State of Cybercrime
186 episodes - English - Latest episode: 3 months ago - ★★★★★ - 48 ratingsJoin us for State of Cybercrime, where experts discuss the latest trends and developments in the world of cybercrime and provide insights into how organizations can protect themselves from potential threats.
Sponsored by Varonis
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Rita Gurevich, CEO of SPHERE Technology Solutions
November 02, 2017 12:00 - 29 minutes - 26.8 MBLong before cybersecurity and data breaches became mainstream, founder and CEO of SPHERE Technology Solutions, Rita Gurevich built a thriving business on the premise of assisting organizations secure their most sensitive data from within, instead of securing the perimeter from outside attackers. And because of her multi-faceted experiences interacting with the C-Suite, technology vendors, and others in the business community, we thought listening to her singular perspective would be well wo...
The Moral Obligation of Machines and Humans
October 24, 2017 12:00 - 28 minutes - 26.5 MBCritical systems once operated by humans are now becoming more dependent on code and developers. There are many benefits to machines and automation such as increased productivity, quality and predictability. But when websites crash, 911 systems go down or when radiation-therapy machines kill patients because of a software error, it’s vital that we rethink our relationship with code and as well as the moral obligations of machines and humans. Should developers who create software that impac...
The Anatomy of a Cybercriminal Startup
October 12, 2017 09:00 - 24 minutes - 23 MBOutlined in the National Cyber Security Centre’s “Cyber crime: understanding the online business model,” the structure of a cybercrime organization is in many ways a lot like a regular tech startup. There’s a CEO, developer, and if there are enough funds, an IT department. However, one role outlined on an infographic on page nine of the report that was a surprise and does not exist in legitimate businesses. This role is known as a “money mule.” Vulnerable individuals are often lured into th...
How Weightless Data Impacts Data Security
October 05, 2017 12:00 - 23 minutes - 22.1 MBBy now, we’re all aware that many of the platforms and services we use collect and store information about our data usage. Afterall, they want to provide us with the most personalized experience. So when I read that an EU Tinder user requested information about her data and was sent 800 pages, I was very intrigued with the comment from Luke Stark, a digital technology sociologist at Dartmouth University, “Apps such as Tinder are taking advantage of a simple emotional phenomenon; we can’t fe...
Penetration Testers Sanjiv Kawa and Tom Porter
September 29, 2017 15:00 - 38 minutes - 35.3 MBWhile some regard Infosec as compliance rather than security, veteran pentesters Sanjiv Kawa and Tom Porter believe otherwise. They have deep expertise working with large enterprise networks, exploit development, defensive analytics and I was lucky enough to speak with them about the fascinating world of pentesting. In our podcast interview, we learned what a pentesting engagement entails, assigning budget to risk, the importance of asset identification, and so much more. Regular speakers ...
Ofer Shezaf, Varonis Director of Cyber Security, Part II
September 26, 2017 11:37 - 13 minutes - 12.3 MBOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this second part of the interview, we explore ways to improve data security through security by design techniques at t...
Ofer Shezaf, Varonis Director of Cyber Security, Part I
September 20, 2017 13:01 - 9 minutes - 8.9 MBOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this first part of the interview, Ofer shares his thoughts on the changing threat landscape.
Dr. Tyrone Grandison on Data, Privacy and Security
September 11, 2017 08:00 - 35 minutes - 32.4 MBDr. Tyrone Grandison has done it all. He is an author, professor, mentor, board member, and a former White House Presidential Innovation Fellow. He has held various positions in the C-Suite, including his most recent role as Chief Information Officer at the Institute of Health Metrics and Evaluation, an independent health research center that provides metrics on the world's most important health problems. In our interview, Tyrone shares what it’s like to lead a team of forty highly skilled ...
When Hackers Behave Like Ghosts
September 07, 2017 12:00 - 24 minutes - 22.6 MBWe’re a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! It’s hard to recreate and retrace an attacker’s steps when there are no fingerprints or evidence of forced entry. Let’s start with your boarding pass. Before you toss it, make sure you shred it, especially the barcode. It can reveal your frequent flyer number, your name, and other PII. You can even submit the passenger’s information on the airli...
