43 - GPT-4 Exploits 87% of Vulns, New CISA Requirements, VPNs Under Attack, and NIST Issues Digital Identity Updates

44 - Reflecting After 22 Years at DHS: Bill Pratt on IT Modernization, Procurement Challenges, and Drag Racing

Welcome to Episode 44 of Emagine The Future! On this episode, we are joined by Bill Pratt. Prior to joining Reli Group in January 2024, he spent 22 years supporting the Public Sector through various roles in the Department of Homeland Security. Key Discussion Points:  * Public Sector IT Modernization * Public Sector Procurement & Navigating Industry Challenges * Drag Racing Connect with Bill:  https://www.linkedin.com/in/bill-pratt-2431335/ Subscribe on YouTube: https://www.youtube.com/@EITisCyber Connect on LinkedIn: https://www.linkedin.com/company/emagine-it-inc-/posts/

43 - GPT-4 Exploits 87% of Vulns, New CISA Requirements, VPNs Under Attack, and NIST Issues Digital Identity Updates

Welcome to Episode 43 of Emagine The Future, our 4th of our "This Month in Cyber" series - April 2024 edition. March Catchup (Things we missed):  *  NIST Unveils New Consortium to Operate its National Vulnerability Database https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/ [https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/]  * A New Roadmap for FedRAMP  https://www.fedramp.gov/2024-03-28-a-new-roadmap-for-fedramp/ [https://www.fedramp.gov/2024-03-28-a-new-roadmap-for-fedramp/]  * Review of the Summer 2023 Microsoft Exchange Online Intrusion https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf [https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf].  Incidents & Breaches:  * Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html?&web_view=true [https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html?&web_view=true].  * GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories [https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories]  Regulatory & Government:  *  New CISA Cybersecurity Incident Reporting Requirements Proposed for Critical Infrastructure Companies https://www.nextgov.com/cybersecurity/2024/03/cisas-proposed-framework-cyber-incident-reporting-rules-includes-subpoena-power/395275/?oref=ngfcw_alert_nl&utm_source=Sailthru&utm_medium=email&utm_campaign=Nextgov/FCW%20Alert%20-%20March%2027%2C%202024&utm_term=newsletter_ng_alert [https://www.nextgov.com/cybersecurity/2024/03/cisas-proposed-framework-cyber-incident-reporting-rules-includes-subpoena-power/395275/?oref=ngfcw_alert_nl&utm_source=Sailthru&utm_medium=email&utm_campaign=Nextgov/FCW%20Alert%20-%20March%2027%2C%202024&utm_term=newsletter_ng_alert]  * Formal Update: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements [https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements]  * NIST issues digital identity update allowing agencies to use synced passkeys , https://federalnewsnetwork.com/technology-main/2024/04/nist-issues-digital-identity-update-allowing-agencies-to-use-synced-passkeys/ [https://federalnewsnetwork.com/technology-main/2024/04/nist-issues-digital-identity-update-allowing-agencies-to-use-synced-passkeys/]  Events That Occurred & Events < 60 Days Away:  * RSA Conference (May 6-9)  - San Francisco   * 45th IEEE Symposium on Security and Privacy (May 20-22, 2024 Security and Privacy Workshops will be held on May 23, 202 San Francisco  * Gartner Security & Risk Management Summit (National Harbor, MD June 3-5)   * GRC Summit 2024 Baltimore, June 17 & 18   Subscribe on YouTube: https://www.youtube.com/@EITisCyber Connect on LinkedIn: https://www.linkedin.com/company/emagine-it-inc-/posts/

42 - FedRAMP Rev5 & Post-Authorization - Live Keynote from 2024 Cloud Compliance Summit

Welcome to Episode 42 of Emagine The Future! On this episode, we are excited to share with you the live recording from the Aquia + AWS 2024 Cloud Compliance Summit held on March 19th, 2024.    Emagine IT was both a sponsor of the happy hour but also a speaking partner. On this episode, you'll be able to tune into the recorded keynote our very own Adam Chun and Erik Dominguez hosted with a group.  Key Discussion Points:  * FedRAMP Post-Authorization & What it Means For Your Organization * Current & Future State of Continuous Monitoring Requirements * FedRAMP PMO Drives Rev5 Transition Connect with Erik: https://www.linkedin.com/in/erik-dominguez-2589b228/ Connect with Adam: https://www.linkedin.com/in/adammchun/ Full-Length Video Panel: https://www.youtube.com/watch?v=2ihggDdhmYQ&t=355s Subscribe on YouTube: https://www.youtube.com/@EITisCyber Connect on LinkedIn: https://www.linkedin.com/company/emagine-it-inc-/posts/

