizations to use synthetic data where pieces of their personal data was incorporated? How do the Data Protection Authorities (DPAs) in Europe view synthetic data? As personal data that must be protected under GDPR? Or not? In the U.S. how about HIPAA? Is synthetic data created using health data, that is defined to be protected health information (PHI), covered by HIPAA? How can synthetic data be a PET when it is created from actual personal data? And what about synthetic identity theft? This is a growing problem. How is synthetic data involved with that? Couldn’t this data be used for such crimes? Is identifiability a risk with synthetic data? Why or why not? What are other types of privacy risks with synthetic data? How is synthetic data use evolving? Listen to this discussion to hear answers to these, and many more questions about synthetic data use, risks, and benefits. The use of synthetic data is increasingly exponentially, so the time to learn more is now! See more about Dr. El Emam at replica-analytics.com. #SyntheticData #PersonalData #RiskManagement #Privacy #ReplicaAnalytics #KhaledElEmam #GDPR #HIPAA
52 minutes | Jan 8, 2022
How to Fix the Log4j Problem & Prevent Similar Types of Incidents
The Log4j security vulnerability is likely a result of insufficient secure coding and/or testing practices for software that is used in billions of devices worldwide. This vulnerability is now being actively exploited, causing a wide variety of security incidents and privacy breaches. New attacks are announced weekly, and sometimes daily, that are exploiting that vulnerability. How did such a dangerous vulnerability make its way into billions of devices? Hear a preeminent applications development and cybersecurity expert, Dr. Mich Kabay, explain Log4j, how the Log4j vulnerability could have been prevented, and the ways in which similar vulnerabilities can be prevented. We also discuss open source software code security in general, the different types of tests that are used to validate open source software code, and the criticality of doing thorough tests before putting software into production. See more about Dr. Kabay at mekabay.com. #Cybersecurity #RiskManagement #Privacy #SecureCoding #Log4j #OpenSourceCode #SoftwareSecurity #SoftwareTesting #SecurityTesting #MichKabay
56 minutes | Dec 4, 2021
Who's Responsible for BPO Contact Center Privacy & Cybersecurity?
Rebecca discusses the importance of call/contact center and customer service privacy and cybersecurity practices with privacy law and business process outsourcing (BPO) expert, Jon Bello. Often the contact center, or customer service group, is the only barrier between a caller and the personal information and access to the account of a particular individual. BPO staff are common targets of social-engineering to get into others’ accounts and to locate where others are located. Mr. Bello discusses BPO contact center privacy and cybersecurity risks, and actions BPOs take to mitigate those risks. Many real-life situations and examples are discussed. Jon Bello also discusses the results of a poll he did about whether or not the use of AI to monitor work from home environments was okay. The results were interesting, and somewhat surprising! What types of monitoring occur within call centers? That is also discussed. See more about Mr. Jon Bello in the bio posted on this VoiceAmerica show site. #Cybersecurity #RiskManagement #RiskManagement #Privacy #BPO #CallCenter #OutsourcingSecurity #JonBello
56 minutes | Nov 6, 2021
Protecting Aviation Critical Infrastructure from Cyber Attacks
The US Transportation Security Administration (TSA) recently announced they are requiring critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators to designate cybersecurity coordinators, and to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Lower-level transportation organizations are encouraged to follow the rules as well. Why hasn’t this been done before now? Will it be enough to protect the highly complex and diverse system of air travel, and related aircraft and other equipment, within the US? Especially as new tech continues to emerge, and each traveler and aviation industry worker has on average two to ten (and more) mobile and IoT devices with them at all times, a large portion of which are connecting in and out of those many aviation network systems? Will this effort provide a model for more secure air travel in other countries? Don’t miss this compelling and informative episode! Listen to hear and learn many real-life lessons from a cybersecurity and privacy expert, and longtime practitioner who was, and still is, a CISO for multiple organizations and built cyber security programs within the aviation industry. We discuss a wide range of topics, such as: • The state of cybersecurity in the aviation industry, and how only recently cybersecurity management leadership positions were established. • How cybersecurity is significantly underfunded in aviation organizations, and how aviation CISOs can use Cecil’s advice to increase support for cybersecurity efforts and investments. • The cybersecurity weak points throughout airport systems and associated physical ecosystems. • The importance of addressing cybersecurity throughout the entire lifecycle of all aviation projects, from concept consideration through retiring aircraft and equipment. • The ways in which being multi-lingual supports better cybersecurity management, not only for critical infrastructure industries, but in all industries. See more about Mr. Cecil Pineda in the bio posted with this episode description on this VoiceAmerica show site. #Cybersecurity, #RiskManagement, #CriticalInfrastructure #AviationSecurity #RiskManagement #NationalSecurity #CecilTheCISO #CriticalInfrastructureCyberSecurity
54 minutes | Oct 2, 2021
Software Development Security Practices Suck! Wise Up Now!