Security Doesn’t Take a Vacation
August 30, 2017 14:00 - 25 minutes - 23.9 MBDo you keep holiday photos away from social media when you’re on vacation? Security pros advise that it's one way to reduce your security risk. Yes, the idea of an attacker mapping out a route to steal items from your home sound ambitious. However, we’ve seen actual examples of a phishing attack as well as theft occur. Alternatively, the panelists point out that this perspective depends on how vulnerable you might be. If attackers need an entry and believe that you’re a worthy target is vas...
The Security of Visually Impaired Self-Driving Cars
August 24, 2017 09:00 - 28 minutes - 25.9 MBHow long does it take you to tell the difference between fried chicken or poodle? What about a blueberry muffin or Chihuahua? When presented with these photos, it requires a closer look to differentiate the differences. It turns out that self-driving car cameras have the same problem. Recently security researchers were able to confuse self-driving car cameras by adhering small stickers to a standard stop sign. What did the cameras see instead? A 45 mph speed limit sign. The dangers are sel...
Dr. Zinaida Benenson and Phishing, Part II
August 23, 2017 10:12 - 8 minutes - 7.66 MBDr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the second part of our interview, Benenson offers very practical advice on dealing with employee phishing and also discusses some of the consequences of IoT hacking. Transcript [Inside Out Security] Zinaida Benenson is a senior ...
Deleting a File Is More than Placing It into the Trash
August 17, 2017 09:00 - 23 minutes - 21.8 MBWhen we delete a file, our computer’s user interface makes the file disappear as if it is just a simple drag and drop. The reality is that the file is still in your hard drive. In this episode of the Inside Out Security Show, our panelists elaborate on the complexities of deleting a file, the lengths IT pros go through to obliterate a file, and surprising places your files might reside. Kris Keyser explains, “When you’re deleting a file, you’re not necessarily deleting a file. You’re delet...
Dr. Zinaida Benenson and Phishing, Part I
August 14, 2017 10:23 - 14 minutes - 13.9 MBZinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the first part of our interview with Benenson, we discusses how she collected her results, and why curiosity seems to override security concerns when dealing with phish mail. Transcript [Inside Out Security] Zinaida Benenson is a se...
Are Cyber War Rooms Necessary?
August 11, 2017 09:00 - 28 minutes - 26.5 MBWhile some management teams are afraid of a pentest or risk assessment, other organizations - particularly financial institutions - are well aware of their security risks. They are addressing these risks by simulating fake cyberattacks. By putting IT, managers, board members and executives who would be responsible for responding to a real breach or attack, they are learning how to respond to press, regulators, law enforcement, as well as other scenarios they might not otherwise expect. Howe...
Roxy Dee, Threat Intelligence Engineer
August 03, 2017 15:00 - 23 minutes - 21.9 MBSome of you might be familiar with Roxy Dee’s infosec book giveaways. Others might have met her recently at Defcon as she shared with infosec n00bs practical career advice. But aside from all the free books and advice, she also has an inspiring personal and professional story to share. In our interview, I learned about her budding interest in security, but lacked the funds to pursue her passion. How did she workaround her financial constraint? Free videos and notes with Professor Messer! Wh...
Blackhat Briefings That Will Add to Your Tool Belt
July 25, 2017 07:00 - 26 minutes - 24.7 MBWe’re counting down to Blackhat USA to attend one of the world’s leading information security conference to learn about the latest research, development and trends. We’ll also be at booth #965 handing out fabulous fidget spinners and showcasing all of our solutions that will help you protect your data from insider threats and cyberattacks. In this podcast episode, we discuss sessions you should attend as well as questions to ask that will help you reduce risk. We even cover why it isn't wi...
Cyber Threats Are Evolving and So Must Two-Factor
July 21, 2017 12:00 - 20 minutes - 19.4 MBFinally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack. So what should we do now? As the industry moves beyond 2FA, the good news is that three-factor authentication is not on the shortlist as a replacement. Google’s identity systems manager, Mar...
Budgets and Ethics
July 12, 2017 13:00 - 25 minutes - 23.5 MBRight now, many companies are planning 2018’s budget. As always, it is a challenge to secure enough funds to help with IT’s growing responsibilities. Whether you’re a nonprofit, small startup or a large enterprise, you’ll be asked to stretch every dollar. In this week’s podcast, we discussed the challenges a young sysadmin volunteer might face when tasked with setting up the IT infrastructure for a nonprofit. And for a budget interlude, I asked the panelists about the growing suggestion for...
Is Data Worth More Than Money?