41 - Future of ConMon & Measuring Cyber Security Performance For Developers with Ajay Chandhok

Welcome to Episode 41 of Emagine The Future! On this episode, we are joined by Ajay Chandhok. Ajay is the CEO & Founder of Stratus Cyber. Leveraging more than two decades of experience spanning the Intelligence Community, defense sector,  federal civilian agencies, and the commercial space, Ajay brings a unique and well-defined perspective.  Key Discussion Points:  * Future of ConMon * Modernizing Measuring Security Performance  * Why Our Adversary is Always 2-Steps Ahead * Over-reliance on Tools Hinder Enterprise Resilience  Connect with Ajay:  https://www.linkedin.com/in/ajay-chandhok/ Check out Stratus Cyber: https://stratuscyber.com/about-us/ Subscribe on YouTube: https://www.youtube.com/@EITisCyber Connect on LinkedIn: https://www.linkedin.com/company/emagine-it-inc-/posts/

40 - NIST 2.0, Memory-Safe Tech, Conversation Overflow, Phobos Ransomware Insights

Welcome to Episode 40 of Emagine The Future our 2nd of our "This Month in Cyber" series - March 2024 edition. February Catchup (Things we missed):  * NIST 2.0 Cybersecurity Framework: https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework [https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework] * US Press release on Future Software should be Memory-Safe: https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/ [https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/] * Annual Threat Assessment of the US Intelligence Community Released 2/5/2024: https://www.documentcloud.org/documents/24475399-unclassified-threat-assessment-us-government-2024 [https://www.documentcloud.org/documents/24475399-unclassified-threat-assessment-us-government-2024] * Microsoft and OpenAI publish a report on Nation-State Hackers using AI for cyber-attacks: https://thehackernews.com/2024/02/microsoft-openai-warn-of-nation-state.html [https://thehackernews.com/2024/02/microsoft-openai-warn-of-nation-state.html] Incidents & Breaches:  * Credential-stealing emails  and Conversation Overflow:  https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security [https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security] * NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold: https://www.infosecurity-magazine.com/news/nist-vulnerability-database/ [https://www.infosecurity-magazine.com/news/nist-vulnerability-database/] Regulatory & Government:  * In continuation of last month, FBI and CISA release details on the tactics and techniques threat actors are using to deploy the Phobos ransomware strain on target networks: https://www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-release-iocs-for-phobos-ransomware [https://www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-release-iocs-for-phobos-ransomware] * NSA's Zero Trust Guidance: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3695223/nsa-releases-maturity-guidance-for-the-zero-trust-network-and-environment-pillar/ [https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3695223/nsa-releases-maturity-guidance-for-the-zero-trust-network-and-environment-pillar/] * Yearly US Intelligence Congress Testimony: https://techcrunch.com/2024/03/11/four-things-we-learned-when-us-spy-chiefs-testified-to-congress/ [https://techcrunch.com/2024/03/11/four-things-we-learned-when-us-spy-chiefs-testified-to-congress/] * DHS AI Roadmap Plans: https://fedscoop.com/dhs-ai-roadmap/?utm_content=286478443&utm_medium=social&utm_source=linkedin&hss_channel=lcp-1097874 [https://fedscoop.com/dhs-ai-roadmap/?utm_content=286478443&utm_medium=social&utm_source=linkedin&hss_channel=lcp-1097874] Events That Occurred & Events < 60 Days Away:  * Philadelphia Cybersecurity Conference, Virtual and Philadelphia, Pennsylvania: April 4  * SANS New2Cyber Summit 2024–Central US, Virtual: April 4 – 15  * Cybersecurity Implications of AI Summit: North America West Summit, Seattle, Washington: April 16  * Google Cloud Next ’24, Las Vegas, Nevada: April 9 – 11  Subscribe on YouTube: https://www.youtube.com/@EITisCyber Connect on LinkedIn: https://www.linkedin.com/company/emagine-it-inc-/posts/