mnemonic security podcast

The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.

 Apple podcasts  Google podcasts  Spotify

Listen on other podcast platforms here: https://mnemonic.buzzsprout.com/

 

Episodes

Episode 57: "Does your managed SOC suck?" with Morten Munck from Improsec

Are you fighting today’s war with yesterday’s weaponry? Morten Munck, Engagement Manager at the cybersecurity advisory company Improsec, joins Robby to discuss his much-shared article “Does your managed SOC suck?” with the top ten red flags suggesting that your managed SOC provider should step up their game. Read more here.

Episode 56: Project 2030: Future trends in security

To share the findings from his new report and webseries called Project 2030, Rik Ferguson, the Vice President of Security Research at Trend Micro, chats with Robby about what role cybersecurity will play in year 2030. Rik has used his over twenty-five years of experience in information security looking forward, sharing what he’s found when trying to anticipate the next ten years of technology, and what opportunities that will mean for cybercriminals. As well as their impact on security, both for the enterprise and for society as a whole. Read more here.

Episode 55: CMMC: Cybersecurity Maturity Model Certification

Your security reflects your maturity. For this episode, Robby is joined by two of mnemonic’s security experts from our Governance, Risk and Compliance department to talk about CMMC and the alphabet soup that comes with it. Both of them have experience preparing organisations for what CMMC actually means for them. Anders Hval Olsen as an Information Security Management Implementation subject-matter expert, and Kenneth Crawford, using his long experience with US Defense and defense contracting, among other things as a Cybersecurity Manager at Lockheed Martin. Read more here.

Episode 54: The business of cyber security: Mergers & Acquisitions

What separates the acquisitions that go well from those that don’t? To discuss the business side of security, Robby is joined by Brian Contos; returning guest, fellow podcast host, serial security entrepreneur and CISO & Vice President of Mandiant Security Validation. Mandiant Security Validation, previously known as Verodin, was acquired by Mandiant little over two years ago. In this episode, Brian shares from his experience going through that process, as well as other similar transitions he’s been a part of throughout his 25 year long career in security. Read more here.

Episode 53: Initial Access Brokers (IABs)

The growth and professionalisation of the Initial Access Market has fascinated many in recent years. Few know as much about who the threat actors operating in these markets are, and how the market of providing others with remote access to corporate networks work as Dmitry Shestakov, Head of Cybercrime Research at the cyber intelligence company Group-IB. Read more here.

Episode 52: Communicating threat intelligence to management

For this episode, Robby has invited someone with a unique expertise of the threat landscape in the finance industry. Freddy Murre works as a Senior Threat Intelligence Analyst at the Nordic Financial CERT, a nonprofit organisation owned by the financial institutions in Norway, Sweden, Demark, Finland and Iceland. By receiving data from and supporting their 220 member financial institutions on tasks like incident response, anti-fraud and threat intelligence, the Nordic Financial CERT has a one of a kind overview of the threat these organisations are facing. Read more here.

Episode 51: Buying security products

Purchasing cybersecurity solutions and services can be challenging. Not only is the industry rapidly evolving, but there is rarely a case where solutions can be compared apples to apples. In this episode, we explore the procurement of cybersecurity solutions. Robby is joined by Thor Milde, SVP - Head of IT Access Management at DNB, sharing his experiences from one of the largest banks in the Nordics, and Øyvind Nordvik, BID Manager in mnemonic, with more than 10 years of experience from procurement. Read more here.

Episode 50: The state of cyber insurance in 2021

How is it possible for the insurance industry to adapt to a cyber threat landscape that is continously changing? To try to answer that and explain the evolution the cyber insurance field has gone through the last few years, Robby is joined by Jens Zakarias and Paul Jæger from Riskpoint, a global insurance underwriter agency. Read more here.

 

 

   

Episode 49: Can threat intelligence be automated?

If so, what can be automated, and what should still be left in the hands of human analysts? With us today, we have PhD. Martin Eian, Head of R&D in mnemonic. He sits down with Robby to speak about his team's part in building a security platform to prevent cyber-threats together with nine other European organisations. Read more here.

