Dr. John Johnson describes why he created the wildly popular cybersecurity conference, CornCon! It was first held in 2015, in Davenport, Iowa on the banks of the Mississippi River. He also describes the goals for the conference, how it is unique from others in offering a children’s hacking bootcamp, and a hacking contest for teens, along with two days of sessions and activities for professionals. Rebecca is also excited to be a speaker with her talk, “It’s Not Always a Rattlesnake Just Because It Rattles: Everything I Learned About Risk Management I Learned on the Farm,” and picks John’s brain to get some tips. Plus, a Bill Murray after-party…oh, yeah, we’re there! Please listen in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #PersonalData #Awareness #Education #Compliance #Law #JohnJohnson #CornCon #ProfessionalDevelopment

Do you see a need for more privacy in certain areas of your life? Or within certain industries? Or throughout society? Well, don’t just sit there; get up offa that thing, and get that new privacy law drafted into a bill, and then passed into law! It’ll make you and everyone else who cares about privacy feel better, while also strengthening privacy protections. Want to know how? Tom Kemp, author of the newly released book, “Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy,” is on the show to tell you how! . Please listen in! . . #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #PersonalData #Awareness #Education #Compliance #Law #TomKemp

April describes the horrific harms that romance scammers caused her mother while terminally ill with cancer, and Kathy describes the upcoming World Romance Scam Prevention Day that her organization established. A must-listen-to episode!

The EU General Data Protection Regulation (GDPR) has been in effect for 5 years now. What have been the impacts to organizations who must comply? What have been the penalties applied? And for what specific non-compliance issues? Which EU country has been most active in applying GDPR non-compliance penalties? Have there been any countries where no fines/penalties have been applied? What is the largest GDPR fine/penalty to date and to what entity was it applied? What was it for; which GDPR Article(s) were violated? Rebecca speaks with Tara Taubmann-Bassirian, a well-known GDPR expert and Privacy Hero of the Year award winner to get answers to these, and more questions. Please listen in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #GDPR #Compliance #EUPrivacy #PersonalData #Law

Everyone is at risk of cybercrime, privacy breaches, and associated physical risks. Individuals in their personal lives, as well as businesses and their employees within work areas…which are often in homes, and other locations outside of physical business facilities…are at risk. Each and every one of them needs to understand how to recognize information security and privacy risks, and basic ways to mitigate those identified risks. But most folks don’t know how to do this. More needs to be done to raise awareness of these important life-encompassing risks if we have any chance at all of slowing down and preventing security incidents and privacy breaches. We dedicate this episode to supporting that goal! In this episode Rebecca has a highly informative discussion with Ron Woerner, a noted international consultant, keynote speaker, teacher, blogger, and writer in the Privacy and Cybersecurity industry. The show starts with the inaugural episode of the new game show, “Mitigate! That! Risk!” Discussion then covers the following: • What are risks in personal lives, as opposed to in business? • What is risk management? • What has been the most significant change in risk management since Ron started his security and privacy career? • What has stayed the same for risk management since the beginning of Ron’s career? • What is zero trust, as it relates to risk management? • What is data centric security, as it relates to risk management? • And more… Please listen in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #RiskAssessment #RiskAnalysis

In this episode Rebecca continues answering a few more of the hundreds of questions she has received from listeners and readers throughout the past few months, covering a wide range of topics. Some of the questions include: • What happened to those men, bar owners, who were arrested for stalking a woman by using digital tracking devices there in Des Moines, Iowa? Did they go to prison? What laws apply? Hear Rebecca’s answers, in addition to other associated news and points about IoT trackers, and how to identify if they are stalking you. • The FBI and FCC recently warned that those free USB charging stations in public spaces, such as airports, hotels, hospitals, etc., can have devices hidden within them to steal data, spread malware, etc. Didn’t you discuss this in a previous episode? What are some other ways to prevent such skimmers from stealing data? What other harms can result from such skimmers and modified charging cords? Rebecca answers these, and provides some additional helpful information for this threat. • A family member was a victim of check washing! Are there any more tips you have about how to prevent check washing that you can provide in addition to those your described in your December 2022 Privacy Professor Tips message? • I received a pretty “smart” necklace for Hanukkah that, if you press the button on the charm twice, texts and GPS location will immediately be sent to up to five friends/family members to let them know help is needed. With an option to also contact 911. It sounds like it could be extremely privacy-invasive. What tips do you have for me to use this in a secure, privacy-protecting way? Rebecca provides several suggestions, along with a real-life case of IoT being used to track down an assault victim. • Do you think AI and ML will help to reduce financial cybercrime or make it worse? Rebecca’s answer may surprise you! • And more… Rebecca provides answers that all listeners, anywhere in the world, can use. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime #AI #ArtificialIntelligence #ML #MachineLearning #CheckWashing #StalkingLaws #CyberStalking #USBSkimmers #JuiceJacking #Malware

AI has quickly become pervasive in all our lives. But, how can it impact us? Consider a couple of examples. Lensa is an app that takes real photos and uses AI to make art images from them. Millions have used it. Others are concerned about the related privacy and intellectual property rights problems it creates. Lensa uses a huge open-source collection of data to train its AI that contains than 5 billion publicly accessible images that it categorizes as “research.” However, it not only includes copyrighted work, but also personal medical records and images, as well as disturbing images of violence and sexual abuse, many from police reports. This creates privacy, copyright and other intellectual property rights, legal and compliance concerns. Another AI tool, ChatGPT, surpassed 100 million users early in 2023 and is creating a large and growing number of concerns about security, privacy, intellectual property and legal risks. Use of artificial intelligence (AI) is predicted to grow by more than 25% each year for the next five years and could contribute over $15 trillion to the global economy by 2030. Many questions need to be answered about AI! Listen in to hear my conversation with Pamela Gupta about a wide range of AI issues. • Who is ensuring the AI algorithms are secure? And accurate? • What happens if someone’s private photos show up incorporated into an AI generated image? • What are the privacy risks? • What are the security risks? • What are the ethical considerations for AI use? • What are the dangers of biased AI? • What are the “Essential Trusted AI Pillars”? Pamela answers these and many more questions. See more about Pamela Gupta at https://www.outsecure.com/. #PamelaGupta #AI #ArtificialIntelligence #ChatGPT #Lensa #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Cybercriminals

Bryan Denny served as an officer in the U.S. Army for 26 years. In 2016, Bryan’s photos were stolen and used to build thousands of fake profiles. Kathy Waters has logged over 4,000 volunteer hours helping those like Bryan Denny whose identity has been stolen, as well as the women and men who have fallen victim to the scammers. Each day new headlines report the financial and emotional destruction that romance scammers wreak on their victims’ lives, who include both the targeted victims of the scams, and those whose images are used by the criminals to commit the crimes. Listen in to hear my riveting conversation with Bryan Denny and Kathy Waters as they describe the vast amount of damage romance scammers are increasingly causing. • How did Bryan discover his identity was being used for romance scams? • How did Kathy get involved with helping hundreds of romance scam victims? • What tactics do romance scammers use? • What are some of the real-life experiences of romance scam victims? • Why are romance scammers so successful with their crimes? • How can you spot a likely romance scammer? • To what groups, agencies, etc. should romance scammers be reported? Kathy and Bryan answer these and many more questions. See more about Kathy Waters and Bryan Denny at https://advocatingforu.com/meet-the-board #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #IDTheft #IdentityTheft #IDFraud #IdentityFraud #Cybercriminals #RomanceScams #ScamVictims

It has been almost three years since Rebecca has done a show answering listener questions; it is time she did another one! In this episode she answers a wide range of questions. Some of the questions include: • Why are location trackers (Apple Airtag, Tile, etc.) bad from a privacy perspective? They aren’t even sending any personal information; just location. Should they be outlawed if they are actually bad? Listen in to hear not only her answer, but how she explains what engineers need to consider in the design of these, and other types of, IoT products. • How do you think the Dobbs decision was leaked last year from the US Supreme Court? Rebecca provides some insightful theories that have not yet been discussed anywhere else! • Some spam blockers, like AOL spam blocker, are not effective against email addresses. How can more email spam be blocked? Rebecca provides some good advice in response. • How can spoofed emails be prevented? Everyone needs to hear Rebecca’s answer to this. • Should spoofed emails be reported? To where? Rebecca provides answers that all listeners, anywhere in the world, can use. Listen in to hear the answers to these, and more, questions. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime

Everyone is a target for identity thieves. Even the most brilliant cybersecurity and privacy experts. Why? One significant reason is because when those organizations and individuals who possess and use your personal data do not effectively secure that data, they leave it vulnerable, leaving YOU at the mercy of cybercrooks. Listen in to hear my riveting conversation with Christine Abruzzi, cybersecurity expert with 30 years of experience, and owner of Cacapon Cyber Solutions describe her current real-life experiences in helping a family member who is an identity theft victim. • What tipped them off that something was wrong? • How they first react and respond? • How did this identity theft situation occur? • What actions are they taking to clean up the victim’s credit files? • What are the lessons learned? • How can listeners protect themselves, family and friends from being identity theft and fraud victims? Christine answers these and many more questions. See more about Christine at https://www.linkedin.com/in/christine-abruzzi-738aa913/ See the identity theft & fraud resource list mentioned during the show at https://privacysecuritybrainiacs.com/privacy-professor-blog/ It will be posted on 1/7/2023 #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #IDTheft #IdentityTheft #IDFraud #IdentityFraud

Are you armed with the privacy and security knowledge and awareness necessary to identify all the holiday scams and cybercrooks that emerge and try not only new scams and crimes, but also all the same scams and crimes that have proven to be effective year after year for decades? Are you prepared to help those to whom you give tech gifts so that they use them in the most secure and privacy-protecting way possible? Can you secure those tech gadgets that you receive as gifts to keep the hackers from accessing them and using them to steal your money or commit identity fraud to basically steal your life? You all need to maintain a high-level of awareness and knowledge about privacy and cybersecurity for your life during the holidays. Listen in to hear my conversation with two cybersecurity and privacy experts answer these and many more questions. Cheryl Jackson and Todd Fitzgerald have spent their entire careers dedicated to educating and raising the awareness of security and privacy issues for their co-workers, clients and the general public. Todd and Cheryl also share a huge amount of information about awareness events and education they’ve provided over the years, including those that were huge successes, and a few they were not so successful, and describe why. Please tune in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #HolidayScams #PersonalData #Awareness #Education

Everyone is inundated with robocalls! Many of them are legitimate, such as those providing notifications about environmental threats such as hurricanes and tornadoes. And those giving alerts about missing persons. And there are many others that are legal, but can still be quite annoying, such as from political candidates. There are also increasingly more robocalls that are used to commit scams and a wide range of crimes. Security expert Ben Rothke is fed up with all these robocall scammers! Ben has been researching this longtime, and constantly evolving scam for many years. In fact, he has amassed over 100 recorded scam calls that he provides to the public to raise their awareness for identifying these scammers. During this episode Ben describes many different ways that robocalls are used to commit crimes. Such as for spreading ransomware, gaining access to bank and other types of financial accounts, tricking people into buying high-dollar items, or for compelling the targeted robocall victims to send the crooks money. Listen in to hear Ben discuss these and many more different types of robocall crimes, and the tactics used. Mr. Rothke will also describe the overall problem, the security and privacy risks that they can bring, and what needs to be done to get rid of this scourge. Please tune in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #RoboCalls #RobocallCrimes #RoboCallScams #PersonalData #Awareness

