Ransomware and Incident Response (with Ben Johnson)

Jan 16, 2017

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 33

GUEST:Ben Johnson

January 16, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Ransomware and Incident Response (WITH Ben Johnson)

SHOW NOTES

PART 1

Joe introduces Ben and they briefly discuss Ben’s experiences and Carbon Black and how it came about. We will be discussing Incident Response a little later. Instead of talking about the news, we discuss Ransomware in 2016 and 2017. We talk about the Ransomware problem. Ben discusses the role of awareness in preventing Ransomware. We discuss the cultural impact of awareness and the do’s and dont’s of building an awareness program. Joe and Ben talk about non-punitive measures in programs and empowering employees. Ben tells us about fallacies like Full Disk Encryption being an absolute answer to Ransomware.

PART 2

Ben defines EDR (Endpoint Detection and Response) and the transition from “just anti-virus.” He talks about detection and response vice reaction when doing Incident Response. We talk about critical and high risk positions and roles such as HR, Finance, Accounting, Contracting, and Editors and specific concerns for each. Ben gives us a devious idea about stealing metadata from PDFs from Job Announcements and other documents to use against organizations in OSINT and Social Engineering. We transition into a brief rant about Cloud Security and the lack of controls. Ben teaches us about black listing and white listing.

PART 3

Ben tells us about the difference between EDR and IDR (Incident Detection and Response). Joe asks Ben about his thoughts about Threat Hunting. We shift the discussion to successful implementations of Threat Hunting. Ben talks about subtle successes in Threat Hunting via identifying risk and threats that are not as obvious as things like attackers and APT. We talk about good hacker/information security mindsets that yield success. Ben arms us with advice to be successful in information security and “getting your hands dirty.”

ABOUT Ben

Ransomware and Incident Response (with Ben Johnson) — Ben Johnson

Ben Johnson is co-founder of Carbon Black and now an Executive in Residence for Ten Eleven Ventures as he flushes out his next company. When at Carbon Black, Ben was CTO and Chief Security Strategist, where his duties including early development, building the technical team, setting the product vision, and then evangelizing and spreading the company message and offerings around the world to prospects, customers, and partners. Prior to Carbon Black, Ben worked at NSA and then a defense contractor as an intrusion engineer. Ben’s passionate about security, technology and entrepreneurship. Ben has two computer science degrees (University of Chicago and Johns Hopkins University), and he currently teaches a masters level course in entrepreneurship at the University of Chicago. Aside from all this, Ben enjoys being involved with other security startups as an advisor or board member. Ben lives in Chicago.

CONTACTING Ben:

Twitter: @ChicagoBen

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner