It gets very complex and becomes a drain of resources when you think about, "Okay, I need to call the FBI. But from the private sector perspective, it gets really confusing. There's a lot of value for a range of different agencies to engage with the private sector. Aren't you going to have CISA make those notifications to the private sector?" It's another one of those really interesting policy discussions from the government perspective. We're going to inform."Ĭhris: I remember that and I said, "Well, wait a second. We need to inform CISA and let them know what we're seeing." I said, "We also need to inform the industry of what's going on as the IC." And I got these two people just whipped their heads around and said, "CISA is the IC." I backed up, I was like, "Okay. Someone said, "We're working with CISA on this. We were going through this ransomware exercise and what you would do next.
There was a big ransomware scenario, but it was a lot of fun.Įric: I was in the intelligence group.
.jpg "cable krebs stamos group ransomwhere")
I had the honor to serve as her national security advisor. CISA needs to really focus on growing its understanding and enrichment and contextualizing of that open source space.Įric: We were doing an exercise and you were the national security advisor.Ĭhris: Sue Gordon, the former deputy national intelligence, director of national intelligence was the president. When you think about the information ecosystem right now, just how it's exploding, that classified piece is proportionately shrinking compared to proprietary and open source. They've got more opportunity to excel in the open-source space more than probably any other agency in the federal government. That's actually a point of discussion within the policy circles and on the hill whether CISA should become part of the IC. We would have some attachments or detailees. CISA and DHS are part of the intelligence community down there.Ĭhris: There is a part of DHS, the intelligence analysis function, but CISA is not a member of the intelligence community. What did CISA say?"Ĭhris: Try to have some sort of consistency across government agencies.Įric: We've got the DoD and then the Homeland piece. Chris, is it CISA or CISA?Ĭhris: I try not to be pedantic about this, but, as the person that came up with the name, it’s CISA.Įric: I get confused because you hear it both ways and I'm like, "Wait a minute. Welcome back to the podcast, Chris.Ĭhris: Good to see you again, saw you a few weeks ago down in Florida or was that Georgia?Įric: Yes, it’s a brief conference. He served as the first director of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency known as CISA. Rachel: We have Chris Krebs who's a founding partner of the Krebs Stamos Group.
#Cable krebs stamos group ransomwhere free
Listen to our previous episode with Jack on election security.Īt Stanford, Jack is a research assistant with the Stanford Internet Observatory and Stanford Empirical Security Research Group and launched Stanford's bug bounty program, one of the first in higher education.Read the CISA notification on the critical RCE vulnerability in Discourse.See Discourse's announcement of the vulnerability on GitHub.Peruse Discourse's technical blog post about it.Check out Discourse's security program and policies.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.Chris Krebs of the Krebs Stamos Group Jack was named one of Time Magazine's 25 most influential teens for 2018. After placing first in the Hack the Air Force challenge, Jack began working at the Pentagon's Defense Digital Service. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense. But in a conversation with Jack Cable of. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide.
#Cable krebs stamos group ransomwhere software
The REvil ransomware gang, also known as Sodinokibi, is publicly demanding 70 million to restore the data it's holding ransom after their data-scrambling software affected hundreds of small and medium businesses across a dozen countries including schools in New Zealand and supermarkets in Sweden. Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Tod highlights some of the many things Discourse is doing right with its security program.
0 kommentar(er)
