Of course, we’re talking about the long-awaited return of KnowBe4’s network-quality video series The Inside Man. Back for its fifth season, the show, created and produced by Twist & Shout Communications (a KnowBe4 company) is now available to all diamond-level KnowBe4 subscribers.  

The Gurus were lucky enough to walk the red carpet alongside the show’s cast and crew last week at the Odeon Luxe Cinema, Leicester Square. A packed-out venue fit for an ambitious and industry-leading series that reunited some of our favourite characters. 

What To Expect This Season 

Season 5 of The Inside Man has big ambitions that echo, as always, real-world scenarios, genuine real-world threats, and plausible scenarios. If season 4 was a nod to 2021’s Colonial Pipeline ransomware attack, season 5 takes a stab at the more political side of cybercrime.  

The season’s antagonist, Cyrus, sums the season – and his intentions – up perfectly: ‘Money? You think this is about money? It’s about power… The power to know how people are going to react before they know themselves, to mould their thoughts, to shape their behaviour… The power to choose who wins an election, wins a war.’ 

Of course, this echoes similar themes that we see in the news frequently, with cyber influence operations becoming all the more common. In fact, just last year US military and intelligence officials announced that they were stepping up efforts to defend the electoral process from foreign influence.  

Whilst the show doesn’t go that far, it does dabble in using cyber influence to show the increasingly complex nature of highly personalised attacks. This season we find Mark, AJ, Fiona, Violent and Maurice approached by the security services to help fight against a remorseless adversary deploying vast resources of hacking powers to gain influence and power. From global corporation acquisition to insider threats within hospitals and healthcare, this is definitely the most eager (and high stakes) series of The Inside Man yet. 

Jim Shields, Creative Director of Twist & Shout Communications said: “In this season, we see many of these exciting plotlines finally come home to roost. Storylines for which we’ve spent two or three seasons laying the foundations. It’s powerful stuff, and the production team have excelled themselves as usual in bringing it to life. I’m unbelievably proud to be a part of this series.”   

Revolutionising Cyber Awareness Training 

For many years, KnowBe4 have been reshaping cybersecurity awareness. Perhaps the most obvious example of this is their willingness to invest in something truly different and, perhaps, revolutionary within its field. It’s clear that The Inside Man is an investment, with stunning sets, large productive value and 12-episode story arc. However, it pays off; the show has real, dedicated fans. In fact, three lucky superfans were invited to the premiere, with one having written a full-blown analysis of it. There’s nothing quite like it! 

“Security awareness training doesn’t have to be boring, nor should it,” says Stu Sjouwerman, CEO of KnowBe4. “‘The Inside Man’ is the most utilised training that KnowBe4 offers in the optional training category because it is highly captivating, and the production quality is more like a network-quality series than training.” 

What The Inside Man does so captivatingly is foreground the human element of cybercrime, with the adversaries not the stereotypical hooded hackers of yesteryear and our victims harrowingly human and relatable. From social engineering to passwords, to social media and deep fakes, this season of The Inside Man covers a lot of ground. Importantly, it reveals how easy it can be for an outsider to penetrate an organisation’s security controls and network. It’s awareness training that doesn’t feel like awareness training – and it’s not preachy either. 

The Verdict  

Season 5 of The Inside Man is well worth a watch. Whether or not you typically ‘enjoy’ cybersecurity awareness training, you can’t help but feel drawn to the show. It’s both educational and entertaining, and that’s pretty impressive.  

Education and awareness are at the heart of everything KnowBe4 does – and The Inside Man is no different, clearly. The Inside Man forces audiences to face safe (or otherwise) cybersecurity practises in an unusual (and rather fun) way. Ultimately, this passion project, beloved within its community, is something vendors should take notice of.  

You can watch the full series on The Inside Man microsite on the KnowBe4 platform if you are a diamond member. 

The post Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries appeared first on IT Security Guru.

The traditional defence is to change them on a schedule basis on the assumption that a compromise is likely at some point, but this has always been a blunt defence that risks encouraging re-use as users try to cope with constant resets. In 2016, NIST put a pin in this balloon by recommending that organisations no longer mandate automatic password changes unless they have a reason to do so. 

The mistaken assumption is that once a password is lost (with or without the username), there is no way to detect that this has happened. In fact, a way does exist – query databases of leaked passwords culled from dark net sources so see if a known password or password is present.  

Although the idea of monitoring criminal sites for leaked passwords is not new (public databases such as Have I been Pwned? have been around for years), the trick has been finding a way to integrate them into password management systems. Without that integration, password detection would risk becoming a management chore that burdens IT staff with alerts they struggle to react to. 

One company that thinks it has cracked the problem is Authlogics, which has integrated its Password Breach database of 4.1 billion leaked credentials into the company’s Password Security Management system. In this podcast, IT Security Guru editor John E. Dunn and CEO Steven Hope discuss the complex design challenges this posed for Authlogics.  