July 07, 2017 15:00 - 27 minutes - 25 MBWhen it comes to infosecurity, we often equate treating data like money. And rightfully so. After all, data is valuable. Not to mention the human hours devoted to safeguarding an organization’s data. However, when a well-orchestrated attack happens to destroy an organization’s data, rather than for financial gain, we wondered if data is really worth more than money. Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual and emotional la...
In the Dark about Our Data
July 06, 2017 12:00 - 28 minutes - 26.3 MBIt’s been reported that 85% of businesses are in the dark about their data. This means that they are unsure what types of data they have, where it resides, who has access to it, who owns it, or how to derive business value from it. Why is this a problem? First, the consumer data regulation, GDPR is just a year away and if you’re in the dark about your organization’s data, meeting this regulation will be a challenge. Organizations outside the EU that process EU citizens’ personal data, GDPR r...
What does the EU General Data Protection Regulation (GDPR) mean for countries outside the EU?
June 29, 2017 15:00 - 31 minutes - 29 MBThe short answer is: if your organization store, process or share EU citizens’ personal data, GDPR rules will apply to you. In a recent survey, 94% of large American companies say they possess EU customer data that will fall under the regulations, with only 60% of respondents that have plans in place to respond to the impact the GDPR will have on how they handle customer data. Yes, GDPR isn’t light reading, but in this podcast we’ve found a way to simplify the GDPR’s key requirements so ...
Troy Hunt and Lessons from a Billion Breached Data Records
June 22, 2017 15:00 - 27 minutes - 25.9 MBTroy Hunt is a web security guru, Microsoft Regional Director, and author whose security work has appeared in Forbes, Time Magazine and Mashable. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. In this podcast, we discuss the challenges of the industry, learn about his perspective on privacy and revisit his talk from RSA, Lessons from a Billion Breached Data Records as well as a more recent talk, The Responsibility of Disclosur...
John P. Carlin: Emerging Threats (Part 4)
June 15, 2017 09:02 - 12 minutes - 12 MBIn this concluding post of John Carlin’s Lessons from the DOJ, we cover a few emerging threats: cyber as an entry point, hacking for hire and cybersecurity in the IoT era. One of the most notable anecdotes are John’s descriptions of how easy it was to find hacking for hire shops on the dark web. Reviews of the most usable usernames and passwords and most destructive botnets are widely available to shoppers. Also, expect things to get worse before they get better. With the volume of IoT devi...
Tracking Dots, Movement and People
June 14, 2017 15:00 - 23 minutes - 21.7 MBLong before websites, apps and IoT devices, one primary way of learning and sharing information is with a printed document. They’re still not extinct yet. In fact, we’ve given them an upgrade to such that nearly all modern color printers include some form of tracking information that associates documents with the printer's serial number. This type of metadata is called tracking dots. We learned about them when prosecutors alleged 25-year-old federal contractor Reality Leah Winner printed a t...
Security Pros and Users, We’re All in This Together
June 07, 2017 15:00 - 27 minutes - 25.7 MBThe latest release of SANS’ Security Awareness Report attributed communication as one of the primary reasons why awareness programs thrive or fail. Yes, communication is significant, but what does communication mean? “The goal of communication is to facilitate understanding,” said Inside Out Security Show(IOSS) panelist, Mike Thompson. Another panelist, Forrest Temple expanded on that idea, “The skill of communication is the clarity through which that process happens. Being about to tell a...
Taking The Long View, Investing in Technology and Security
June 05, 2017 21:33 - 27 minutes - 25.2 MBWe’re living in exciting times. Today, if you have an idea as well as a small budget, you can most likely create it. This is particularly true in the technology space, which is why we’ve seen the explosion of IoT devices on the marketplace. However, what’s uncertain is the byproduct of our enthusiastic making, innovating, and disrupting. Hypothetical questions that used to be debated on the big screen are questions we’re now debating on our podcast. Will we be able to maintain an appropria...
John P. Carlin: Ransomware & Insider Threat (Part 3)
June 05, 2017 09:00 - 9 minutes - 9.38 MBWe continue with our series with John Carlin, former Assistant Attorney General for the U.S. Department of Justice’s National Security Division. This week, we tackle ransomware and insider threat. According to John, ransomware continues to grow, with no signs of slowing down. Not to mention, it is a vastly underreported problem. He also addressed the confusion on whether or not one should engage law enforcement or pay the ransom. And even though recently the focus has been on ransomware as ...
