Endace Packet Forensics Files: Episode #52

Original Entry by : Michael Morris

Michael talks to Tiktok influencer Caitlin Sarian, CEO of Cybersecurity Girl

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode, I talk with to Tiktok and Instagram influencer Caitlin Sarian, CEO of Cybersecurity Girl, who discusses her journey into the cybersecurity field and her mission to break down stigmas surrounding the industry.

Emphasizing the importance of a love for learning and problem-solving over coding skills, Caitlin encourages individuals to explore diverse paths within cybersecurity, ranging from technical roles like ethical hacking to non-technical roles in data privacy.

The conversation highlights the need for continuous learning in the rapidly evolving cybersecurity landscape, with Caitlin recommending various channels for staying updated, including news alerts, newsletters, and professional groups. She addresses common misconceptions about coding requirements, debunking the idea that a specific educational background is essential, and stresses the value of gaining practical experience and obtaining certifications tailored to one’s chosen specialization.

Finally, Caitlin highlights the importance of advocating for diversity and inclusivity in cybersecurity. She emphasizes the need for mentorship, role models, and a supportive company culture to encourage women and minorities to enter and thrive in the industry. You won’t want to miss this episode if you’re looking for valuable insights about a career in cybersecurity. 

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #51

Original Entry by : Michael Morris

In this episode, Michael talks to Eric Buchaus, Director of Sales at Niagara Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads?  What do you need to gain insights into cloud network activity?

In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.

Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments.  He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.

Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.

Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures – particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.

Don’t miss this informative episode as Eric demystifies the complexities of network visibility and supplies some valuable guidance for navigating the challenges posed by evolving network landscapes.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #49

Original Entry by : Michael Morris

Michael talks to ICS and SCADA security expert, Lionel Jacobs

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode, Michael talks to Lionel Jacobs, Senior Partner Engineer, ICS and SCADA security expert, at Palo Alto Networks. Lionel draws on his more than 25 years of experience in OT (Operational Technology) and almost a decade at Palo Alto Networks in discussing some of the challenges of securing OT, IoT and critical infrastructure from cyberattack.

Lionel talks about some of the unique challenges that OT systems present for security teams and why being prepared to defend against attacks on critical infrastructure is so crucial.

Nation-state actors obviously see critical infrastructure as a prime target for attacks. But so too do criminal actors who see critical infrastructure operators as potentially more vulnerable to extortion than other targets.

Lionel discusses the role of Zero Trust and limited access zoning in reducing the risk of attackers expanding their ability to move from OT environments into the enterprise network. Carefully mapping the network and assets and understanding the requirements for access between different areas of the infrastructure is key to this. Often legacy OT devices and control systems can’t be easily patched so placing these elements into a security zone with a remediating factor between that zone and other parts of the network is the only feasible way to protect them from attack.

Lionel talks about the challenge of detecting attacks in OT environments, how to spot unusual activity, and the importance of having a reference baseline to compare against. He highlights the importance of packet data in providing insight into what is happening on OT networks.

Lionel also stresses the importance of close collaboration between OT security teams and the operators of OT networks. It’s crucial to ensure that the safe and effective operation of critical infrastructure isn’t adversely impacted by security teams that don’t understand the operational processes and procedures that are designed to ensure the safety of the plant and the people that work there.

Lastly, Lionel reiterates the importance of gathering reliable evidence, and enabling security analysts to quickly get to the evidence that’s pertinent to their investigation. It’s not just about collecting data, but about making sure that data is relevant and easy to access.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #48

Original Entry by : Michael Morris

Michael talks to Endace’s IT Security Manager, Al Edgar.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceIn this Episode of Packet Forensics Files, I ask Al Edgar, former Information Security Manager for Health Alliance – and now IT Security Manager at Endace – about some of the important areas a security leader needs to focus on and what new challenges they are facing.

Firstly, Al says, it’s important to take an holistic approach to cybersecurity, by looking at the three critical components for robust security: people, processes, and technology. He stresses the importance of Incident Response planning and why it’s so critical to define clear objectives, roles, and responsibilities as part of the plan.

In order to stay ahead of emerging threats, Al says keeping up-to-date with cybersecurity trends is crucial. He recommends subscribing to cyber blogs, leveraging threat intelligence feeds, and mapping threat intelligence against your organizational infrastructure. He also highlights the importance of having a plan for managing third-party vendor risk.

Al provides some valuable recommendations on where to start to ensure a more robust security posture, including maintaining a centralized inventory, conducting thorough risk assessments, cataloging and categorizing risks, and incorporating appropriate security clauses into contracts with suppliers and partners.

Cybersecurity awareness training is another critical area, Al says. His view is that it’s the responsibility of every individual in an organization to prioritize cybersecurity but he highlights the importance of support and training to enable them do this effectively.

Lastly, Al talks about future cybersecurity threats, and calls out the potential risks associated with the weaponization of AI technology. He highlights the need for caution when sharing information with AI systems, reminding us to be mindful of potential privacy breaches and the risk that sensitive IP or data disclosed to AI tools may be misused or insufficiently protected.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #42

Original Entry by : Michael Morris

Michael talks to RoseAnn Guttierrez, Technical Enablement Specialist BM at IBM

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

We have all heard horror stories about how SOC teams are overwhelmed and facing a never-ending battle against threat actors. And we all recognize it is not a matter of IF but WHEN you get breached.