At this time in our current enlightened period in history, we're actually not enlightened with regard to cannabis benefits, medicinal uses, how to debunk disinformation that has been being spread since the 1930s, and how to protect the privacy of cannabis users, as well as their associated personal data, and the business data of the dispensaries. Have you used cannabis, of any kind in any form? Have any of your family members or friends? For recreation and/or for medicinal purposes? Do you know how or if the associated data you provided to the dispensaries was protected, shared, and used? At least 38 U.S. states, along with Washington, D.C. and 16 US territories, have legalized cannabis of some type, in some way. Want to hear which ones? Do you know which of these laws include requirements for privacy and/or data security? Do you know the current status of federal regulations for cannabis legalization? Including how HIPAA may or may not apply? Do you know what the difference is between cannabis, medical cannabis and marijuana, if any? What about the differences between CBD and THC? Do you know the medical benefits of cannabis? Do you know the ways in which the cannabis dispensaries put your data at risk? And your privacy at risk? Were you aware of the recent data privacy breaches at cannabis dispensaries? Or, about a huge security flaw that allowed 85,000 cannabis dispensary customers’ personal data to be searchable and viewable online, by anyone? Do you realize the harms that could occur to those whose personal data and associated cannabis purchasing history and related details were obtained by others? Or, if even just the financial data of a cannabis store was breached and used by competitors? Hint: They are significant! Popular guest and medical cannabis security and privacy expert Michelle Dumay returns for this fourth in a series of shows about current cannabis laws and regulations, personal data privacy and security risks involved with in-person and online sales, and provides some wise advice for all these issues. Please tune in to hear this enlightening discussion! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #MedicalCannabis #Cannabis #Laws #Marijuana #WackyTobaccy #Dispensaries #Breach #PersonalData #HIPAA #CBD #THC

Many claims have been, and still are being, made about elections and voting security, more than ever since the 2020 election. Some claim there was widespread “voting fraud.” While no process or technology, of any kind for any purpose, is 100% secure, the 2020 general elections were determined through audits and assessments by dedicated elections workers, federal and state civil servants, and cybersecurity experts, to have been the most secure in history, based on the combined results of over a thousand audits and risk assessments. However, as misinformation grows, and increasingly more types of voting devices are used, elections officials must ensure security is continually be monitored, updated and improved to address newly discovered vulnerabilities and threats. Here are some facts important to know up front: Voting machine equipment, standards and procedures vary greatly from state to state, and even county to county. And, there is great diversity in the types and ages of the over 100,000 voting machines used throughout the U.S. These facts make it necessary to perform ongoing review and assessment of voting machines and procedures physical security, cyber security, and procedural security. Just a few key issues that must be considered for elections and voting technology security include: • How widely are voting security standards used by the over 100,000 polling locations throughout the U.S.? Who provides oversight of this? • Who are “insiders” within the election and voting ecosystem? And, what types of insider threats exist that need to be addressed? • Is the internet a threat vector to voting systems? Are the voting systems ever connected to the internet? • In what ways are voting procedures throughout the states and territories different? Would committing widespread fraud be possible? • What are actions can elections officials and workers take to better protect voting systems, and the full elections process? • Where can U.S. states and territories obtain help to strengthen the security of the technologies, activities and physical components of the elections systems? Listen in to hear Marci Andino, the Sr Director, Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) at Center for Internet Security, answer these questions, and more! #Cybersecurity #Privacy #RiskManagement #Education #MarciAndino #CISecurity #Voting #Elections #Democracy #VotingSecurity #ElectionsSecurity

In the news every day are security incidents and privacy breaches caused by software programming errors, sloppy practices, lack of sufficient testing, and many other engineering-, coding-, and programming-related reasons. This has been progressively getting worse for the past 40, 50 years as technology has been proliferating, along with code, and different programming languages. Case in point: At the root of most Zero Day exploits is unsecure software code, created by programmers and coders who did not create the code to be secure to begin with. For the past several years the US Cybersecurity and Infrastructure Security Agency (CISA), has published their Top 25 Most Dangerous Software Weaknesses list. When looking at this list, it is clear that most, if not all, are a result of poor coding practices. A lack of secure coding! These software weaknesses are getting worse, not better, as time goes on! Listen to this episode to hear expert, pioneer, current practitioner and thought-leader for software security, Dr. Mich Kabay, discuss many of real-life examples of poor coding that have resulted in problems, incidents and breaches, occurring long ago and up through those that are still occurring today. And, hear how code can be made more secure. We will also go through as many of the CISA top 25 dangerous software weaknesses as time allows to point out the coding errors and problems that made the software weak, unsecure, and dangerous. All software engineers, programmers and coders do not need to be cybersecurity experts. However, all of them *DO* need to be experts in secure coding and the applicable security and privacy standards involved in the software development life cycle (SDLC). #SecureCoding #Cybersecurity #Privacy #RiskManagement #Education #MichKabay #ZeroDay #SDLC

There are an estimated 20 – 30 billion “smart” internet of things (IoT) devices currently used in the world. Most of them are listening devices, meaning everything heard within the vicinity of the device is sent to cloud systems, analyzed, and actions are taken. This number is projected to increase to 75 – 100 billion by 2025. This data and results of artificial analysis (AI) using the words and conversations of people, and sounds, in the vicinity of the device are sent to numerous, sometimes thousands, of other third parties who then perform their own data AI and take even more actions. In most cases profiles about the individuals are made using the IoT data and AI results that are used for making many assumptions about, then taking activities impacting, the associated individuals. Targeted marketing. Loan rates and approvals. Health determinations. Deciding who is a good or bad parent. Identifying pregnancies. The list is unlimited. Even real-life activities described in science fiction, such as determining those who, in the future, are likely to commit crimes, likely to get a disease, or likely to have some other significant impact. These projections are also sent to numerous entities. Those can include law enforcement, government agencies, home owners associations, political campaigns, marketers (of course!), and many others. Even ransomware gangs and other criminals are using these digital profiles to target their victims. Wait, it gets worse! Around 10% - 25% of AI results are incorrect. And when considering people of color, this number increases, due to continuing problems with bias in AI. That translates to 2 – 7.5 billion current devices sending data about those in the vicinity of the devices, who then are having erroneous profiles made about them. And, possibly actions are being taken that will harm them in some way as a result. Digital personas that are Frankenstein creations resulting from often faulty AI resulting from the use of audio voices of others, and sounds around you! In this episode, Dr. Joseph Turow, author of “The Voice Catchers: How Marketers Listen In to Exploit Your Feelings, Your Privacy, and Your Wallet,” discusses his in-depth and insightful research into this topic. Dr. Turow also provides many examples, and also provides some very good advice. Please join us for a very interesting and informative discussion! #IoT #IoTPrivacy #IoTSecurity #Stalkerware #JosephTurow #TheVoiceCatchers #VoiceAnalysis #Surveillance #AI #PersonalData #MonetizingPeople

Nation state hackers have been trying to get into the secrets stored on computers for decades. The Russian KGB has been trying, and often succeeding, to hack into computer systems before there was a publicly accessible internet; back when the Arpanet was used primarily to connect university and government computer systems. Do you know who caught the KGB in the act of their hacking activities within these computer systems when no one else, not even the FBI or the military, was interested in finding a hacker that was getting into some of the Arpanet connected computers? Why, an astronomer, of course! Tune in to hear Dr. Clifford Stoll describe in great detail how he caught the KGB hackers, without the use of network security tools (what has been used during the past thirty years didn’t exist back then!), using his brilliance and other tools available to him at the time, such as dial-up phone line modems and reams of paper printouts. Through his perseverance and patience, he was able to catch the hackers. Dr. Stoll wrote the book, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, in 1989 which provides his first-person account of his hackers-catching odyssey. A 1990 PBS documentary, “The KGB, the Computer, and Me,” provided additional information. In this episode we cover additional facts about the hack, that include more discussion of the technical and security perspectives, still applicable, and some of the specific work that Dr. Stoll did during his tracking of the wily hackers, that actually seem to have inspired some of the tools commonly used by cybersecurity pros today…that they probably don’t even realize were first established by Clifford Stoll! We also hear Dr. Stoll’s thoughts about cybersecurity, education, technology, the importance of asking questions and curiosity, the polarimetry of Jupiter at large phase angles, Klein bottles, and much, much more. See more about Clifford Stoll at https://www.ted.com/speakers/clifford_stoll. See Dr. Stoll’s paper, “Polarimetry of Jupiter at Large Phase Angles” at https://repository.arizona.edu/bitstream/handle/10150/282394/azu_td_8020326_sip1_m.pdf?sequence=1&isAllowed=y #CliffordStoll #TheCuckoosEgg #KGB #Hacking #NationState #CyberEspionage #HoneyPots #DigitalSpying #RiskManagement #CyberCrime #CyberSecurity

Assaulters and stalkers are increasingly using technologies to target, surveil, and attack their victims. IoT tech in particular is increasingly being used. • What types of IoT tech are being used to track down and ultimately attack the targeted victims? • What types of popular, tiny, inexpensive IoT devices are increasingly used by assaulters and stalkers for surveilling and then tracking down victims to abuse and assault? • In what ways are a variety of different types of IoT tech devices being used for these nefarious purposes? • How common are these types of attacks where IoT is used to facilitate these crimes? • In what ways do IoT devices provide a sense of false security, that then actually makes weaponizing them to commit crimes easier? • Why don’t more of the victims know that their IoT devices are being used by abusers and stalkers to track them down? • What aren’t there more publicized criminal court cases for these incidents where IoT tech was used to facilitate attacks on the targeted victims? • What can people do to keep from being victims of assaults through the IoT devices they use? Tune in to hear Adam Dodge, founder of Ending Technology-Enabled Abuse (EndTAB), provide answers to these and many more questions, along with valuable insights and advice. See more about Adam Dodge at https://endtab.org/about-hayden #IoT #IoTPrivacy #IoTSecurity #DomesticAbuse #AdamDodge #EndTAB #AirTags #Stalkerware #DigitalLiteracyAgainstDigitalViolence

A lot of news has been released lately about the Dirty Pipe vulnerability in the Linux OS. How is this related to UNIX? Listen in to hear Rik Farrow, the world’s most experienced and knowledgeable expert on UNIX and Linux, explain! Rik will provide his advice about careers in UNIX and Linux security, and answer a wide range of questions Rebecca has received from listeners about these topics. A few of the questions covered include: • How many versions of UNIX are there? • What makes Linux different than UNIX? • Which has more security capabilities; UNIX, Linux, Windows, Android or iOS? • How many web servers run UNIX? Or Linux? Why? • Basically, what is the Dirty Pipe vulnerability? • What types of devices are impacted by Dirty Pipe? • How to avoid being a victim of the Dirty Pipe exploit? • What about running shell scripts? Can that be done securely? Tune in to hear Rik provide valuable insights to these and many more questions. See more about Rik Farrow at http://rikfarrow.com/about/ #UNIX #Linux #DirtyPipe #Cybersecurity #PersonalData #RiskManagement #Privacy #TechCareers #SecurityCareers

There have been many reports about over-the-road trucking delays causing problems throughout the full supply chain and delaying deliveries of critical products throughout all industries. However, what about the cybersecurity and privacy risks within the transportation industry? There has been little, if any, thoughtful public discussion of the wide range of surface transportation cybersecurity and privacy risks. Cybersecurity vulnerabilities could cause many more disruptions within this critical part of infrastructures within all countries! And privacy risks within the transit system are many, but usually not recognized. These weaknesses and vulnerabilities could be exploited in ways that cause a vast array of significant harms. Hear the world’s most experienced expert in transportation cybersecurity and privacy, David Elfering, discuss the issues in this episode. We will cover: • The largest cybersecurity risks within over-the-road trucking/transit systems and supporting physical structures • The greatest privacy risks within the transportation industry • The complexity of the systems used within all components of the transportation industry, including the widespread and increasing use of IoT throughout, which also increases risks • The risks that third parties and othats within the supply chain bring to the transportation industry • Some significant cybersecurity and privacy risks and challenges with personnel in the transportation industry, that are not found in most other industries. See more about David Elfering at his LinkedIn page: https://www.linkedin.com/in/aroundomaha/ #Transportation #TransportationRisks #Cybersecurity #PersonalData #RiskManagement #Privacy #TruckingRisks #CriticalInfrastructure

