Analyst Group ExperienceS (AGES)

AGES is a collaborative community where analysts can develop outside of the organization they work in. Group collaboration allows participants to observe and learn from others in the group, receive valuable feedback, and benefit from social interactions with a trusted small group of peers and a group mentor, as well as a broader community of colleagues. AGES has the major goal of helping participants to develop into the most effective analysts they can be, or to better understand analysts within their organization. Through AGES, I hope to build a community of trust, respect, and expertise in which participants can further mature.

The goal of AGES is to create a safe space outside of the work environment for analysts and operators to come together with peers and share ideas, challenges, best practices, etc. with a trusted, vetted community in order to grow and develop into the most effective analyst each of us can be.

Continue Reading →

Reckless Reporting: Respect Information Handling Guidance

Security professionals and their organizations, journalists, media organizations, and all those who may have access to security-related privileged information, are acting recklessly and irresponsibly when they publicly post that information, contrary to the designated information handling guidance associated with that information.

Continue Reading →

The Gate 15 Interview: Disinformation, Misinformation… Too Much Information!?!

In this episode of The Gate 15 Interview, Andy Jabbour talks with Michael Klein, a K-12 IT Director and a leader for CTI League’s Disinformation Team, and Lee Foster, Senior Manager, Information Operations Analysis, with FireEye Intelligence. The group discusses:
• What we mean by the terms “misinformation” and “disinformation;”
• Information operations with regard to the COVID-19 pandemic;
• Geopolitical and domestic political interests and issue manipulation;
• Election disinformation, past, present and future;
• Ideas on deepfakes and the use of Synthetic Media;
• And Andy manages to work in another musical reference…

Continue Reading →

Nerd Out! Security Panel Discussion: EP 4: From Football, and Security to Mental Health, COVID, and more.

In this latest episode, Dave Pounder, Bridget Johnson, Travis Moran, and Jon Crosson discuss the latest security matters. Following up on the last episode, the panel discussed the cancellations of NCAA conference fall sports seasons including the increasingly popular College Football schedule. That was a smooth transition into the innovative ways that networks have covered sports and a discussion as to whether there was any type of innovation within the security community. Could organizations replicate security “fans” or “crowd noise” – is that even a thing? And the panel wraps up looking at the challenges within the healthcare sector and talked about how mental health and a future vaccine could impact security or fuel conspiracy theories.

Continue Reading →

The Cybersecurity Evangelist, Episode 2; Demystifying Cybersecurity Myths – Part 2

This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity, even if we don’t have an online presence. And why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.

Continue Reading →

The Risk Roundtable: EP 10 – Geopolitics, Partnerships and Information Sharing

the Gate 15 team discusses geopolitics and the impacts they have on organizations around the world. The team touches on security concerns around current issues including U.S.-China tensions and why TikTok is a topic of discussion and the idea that how nations and leaders see each other – as adversaries or competitors – is also an important consideration. Listen to Dave, Jorhena, Jen, and Andy then speak on the importance of partnerships and the need to build and engage in trusted relationships and information sharing. But they couldn’t completely escape the enduring threats of ransomware and COVID, and they weighed in on the continued impact it is having on sports leagues while hearing Andy’s hope for his favorite football team. Andy also shares his current earworm struggles and gets mocked for his choice of attire…

Continue Reading →

Blended Threats: VPN Bugs Could Cause Physical Impacts with Critical Lifeline Sectors

In a blog post on 28 Jul, security researchers at Claroty shared that they have “discovered remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. These dedicated remote access solutions are mainly focused on the industrial control system (ICS) industry… Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage.”

At Gate 15, we spend a lot of time discussing Blended Threats. A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Continue Reading →

Blended Threats: Can IoT devices be abused to overdose dementia sufferers (and kids)?!

In a post on 9 July 2020, the team at Pen Test Partners wrote “Hacking smart devices to convince dementia sufferers to overdose,” stating, that they had recently discovered a flaw “that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.”

Continue Reading →