Defensive Security Podcast Episode 272

Links: https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach https://www.csoonline.com/article/2512955/us-supreme-court-ruling-will-likely-cause-cyber-regulation-chaos.html/ https://sansec.io/research/polyfill-supply-chain-attack https://www.securityweek.com/over-380k-hosts-still-referencing-malicious-polyfill-domain-censys/ https://www.tenable.com/blog/how-the-regresshion-vulnerability-could-impact-your-cloud-environment   Transcript === [00:00:00] jerry: All right. Here we go. Today is Sunday, July 7th, 2024, and this is episode 272 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. This is a newly reestablished record twice in a week or jerry: twice in a week. I can’t believe it. Andrew: I know. Awesome. Yeah. You just had to, quit that crappy job of yours that provided income for your family and pets and you know everything else but now that you’re unemployed house But now that you’re an unemployed bum. jerry: Yeah, I can podcast all I want 24 7 I think i’m gonna become an influencer like i’m gonna just be live all the time now Andrew: you could I really I look forward to you asking me to subscribe and hit that notify button. jerry: That’s right. Hit that subscribe button Andrew: Like leave a rating and a comment jerry: like and subscribe All [00:01:00] right getting with the program we’re we’re getting back into our normal rhythm. As per normal, we’ve got a couple of stories to talk about. The first one comes from Dark Rating and the title is, A CISO’s Guide to Avoiding Jail After a Breach. Andrew: Before we get there. Andrew: I want to throw out the disclaimer that thoughts and opinions do not reflect any of our employers, past, present, or future. jerry: That’s a great point. Or, my cats. Andrew: Unlike you, I have to worry about getting fired. jerry: I still have a boss. She can fire me. Andrew: That’s called divorce, sir. But true. jerry: Yeah. Andrew: Anyway, back to your story. jerry: Anyway, yeah. CISO’s Guide to Avoiding Jail After a Breach. So this is this is following on a upcoming talk at, I think it’s Black Hat talking about how CISOs can try to insulate themselves from the [00:02:00] potential legal harms or legal perils that can arise as a result of their jobs. It’ll be interesting to see what’s actually in that talk, because the article itself, in my estimation, despite what the title says, doesn’t actually give you a lot of actionable information on, How to avoid jail. They do they do a quote Mr. Sullivan, who was the CISO for Uber. jerry: And they give a little bit of background and how it’s interesting that he he is, now a convicted felon. Although I think that’s still working its way through the the appeals process. Though he previously was appointed to a cybersecurity board by president Obama. jerry: And before that he was a federal prosecutor. And in fact, as the article points out, he was one of the process, he was the prosecutor who prosecuted the first DMCA case, which I thought was quite interesting. You didn’t know that about him,