Synthetic data has increasingly been in the news in recent years. It is being used for many purposes, such as training artificial intelligence (AI) models, and for more thoroughly testing software. It is also being described as a new type of privacy enhancing technology (PET). In what other ways is synthetic data being used? Do data protection regulations and other laws and legal requirements apply to synthetic data? E.g. do the associated individuals need to provide consent for organizations to use synthetic data where pieces of their personal data was incorporated? How do the Data Protection Authorities (DPAs) in Europe view synthetic data? As personal data that must be protected under GDPR? Or not? In the U.S. how about HIPAA? Is synthetic data created using health data, that is defined to be protected health information (PHI), covered by HIPAA? How can synthetic data be a PET when it is created from actual personal data? And what about synthetic identity theft? This is a growing problem. How is synthetic data involved with that? Couldn’t this data be used for such crimes? Is identifiability a risk with synthetic data? Why or why not? What are other types of privacy risks with synthetic data? How is synthetic data use evolving? Listen to this discussion to hear answers to these, and many more questions about synthetic data use, risks, and benefits. The use of synthetic data is increasingly exponentially, so the time to learn more is now! See more about Dr. El Emam at replica-analytics.com. #SyntheticData #PersonalData #RiskManagement #Privacy #ReplicaAnalytics #KhaledElEmam #GDPR #HIPAA

The Log4j security vulnerability is likely a result of insufficient secure coding and/or testing practices for software that is used in billions of devices worldwide. This vulnerability is now being actively exploited, causing a wide variety of security incidents and privacy breaches. New attacks are announced weekly, and sometimes daily, that are exploiting that vulnerability. How did such a dangerous vulnerability make its way into billions of devices? Hear a preeminent applications development and cybersecurity expert, Dr. Mich Kabay, explain Log4j, how the Log4j vulnerability could have been prevented, and the ways in which similar vulnerabilities can be prevented. We also discuss open source software code security in general, the different types of tests that are used to validate open source software code, and the criticality of doing thorough tests before putting software into production. See more about Dr. Kabay at mekabay.com. #Cybersecurity #RiskManagement #Privacy #SecureCoding #Log4j #OpenSourceCode #SoftwareSecurity #SoftwareTesting #SecurityTesting #MichKabay

Rebecca discusses the importance of call/contact center and customer service privacy and cybersecurity practices with privacy law and business process outsourcing (BPO) expert, Jon Bello. Often the contact center, or customer service group, is the only barrier between a caller and the personal information and access to the account of a particular individual. BPO staff are common targets of social-engineering to get into others’ accounts and to locate where others are located. Mr. Bello discusses BPO contact center privacy and cybersecurity risks, and actions BPOs take to mitigate those risks. Many real-life situations and examples are discussed. Jon Bello also discusses the results of a poll he did about whether or not the use of AI to monitor work from home environments was okay. The results were interesting, and somewhat surprising! What types of monitoring occur within call centers? That is also discussed. See more about Mr. Jon Bello in the bio posted on this VoiceAmerica show site. #Cybersecurity #RiskManagement #RiskManagement #Privacy #BPO #CallCenter #OutsourcingSecurity #JonBello

The US Transportation Security Administration (TSA) recently announced they are requiring critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators to designate cybersecurity coordinators, and to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Lower-level transportation organizations are encouraged to follow the rules as well. Why hasn’t this been done before now? Will it be enough to protect the highly complex and diverse system of air travel, and related aircraft and other equipment, within the US? Especially as new tech continues to emerge, and each traveler and aviation industry worker has on average two to ten (and more) mobile and IoT devices with them at all times, a large portion of which are connecting in and out of those many aviation network systems? Will this effort provide a model for more secure air travel in other countries? Don’t miss this compelling and informative episode! Listen to hear and learn many real-life lessons from a cybersecurity and privacy expert, and longtime practitioner who was, and still is, a CISO for multiple organizations and built cyber security programs within the aviation industry. We discuss a wide range of topics, such as: • The state of cybersecurity in the aviation industry, and how only recently cybersecurity management leadership positions were established. • How cybersecurity is significantly underfunded in aviation organizations, and how aviation CISOs can use Cecil’s advice to increase support for cybersecurity efforts and investments. • The cybersecurity weak points throughout airport systems and associated physical ecosystems. • The importance of addressing cybersecurity throughout the entire lifecycle of all aviation projects, from concept consideration through retiring aircraft and equipment. • The ways in which being multi-lingual supports better cybersecurity management, not only for critical infrastructure industries, but in all industries. See more about Mr. Cecil Pineda in the bio posted with this episode description on this VoiceAmerica show site. #Cybersecurity, #RiskManagement, #CriticalInfrastructure #AviationSecurity #RiskManagement #NationalSecurity #CecilTheCISO #CriticalInfrastructureCyberSecurity

Why do so many business leaders insist on using unsecure systems and software development practices? Often to skimp on IT budgets and to race to production. Or leaders with marketing expertise, but no actual tech understanding, make bad decisions to align with their sales tactics and marketing messages. Or, for other reasons. But with demonstrably ongoing damaging consequences. In this episode we speak about the critical need for secure software engineering, development and testing, and the need to follow stringent, secure software development practices to stem the consistently increasing digital hemorrhaging of security incidents and privacy breaches. Listen to this episode to learn the importance of building security into the full software and systems development lifecycle from Dr. Rhonda Farrell. Dr. Farrell is a worldwide recognized cybersecurity expert and instructor, with multiple cybersecurity and privacy certifications, including those in software security development. Learn actions that need to be taken to improve the current inadequate state of systems and software development and maintenance security practices. Also hear the need to engage pre-school through secondary and post-graduation education students about the absolute need to build secure technology, and how to do so. Dr. Farrell will also provide information about the Cyber & STEAM Global Innovation Alliance (CSTGIA) she founded, CSTGIA goals, the resources it provides, and describe how everyone can get involved. See more about Dr. Rhonda Farrell in the bio posted with this episode description on this VoiceAmerica show site. #Cybersecurity, #RiskManagement, #RhondaFarrell #SSDF, #SoftwareSecurity, #SystemsSecurity, #ApplicationsSecurity, #SDLC, #WomenInTech

Listen to this episode to learn from Judy Selby, a worldwide recognized and award-winning cyber insurance expert, about the considerations to take into account for different types of cyber insurance, and how recent, and growing numbers of, ransomware and cyberattacks and hacks are impacting the cyber insurance coverage packages. Throughout the recent history of ransomware and other types of malware and cybercrime and hacking, organizations have become increasingly dependent upon cyber insurance to cut their losses. But with ransoms becoming so huge, and cyber-attacks becoming so prevalent, are cyber insurers going to change the conditions for which they will provide cyber insurance? Can cyber insurance requirements actually change, even possibly improve, cybersecurity practices within organizations who get cyber insurance? And what else does cyber insurance cover besides ransomware and other types of malware? What are the different types of cyber insurance that businesses do have available to them? What are complicating factors in establishing actuarial tables, and then coverage packages and premium rates, for cyber insurance? Do new laws impact cyber insurance coverage and rates? Will premiums be impacted by the policy holders if they use cybersecurity tools that have been compromised, such as SolarWinds? Listen to this episode to hear Judy Selby, Partner in the New York office of the Kennedys global law firm, answer these questions, and many more! Also, hear how you can get a free copy of her best-selling book, Demystifying Cyber Insurance: 5 Steps to the Right Coverage. #Cybersecurity, #RiskManagement, #JudySelby, #CyberInsurance, #CyberLiability, #CyberLiabilityInsurance

Before the Solarwinds hack made global news daily for many weeks starting in December, 2020, most of the public had never heard the term “supply chain,” let alone know about the inherent data and cyber security risks they bring to organizations. You know it is a significant issue when the President of the United States issues an Executive Order (on Feb. 24, 2021) to significantly strengthen supply chain security in all industries. The risks have always been there, but the number, types and methods capable of exploiting the risks have increased exponentially in recent years as new technologies, and tech companies, have proliferated throughout the world. The Solarwinds incident spotlighted to everyone paying attention to cybersecurity how protecting supply chains needs to be a top cybersecurity and privacy priority for every business using purchased technologies and/or contracting third parties to do work for them. Bills of Materials (BOMs) are tools that have been around since at least the 1960s to support business. They can also be used to support securing the supply chain. Do you know how? Do you know what BOMs are? In this episode we chat with cybersecurity expert Chris Blask, VP of Strategy at Cybeats, and the inventor of the Digital Bill of Materials (DBOM), for the details! What are SBOMs? What is the relationship between an SBOM and a DBOM? What are the cybersecurity benefits of SBOMs and DBOMs? What are other business benefits? Do SBOMs and DBOMs change the functionality of the associated hardware, software, firmware, system? What portion of organizations use SBOMs and DBOMs? How long have SBOMs and DBOMs been in use? Hear the answers to these questions, and much more, in this episode! #Cybersecurity, #Privacy, #ChrisBlask #Cybeats #SupplyChainSecurity #RiskManagement #SupplyChain #SupplyChainManagement

The recent take-down of 300 criminal syndicates in more than 100 countries by the DoJ, selling their own 12,000 encrypted devices and services to which they had the decryption keys, has resurrected the question of encryption and lawmakers’ claims that backdoors into encryption are necessary. Lawmakers, and even some data security personalities, point to this event saying it proves encryption should have backdoors. There are also claims that the fourth amendment supports this view. But wait! Doesn’t it prove otherwise? And, doesn’t the long history of failures for creating encryption backdoors prove that encryption solutions with backdoors built in put everyone at risk? Why can’t encryption be engineered to let in only the good guys and those meant to encrypt and decrypt the data, and not allow others access? Listen in as cybersecurity and encryption pioneer and multi-award-winning security and cryptography expert, owning many patents on cryptographic and network protocols, Dr. Steven Bellovin, answers these questions and many more in this highly informative discussion with Rebecca. You will hear insights and facts about encryption that have not been discussed anywhere else!

What are “high-speed streaming analytics data pipelines”? What is the function of a data pipeline? Are there more security risks associated with data pipelines, or less, compared to VPN transmissions, and network transmission technologies that have been used for decades? What are “data lakes”? How are they different from data warehouses? Is it possible to meet data protection compliance requirements using data pipelines and data lakes? What are the security risks with using data lakes? What is a MiNiFi? Listen in as Gal Shpantzer, cybersecurity expert and the architect of the largest supported MiNiFi deployment in the world, answers these questions and many more in an informative discussion with Rebecca. You will hear security and privacy insights, and learn important facts about data lakes and data pipelines, that have not been discussed anywhere else! Follow Gal on Twitter: @Shpantzer #Cybersecurity #Privacy #DataPipelines #DataLakes #MiNiFi #RiskManagement

There have been many news reports in the past several months about nation-state espionage, and in particular nation-state cyberthreats and cybersecurity warfare attacks. So, what exactly are nation-state cyberthreats? What countries are the sources of the cyberthreats? What countries are launching cyberattacks? Russia? China? The USA? Others? Who should be defending against these cyberthreats? Government? Corporations? Individual citizens? In what ways have US citizens committed cyberattacks against their own country on behalf of other nation-states? Why is profiling based on an individual’s nationality and heritage a very bad idea for defending against nation-state cyberattacks? And in what ways does it actually do much more harm than good, and does not protect against the actual nation-state cyberwarfare practices? Listen in as Christopher Burgess, a 30+-year CIA security expert, nation-state cyberthreats and cyberwarfare expert, writer, speaker and commentator on security issues, answers these questions and many more in an informative discussion with Rebecca. Follow Christopher on Twitter: @burgessct #Cybersecurity, #Privacy, #NationalSecurity, #NationStateThreats #CyberWarFare #NationalSecurity #CyberWarfareAttacks

In 2021 there have been at least 253 voting bills proposed in at least 43 US states. These bills are restricting voting methods, times, and even criminalizing such practices as the provision of food and drink to those who are in waiting line for hours to vote. All due to “concerns about voter fraud,” even though hundreds of audits, hundreds of ballot recounts, and hundreds of independent voting machine security assessments have found no voter fraud. What security measures are actually established for poll centers on voting day? For early voting locations? And for mail-in and absentee voting ballots? What would election officials tell you about those images and videos claiming to be evidence? Are they really evidence? Or, are they bogus? And how can you tell? Can boxes of ballots actually be brought into election centers and processed? What controls are in place for elections centers where ballots are collected, processed, and sorted? Listen in as Genya Coulter, named as one of the Top 25 Women in Election Security and Tech, as well as being the Polk County, Florida, Election Clerk who oversees all her precinct operations and manages her team during election season, answers these and many more questions, as well as describes the facts about voting and ballot security controls, and answers questions about voting fraud claims during the 2020 US election during this conversation with Rebecca. Follow Genya on Twitter: @ElectionBabe

There continue to be more lessons to learn from the past 8+ years of election cycles in the US. Lessons that can be applied throughout the world, about the need to build in strong security and privacy protections to the associated processes, systems, and physical components of elections to strengthen democracy as well as to establish verifiable and validated election results. The FBI reports verified election interference attempts and goals of China, Russia, Iran & domestic groups; often through election candidates’ campaign organizations and associated groups. What kind of interference is targeting campaigns and candidates? How does strengthening security practices help to prevent these interference goals from being fulfilled? What is the goal and mission for CyberDome? Why is US CyberDome well-suited to help fight interference with election campaigns? Listen in as Matt Barrett, co-founder of US CyberDome, provides insights, research findings, advice to campaigns, and describes the goals of CyberDome to protect election campaigns during this conversation with Rebecca.

