Ransomware and Incident Response (with Ben Johnson)

Ransomware and Incident Response (WITH Ben Johnson)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 33

GUEST:Ben Johnson

January 16, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Ransomware and Incident Response (WITH Ben Johnson)

SHOW NOTES

PART 1

Joe introduces Ben and they briefly discuss Ben’s experiences and Carbon Black and how it came about. We will be discussing Incident Response a little later. Instead of talking about the news, we discuss Ransomware in 2016 and 2017. We talk about the Ransomware problem. Ben discusses the role of awareness in preventing Ransomware. We discuss the cultural impact of awareness and the do’s and dont’s of building an awareness program. Joe and Ben talk about non-punitive measures in programs and empowering employees. Ben tells us about fallacies like Full Disk Encryption being an absolute answer to Ransomware.

PART 2

Ben defines EDR (Endpoint Detection and Response) and the transition from “just anti-virus.” He  talks about detection and response vice reaction when doing Incident Response. We talk about critical and high risk positions and roles such as HR, Finance, Accounting, Contracting, and Editors and specific concerns for each. Ben gives us a devious idea about stealing metadata from PDFs from Job Announcements and other documents to use against organizations in OSINT and Social Engineering. We transition into a brief rant about Cloud Security and the lack of controls. Ben teaches us about black listing and white listing.

PART 3

Ben tells us about the difference between EDR and IDR (Incident Detection and Response). Joe asks Ben about his thoughts about Threat Hunting. We shift the discussion to successful implementations of Threat Hunting. Ben talks about subtle successes in Threat Hunting via identifying risk and threats that are not as obvious as things like attackers and APT. We talk about good hacker/information security mindsets that yield success. Ben arms us with advice to be successful in information security and “getting your hands dirty.”

ABOUT Ben

Ransomware and Incident Response (with Ben Johnson)
Ben Johnson

Ben Johnson is co-founder of Carbon Black and now an Executive in Residence for Ten Eleven Ventures as he flushes out his next company.  When at Carbon Black, Ben was CTO and Chief Security Strategist, where his duties including early development, building the technical team, setting the product vision, and then evangelizing and spreading the company message and offerings around the world to prospects, customers, and partners.  Prior to Carbon Black, Ben worked at NSA and then a defense contractor as an intrusion engineer.  Ben’s passionate about security, technology and entrepreneurship.  Ben has two computer science degrees (University of Chicago and Johns Hopkins University), and he currently teaches a masters level course in entrepreneurship at the University of Chicago.  Aside from all this, Ben enjoys being involved with other security startups as an advisor or board member.  Ben lives in Chicago.

CONTACTING Ben:

Twitter: @ChicagoBen

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault


JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required