 

 

Episode 48: Is honesty the best policy in indident reponse?

For this non-technical episode, Robby welcomes someone with a lot of experience working with a particular consequence of security incidents: crisis communication expert Lasse Sandaker-Nielsen. Read more here.

 

 

Episode 47: Threat Hunting

Try to prevent what you can, detect what you can’t prevent and hunt for what you can’t detect.

For this episode about threat hunting, Robby is joined by Andreas Bråthen, Team Lead for threat hunting at mnemonic. Andreas has worked on mnemonic’s threat hunting program for the past three years and shares some of his insights into why the threat hunting domain is so difficult to navigate, and how he defines this somewhat abstract term. Read more here.

   
 

Episode 46: Chat with a CFO

Is the Chief Financial Officer (CFO) role inherently occupied with saving money, or is it clear for someone in that role that there’s value in spending the extra dime on something like security? Or is the answer somewhere in between?

To help him find the answer to this, Robby welcomes Øyvind Sten Bjerkseth, the new CFO at mnemonic, both to the company and the podcast. Read more here.

   

 

 

Episode 45: Stress and security

In this episode we step away from the technology to focus on the stress of working in security, how it impacts our health and personal lives, and methods for keeping stress in check. Robby is joined by Edwin Doyle, Global Cyber Security Strategist at Check Point, and Emiliya Zhivotovskaya, CEO and Founder of The Flourishing Center. Read more here.

   

 

 

Episode 44: Internet of Things | Privacy miniseries

In this episode, Robby and Tim Panagos (Co-founder and CTO of Microshare) discuss what happens to privacy when there is no “opt-out button”, and Tim shares his take on how we can organise privacy rules and principles in complex IoT ecosystems. Read more here.

   

 

 

Episode 43: Honeypots

Mikael Vingaard is joining Robby from his test lab to speak about the benefits of using honeypots, the threat landscape for OT systems, as well as what kind of organisations can use honeypots and the maturity level required for doing so. Read more here.

   

 

 

Episode 42: The World of Open Source

This episode, Robby is joined by Daniel Wisenhoff to talk about open source management. Daniel is the CEO & Co-Founder of Debricked, a Swedish company aiming to help organisations use open source securely in their own software development. Read more here.

   

 

 

Episode 41: The future of privacy | Privacy miniseries

We’re continuing our miniseries about privacy with Edwin Doyle, Delegate & Constituent for the World Economic Forum Taskforce on Data Intermediaries, and Global Security Strategist at Check Point. Read more here.

   

 

 

Episode 40: Business Email Compromise

For this episode, Robby has invited Korstiaan Stam, Digital Forensics & Incident Response Manager in PwC Netherlands, to pick his brain about Business Email Compromise (BEC). Read more here.

   

 

 

Episode 39: Cyber espionage | Privacy miniseries

We’re continuing our new miniseries about privacy with cyber security researcher Hanna Linderstål. 

Hanna is the Founder and CEO of Earhart Business Protection Agency, a company providing research for governments and organisations on disinformation and online threats. Read more here.

   

 

 

Episode 38: Your phone is spying on you | Privacy miniseries

Do you know what your favourite apps are doing with your data? And who exactly are these entities that are capitalising on selling this kind of information?

We’re kicking off our new miniseries about privacy with investigative journalist Martin Gundersen. Read more here.

   

 

 

Episode 37: DNS security with Quad9

This episode, Robby welcomes John Todd, Executive Director of the non--profit organisation Quad9. Quad9 is a free, recursive DNS solution that partners with threat intelligence providers from all over the world to block websites that try to harm our computers (through things like malware, spyware, botnets, phising sites, etc.). Read more here.

   

 

 

Episode 36: Nuclear cyber security | OT miniseries

We’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space.This time, Robby is joined by Nicholas Burnet and Guido Villacis from EDF Energy, Europe’s largest nuclear provider. Read more here.

   

 

 

Episode 35: IT Security Is From Mars, Software Security Is From Venus
We're kicking off 2021 with a timely conversation about software security, this time with two individuals that are more than qualified for the job - Dr. Daniela S. Cruzes and Espen Johansen. Read more here.