Integrating a database of leaked passwords into a password management system turned out to be the easy part. The much bigger nut to crack was making it easy for IT teams to fix the credential problems the software detected, weeding out dormant accounts, encouraging users to create secure passwords or phrases.  

Most important of all, time is of the essence. The detection of compromised passwords must allow for real-time detection as soon as compromised credentials appear in the database.   

One day, all password management systems will be built this way.  

Have a listen HERE!

The post Has that password been compromised? appeared first on IT Security Guru.

The post Developing a Strong Security Posture in the Era of Remote Work appeared first on IT Security Guru.

This all changed in 2014 when Espinosa’s itch to succeed led him to start his own cybersecurity company: Alpine Security. Now, Alpine Security has been acquired by security consulting firm Cerberus Cyber Sentinel Corporation, bringing in a new era with Espinosa offering his expertise as a new Managing Director.

However, Espinosa’s hard-earned experience is not simply limited to the boardroom. In his latest book, ‘The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity’, Espinosa shares his decades of experience in the fast-paced world of IT Security. The decades of combined experience can practically be felt dripping through the pages as the chapters outline the essential steps to overcome the biggest adversary in cybersecurity. No, not the cybercriminals, but the toxic culture that many cybersecurity professionals find themselves in. The book takes a holistic approach to self-betterment, discussing the importance of so called ‘soft skills’ in the world of cybersecurity.

Perhaps this is what makes this book so challenging and engaging is that it peels back the cultural aspects of the cybersecurity industry that have been fermenting for decades. Espinosa states that “business leaders rely on their cybersecurity staff to protect their data”, yet “in my more than thirty years of experience in cybersecurity and leadership, I found that these technical employees are the root of the problem”. In order to solve this problem, Espinosa proposes “The Secure Methodology” and its seven steps, beginning with ‘Awareness’, and culminating in ‘Kaizen’ –the Japanese philosophy of continuous self-improvement in a world where the need to be the smartest person in the room stems from deep rooted insecurity rather than confidence.

The book outlines how technical employees, who may struggle with interpersonal skills and insecurity, can deploy Espinosa’s methodology, not just to help security professionals to communicate better and reduce risk overall, but for anyone that would like to work on becoming more confident and fulfilled with the life we are given. While I will not outline each step – that is for you to discover when you read the book – I will state that they intuitively link together to form a comprehensive formula for self-betterment.

Espinosa’s choice words make for an interesting read as humorous anecdotes are woven in seamlessly with heartfelt advice and genuine concern for industry and personal wellbeing. Espinosa is certainly one to watch as his knack for storytelling and his experience in business and the world promises exciting things in the future as Christian and Cerberus Sentinel use their combined experience to better the world of cybersecurity.

You can buy the book here now for less than the price of a coffee!

The post Book Review: ‘The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity’ By Christian Espinosa appeared first on IT Security Guru.

The post ‘Twas the night before InfoSec appeared first on IT Security Guru.

Derek Brink, CISSP, vice president and research fellow at Aberdeen Group talks to Yvonne Eskenzi about how to assess and understand risk in today’s complicated environment and the importance of using the right language around risk in cybersecurity – a crash course like the one Derek teaches at Harvard University

The post People who have WOWED us over 25 years appeared first on IT Security Guru.

Episode 6: In this instalment, Yvonne speaks with Amichai Shulman, Co-founder and Chief Scientist of Imperva. Amichai is known as the cyber rockstar of Tel Aviv with decades of cybersecurity experience he is a household name in Israel. This episode covers the current state of cybersecurity today, the importance of good PR and how giving back time and energy to prospective cybersecurity talent in university can have a positive impact on the whole industry!

The post People who have WOWED us over 25 years appeared first on IT Security Guru.

Episode 5: Yvonne talks with Martin Kuppinger, Founder and Principal Analyst at KuppingerCole. In this instalment, Martin discusses the importance of analyst houses in cybersecurity, key predictions and industry trends for the future, and how to create a successful business model in these unprecedented times.

The post People who have WOWED us over 25 years appeared first on IT Security Guru.

Episode 4: Yvonne talks with Teresa Cottam, chief analyst at Omnisperience, and expert in the Digital Economy. Cottam is renowned for helping companies create compelling experiences that transform their businesses, and in this episode, Teresa talks about what key skills you need to be an analyst, how the telecoms industry has changed and everything inbetween!

The post People who have WOWED us over 25 years appeared first on IT Security Guru.

Episode 3: Yvonne talks with Colonel John Doody, the ‘Godfather of InfoSec’, and author of acclaimed autobiography ‘From Stripes to Stars’. In this instalment, Colonel Doody opens up about his tenure as the outward face of GCHQ, how humble beginnings cannot stop you from achieving your dreams, and that you’re never too old to find love.

The post People who have WOWED us over 25 years appeared first on IT Security Guru.