So, when the worst happens is your team resilient enough and sufficiently trained to respond effectively ? Are you confident your team can determine, for certain, whether critical data, such as customer information, or systems have been compromised so you can meet all the necessary compliance and reporting obligations? And do you have the network forensics in place that your SOC needs to be able to thoroughly investigate and respond to a breach?

In this episode of the Endace Packet Forensic files, I talk with RoseAnn Guttierrez, Technical Enablement Specialist BM at IBM Security and a former SOC analyst.

Rose shares her experience of what a day in the life of a SOC engineer is really like. She discusses the best practices she and her team put in place to manage the day-to-day challenges and improve their security posture. She also highlights some of the tools that were most valued in their daily operations and the critical importance of interoperability and integrated workflows to ensure efficiency and simplicity for SOC teams.

Rose discussed the challenge of balancing the need to provide reactive incident response versus having the time to devote to more proactive threat-hunting activities and suggests some approaches to better manage the balance between these important tasks. And she provides some suggestions and recommendations for SOCs on how to build maturity into processes, training, and effectiveness to improve security investigation capability.

Rose’s combination of SOC experience and deep knowledge of the security landscape has given her unique insight into the importance of having an interoperable ecosystem of tools and vendors that enables SOC teams to build resiliency and efficiency into their DNA.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #41

Original Entry by : Michael Morris

Michael talks to Andrew Stewart, Senior National Security and Government Strategist at Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode of the Endace Packet Forensic files, I talk with Andrew Stewart, Senior National Security and Government Strategist at Cisco.  Andrew, CAPT, USN (Ret.) is a Senior Federal Strategist at Cisco where he implements strategies to support innovative cybersecurity and AI/ML solutions across the Federal Government.  He also served as the Commanding Officer and Program Manager at the Navy Cyber Warfare Development Group (NCWDG).

With Andrew’s deep experience in national security and government agencies, I wanted to get his thoughts on all the new Whitehouse mandates, and cybersecurity policies from CISA such as the emphasis on Zero Trust and other important initiatives.  We discuss whether what organizations are doing is sufficient given the risks posed by nation-state threat actors.

Noting that CISA guidelines and recommendations and Whitehouse mandates can help organizations and agencies prioritize cybersecurity with more urgency than before, Andrew raises the issue of awareness of cybersecurity among executives and corporate boards.  He suggests that, regardless of whether the threat is a nation-state attacker or a ransomware group, a threat-based approach is crucial. He also discusses the importance of building resilience across all “mission” functions, not just day-to-day operations, especially with a remote workforce.  In short,  security resilience is essential to underpin it all.

Lastly, Andrew highlights trends for the coming months – including the ever-changing nature of threats as hybrid cloud operating environments continue to expand the threat spectrum and transform the way we work. Visibility, he says, remains the key to mastering and controlling such a dynamic threat environment.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #40

Original Entry by : Michael Morris

Michael talks to Chris Greer, Packet Pioneer and Wireshark Guru.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Threat hunting is a critical cybersecurity activity that is growing in importance and prevalence around the globe.  Are your SOC analysts developing the skills and toolsets they need to enable more efficient and effective threat hunting?  What are the inhibitors your teams face and do you have the right tools and processes in place?

In this episode of the Endace Packet Forensic files, I talk with Chris Greer of Packet Pioneer.

Chris is an experienced protocol analyst and forensics expert. He is a renowned instructor for Wireshark University as well as the host of a popular YouTube channel where he shares insights into threat hunting and demonstrates the importance of understanding how to investigate and resolve issues using packet analysis. In this episode, Chris talks about some of the problems or threats you can only see as part of your incident response investigation processes and workflows if you have access to full packet data.

Finally, Chris highlights some of the gaps that organizations have in their security stacks that make it hard for them to confirm or deny false positives and how to resolve this visibility issue. He offers recommendations for training and suggests how to improve your organization’s threat hunting capability.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #39

Original Entry by : Michael Morris

Michael talks to Justin Fier, VP of Tactical Risk and Response, Darktrace.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In the current era of extreme geopolitical instability, focus is intensifying on potential nation-state cyberthreats and how governments can defend against nation-states and cyber mercenaries. The increasing threat of nation-state led or sponsored attacks, combined with the massive potential impact of attacks on critical infrastructure are the stuff of nightmares that keep cyberdefenders up at night.

In this episode, I welcome back Justin Fier, VP Tactical Risk and Response at Darktrace (who was our very first guest in this series almost 40 episodes ago!) to talk about nation-state cyber, where he sees the threats lie, and what organizations can do to better prepare for possible attacks.

Justin talks about some of the great work being done by organizations like CISA, and the signs of increased collaboration between nation state defenders as being positive signs that things are moving in the right direction. But there are also significant challenges. Overcoming the slow pace of organizational change, addressing the dearth of skilled cybersecurity professionals, and building the agility to respond to the constantly evolving threat landscape are all major issues that we need to respond to as an industry – whether that’s in government defense or in securing the enterprise.

Lastly, Justin discusses what we need to do to better defend against nation-state and nation-state-sponsored attackers, and puts on his forecasting hat to predict what’s he sees as the most likely threats security teams should focus on over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.