Health data is considered personal data gold to cybercrooks. Hospitals, clinics and telehealth situations involve a lot of complexity that brings many threats and vulnerabilities to patient data. • Is your healthcare and patient data safe? • Are hospitals and clinics doing all they can to protect your data? • What would you like to ask your hospital about this? • Would they know how to answer? • Are HIPAA requirements effective for protecting patient data? Listen in as Mitch Parker, a healthcare security expert and executive at multiple large hospital systems, provides answers to these questions and more. Mitch will cover longtime, current and emerging challenges for corporate information security officers (CISOs) at the largest hospitals as well as the smallest, rural clinics. Mitch also provides insights and his thoughts on HIPAA updates during this conversation with Rebecca.

For Data Privacy Day month Rebecca is speaking with Kim Hakim, CEO & Founder of FutureCon Events, about how she handled needing to move...almost overnight!...all her 2020 conferences to being online events at the beginning of 2020 when COVID-19 started spreading through the USA. Kim also discusses some of the key privacy issues she had to address when doing so. Kim will also describe the most requested privacy topics for the FutureCon events. Some topics covered in this episode include: • What makes FutureCon events unique from all other cybersecurity and privacy events? • What were the most requested topics in 2020 & for the upcoming 2021 events? • What are the inventive ways that Kim arranged for online FutureCon event attendees to interact with speakers & sponsors? • What makes a great cybersecurity and privacy speaker? • What advice does Kim have for those who want to be speakers at cybersecurity and privacy conferences? Tune in to hear these topics covered, and much more!

The numbers of women & people of color are still a woefully small percentage of the IT and cyber/data/network/applications security workforce. Such lack of diversity results in weak and flawed IT, security and privacy practices, applications, networks, and data protection. Rebecca discusses the related issues with cybersecurity expert, industry leader & long-time mentor, Dr. Cheryl Cooper: • What is Dr. Cooper working to change in society with her mentoring work? • Many displaced workers in their 40s, 50s and beyond, with no IT or cybersecurity background would like to start a cybersecurity career. What advice does Dr. Cooper have for them? • What are common challenges that all ages of women and people of color face in cybersecurity careers & what type of support do members of WINS provide to them? • What is Dr. Cooper’s greatest achievement in her career? • What advice does Dr. Cooper have for those who would like a career in cybersecurity but do not know where to start?

With 2020 being the year of the global COVID-19 pandemic, it has also become the year of globally widespread working from home offices, and attending school online from home. Cybercrime is increasing dramatically in many ways never before seen as a result of these quickly established new working and learning environments. • How has cybercrime increased since the COVID-19 pandemic started becoming noticed? • Which new types of cybercrimes were created to take advantage of the many different COVID-19 circumstances? • What do Europol and Interpol research reports reveal about cybercrimes? • Are existing laws insufficient for new types of cybercrimes? Rebecca discusses these issues, and many more about cybercrime, with world renown cybercrime expert and member of United Nations Office on Drugs and Crime expert team, Pauline Reich. Contact Pauline at: cyberasia2@gmail.com

Voter fraud conspiracy theories have reached a fever pitch. There are even claims that mail-in ballots are “a scam.” What’s the truth? Voting security experts & researchers Jennifer Kavanagh & Quentin Hodgson describe in-depth research revealing verifiable facts about security of all types of voting including absentee/mail-in, voting machines & paper at polling locations, & drop boxes. They provide research results for questions such as: • How are voter registration databases kept up-to-date & when do errors occur? • How is signature matching done? Can poll workers throw out ballots claiming signature mismatches then submit different ballots for the voter? • How can voters determine if their mailed-in ballots were rejected because of a signature mismatch prior to election day? • What controls do poll workers follow? Are “poll watchers” who interact with voters legal? • Is it possible for someone to send “unsolicited millions of ballots”? • Does “ballot harvesting” actually occur?

Since 2018 Rebecca has invited many tech giants to explain if & how they are collecting & selling personal data to govt & other entities to profile & target subsets of populations while making huge profits. For example, one tech company reportedly made over $1.6 billion from the US federal government from 2017 – 2019. No tech company has accepted the invitations. However, Mijente, which has performed significant research into tech surveillance activities, agreed to answer questions such as: • How widespread is the collection of everyone’s personal data? • What companies are providing personal data to the tech organizations? • Why don’t the data sources notify the general population about all the entities to whom everyone’s data is being shared & used? • How is tech being used to surveil & monitor specific populations? • How have people been harmed by resulting actions from surveillance of personal data? Hear Rebecca discuss these questions and more with Jacinta González from Mijente.

Tech giants & startups are quickly releasing “cutting edge” COVID-19 tracing tools. Some states have built their own tracing tools. COVID-19 tracing is absolutely necessary to get the pandemic under control. But are those tools secure? Will the privacy of the individuals’ health data be protected? • What tracing tools are being used? Which best protect privacy? Which put privacy at risk? • How do certain phones and operating systems put patient data from tracing tools at risk? • What are the concerns for location tracking? Is location tracking even necessary for effective COVID tracing? • What are some COVID-19 tracing conspiracy theories? Hear uberveillance, privacy and security expert, Dr. Katina Michael, professor at Arizona State University and National Science Foundation funded researcher, answer these questions and more about COVID-19 tracing tools and the related privacy risks and considerations. Read some of her research about this topic at https://bit.ly/3hG1FHb

In the midst of a deadly pandemic mail-in voting would be the safest way to vote. However, many warn that voting by mail will lead to wide-spread fraud and lost votes. Is this true, or are they baseless claims? What is true, and what are pure conspiracy theories and lies? Amber McReynolds, one of the country’s leading experts on election administration, policy & security, discusses the risks of voting by mail along with the benefits, security, and myths. Some topics covered: • How are requests for mail-in ballots confirmed to be from the actual voter? • How much fraud has actually occurred in voting by mail? • How can voter suppression be mitigated when voting by mail? • What are the security controls for mail in ballots received at elections headquarters? • Is “ballot stuffing” and counting counterfeit ballots actually happening? • In what ways are mail-in voting more secure than in-person voting, and vice versa? Hear Amber's many years of experiences & research on this topic.

The value of strong encryption cannot be overstated, but yet the efforts from lawmakers to force tech companies to create weak encryption has been put into overdrive. Bruce Schneier has been a vocal proponent of strong encryption for many years, and eloquently explains why it is technically not possible to give the good guys the access they want to encrypted files and transmission without also giving the bad guys access. Listen in as Schneier explains his thoughts about the most recent efforts from the DOJ and lawmakers to require commercial products to use accessible encryption. Schneier also answers questions such as: What would he say to AG Barr about creating such accessible encryption? What does he think about Zoom encryption, and security in general? What are his thoughts about COVID-19 tracing apps; are they sufficiently protecting privacy, and are they effective? What concerns does he have with online voting security?

Efforts are increasing in the US & worldwide to force tech companies to build encryption that would “allow only law enforcement and government” groups to get into encrypted files & communications. The claims are that this is necessary to fight online crimes such as human trafficking and child sexual exploitation. We definitely need to address these horrible crimes. However, are these commands from governments & law enforcement groups technically feasible? Why aren’t these groups including technology experts in their forums discussing these needs? What other methods of catching such criminals are available? What would be the impact to everyone if they were forced to use such weakened encryption tools? Would the criminals even use such weakened encryption? Will 5G have any impacts on strong encryption? Listen in as Dr. Eugene Spafford discusses the issues that lawmakers, law enforcement, and the general public need to understand about how encryption works & important considerations.

Hear Rebecca speak with Rob Sand, the lawyer who used his tech savvy as the Asst Attorney General for Iowa to successfully prosecute Eddie Tipton, who committed the largest & longest occurring lottery fraud in US history while employed as an IT worker, and was promoted to Information Security Officer, at the Multi-State Lottery Association where he committed his crimes. Eddie exploited his positions of trust to rig the lottery winning drawings, totaling more than $24 million, at least five different times. A few topics and questions Rob covers include: 1. How was Eddie Tipton first identified as a suspect? How was he caught? 2. Exactly what did Tipton do to enable him to commit this fraud? 3. How did Tipton commit the fraud so long without anyone noticing? 4. What were the key pieces of evidence used for the case? 5. What changes did the Iowa Lottery make as a result of this incident? 6. What surprised Rob most about this crime? See more in the blog post at: https://bit.ly/2UDnDRg

Listen in to hear Rebecca speak with elections security expert Theresa Payton about elections security, safeguarding voting machines, and the types of attempts to disrupt or even change the results of elections. Some of the topics covered include: • What are some key points to understand about the tech and other problems in the Iowa caucuses? • In what ways do nation states, and other malicious actors, try to manipulate elections results? • How can voters recognize manipulation campaigns? • What favorite online marketing tool is being widely used to spread misinformation during election seasons? • How are social media posts and hashtags used to damage elections? • How do social media influencers profit from meddling in elections? • And many more!

Listen in to my chat with artificial intelligence expert Davi Ottenheimer about not only the potential benefits of AI, but also the risks to information security, privacy and safety when flawed, biased and maliciously-engineered AI is used. Also hear the boundaries Davi recommends for preventing bad AI. Some of the questions covered include: • What are some examples of tragedies that possibly could have been prevented with AI? • In what ways are AI controlled robots shifting power in our society? • What kind of boundaries can be used with AI to support strengthening information security and protecting privacy? • Are AI regulations, laws, and other rules necessary? • And many more!

Many listeners have sent questions over the past two years about the dark web • What is the dark web? Is it the same as the dark net? How is it different from the deep web? • Is it legal to go into the dark web? • What is Tor? • What are some real-life crimes found on dark web? • What are some of the most disturbing activities in the dark web? • What do information security and privacy pros need to know about the dark web to help them with their job responsibilities? • What should the general public know about the dark net? Tune in to hear Rebecca discuss these topics and more with Andrew Lewman, co-founder of The Tor Project, Farsight Security & DarkOwl, and technology advisor to Interpol’s Crimes Against Children Initiative.

Recently the CEO of a cloud services business for compliance & information security shrugged off the problems he has on an ongoing basis with his SaaS cloud site where he does not have change controls implemented, & doesn't use a separate test or development region or server. He shrugged & said, “That’s just the way it is with a cloud service, they all have these problems.” Wrong! In this episode I discuss the importance of change controls to supporting information security & privacy with an expert in this area. • What kind of change control processes need to be applied within SaaS environments? • What are some of the biggest vulnerabilities within cloud services & how they handle change controls with new and updated applications and systems development? • What types of change controls need to be followed when patching cloud systems? Tune in to hear Rebecca discuss these topics and more with Becky Swain, Founder of the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

Executives, tech, data & cyber security, and privacy professionals face situations testing their ethics every day. Just a few issues include: • Profit maximization at any cost, including privacy and data security • Creating and selling products and services that monetize personal data at the cost of privacy, security and safety of the associated individuals • Intentionally refusing to acknowledge known security and privacy problems to not damage sales and profits • Deliberately releasing technologies that executives know do not work as expected or as advertised Tune in to hear Rebecca discuss these topics and more with Dr. Katina Michael, who has done significant research in these, and related, areas.