   

 

 

Episode 34: Technology isn't the problem | OT miniseries
For our last episode in 2020, Robby is joined by Mitchell Impey, ICS Security Analyst at the Danish Energy and Telecommunications company Norlys. Read more here.

   

 

 

Episode 33: SIEM is DEAD?
Ready to time travel through the last 20 years of security monitoring? To guide us we have Dr. Anton Chuvakin, recognized security expert and the man behind EDR! Read more here.

   

 

 

Episode 32: Security Assurance
For podcast guest this week is a veteran in the IT space in the financial sector, and has extensive experience communicating security postue to stakeholders. Erik Blomberg, CISO in the Swedish Handelsbanken, chats with Robby about what management really is wondering about, and how to communicate the value your security team is delivering to the organization. Read more here.

   

 

 

Episode 31: When security hits the fan
For this episode, Robby welcomes Morten Weea from mnemonic’s Threat Intelligence team. Morten is a PhD candidate researching decision-making in incident response and an experienced Incident Handler that often works with advanced persistent threats (APTs). Read more here.

   

 

 

Episode 30: Financial Cyber Crime
For this episode, we're happy to have Sebastian Takle from the DNB Financial Cyber Crime Center (FC3) with us to share how one of the largest banks in the Nordics work with Threat Intelligence. Read more here.

   

 

 

Episode 29: Feature velocity > software securtiy?
For this episode, Robby has invited a veteran to the software security game. Nick Murison, Security Practice Lead at Miles. Read more here.

   

 

       

Episode 28: Forensic Readiness | OT miniseries
We're continuing our Operational Technology (OT) miniseries where we look at the security challenges in the OT space. This time around, Robby's invited a fellow security podcaster and former Head of Forensics at Volvo, Rikard Bodforss. Read more here.

   

 

       

Episode 27: Misconceptions of Threat Intelligence
In this episode, Robby talk to the former Director of the national communications and secure agency in the Netherlands, Job Kuijpers, and his colleague and trusted advisor for Threat Intelligence. You'll hear about the most common misconceptions about threat intelligence and how much and what should be automated in threat intelligence - and what shouldn't. Read more here.

   

 

       

Episode 26: OODA Loops with Open Source
This time, Robby has invited his most recent online friendship and the uncrowned king of open source, Simon Simonsen, to the podcast. Simon also happens to have a lot of experience developing and utilising security architecture defense strategies, or as he calls it; utilising your home court advantage. Read more here.

   

 

 

Episode 25: Security validation
How can we prove cybersecurity effectiveness?

With USD 124 billion being spent worldwide on IT security last year alone, it's no wonder this is a question many would like the answer to. However, finding a quantitative metric to evaluate security investments, outside of positive effects like diminishing risks and reducing the amount of bad things happening, is not straight forward. Read more here

   

 

 

Episode 24: A shared responsibility
For this Norwegian episode of the mnemonic security podcast, Robby and co-host for the day, Manager of Governance, Risk & Compliance at mnemonic, Gjermund Vidhammer, are joined by two major actors in the Norwegian cyber landscape: Robin Bakke, Specialist Director for Cyber Security at the Ministry of Justice & Public Security, and Bente Hoff, Director National Cyber Security Center (NCSC) at the Norwegian National Security Authority (NSM). Read more here.

   

 

 

Episode 23: Data science and security visibility
In this episode, Robby is joined by Jeff Barto. He is Chief Security Officer at a large hedge fund in the US, has worked in security for over 20 years and has a lot of experience asking himself the question "how much data is enough?". Read more here.

   

 

 

Episode 22: KPIs vs. Empowerment
In this episode, Robby chats with someone that's had a lot to do with KPIs, both in his position as former Head of government CERT in Denmark (GovCERT), as well as a SOC analyst for more than 10 years. Read more here.

   

 

 

Episode 21: A chat with KraftCERT | OT miniseries
Who better to continue our Operational Technology (OT) miniseries with than KraftCERT, the Norwegian Energy and Control System CERT. Read more here.

   

 

 

Episode 20: Why should you care about PAM?
For this episode, Robby has invited two experts that see privileged access management (PAM) from two different viewpoints. Read more here.