Why do so many business leaders insist on using unsecure systems and software development practices? Often to skimp on IT budgets and to race to production. Or leaders with marketing expertise, but no actual tech understanding, make bad decisions to align with their sales tactics and marketing messages. Or, for other reasons. But with demonstrably ongoing damaging consequences. In this episode we speak about the critical need for secure software engineering, development and testing, and the need to follow stringent, secure software development practices to stem the consistently increasing digital hemorrhaging of security incidents and privacy breaches. Listen to this episode to learn the importance of building security into the full software and systems development lifecycle from Dr. Rhonda Farrell. Dr. Farrell is a worldwide recognized cybersecurity expert and instructor, with multiple cybersecurity and privacy certifications, including those in software security development. Learn actions that need to be taken to improve the current inadequate state of systems and software development and maintenance security practices. Also hear the need to engage pre-school through secondary and post-graduation education students about the absolute need to build secure technology, and how to do so. Dr. Farrell will also provide information about the Cyber & STEAM Global Innovation Alliance (CSTGIA) she founded, CSTGIA goals, the resources it provides, and describe how everyone can get involved. See more about Dr. Rhonda Farrell in the bio posted with this episode description on this VoiceAmerica show site. #Cybersecurity, #RiskManagement, #RhondaFarrell #SSDF, #SoftwareSecurity, #SystemsSecurity, #ApplicationsSecurity, #SDLC, #WomenInTech
56 minutes | Sep 9, 2021
Demystifying Cyber Insurance: Facts to Get the Right Coverage!
Listen to this episode to learn from Judy Selby, a worldwide recognized and award-winning cyber insurance expert, about the considerations to take into account for different types of cyber insurance, and how recent, and growing numbers of, ransomware and cyberattacks and hacks are impacting the cyber insurance coverage packages. Throughout the recent history of ransomware and other types of malware and cybercrime and hacking, organizations have become increasingly dependent upon cyber insurance to cut their losses. But with ransoms becoming so huge, and cyber-attacks becoming so prevalent, are cyber insurers going to change the conditions for which they will provide cyber insurance? Can cyber insurance requirements actually change, even possibly improve, cybersecurity practices within organizations who get cyber insurance? And what else does cyber insurance cover besides ransomware and other types of malware? What are the different types of cyber insurance that businesses do have available to them? What are complicating factors in establishing actuarial tables, and then coverage packages and premium rates, for cyber insurance? Do new laws impact cyber insurance coverage and rates? Will premiums be impacted by the policy holders if they use cybersecurity tools that have been compromised, such as SolarWinds? Listen to this episode to hear Judy Selby, Partner in the New York office of the Kennedys global law firm, answer these questions, and many more! Also, hear how you can get a free copy of her best-selling book, Demystifying Cyber Insurance: 5 Steps to the Right Coverage. #Cybersecurity, #RiskManagement, #JudySelby, #CyberInsurance, #CyberLiability, #CyberLiabilityInsurance
55 minutes | Aug 7, 2021
The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity!
Before the Solarwinds hack made global news daily for many weeks starting in December, 2020, most of the public had never heard the term “supply chain,” let alone know about the inherent data and cyber security risks they bring to organizations. You know it is a significant issue when the President of the United States issues an Executive Order (on Feb. 24, 2021) to significantly strengthen supply chain security in all industries. The risks have always been there, but the number, types and methods capable of exploiting the risks have increased exponentially in recent years as new technologies, and tech companies, have proliferated throughout the world. The Solarwinds incident spotlighted to everyone paying attention to cybersecurity how protecting supply chains needs to be a top cybersecurity and privacy priority for every business using purchased technologies and/or contracting third parties to do work for them. Bills of Materials (BOMs) are tools that have been around since at least the 1960s to support business. They can also be used to support securing the supply chain. Do you know how? Do you know what BOMs are? In this episode we chat with cybersecurity expert Chris Blask, VP of Strategy at Cybeats, and the inventor of the Digital Bill of Materials (DBOM), for the details! What are SBOMs? What is the relationship between an SBOM and a DBOM? What are the cybersecurity benefits of SBOMs and DBOMs? What are other business benefits? Do SBOMs and DBOMs change the functionality of the associated hardware, software, firmware, system? What portion of organizations use SBOMs and DBOMs? How long have SBOMs and DBOMs been in use? Hear the answers to these questions, and much more, in this episode! #Cybersecurity, #Privacy, #ChrisBlask #Cybeats #SupplyChainSecurity #RiskManagement #SupplyChain #SupplyChainManagement
55 minutes | Jul 3, 2021
4th Amendment Does Not Give LE the Right to Access Encrypted Data
The recent take-down of 300 criminal syndicates in more than 100 countries by the DoJ, selling their own 12,000 encrypted devices and services to which they had the decryption keys, has resurrected the question of encryption and lawmakers’ claims that backdoors into encryption are necessary. Lawmakers, and even some data security personalities, point to this event saying it proves encryption should have backdoors. There are also claims that the fourth amendment supports this view. But wait! Doesn’t it prove otherwise? And, doesn’t the long history of failures for creating encryption backdoors prove that encryption solutions with backdoors built in put everyone at risk? Why can’t encryption be engineered to let in only the good guys and those meant to encrypt and decrypt the data, and not allow others access? Listen in as cybersecurity and encryption pioneer and multi-award-winning security and cryptography expert, owning many patents on cryptographic and network protocols, Dr. Steven Bellovin, answers these questions and many more in this highly informative discussion with Rebecca. You will hear insights and facts about encryption that have not been discussed anywhere else!