A recent incident occurred in central Iowa where security vendor, Coalfire, employees were arrested for breaking/entering and robbery of a county government building. After the arrest it was determined this was part of a contract the vendor had with a Federal agency in a neighboring county. This incident brought a wide range of online discussions about white hat hacking, facility break-in tests, and associated responsibilities and related ethical considerations. • What are some lessons from the Coalfire security vendor arrests? • What are some recommendations for contracting an outside entity to perform hacking and/or break-in activities? • What activities need to be confirmed for such activities? • What should related contracts contain for such activities? Tune in to hear Rebecca discuss these topics and more with Dr. Mich Kabay.

According to Cybersecurity Ventures research, sponsored by Herjavec Group, cybercrime damages will be Dollor 6 trillion By 2021, up from Dollor 3 trillion in 2015. What are the biggest cybercrime trends of 2019? What were the biggest cybercrime trends 1, 2 and 3 decades ago? Where is cybercrime increasing? What are the impacts of ransomware? How does cybercrime hit small businesses differently than large businesses? What concerns info security pros and executives most about cybercrime? Tune in to hear Rebecca discuss these topics and more with Kim Hakim, CEO/ Founder at FutureCon Events. CyberCrime Ransomware Phishing IOT CyberCriminals Conferences FutureCon Privacy

This week many security and privacy topics are covered, plus news about a necessary summer break! • Why are actual voting machines, with voter data, being sold on eBay? • What are cybercrooks doing on Git repositories that those using them must be prepared for? • How are the “6 most destructive malware threats” considered to be art? • How are organizations, and so many cloud services, exposing personal and sensitive data to the world? • What is going on with all the ransomware and phishing attacks? • Are ransomware response solutions providers causing more ransomware? • Why is Rebecca taking a break from the show over the summer? Tune in to hear Rebecca discuss these topics and more.

Information security, privacy and compliance careers are of great interest, and the need for more professionals to fill openings in these areas continues to increase. • What are some paths to take for getting into these careers? • What types of college degrees, if any, are necessary? • What work ethics are necessary for success in these types of careers? • How is getting into these careers different in various countries, such as in the USA and Russia? • What is necessary to start your own business specializing in cyber security, privacy, and related services and products? • What is Women in Security and Privacy (WISP) and how did it get started? Tune in to hear Rebecca discuss these topics and more with Elena Elkina, co-founder/Partner of Aleada Consulting and co-founder of WISP.

All 50 US states were targeted by hackers in the 2016 elections. Some claimed a few of the hacks successfully broke into voting systems. The 448-page Mueller Report contains many important points & findings, not only about these hacking activities & related intelligence operations against the USA elections processes and voting machines and systems, but it also points out many cyber security vulnerabilities & threats leaders need to address for voting machines & elections processes. • How long has nation state intelligence activities been occurring? • How many activities been launched through the internet & directly against computing devices and systems? • Are Russian elections hacking/tampering tactics different from USA & other countries' activities? If so, how? • What is the weakest link in voting & elections systems security? Tune in to hear Rebecca discuss these topics and more with Christopher Burgess, a 30+ year veteran of the CIA and information security expert.

In this episode Rebecca answers some of the questions received from show listeners and discusses some recent news items. A very wide range of topics are covered, some of which include: • What are cybersecurity lessons found within the Mueller report? • What are the top 3 things a small business owner should be doing to secure client data? • Who should be concerned about Embedded POSReady 2009? • What are the challenges to eliminating CPU vulnerabilities from Spectre and Meltdown? • What are the best paid information security careers? • How can consumers deal with increasingly frequent credit card breaches at online sites? • What is a new Microsoft security configuration baseline setting that surprised many? Tune in to hear Rebecca discuss these topics and more.

There are growing concerns about privacy and the security of data provided to hotels, along with increasing safety concerns. • How many different entities get your personal data when you check into a hotel? • How many third parties have access to your personal data through the hotel? • What types of activities that you do in your room that are often put into the hotel system? • What types of actions can hotels take to help them improve their systems and data security and better protect the privacy of their guests? • What are the most challenging requirements within regulations such as the EU GDPR and California CPA for hotels to meet? • What are a few tips for travelers for protecting their own privacy? Tune in to hear Rebecca discuss these topics and more with Chris Zoladz, founder of Navigate LLC and former VP of Information Protection & Privacy at Marriott International.

In this episode Rebecca answers some questions received from show listeners and her Privacy Professor Tips readers. A wide range of topics are covered, such as: • How many voting machines were attacked during the USA 2016 elections? Will they continue? • Should listeners be concerned that wireless China tech may have surveillance built in? Or tech from other countries? • What happened at Mar-a-Lago with the USB thumb drives with malware them? • What happens to patient data when a clinic closes? • What are red flags that popular tech gadgets, like iPads, have security problems? • Is it safe to give children old phones or other tech to use? • How can people tell if skimmers are in ATMs or self-pay devices? • How can locations for those using Gmail or other email services be removed? • What popular retail check-out system is no longer being supported, leaving millions of retailers & their customers vulnerable? Tune in to hear Rebecca discuss these topics and more.

In this 6th in a series of shows on GDPR we discuss issues about how to give individuals access to their own personal data, how to provide them with portability of their personal data, and related issues. Understanding the actual HOW of doing compliance requirements is usually the most challenging part of compliance. One factor is because each organization has its own unique business environment, so the HOW cannot be the same for all organizations. This show explores Articles 15, along with some of Articles 17 and 20, of GDPR. • What penalties and fines under GDPR have been applied to date? By what countries? • What are the most challenging parts of meeting GDPR compliance? • What types of data do organizations need to provide to individuals upon their request? Does such data include meta data? Log activities? Other information? Tune in to hear Rebecca discuss the answers to these questions and more with Steve Wright, privacy and GDPR expert.

This is the third in a series of shows about personal data privacy and security risks involved with cannabis sales. We discuss wide-ranging issues involved with cannabis dispensaries and online cannabis sales. We also discuss some of the ways in which smartphones, apps, and other tech can bring risks to those using cannabis. • Where is cannabis legal throughout the world? • How are cannabis laws creating stigmas for those using medical cannabis? • How are the wide number of personal data items collected from cannabis customers and patients put at risk? • Is 90% of stolen cannabis patient/customer data really taken by insiders? • Are patients using THC at more or less risk of data theft, or privacy harms, than those using CBD? What are the differences? Tune in to hear Rebecca discuss the answers to these questions and more with Michelle Dumay, cannabis industry privacy and security expert, advocate and advisor.

A California healthcare cloud services business exposed over 6 million patient files online due to lack of basic security controls, such as passwords, on their online fax server. Many organizations have unsecured faxing services as well. And to the surprise of many, faxing is growing in usage, increasing data security & privacy risks. Legacy systems & devices, such as fax servers & machines, become the Achilles' heels of systems, applications & data security. • How many cyber crooks are getting to personal data through these pathways ignored by large numbers of businesses? • What are common security & privacy problems with how businesses & the public in general use faxing, printing & copy services? • What types of breaches are occurring? • How can these often-overlooked pathways into data, systems, applications and networks be secured? Tune in to hear Rebecca discuss the answers to these questions and more with Eric Nelson, Founder and Principal of Secure Privacy Solutions.

Too many children go online without realizing the security and privacy risks. Most parents and teachers do not provide enough guidance to children about online security, privacy, and cyberbullying. We all, as a society, need to do a better job at addressing children’s online risks. • How have online cyberbullying & cybersecurity risks evolved over the years? • What are some real-life examples of children being physically hurt as a result of their online activities? • What are the weakest links that bring security & privacy risks to children online? • Who are schools’ underappreciated superheroes helping children reduce online safety and privacy risks? • Does Section 230 under the Communications Decency Act hurt or help children's online safety & privacy? • How can we get the power of the internet without the perils of the internet? Tune in to hear Rebecca discuss the answers to these questions and more with Parry Aftab, The Kids’ Internet Lawyer.

Elizebeth Smith Friedman was an amazing cryptography expert and codebreaker who changed the course of World War II. She also used her groundbreaking work to bust international smuggling & drug running throughout the world. In this episode we discuss some of the valuable contributions Ms. Friedman made to cybersecurity that, until only recently, were overlooked and unappreciated. • What are the major successes and accomplishments of Elizebeth Friedman? • In what ways would history would have been changed if Elizebeth Friedman had not made her contributions? • What is something surprising about Elizebeth Friedman’s life? Tune in to hear the answers to these questions, in addition to learning a whole lot more. And, since March is Women’s History Month, what a great time to learn more about this amazing woman and her impact on history!

This 2nd in a series of shows on applications and systems engineering, coding, and maintenance looks once more at a few different topics within applications change controls including: What types of testing of new and changed applications code are necessary to ensure limited possibility of negative impacts to those using the application, as well as others using applications on the same server, and to the associated data and systems? What is regression testing, and when is it necessary within the change control process? What is the primary goal of testing new and changed applications testing? What are “local variables” and “global variables” as they relate to applications testing? What are test-coverage monitors, and when should they be used? Why is using live production data usually a horribly bad idea? Rebecca discusses these and related issues with Dr. Mich Kabay in this episode.

There are unlimited possibilities for using artificial intelligence (AI), for the benefit of a few, to benefiting large populations. Many in the information security sector are hopeful that AI can strengthen cybersecurity efforts. But, can they also be used to exploit cybersecurity vulnerabilities? And what about privacy? Will AI be used more to invade privacy, or to protect privacy? Considering these issues, and certainly there are many more to consider, just how accurate are all those AI tools being offered? How are AI algorithms validated as being dependable and/or accurate? Are they biased? Is it possible to have unbiased AI? What are the consequences of something going wrong with AI? What are current trends in AI? Rebecca discusses these and related issues with Dr. John Cook in this episode.

Increasingly more often over the past couple of decades, organizations have been eliminating software and systems change controls, often as executive decisions to save money. Too many are making changes in applications directly within the production environment, especially SaaS businesses, with complex and multiple services offerings. When separate test environments are not used, numerous risks are created for all involved, not to mention being compliance violations under many legal requirements. What are the basic components that should be part of a change control management process? What are the risks involved when making changes to software code within production environments? How can doing insufficient testing lead to breaches, and lost client data and access to online services? What lessons can be learned about change controls from the Vanguard Rocket? Rebecca discusses these and related issues with Dr. Dan Shoemaker in this episode.

The Pretty Good Privacy (PGP) encryption tool became freely available in 1991, drastically improving data security. It also stirred the ire of US government folks who could not surveil on the encrypted data. Dr. Philip Zimmermann, PGP creator, was then made target of a 3-year criminal investigation, while PGP became the most widely used email encryption software in the world. Worldwide attempts to compel tech companies to create weakened encryption has continued to increase in the name of safety. How does weakened security tech degrade the privacy of the population? Do terrorists & crooks use those weakened encryption tools? What are more effective ways of accessing communications of criminals & terrorists? How does weak encryption support surveillance worldwide? How is VoIP privacy impacted? What are some strong encryption tools available to consumers? What can support government adoption of strong encryption? Rebecca discusses these & related issues with Dr. Philip Zimmermann.

Government leaders & law enforcement are trying to force tech companies to put backdoors in encryption in the name of public safety. There are 750,000 law enforcement employees & 1/2 million US intelligence agencies community employees who may use those backdoors, & likely many others worldwide. Strong encryption is available throughout the world. If businesses & general public are forced to use encryption with back doors, will cybercrooks will be the only ones using strong encryption; those the backdoors were intended to be used on to begin with? How will Australia’s new law requiring encryption backdoors impact data security & privacy? Who has oversight of that law? How will it impact other countries? Does any evidence prove encryption backdoors have improved safety/security? Rebecca discusses these and related issues with Dr. Katina Michael, Arizona State University director of the Centre for Engineering, Policy and Society. Katina is also a privacy and uberveillance pioneer.

