Distilled Security Podcast | Episode 3: Crowdstrike, North Korean Spies, and CISO Scapegoats

Episode 3: Crowdstrike, North Korean Spies, and CISO Scapegoats

August 12, 2024 / 01:10:52/E3

Episode 3 of the Distilled Security Podcast is here!

Join us this week as we jump into:

CrowdStrike Incident Analysis: A deep dive into a recent mishap by CrowdStrike that led to significant financial losses and operational disruptions, including 5.4 billion in estimated losses.
Vendor Accountability: Exploring the legal and financial repercussions of security vendor failures.
Business Continuity Planning: The importance of preparing for security vendor failures, including considering alternate vendors and the complexities of implementing such strategies.
Kernel-Level Security Risks: A discussion surrounding kernel-level operations in security software, focusing on the controversy between CrowdStrike and SentinelOne.
Manual Workarounds and Legacy Systems: The challenges of maintaining business operations during security incidents.
Ransomware Recovery vs. Vendor Failures: Comparing ransomware attacks' impact and recovery processes with security vendor-induced failures.
Password Management Vulnerabilities: The risks associated with dependency on password management systems like Thycotic/Delinea and LastPass, and the potential fallout if these systems experience downtime.
BSides Pittsburgh Recap: the biggest BSidesPGH event yet. Hear the notes and highlights from the conference.
North Korean Spy Hired By KnowBe4: Hear how a spy for N. Korea got by the defenses of KnowBe4, how they caught them, and steps they implemented to avoid this in the future.
CISOs as Scapegoats: Are CISOs being pegged as scapegoats unfairly?