Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Advanced Persistent Security Podcast

Episode 41

Guests: Cheryl Biswas and Tracy “Infosec Sherpa” Maleeff

April 5, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Show Notes

Segment 1

In this episode, Tracy and Joe interview Cheryl Biswas. We introduce Cheryl and she shares what she is seeing in industry from the mainframes and Industrial Control Systems (ICS) perspectives. Cheryl discusses her habits of reading all night and the passion that we all share for security. We share our origin stories. Joe showcases his authentic southern accent. Joe talks about the Navy’s mentorship mentality and how he applies it to security mentoring (what eventually will have gone onto become Through The Hacking Glass).

For “current events,” we discuss Vault 7. Joe details his “Workplace Crossfit” and “Workplace Yoga” programs in jest. Cheryl shares her insight as a Canadian regarding how the US Intelligence Community operates.

Segment 2

Cheryl begins to discuss the financial sector and how ransomware impacts it. Cheryl shouts out to Soldier of Fortran (@mainframed767) and Big Endian Smalls (@bigendiansmalls). Cheryl talks about the ability to access mainframes from the internet and the relation to another Stuxnet.

Examples as to how Nation States could exploit and disrupt operations using mainframes are explained. For the sake of entry level listeners, Cheryl explains the difference between servers and a mainframes. We get an education about the operating systems of mainframes – Z/OS and how it relates to commercial software like UNIX and Java. To learn about mainframes, Cheryl recommends we check out her blog, Cyber Watch/White Hat Cheryl, Big Endian Smalls’ Mainframe Security, and Soldier of Fortran’s Mainframe Hacking.

Cheryl talks about ransomware and how it is impacting banks. She talks about fileless ransomware and (the lack of) awareness programs. Joe gets on the user training soapbox regarding the lack of commitment. We agree that it will get worse before it gets better. Joe and Cheryl talk about virtualizing mainframes using Hercules. Joe attempts to sing a Cher cover regarding mainframes, TERRIBLY.

 

ABOUT Cheryl

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)
Cheryl Biswas

Cheryl Biswas, aka @3ncr1pt3d, has landed her dream job as a Strategic Threat Intel Analyst with TD in Toronto, Canada. Prior to that she was a Cyber Security Consultant with KPMG and worked on GRC, privacy, breaches, and DRP. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She blames this on her ITIL certification and degree in Political Science.She actively shares her passion for security in blogs, online, via podcasts, and speaking at conferences.

Contacting Cheryl:

Twitter: @3ncr1pt3d
Blog: Cyber Watch/White Hat Cheryl

About Tracy:

Tracy Maleef

Tracy Z. Maleeff is a Cyber Analyst in the Security Operations Center for global pharmaceutical company GSK. She holds a Master of Library and Information Science degree from the University of Pittsburgh. She has 15+ years’ experience as a law firm librarian and also worked as an independent consultant who specialized in social media, research, and Information Security awareness training. Tracy received the Wolters Kluwer Law & Business Innovations in Law Librarianship Award in 2016 and the Information Systems Security Association Women in Security Leadership Award in 2017. Tracy has presented at a variety of conferences including the Special Libraries Association, Security BSides, O’Reilly Security, and DEF CON’s Recon Village.

Contacting Tracy:

Twitter: @infosecsherpa
Newsletter
Website: Sherpa Intel

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required



This site uses Akismet to reduce spam. Learn how your comment data is processed.