Medical cannabis is legal in 33 US states, Washington, D.C., & 4 US territories. Ten states allow legalized sale of adult use marijuana. Many more are projected to legalize in 2019. Those using cannabis dispensaries assume their personal data is secured, and many incorrectly believe paying cash will leave no record of the purchases. Many risks exist to the security & privacy of those purchasing cannabis when strong security & privacy controls haven’t been implemented. Many breaches have already occurred. What is a typical visit to a cannabis store like, and where are the data security and privacy risks? What needs to be done to better secure the data that dispensaries collect, store, and share with others? How can the privacy of dispensary patients & customers be protected? Rebecca discusses these and related issues with Michelle Dumay, cannabis industry privacy and security advocate and advisor. Michelle also provides a case study using an example from an Ohio dispensary.

2018 privacy hero of the year, Tara Taubman-Bassirian, discusses the EU GDPR, the increasing need for protecting privacy in the increasingly technology-rich environment, and some activities for Data Privacy Day on January 28, 2019. What are the benefits of GDPR? Where can it be improved upon? What do companies struggle with most for GDPR compliance? What is a “hot potato” GDPR issue? How are binding corporate rules (BCRs) used for non-adequate countries? How has Brexit impacted GDPR compliance? Why does privacy matter? What are the current largest threats to privacy? What are some activities for Data Privacy Day? Hear Tara discuss these topics, and more, with Rebecca.

There have been concerns about the ethical use of technology, data, and the results of processing for many decades. We are now dealing with additional emerging ethical issues involving big data analytics, artificial intelligence and the associated biases, the use of personal data found online that is not protected, and also for data that is generated by and transmitted through smart devices, and so many other situations. Are there generational differences in computing ethics? How do computing ethics impact data security and privacy? What are the security and privacy ethical concerns for big data analytics and artificial intelligence? Lynn Fountain discusses these, and many more related topics, with Rebecca in this episode. Lynn also provides information about her latest book, Ethics and the Internal Auditor's Political Dilemma: Tools and Techniques to Evaluate a Company's Ethical Culture published by CRC Press.

What will 2019 bring with regard to information security and privacy threats and trends? What is digital density? What are the security dangers for APIs? What kind of surveillance activities, if any, take place in Colombia? What are common privacy practices and regulations for both the US and Colombia? What international cybersecurity threats exist to all countries? Listen in to hear Dr. Jeimy Cano’s five major 2019 information security and privacy predictions. Dr. Cano will also describe what we all need to look out for with regard to cybersecurity and privacy during the year ahead. Also hear about some of the cybersecurity and privacy activities in his home country, Colombia.

Most people assume that their data is safe in cannabis stores & medical cannabis dispensaries. Or they believe if they pay in cash there will be no record of their cannabis purchase. Those are incorrect beliefs. How do dispensaries secure & share data? Who WANTS that data? What security is needed? Some in government, law enforcement & employers want data about state legal marijuana and medical cannabis purchases. Michelle Dumay, Cannabis Patient Advocate, helps cannabis dispensaries & stores to secure their customers’ & patients’ data & privacy. Michelle learned through experience getting treatment for her daughter that most medical cannabis dispensaries are not compliant with laws governing the security and privacy of patient data. So Michelle decided to take action to ensure personal data is protected. In this episode, we discuss information security & privacy practices of cannabis shops, risks & what needs to be done when it comes to securing data and understanding privacy laws.

There are continued efforts by US and worldwide governments and law enforcement to compel tech providers to create backdoors into encryption technologies to allow access to the data if they think they need it. We all want terrorists and criminals caught. But is putting backdoor access to encrypted data files actually the only way to solve cases where encrypted data is involved? Are there other methods available to get intelligence information beyond just the encrypted data, and are other methods available to obtain access to encrypted data instead of putting backdoors into the technology? Would such requirements even be effective with so many encryption technologies available from other countries? Or, should law enforcement investigations always be put before privacy risks? What are some important issues that should be considered for putting backdoors into encryption technologies? Tune in to hear this discussion with a world renowned senior cybersecurity leader and expert!For more details after listening see USACM’s statement on extraordinary law enforcement access at: https://www.acm.org/binaries/content/assets/public-policy/usacm/2018-usacm-statement-law-enforcement-access.pdf.

Throughout school history students have heard the threat “That will go on your permanent record!” It didn’t mean much since those permanent records were on paper and usually shoved to the back of a filing cabinet after graduation. But in recent years, now not only grades, but basically all that students & teachers do are recorded digitally to follow them for the rest of their lives; for good & for bad. Plus, US Dept. of Education actions are creating student privacy risks, and so are misguided attempts by school districts to improve safety in ways that invade privacy. Third parties, such as testing organizations, also are taking huge amounts of student personal data and monetizing it, further eroding student privacy. Listen in to this important conversation about privacy in schools, for students and teachers, the success so far of the Educator Toolkit for Teacher and Student Privacy, and much more, with AFT President, Randi Weingarten.

What is possible with regard to de-identification and anonymization? Will anonymization be sufficient only for today? Or, will it keep the data anonymized for decades to come; possibly beyond? What is necessary to minimize re-identification risks? What do you need to know about anonymization before agreeing to allow your health data to be used for research? In this episode Rebecca speaks with world-renowned de-identification and anonymization expert, Dr. Khaled El Emam about anonymization, de-identification, re-identification risks, and related topics. Dr. El Emam has done extensive research in this area and written multiple books on these topics. Rebecca contributed a chapter to Dr. El Emam’s book, “Risky Business: Sharing Health Data While Protecting Privacy.” Dr. El Emam also wrote “Anonymizing Health Data” and “Guide to the De-Identification of Personal Health Information,” in addition to many articles.

The Federal Trade Commission (FTC) is considered by many organizations to be the preeminent arbiter of privacy in the US. How did the FTC develop this authority over the years? What have been some of the most privacy-impacting cases? Where do organizations need to pay more attention within their privacy efforts to avoid fines & decades-long consent decrees? What does the FTC do with all the money from the fines they are paid? Where is the FTC going with privacy regulations and enforcement? How are your posted privacy notices related to the FTC Act when it doesn’t even mention privacy? Listen in to hear Marc Groman, an internationally recognized privacy expert and the first FTC Chief Privacy Officer, discuss these and many more FTC privacy oversight and enterprise privacy management topics with Rebecca. Marc will also let listeners know where to get help with improving the security & privacy of their children’s and teens’ online use.

At least one Internet of Things (IoT), or “smart”, device, is already used by each person within the large majority of the population. The number of IoT devices are growing exponentially, and soon every member of the population will own a few to many IoT devices each. IoT devices inherently bring privacy, safety and security risks to those using them, and attached in some way to them. Some risks, such as those created by medical devices, smart homes, smart grids and smart vehicles and roads literally could result in death. What are these data and systems security, privacy and safety risks? What needs to be done to mitigate those risks? Why aren’t device makers building security, privacy and safety controls into these devices? Listen in to hear Abhik Chaudhuri, author of the book “Internet of Things, for Things and by Things” discuss these and many more IoT security, privacy and safety topics with Rebecca.

• What are considered to be legitimate interests as a basis for legal processing under GDPR? Context is a vital consideration. • What should organizations do with regard to “careful assessment” to determine whether or not a situation is considered to be a legitimate interest of the data controller to enable personal data processing? • What resources and guidance are available to help organizations to determine legitimate interests? • What do organizations struggle with most for this requirement? • How high are the fines for non-compliance? Tune in to hear Teresa Troester-Falk, Chief Global Privacy Strategist, Nymity, and Gabriela Zanfir-Fortuna, EU Policy Counsel, Future of Privacy Forum, provide answers and discuss more GDPR requirements. We will also walk through some case studies for determining legitimate interests for processing, including a real-life IoT case study!

As encryption and other privacy-enhancing tech is increasingly used, government agencies are seeking new ways to access communications & other data that is also being increasingly generated by new computing devices, apps and websites. Methods currently used include government hacking & vulnerabilities exploitation, and pursuing access through such legal paths as Title III & the USA Patriot Act. • What actually is government hacking & what tools are used? • What are the risks for putting backdoors in encryption that governments around the world are still pursuing? • What is US Title III as it relates to government surveillance? • How are data from CCTVs, license plate readers, phone and smart devices being accessed by government agencies? Tune in to hear Michelle Richardson, Director of the Center for Democracy and Technology’s Privacy and Data Project, discuss these & many more related topics with Rebecca. #Privacy #Surveillance #PatriotAct #TitleIII #Government #Hacking

Education environments have inherent privacy risks. Schools are in open environments, with students, teachers, parents, guests, sales vendors, & folks from other schools, going through the facilities every day. More new tech is being used by teachers & students, bringing with them data security & privacy risks, creating a perfect storm for privacy breaches to occur. • How are teacher & student personal data collected & used? • Who has access to this personal data & how are they using it? • What legal protections exist & how have they been weakened? • How much privacy training do teachers receive? • What is the Educator Toolkit for Teacher and Student Privacy? FYI You can get it here http://bit.ly/PCSP_EducatorPrivacyToolkit Tune in to hear Marla Kilfoyle, 30-yr public school teacher & former Exec Director of The Badass Teachers Association, & Leonie Haimson, Exec Director of Class Size Matters & co-chair of the Parent Coalition for Student Privacy, answer these questions & more!

For this final October episode of National Cyber Security Awareness Month, Rebecca Herold answers questions from listeners and Privacy Professor Tips readers. Just a few of the topics covered include: • 8 things everyone should do to secure their computing devices • Wi-fi security and privacy • ATMs, self-pay devices, and skimmers • Privacy protections • Exactis privacy breach • Web cam hacking Join Rebecca to hear how she answers what your fellow listeners and Tips readers ask! #RebeccaHerold #NCSAM #DataSecurity #CyberSecurity #Privacy #Awareness

Almost every day there are more reports of voting security problems. Voter registration data being sold on the dark web for $12,500 for certain states. Ballot case security being defeated and not leaving any trails to track the hackers. Voter suppression through mismatches of IDs and registration data. The list could go on for many pages. What legal requirements are there in the USA for voting and elections security? What responsibilities do elections officials have to ensure voting security? Do officials and poll workers receive information security training? What security and privacy concerns are there for voting via email, fax, web portals, and mobile apps? What risks are at the polling sites? What security risks exist for voter registration cards? How can voting and elections security be improved? Join Florida election official, and voting security expert, Genya Coulter, and me as we discuss these, and more, related topics.

I’ve accumulated dozens of data security, cyber security and privacy questions from listeners and Tips readers that I’ve not yet had time to answer. They cover a very wide range of topics of interest to all folks throughout the world. E.g. E911. HIPAA breaches. Worst security business practices. Ring security system privacy. Keeping people from visually snooping on your tablet or phone. Phishing calls (with a real example recording). Credit reports. Virus Scanning. And much more! We will answer questions on these topics and more during this episode as part of Cyber Security Awareness Month! Join cyber security expert Dr. Terri Curran and me as we go through as many questions as possible during this hour.

The terms “vulnerability scanning,” “vulnerability assessments” & “penetration testing” are often used interchangeably. But they are not the same! What are the benefits of each? For what purposes should each be used? Are they required by law? Are there any negative impacts for each type of activity? Listen in as cyber security expert Kevin Beaver discuss these topics, his experiences and advice, and also hear us go through some related case studies for using these tools.

The sheer number of different voting & elections systems and applications used in USA elections is staggeringly large and diverse; as they are in other countries. The number of people involved in elections is also a significant factor impacting elections security, along with physical access security to the voting equipment, paper ballots, and registration data. The resulting complexity creates many real voting security issues that must be addressed. Voting machines vendors should embrace help to identify risks, not simply deny risks exist. In this 4th in a series of voting security shows, we look at the findings from the “Voting Machine Hacking Village” at DEFCON, state-level cybersecurity election plans, current voting & elections security vulnerabilities, and nation state elections hacking activities. We also answer key questions about mobile voting and paper ballots. Listen in as I discuss these topics & more with Jake Braun, Executive Director of the Harris CPI & CEO of CGA.