53 minutes | Jun 5, 2021
Data Pipelines & Data Lakes Security & Compliance Answers & Info
What are “high-speed streaming analytics data pipelines”? What is the function of a data pipeline? Are there more security risks associated with data pipelines, or less, compared to VPN transmissions, and network transmission technologies that have been used for decades? What are “data lakes”? How are they different from data warehouses? Is it possible to meet data protection compliance requirements using data pipelines and data lakes? What are the security risks with using data lakes? What is a MiNiFi? Listen in as Gal Shpantzer, cybersecurity expert and the architect of the largest supported MiNiFi deployment in the world, answers these questions and many more in an informative discussion with Rebecca. You will hear security and privacy insights, and learn important facts about data lakes and data pipelines, that have not been discussed anywhere else! Follow Gal on Twitter: @Shpantzer #Cybersecurity #Privacy #DataPipelines #DataLakes #MiNiFi #RiskManagement
54 minutes | May 1, 2021
Defending Against Nation-State Hacking & Cyber Warfare Attacks
There have been many news reports in the past several months about nation-state espionage, and in particular nation-state cyberthreats and cybersecurity warfare attacks. So, what exactly are nation-state cyberthreats? What countries are the sources of the cyberthreats? What countries are launching cyberattacks? Russia? China? The USA? Others? Who should be defending against these cyberthreats? Government? Corporations? Individual citizens? In what ways have US citizens committed cyberattacks against their own country on behalf of other nation-states? Why is profiling based on an individual’s nationality and heritage a very bad idea for defending against nation-state cyberattacks? And in what ways does it actually do much more harm than good, and does not protect against the actual nation-state cyberwarfare practices? Listen in as Christopher Burgess, a 30+-year CIA security expert, nation-state cyberthreats and cyberwarfare expert, writer, speaker and commentator on security issues, answers these questions and many more in an informative discussion with Rebecca. Follow Christopher on Twitter: @burgessct #Cybersecurity, #Privacy, #NationalSecurity, #NationStateThreats #CyberWarFare #NationalSecurity #CyberWarfareAttacks
56 minutes | Apr 3, 2021
Voter Fraud Facts No One is Talking About…Until Now
In 2021 there have been at least 253 voting bills proposed in at least 43 US states. These bills are restricting voting methods, times, and even criminalizing such practices as the provision of food and drink to those who are in waiting line for hours to vote. All due to “concerns about voter fraud,” even though hundreds of audits, hundreds of ballot recounts, and hundreds of independent voting machine security assessments have found no voter fraud. What security measures are actually established for poll centers on voting day? For early voting locations? And for mail-in and absentee voting ballots? What would election officials tell you about those images and videos claiming to be evidence? Are they really evidence? Or, are they bogus? And how can you tell? Can boxes of ballots actually be brought into election centers and processed? What controls are in place for elections centers where ballots are collected, processed, and sorted? Listen in as Genya Coulter, named as one of the Top 25 Women in Election Security and Tech, as well as being the Polk County, Florida, Election Clerk who oversees all her precinct operations and manages her team during election season, answers these and many more questions, as well as describes the facts about voting and ballot security controls, and answers questions about voting fraud claims during the 2020 US election during this conversation with Rebecca. Follow Genya on Twitter: @ElectionBabe
57 minutes | Mar 6, 2021
Fighting US Elections & Campaigns Interference with Cybersecurity
There continue to be more lessons to learn from the past 8+ years of election cycles in the US. Lessons that can be applied throughout the world, about the need to build in strong security and privacy protections to the associated processes, systems, and physical components of elections to strengthen democracy as well as to establish verifiable and validated election results. The FBI reports verified election interference attempts and goals of China, Russia, Iran & domestic groups; often through election candidates’ campaign organizations and associated groups. What kind of interference is targeting campaigns and candidates? How does strengthening security practices help to prevent these interference goals from being fulfilled? What is the goal and mission for CyberDome? Why is US CyberDome well-suited to help fight interference with election campaigns? Listen in as Matt Barrett, co-founder of US CyberDome, provides insights, research findings, advice to campaigns, and describes the goals of CyberDome to protect election campaigns during this conversation with Rebecca.
