Cybersecurity After Dark | Episode 2

In the second episode of Cybersecurity After Dark, Sean McDermott, CEO of Windward Consulting Group, and Dan Williams, Cybersecurity Strategist at RedMonocle, discuss the threat landscape and what it means for cybersecurity leadership teams. 

Topics covered in this episode include:

  1. The SolarWinds hackers strike again! iOS vulnerability allows hackers to target Western European leaders
  2. What it takes to be a transformational CISO and create change

Let’s take a deeper dive into the article topics and the takeaways from Dan and Sean.

Topic 1:  iOS impervious to attacks?  Hackers say “nay!”

Recently, threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.  Researchers weighed in on how the attackers exploited the vulnerabilities before reporting to the vendors.  The Safari WebKit flaw, tracked as CVE-2021-1879, enabled the processing of maliciously crafted web content for universal cross-site scripting and was addressed by Apple in an update later in March 2021.

“From Russia with love…” – how the hackers did it

According to the Wired article, Russian-language threat actors (Nobelium) were exploiting the vulnerability in the wild by using LinkedIn messaging to send malicious links that could collect website-authentication cookies and more. Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones

The campaign mirrored a similar attack on Microsoft in May – The SolarWinds supply chain attack – connected to USAID (the government agency that administers civilian foreign aid and development assistance).

Why are zero-day attacks on the rise? 

2021 has seen 33 zero-day flaws so far, which is 11 more than the total number from 2020. Google researchers “believe greater detection and disclosure efforts are also contributing to the upward trend.” Other contributing factors include: 

  • The increase and maturation of security technologies and features means attackers also have to level up
  • The growth of mobile platforms means an increase in the number of products that threat actors want to target
  • The maturation of security protections and strategies inspires attackers to get creative

Sean and Dan’s Key Takeaways:

  • Apple does a good job of focusing on privacy; Yet, even companies like that are vulnerable and the general public, as well as tech leaders, still don’t get that. This event goes to prove that no system is impervious to a cyber attack
  • This Apple “breach” is a wake-up call that we need to pay attention to and funnel funds and resources into securing earlier rather than later.  
  • While there are more tools available for managing Windows, future software distribution and policy for Macs may change rapidly as hackers continue to target the iOS system. This won’t be the last iOS attack!

Topic 2:  What it takes to be a Transformational CISO and drive change 🦸

In this article from Threatpost, Curtis Simpson, CISO at Armis, discusses the evolving role of the CISO and how they are no longer siloed to the security of a company, but part of the business leadership team. The increased interdependence between the physical, digital, and cybersecurity worlds demands a leadership position that combines both the technical know-how and the ability to recognize security priorities from a business perspective.  As the digital threat landscape continues to evolve and remote work environments grow commonplace, the chief information security officer (CISO) must evolve as well.  But what does it take to be a CISO these days?   

Top qualities of a CISO

Cybersecurity is a dynamic field that requires rapid, experiential decision-making, organized thinking, and the ability to strategically communicate to a non-security audience.  These qualities are second nature to most CISOs.  

Additionally, in order to succeed as a CISO in today’s digital world, here are the top characteristics that all CISOs need to excel:

  • Matchmakers
  • Relationship builders
  • Servant leadership
  • Advocates

Where is the CISO role headed? 

Once upon a time, CISOs generally focused on security strategy, but that landscape has expanded so much more beyond the IT infrastructure. Now, the role of the CISO includes threat prevention as well as creating systems that work for business.

In this way, the role is evolving into the “jack of all security and business trades”. And as the digital landscape continues to expand to parts of the business endeavors and goals, the CISO’s depth and breadth of knowledge regarding business, its underlying technology, and core risks will jettison them to be viewed as a peer of the CIO.

Sean and Dan’s Key Takeaways:

  • Forrester has been conducting a lot of research on the future of the CISO position.  One piece of information from the research is that there are six types of CISOs: transformational, post-breach, tactical-operational, compliance risk, steady-state, and customer-facing evangelists.
  • Piggybacking off of the ideas from the article, the CISO really does have to be able to communicate from the top-down throughout the company.  When you have a “deputized” workforce that is held accountable for the security of the company, you need someone like a CISO to really translate technical language to non-tech people. 
  • Speaking the language of the C-suite is imperative for a CISO to communicate the business value and business risks of cybersecurity initiatives.

Catch the full details from Cybersecurity After Dark

Watch the Episode

Nichole Kelly

Nichole Kelly

Vice President of Growth

Nichole Kelly brings over two decades of experience in growing organizations top line and bottom line revenue. As one of the leading marketing influencers she is the author of "How to Measure Social Media" and has traveled the world teaching marketers how to build and execute ROI-driven marketing strategies at every major marketing conference. Also an entrepreneur, Kelly was also the founder of SME Digital, a digital marketing agency that was sold to Renegade Marketing.

Kelly leads an active life of service and is the founder of The Bipolar Executive blog and podcast. This project is  designed to help shift the conversation around mental illness to one of mental wellness in Corporate America. 

Kelly holds a Bachelor’s Degree in Business Administration with a minor in Marketing from Saint Leo University.

Connect on my blog The Bipolar Executive

Connect on LinkedIn

Chris Schroeder

Vice President of Engineering, Co-Founder

Chris Schroeder has over 25 years of experience in large complex IT environments from the Fortune 500 to the federal government. Chris has an extensive technology background in mobility, infrastructure operations, and data analytics. Schroeder is a seasoned entrepreneur and co-founder of App47 and the Vice President of Engineering and co-founder of RealOps (sold to BMC).

Chris is an active volunteer in his community coaching boys and girls lacrosse, supporting high school STEM programs, and serving on the Pastoral Council. 

Schroeder holds a Bachelor’s Degree in Computer Science from Radford University and a Masters Degree in Technology Engineering from George Washington University.

Connect on LinkedIn

Sean McDermott

President & CEO, Founder

Sean McDermott’s curiosity for advancing technology began at his first job as a network engineer/architect installing and managing the first private internet for the U.S. Department of Justice. At a time when the internet was just taking off, McDermott was at the forefront and has continued to be on the cutting edge of technology leading Fortune 500 companies through the dot-com bust, 9/11 and the 2008 recession. Sean has over three decades of experience working with CIOs in the Fortune 500 to trail blaze innovation and protect the IT infrastructure of the largest commercial and federal organizations in the world. 

McDermott is a mission-driven, serial entrepreneur who founded Windward Consulting Group, RealOps, Inc. (sold to BMC), App47 and RedMonocle. He is also the founder of the Windward Foundation and Alzheimer’s Caregiver Alliance, an organization dedicated to easing the burden of caregiving for individuals and families touched by Alzheimer’s disease.

McDermott is a member of the Forbes Tech Council and has been featured in Security Boulevard, TechRepublic, IT Visionaries, APM Digest, Inside BigData, DevPro Journal, IT Toolbox and more. He  holds a Bachelor’s Degree in Electrical Engineering from Villanova University and a Masters in Engineering Management from The Catholic University of America. 

Connect on my blog Wheels up World 

Connect on LinkedIn