On August 30 it was widely reported that 5 Eyes intelligence security allies ? Australia, Canada, New Zealand, Britain & USA ? were working together to force tech companies to provide backdoors to encrypted data. We all want terrorists and criminals caught. But is putting backdoor access to encrypted data files actually the only way to solve cases where encrypted data is involved when other methods are available to get intelligence information? Those who want backdoors must understand there other methods available to obtain access to encrypted data instead of putting backdoors into the technology. With so many encryption technologies available from other countries backdoors wouldn?t stop terrorists from using encryption. What are some important issues that should be considered for putting backdoors into encryption technologies? Listen to this encore episode discussion with a world renowned senior cybersecurity leader and expert! For more details after listening see USACM?s statement on extraordinary law enforcement access at: https://www.acm.org/binaries/content/assets/public-policy/usacm/2018-usacm-statement-law-enforcement-access.pdf.

There are growing numbers of cyber-attacks being launched by terrorists throughout the world against critical infrastructure networks not only within governments, but also within the healthcare, financial, utilities, and transportation industries, just to name a few. The US Department Homeland Security said during a 2018 9/11 memorial event that, ?The cyber threat has eclipsed the threat from physical terrorism.? What is cyber terrorism, and how do cyber terrorists choose their victims? What factors lead to cyber terrorists targeting travelers? How can you keep cyber terrorists from your data and systems? How can data security be used during hostage situations? Listen to Tom Conley is President & CEO of The Conley Group, discuss the answers to these questions, and other issues related to domestic and international terrorism and travel security.

US intelligence agencies confirm that during the run-up to the 2016 elections Russian hackers attacked DNC & RNC election & related servers. Digital attacks on voter registration servers occurred in all states & in a few isolated cases hackers got into voter records servers. Voter fraud at polls is verifiably low, but voting & elections systems have significant security vulnerabilities due to wide diversity of systems & administration practices throughout all the USA, along with risks from varying ages of systems used. What are security risks in voting systems, software & tech currently used in the USA? How is social engineering used in attempts to voting systems? How can risk limiting audits be used to assure voting integrity? Listen to Marian Schneider, President of Verified Voting, discuss her organization’s research findings for voting systems & explain risks in current voting systems, and risky practices, such as how voting is occurring in some places via email and fax.

There are many security & privacy issues related to business process outsourcing (BPO) in general, and to contact centers in particular. The Data Privacy Asia conference (www.DataPrivacyAsia.com) in Manila, Philippines, Sept 19 & 20 will provide advice for how to effectively address those issues. There are many key issues organizations must consider when contracting contact centers: access controls to personal data, ensuring compliance with necessary legal requirements, how caller identities will be confirmed, breach response practices and details, and many more. Organizations need to know that contact centers are effectively addressing privacy and data security risks and compliance requirements. Listen in as Espie Bulseco and Tonichi Parekh discuss the growing BPO industry in the Philiippines, and in particular the actions being taken to put the Philippines at the forefront as the recognized leader in protecting data and privacy in not only Asia, but throughout the world.

Are you interested in expanding your career in the infosec & privacy fields, or want to get started in professions in these areas, or start a new career after leaving another industry? This episode is one you’ll want to listen to! • What are the challenges information security, privacy, compliance & audit practitioners (aka information assurance pros) face advancing their careers? • How are they meeting these challenges? • How do information assurance professionals stay up to date with the latest threats and vulnerabilities? • What are the benefits of working in information assurance careers in Midwest USA? (There are MANY!) Listen in as Donna Gomez and Naeem Babri, information security experts in the greater Kansas City, MO/KS area, answer these questions and discuss key related topics. They will also provide information about the upcoming SPOTlight on Security workshop in Overland Park, KS, on September 5 (https://kcissa-spotlightonsecurity.blogspot.com/p/welcome.html).

Organizations are struggling to meet compliance with GDPR, USA regulations & laws & all the other worldwide data protection legal requirements. There is much confusion about how to effectively comply with all of the many laws & regulations that apply to any single organization. • What are hot topics that organizations need to know about for GDPR compliance? • How can organizations effectively comply with multiple laws & regulations that cover the same topics & are often in conflict with requirements? • How should differences in legal requirements for breach response be handled? • How should organizations provide personal data to those making requests? • How should organizations approach complying with the conflicting requirements within the 99 articles of the GDPR? Listen in as Matthew McKinney and Thomas Story, attorneys with BrownWinick (www.BrownWinick.com) and experts in these areas, discuss and provide important points and valuable tips for some of the key related topics.

Cybercrime throughout the world is increasing. As technologies evolve while legacy systems & applications continue to be used, & long-time physical & operational information threats & vulnerabilities still exist, the pathways to & through information systems & devices increase astronomically. The threats to critical infrastructures (water/electric/gas grids, healthcare systems & medical devices, voting/elections systems, etc) are also increasing more quickly than security controls are being applied to stop them. • What are the most significant cyber threats in international online environments? • What are worldwide cybercrime activities? • How can private industry and law enforcement collaborate? Listen in as Roeland van Zeijst, an internationally renowned cybersecurity expert who has worked in international law enforcement & facilitated the development of INTERPOL’s Cyber Fusion Centre in Singapore, discusses these topics. #Cybersecurity #CyberCrime #INTERPOL #DataPrivacyAsia

This episode covers a problem as bad today as it was decades ago and in many ways worse. Breaches caused by unauthorized access to physical forms of information: on printed paper (e.g. boxes of customer records on the curb for trash pickup); getting access to the physical USB drives and external hard drives; getting access to backup media; and numerous other ways that expose personal information and many other types of sensitive information. What are some of the most bizarre incidents involving physical access breaches to information? What are some common real-life incidents involving physical access to information? What do organizations, and every person in their private lives, need to do better? What are related legal requirements? What is a certificate of destruction and do you need one? Listen in as Andrew Ysasi, Vice President of Kent Record Management® and President of IG Guru™ provides examples, insights and advice that everyone can use at home and at work.

How have information security careers changed in the past three decades? What long-time information security capabilities and skills are still vital to have today, but that too many going into this field are simply deciding are not worth pursuing? What concepts are important for those going into information security to understand? What is the Parkerian Hexad and how does it contribute to implementing better security for emerging technologies and for protecting privacy? What degrees are recommended for success in information security fields? The answer may surprise you. What capabilities would you also be surprised to learn are vital for information security career success? Listen in as Dr. Mich Kabay from Norwich University answers these and more questions, and also discusses information security education, and advice for being successful in information security careers.

On July 13 US special counsel indicted 12 Russian intelligence officers for hacking the Democratic National Committee & the Clinton presidential campaign during the 2016 elections. State & county offices responsible for administering the 2016 U.S. elections were also determined to have been targeted by the hackers in an effort to steal voter & other data. Hackers were successful in breaking into the voter registration systems in Illinois. They also targeted systems throughout all the states. Are USA voting and registration systems now secure enough to prevent successful hacks? What are the methods used to attack our voting systems and what social engineering methods are used for the nation state hackers to get access to the systems & databases? What risks exist? What needs to be done to better secure the technologies used in our voting systems and voter registration databases? Listen to voting systems researcher & security expert Maurice Turner for answers to these & other questions.

There are continued efforts by US and worldwide governments and law enforcement to compel tech providers to create backdoors into encryption technologies to allow access to the data if they think they need it. We all want terrorists and criminals caught. But is putting backdoor access to encrypted data files actually the only way to solve cases where encrypted data is involved? Are there other methods available to get intelligence information beyond just the encrypted data, and are other methods available to obtain access to encrypted data instead of putting backdoors into the technology? Would such requirements even be effective with so many encryption technologies available from other countries? Or, should law enforcement investigations always be put before privacy risks? What are some important issues that should be considered for putting backdoors into encryption technologies? Tune in to hear this discussion with a world renowned senior cybersecurity leader and expert!For more details after listening see USACM’s statement on extraordinary law enforcement access at: https://www.acm.org/binaries/content/assets/public-policy/usacm/2018-usacm-statement-law-enforcement-access.pdf.

When people think of online catphishing, most think those targeted are using dating sites, gaming sites and social media sites such as Facebook and Instagram. However, catphishing is increasingly being done on professional sites, such as LinkedIn. There is a growing trend for catphishers to target business executives, IT pros, and middle managers. Why? For many reasons. Corporate espionage. As a form of nation state intelligence gathering, such as in what happened during the 2016 elections when Russian catphishers were reportedly connecting with those in the USA they thought would then spread their propaganda. To get valuable personal data from those catphished. To get access to networks and business assets. And many more motivations. So, what are some of the specifics involved with these catphishing activities targeting business professionals? Hear answers to these questions and also listen to the details of the curious catphishing case of Mia Ash in this episode.

In what countries do businesses have the most mature encryption strategies? Which ones are encryption strategy laggards? Do the countries that are lagging in encryption strategy maturity strategy also have weak encryption technologies? Or, do they actually have stronger encryption solutions? And what types of personal data are encrypted most often by organizations, and which are more rarely encrypted? Financial data? Healthcare data? Something else? In this episode I discuss these, and many more, worldwide encryption trends with Dr. Larry Ponemon, who has done many years of extensive research about encryption trends. Dr. Ponemon covers some of the major findings and points from his 2018 Global Encryption Trends Study sponsored by Thales. Plus, I provide five important and compelling reasons why putting in backdoors into encryption solutions, as many lawmakers still are trying to require, is a bad idea for security and privacy, and how it can also harm national economy.

There is daily discussion in the USA about voting & elections security. The US Department of Homeland Security reported evidence that Russian hackers tried to breach election systems in 21 states during the 2016 elections. Many states are updating voting systems security before November 2018 elections. Security threats are not confined to the US; voting & elections security threats & active exploits are occurring worldwide. Who should be responsible for ensuring elections processes and voting systems security? What do cybersecurity pros recommend be done to secure elections & voting systems? How are nation states spreading propaganda & using social media to alter votes? What types of voting systems are at most risk of being hacked? How can interference in social media & the spread of propaganda be stopped? What are the most important actions to take to improve voting and elections security in the USA & worldwide? Hear an expert discuss some of his research findings in this episode.

In recent years government leaders & news reports have made statements similar to the following about Russian hacking activities: that if you don’t catch a hacker in the act, then there is no way to tell who was hacking, where they are hacking from, or what they were doing. This simply is not true. In this episode I discuss digital forensics with the most knowledgeable expert for this topic. Dr. Peter Stephenson will answer questions such as, is it better to watch a hack or stop it? Is digital forensics used on devices, networks, or both? What types of forensics can be used on smashed devices? What are the signs of hacking? Has digital forensics really solved crimes? Can forensics prevent crimes? How did digital forensics point to Russian hackers in the 2016 elections? Can forensics be used on IOT devices? What are common digital forensics mistakes? Join us as we discuss these, and many more, issues about digital forensics, cyber threat analysis, and cyber criminology.

The GDPR is a very broad set of regulations, with 99 Articles that each contain one to many specific requirements related to personal data, and how it must be protected, restrictions on use and sharing, requirements for giving individuals access to their own personal data, and many other rights for the data subjects. This episode focuses on 3 of those many topics where much confusion exists. 1) Were all those email notifications on May 25 really necessary for GDPR compliance? 2) What is considered to be personal data, and in what possible forms? (HINT: It’s not just digital) 3) What types of organizations and people must comply with GDPR? We will also hit upon the additional requirements for data protection within individual countries, the protections for EU citizens as well as EU residents, is government surveillance in the EU subject to GDPR requirements, the growing tsunami of GDPR actions and complaints, and recommendations for GDPR compliance.

Those DNA ancestry kits are very popular. But how accurate are they? Can they really pinpoint the country where your ancestors came from? And with whom do ancestry businesses share that data? Was that data given to police which led to the Golden State Killer arrest, or did it come from other sources? How valuable is DNA in making criminal convictions, as well as exonerating the innocent? What parts of the human body provide the best types of DNA for analysis? How has DNA forensics analysis changed over the years? Is a human DNA sample ever too old to analyze? In what ways do you leave behind your DNA throughout the day? Can DNA analysis really be accomplished with a single strand of hair? Can your relatives provide DNA about you? How close in match is the DNA of identical twins? What are privacy considerations for DNA sharing? Listen in to this episode to hear how DNA was used in criminal cases, and to learn more from a DNA forensics expert who has analyzed over 900 cases!