   

 

 

Episode 19: You can't protect what you don't know you have | OT miniseries
In this episode, we continue our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time, Robby chats with PhD Andrea Carcano on the importance of visibility in OT environments. Read more here.

   

 

 

Episode 18: Turning users from targets to defenders
In this episode, Robby chats with Erlend Gjære, CO-founder and CEO of Secure Practice, on how to turn an organisation's users into its last line of defense against email threats. Read more here.

   

 

 

Episode 17: OT's role in a CISO's world | OT miniseries
In this episode, Robby wants to know how a CISO handles the challenge of securing both IT and OT environments. Read more here.

   

 

 

Episode 16: Microservices, in theory and practice
In this episode, Robby chats with two people from mnemonic that are highly passionate about microservices; security researcher Andreas Claesson and Head of Development of our Argus security platform, Joakim von Brandis. Read more here.

   

 

 

Episode 15: To SOAR, or not to SOAR? (Part 2)
In the second part of our mini series about SOAR, Robby chats with a gentleman that was referred to as The Godfather of SOAR in the first episode of the series. Read more here.

   

 

 

Episode 14: To SOAR, or not to SOAR? (Part 1)
In this episode, we chat with Tibor Földesi, Security Automation Analyst in Norlys, one of the largest Telco & Energy companies in Denmark. At Norlys, his main motivation is to get more time to enjoy his coffee, which directly correlates with his ability to automate what can be automated. Read more here.

   

 

 

Episode 13: Securing healthcare data while studying COVID-19
In this episode, we chat with people in charge of the healthcare and sensitive data collected in what is amongst the world's largest COVID-19 studies to date. Read more here.

   

 

 

Episode 12: IAM these days
In this episode, we chat with our friends in SailPoint, Equinor and the University of Copenhagen to hear their thoughts about the state of the market regarding Idenitity, Access and Governance. Read more here.

   

 

 

Episode 11: Bug Bounties and Unicorns
In this episode, we speak with a security expert that is actually willing to pay money to "hackers" - the Product Security Director in Visma, Espen Johansen. Read more here.

   

 

 

Episode 10: Hack my (hard-coded) heart
In this episode, we chat with the former Head of the SOC at the Norwegian National CERT, and current member of mnemonic’s Threat Intelligence team. She also happens to have a personal interest in the "Internet of Things" and medical devices. Read more here.

   

 

 

Episode 9: Super CISO! With 300 brand to secure
In this episode we chat with the CISO of consumer goods conglomerate Orkla - Antonio Martiradonna. Read more here.

   

 

 

Episode 8: Securing our financial future
In this episode we pick the brain of a Senior Vice President and CISO for a multinational insurance enterprise – Bjørn Watne of Storebrand. Read more here.

   

 

 

Episode 7: Out of control
In this episode we chat with two of the main contributors to the #OutofControl report, Finn Myrstad, Digital Policy Director for the Norwegian Consumer Council and Tor Bjørstad, Application Security Lead in mnemonic. Read more here.

   

 

 

Episode 6: Cyber Insurance for Y2K
In this episode we chat with a cyber insurance underwriter for one of the largest insurance enterprises in the Nordics - Erlend Hjelle from Gjensidige. Read more here.

   

 

 

Episode 5: Pentesting these days - Crowdsourcing
In this episode we chat with a hacker for hire aka pentester for mnemonic - Harrison Sand. Read more here.

   

 

 

Episode 4: Special Edition: Under the hood of Argus
In this episode we interview one of the founding fathers of the Argus platform - Joakim von Brandis. Read more here.

   

 

 

Episode 3: Cloud security with an angel
In this episode we chat with Angel Alonso, a CISO for hire and team lead for the Governance, Risk and Compliance department in mnemonic. Read more here.

   

 

 

Episode 2: Boss of the SOC
In this interview we interview the boss of the SOC - Stig Nordby in mnemonic. Read more here.

   

 

 

Episode 1: Sharing is caring - Threat Intelligence with ACT
In this episode we chat with PhD candidate, and former CISO for mnemonic - Siri Bromander. Read more here.