56 minutes | Feb 6, 2021
Healthcare CISOs: Securing Patient Data & HIPAA Compliance
Health data is considered personal data gold to cybercrooks. Hospitals, clinics and telehealth situations involve a lot of complexity that brings many threats and vulnerabilities to patient data. • Is your healthcare and patient data safe? • Are hospitals and clinics doing all they can to protect your data? • What would you like to ask your hospital about this? • Would they know how to answer? • Are HIPAA requirements effective for protecting patient data? Listen in as Mitch Parker, a healthcare security expert and executive at multiple large hospital systems, provides answers to these questions and more. Mitch will cover longtime, current and emerging challenges for corporate information security officers (CISOs) at the largest hospitals as well as the smallest, rural clinics. Mitch also provides insights and his thoughts on HIPAA updates during this conversation with Rebecca.
57 minutes | Jan 2, 2021
Holding Privacy Events in a Pandemic World
For Data Privacy Day month Rebecca is speaking with Kim Hakim, CEO & Founder of FutureCon Events, about how she handled needing to move...almost overnight!...all her 2020 conferences to being online events at the beginning of 2020 when COVID-19 started spreading through the USA. Kim also discusses some of the key privacy issues she had to address when doing so. Kim will also describe the most requested privacy topics for the FutureCon events. Some topics covered in this episode include: • What makes FutureCon events unique from all other cybersecurity and privacy events? • What were the most requested topics in 2020 & for the upcoming 2021 events? • What are the inventive ways that Kim arranged for online FutureCon event attendees to interact with speakers & sponsors? • What makes a great cybersecurity and privacy speaker? • What advice does Kim have for those who want to be speakers at cybersecurity and privacy conferences? Tune in to hear these topics covered, and much more!
58 minutes | Dec 5, 2020
How A Trail-Blazing STEM Mentor Is Revolutionizing Cybersecurity
The numbers of women & people of color are still a woefully small percentage of the IT and cyber/data/network/applications security workforce. Such lack of diversity results in weak and flawed IT, security and privacy practices, applications, networks, and data protection. Rebecca discusses the related issues with cybersecurity expert, industry leader & long-time mentor, Dr. Cheryl Cooper: • What is Dr. Cooper working to change in society with her mentoring work? • Many displaced workers in their 40s, 50s and beyond, with no IT or cybersecurity background would like to start a cybersecurity career. What advice does Dr. Cooper have for them? • What are common challenges that all ages of women and people of color face in cybersecurity careers & what type of support do members of WINS provide to them? • What is Dr. Cooper’s greatest achievement in her career? • What advice does Dr. Cooper have for those who would like a career in cybersecurity but do not know where to start?
56 minutes | Nov 7, 2020
How Cybercriminals Take Advantage of the COVID-19 Pandemic
With 2020 being the year of the global COVID-19 pandemic, it has also become the year of globally widespread working from home offices, and attending school online from home. Cybercrime is increasing dramatically in many ways never before seen as a result of these quickly established new working and learning environments. • How has cybercrime increased since the COVID-19 pandemic started becoming noticed? • Which new types of cybercrimes were created to take advantage of the many different COVID-19 circumstances? • What do Europol and Interpol research reports reveal about cybercrimes? • Are existing laws insufficient for new types of cybercrimes? Rebecca discusses these issues, and many more about cybercrime, with world renown cybercrime expert and member of United Nations Office on Drugs and Crime expert team, Pauline Reich. Contact Pauline at: email@example.com
57 minutes | Oct 3, 2020
Data Proves Voting Fraud is Rare; Don’t Believe Conspiracy Theories Claiming Otherwise
Voter fraud conspiracy theories have reached a fever pitch. There are even claims that mail-in ballots are “a scam.” What’s the truth? Voting security experts & researchers Jennifer Kavanagh & Quentin Hodgson describe in-depth research revealing verifiable facts about security of all types of voting including absentee/mail-in, voting machines & paper at polling locations, & drop boxes. They provide research results for questions such as: • How are voter registration databases kept up-to-date & when do errors occur? • How is signature matching done? Can poll workers throw out ballots claiming signature mismatches then submit different ballots for the voter? • How can voters determine if their mailed-in ballots were rejected because of a signature mismatch prior to election day? • What controls do poll workers follow? Are “poll watchers” who interact with voters legal? • Is it possible for someone to send “unsolicited millions of ballots”? • Does “ballot harvesting” actually occur?
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022