A Kansas man was killed in a swatting incident in December, 2017. A central Iowa woman was a swatting victim in May, 2018. In April, 2018: A swatting incident occurred in Arlington, TX; there were 3 swatting incidents in the Chicago area; and at least 6 in the New York City area. Many more swatting incidents could probably be found if more than 30 seconds was spent looking. What is swatting? And when and how did it get started? Is the problem getting worse? Who are the targets for swatting? What should you do if someone wearing a police uniform is banging on your door, but you see no police car, or see a car that isn't a police car? How can Smart911 help in swatting situations? What are the security & privacy issues? Related to this, what types of home safety/security systems can be used to protect homes from intruders? What can everyone do to reduce the probability of being a swatting, or home invasion, victim? Listen in to this episode to learn more from an expert on this topic!

In this episode we discuss how to encourage women into STEM careers, IT in particular, and motivate them to stay. This most definitely is NOT a man versus women issue! Some of the greatest supporters of women in STEM are men and some of the greatest in opposition are women. There are many opinions and ideas for how to get more women involved in IT and keep them in the industry but there is no simple answer. Many actions must take place, throughout entire lifetimes and generations, and many attitudes which must change. Challenges attracting and keeping women in IT is due to many factors, from the atmosphere in which children are raised, to the people who are influencers in their lives, and too many practices within the IT, info sec and privacy industries that often result in forcing, or encouraging, women to leave their careers. Hear ideas and results from research for how to attract and keep women in STEM careers from an expert who spoke on this topic at the April 2018 RSA Conference.

The US government recently released its annual report of surveillance activities, including the numbers of individuals about whom data was collected. It reveals that NSA tripled metadata collection from 2016 to taking over 534 million call records in 2017. Warrantless FISA Section 702 content queries involving U.S. persons increased from 5,288 to 7,512. Many other types of surveillance activities are also performed by the US government, along with state and law enforcement agencies, as well as other countries' governments. How many agencies have surveillance programs? What surveillance tools are used & what data is collected? What laws allow, or restrict, such surveillance activities? What can people do to protect their communications from surveillance? What types of data will always be able to be collected for online communications? Can anyone truly be anonymous online? Join this interesting episode to hear an expert for government surveillance answer these & more questions!

Most think of cybercrooks coming from far-away places through the internet. But what many don’t consider is HOW they got a pathway into our computing devices & networks. Often those pathways were established through direct contact with their victims, and their cyber victims often didn’t even know it at the time. So how can such an obvious and out-in-the-open type of hack be accomplished? Well, if you find a USB thumb drive in a library, in your hotel room, or at a restaurant on the table you were just seated at, what would you do with it? Research studies show that most people will plug them into their computers. My guest for this episode created the types of studies that Google, and other large tech company researchers, have replicated in recent years for honey sticks and honey pots to replicate cybercrook tactics. Hear the results of these intriguing research studies that look at the methods cybercrooks commonly use to siphon the data from, and control, victim’s computing devices.

In April it was widely reported, throughout worldwide news outlets, that Russian hackers were working to infiltrate as many wi-fi networks throughout the world as possible; for the general public as well as businesses, organizations and government networks. News outlets in the UK indicated that over 100,000 wi-fi routers were compromised. Worldwide government security researchers warned that millions of wi-fi routers had been compromised by Russian nation-state intelligence officers; those in addition to the already large amount of attempts being made daily by cyber criminals. Why are Russian, and other countries', nation state hackers looking to get into the home wi-fi network of folks throughout the world, as well as every type of business and organization wi-fi network that is vulnerable? And what types of code and data do they want to load onto those networks? What harms can they do? In this episode I discuss these topics with my guest, Tom Eston, who is a wi-fi security expert!

On May 25, 2018, the EU General Data Protection Regulation (GDPR) goes into effect, bringing with it some significant changes to how organizations were protecting personal information under the EU Data Protection Directive. In this episode we discuss this with a couple of GDPR experts who have been deep into the weeds in helping organizations to implement the changes necessary to comply with the GDRP. And this certainly is a hot topic! I did an online news search on Feb 7, and there were 114,000 distinct news articles on this topic, with an unlimited number of opinions, warnings, and sky-is-falling predictions. Join our lively discussion with these two GDPR experts, who are based and work in the EU, to sort out some of the GDPR fictions from the facts, along with giving us some great advice.

What do Harry S. Truman, Gloria Steinem, Fidel Castro, Jimmy Hoffa, and Antonin Scalia have in common? Tune in to hear Robert Ellis Smith explain the answer! He will also discuss many other famous icons he’s met, been friends with, and interviewed during his long, storied career in privacy. Hear also Robert’s explanations of the Supreme Court’s Citizens United privacy decision of 2010 versus their AT&T FOIA decision of 2011, and his opinion of those decisions. Also, learn about his latest book, “Faces I Have Known.” Robert has some incredible stories he shares; in this episode in addition to in his book!

I’ve had many listeners, from high school up through those who were past their 70s, contact me, saying they were inspired to follow their interests into a tech, information security and/or privacy career after hearing some of my other radio shows. I also had many listeners asking me to provide more career advice; about getting into the tech, information security and privacy fields. Asking how to be as successful as possible. Asking for tips to get hired. Asking what fields are the ones that are hot right now, and which will be hot in the near future. I am happy to have the perfect person to answer those questions, and more, as my guest in this episode! Tune in to find out how to focus and propel your career in information security, privacy and IT from an expert whose business helps provide such opportunities.

In this episode we discuss information security and privacy careers and ways to support professional growth. In particular we discuss the benefits for building professional capabilities, of networking, learning from peers, and participating in projects as a result of belonging to and participating in professional associations. We also discuss the various types of activities that professional membership associations, such as ISACA, IAPP, ISSA, ISC^2, ACM, IEEE and others, have available for members. Tune in to hear some great professional guidance from long-time information security and privacy experts, and to hear about some upcoming events!

Many information security & privacy pros and career advisors give advice that you should focus on one specialty to be successful. While that may be best for some, I can testify that it does not apply to everyone! You can absolutely be successful doing many different types of specialties, at any age or period of your career, if those are your passions. My guest is the epitome of successfully pursuing a love of many, widely different areas of expertise as a career. Linda Cadigan, a highly accomplished information security and privacy pro and expert, discusses how so many of us love to work and have expertise in many different areas. Hear Linda’s experiences and how she utilized her expertise in multiple areas to build successful businesses. We advise listeners on the benefits of being multi-area information security & privacy experts! Success doesn’t always come from computing degrees or technology backgrounds, but from following your passion and doing what hasn't yet been done.

What comes to your mind when I say “hacking”? What comes to your mind when I say “hacker”? It’s likely very different to each of you. But would you ever consider hacking to be ethical? In this episode we discuss some hacking history, the different types of hackers (white hat, grey hat and black hat), some ways in which hackers exploit vulnerabilities in systems, applications and networks, social engineering, and some simple ways in which many hackers can be blocked from your systems and data. Our guest, Dave Chronister, a professional hacker and business owner, also describes some fascinating hacking experiences of his own, and offers some thought-provoking insights into what would be considered as good versus bad hacking activities. Plus, hear tips for businesses and the general public to keep from being a hacking victim.

Privacy breaches and security incidents are occurring more often and are increasingly involving larger amounts of personal data. Why are security incidents continuing to increase? For a variety of reasons. While basic information security and privacy concepts are still the same as they have been for the past 30+ years, too many organizations do not implement information security and privacy programs that cover all those concepts to begin with! There are also more types of devices, such as smart cars, smart home devices, smart mobile devices, smart toys, and more that are collecting and sharing increasingly more personal data. And it is only going to continue increasing. So, with all these available security and privacy management standards and guidance documents, why aren’t organizations better prepared to not only prevent security incidents and privacy breaches, but also to respond effectively to them? In this episode we discuss and gain insights from a long-time expert in this area.

There are increasingly more initiatives to make humans passive participants within the Internet of Things (IoT) by implanting a wide variety of computers and computer chips within them. Science fiction stories have long spun tales about such devices being used to control the thinking and actions of the populations at large, and to track their moves. We are now seeing many of those tales come to reality. Now IoT devices of all kinds, those from healthcare providers & those direct to consumers, and others that have nothing to do with healthcare, can dramatically improve peoples’ lives. However, if the devices do not have security built in, and if rules for how the data is allowed to be used are not established, they will become a security and privacy nightmares in the IoT. In this episode we will discuss many examples and associated security and privacy issues about embedding devices that constantly track the individual’s activities; uberveillance. Our guest is an expert in this field.

Body cameras can provide great benefit for capturing what really happens in various situations and support accountability for the actions of those wearing them. But there are also privacy risks for those in the vicinity. In July 2013, the US Department of Justice reported that less than 25%, at that time, of police departments used body cams. By 2015, 95% of large police departments reported they were either already using body cameras or had committed to doing so in the near future. Laws for body cam use are also increasing. Currently 34 US states and the District of Columbia have created laws for body cameras. Law enforcement and others are increasingly using body cams. Listeners; where do you stand on this topic? Invasion of privacy, for those interacting with the police and those in their vicinity? Or an absolutely necessary tool? Or somewhere in-between? How can we balance the safety and privacy issues? Join this episode to hear discussion of these important issues!

In this episode we discuss a long-time problem, since before the use of smartphones, and even before personal computers existed, but one that is getting progressively worse. Identity theft. With many more ways in which a person’s identity can be stolen, there is much more damage that can be done to victims. How does identity theft occur? What are the different types of identity theft? Does reviewing your credit report help that much in identifying when someone may have stolen your identity? What about stolen identities of children? And of the deceased? What are the primary ways to prevent being an identity theft victim? Join us to hear the most knowledgeable identity theft expert, Mari Frank provide answers to these questions, discuss these topics in depth, and more!

On May 25, 2018, the EU General Data Protection Regulation (GDPR) goes into effect, bringing with it some significant changes to how organizations were protecting personal information under the EU Data Protection Directive. In this episode we discuss this with a couple of GDPR experts who have been deep into the weeds in helping organizations to implement the changes necessary to comply with the GDRP. And this certainly is a hot topic! I did an online news search on Feb 7, and there were 114,000 distinct news articles on this topic, with an unlimited number of opinions, warnings, and sky-is-falling predictions. Join our lively discussion with these two GDPR experts, who are based and work in the EU, to sort out some of the GDPR fictions from the facts, along with giving us some great advice.

Hacking from Russia, China and other nation states has been going on for a very long time. And, it will continue to be in the news as more types of tech creates more ways to hack, and as more data is created to give insights into personal lives and activities. It is important to consider the history of nation state hacking, how it has evolved over the years, and what is currently occurring. Christopher will describe his experiences in the CIA, how he’s seen hacking methods change since he first started working in this area, current and future threats, and what everyone needs to keep in mind when considering hacking attempts from other countries.

In recent months self-proclaimed “cybersecurity experts” have posted cybercrime history timelines in online outlets but left out some of the most significant cases that impacted all subsequent cybercrime cases & laws; the Morris Worm & the German hackers caught by Clifford Stoll. In this episode you will hear from the trailblazer in the computer crime prosecution space, Mark Rasch, & learn what he has seen over the years with regard to computer crime, hacking, what has changed, & the things that have remained the same. Mark created the Computer Crime Unit at the US Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-tech, and white-collar crime. Mark helped the FBI and Treasury Department develop their original procedures on handling electronic evidence to use for computer crime prosecutions & has taught digital crime and evidence classes at the FBI Academy and the Federal Law Enforcement Training Center. Tune in for a fascinating discussion!

Most people assume that their data is safe in cannabis stores & medical cannabis dispensaries. Or they believe if they pay in cash there will be no record of their cannabis purchase. Those are incorrect beliefs. How do dispensaries secure & share data? Who WANTS that data? What security is needed? Some in government, law enforcement & employers want data about state legal marijuana and medical cannabis purchases. Michelle Dumay, Cannabis Patient Advocate, helps cannabis dispensaries & stores to secure their customers’ & patients’ data & privacy. Michelle learned through experience getting treatment for her daughter that most medical cannabis dispensaries are not compliant with laws governing the security and privacy of patient data. So Michelle decided to take action to ensure personal data is protected. In this episode, we discuss information security & privacy practices of cannabis shops, risks & what needs to be done when it comes to securing data and understanding privacy laws.