John P. Carlin: Economic Espionage & Weaponized Information (Part 2)
May 25, 2017 12:46 - 15 minutes - 14.2 MBIn part two of our series, John Carlin shared with us lessons on economic espionage and weaponized information. As former Assistant Attorney General for the U.S. Department of Justice’s National Security Division, he described how nation state actors exfiltrated data from American companies, costing them hundreds of billions of dollars in losses and more than two million jobs. He also reminded us how important it is for organizations to work with the government as he took us down memory la...
Our Post WannaCry World
May 23, 2017 15:02 - 22 minutes - 20.4 MBAfter WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security. Meanwhile Shadow Brokers, the hacking group...
Winning Security by a Landslide
May 22, 2017 15:00 - 22 minutes - 20.9 MBEven though it feels like France’s presidential election happened ages ago, it was a very public security win. The Inside Out Security show panelists – Cindy Ng, Kris Keyser, Mike Buckbee, and Kilian Englert synthesize how it all unfolded. They also weighed in on the FBI director’s release from his duties. What’s relevant in this story in the infosec space is what happens after someone leaves an organization. Other stories discussed: Ross Anderson interview A keylogger in HP’s audio drive...
Attorney and GDPR Expert Sue Foster, Part 2
May 16, 2017 16:07 - 9 minutes - 8.66 MBSue Foster is a London-based partner at Mintz Levin. In the second part of the interview, she discusses the interesting loophole for ransomware breach reporting requirements that's currently in the GDPR However, there's another EU regulation going into effect in May of 2018, the NIS Directive, which would make ransomware reportable. And Foster talks about the interesting implications of IOT devices in terms of the GDPR. Is the data collected by your internet-connected refrigerator or ...
Pick Up Music, Pick Up Technology
May 16, 2017 15:00 - 24 minutes - 22.8 MBLast week, when the world experienced the largest ransomware outbreak in history, it also reminded me of our cybersecurity workforce shortage. When events like WannaCry happen, we can never have too many security heroes! There was an idea floating around that suggested individuals with a music background might have a promising future in security. The thinking is: if you can pick up music, you can also pick up technology. The Inside Out Security panelists – Cindy Ng, Mike Thompson, Forrest ...
Attorney and GDPR Expert Sue Foster, Part 1
May 12, 2017 11:09 - 11 minutes - 10.5 MBSue Foster is a London-based partner at Mintz Levin. She has a gift for explaining the subtleties in the EU General Data Protection Regulation (GDPR). In this first part of the interview, she discusses how US companies can get caught up in either the GDPR's extraterritoriality rule or the e-Privacy Directive's new language on embedded communication. She also decodes the new breach notification rules, and when you need to report to the DPA and consumers. Privacy and IT security pros should...
John P. Carlin: Lessons Learned from the DOJ (Part 1)
May 09, 2017 20:57 - 15 minutes - 14.8 MBLast week, John P. Carlin, former Assistant Attorney General for the U.S. Department of Justice’s (DOJ) National Security Division, spent an afternoon sharing lessons learned from the DOJ. And because the lessons have been so insightful, we’ll be rebroadcast his talk as podcasts. In part one of our series, John weaves in lessons learned from Ardit Ferizi, Hacktivists/Wikileaks, Russia, and the Syrian Electronic Army. He reminds us that the current threat landscape is no doubt complicated, ...
Security Learn-It-Alls
May 08, 2017 15:00 - 31 minutes - 29.5 MBRather than referring our weekly podcast panelists as security experts, we’re now introducing them as security practitioners. Why? A popular business article on mindset brought to our attention the perils of having self-proclaimed titles, such as experts and gurus. It signals our “thirst for knowledge in a particular subject has been quenched.” That is far from reality! Security is a constantly evolving field, with new threats and vulnerabilities. To have a fighting chance, it would behoove ...
Presenting Cybersecurity Ideas to the Board
April 28, 2017 08:00 - 24 minutes - 22.5 MBThere’s been a long held stigma amongst our infosec cohort and it’s getting in the way of doing business. What’s the stigma, you ask? “Know-it-all” techies who are unable to communicate. Unfortunately, this shortcoming also puts our jobs at stake. According to a recent cybersecurity survey, the board of directors polled said that IT and security executives will lose their jobs because of their failure to provide the board with useful, actionable information. It gets worse. More than half of...
When Security is a Status Symbol
April 24, 2017 09:00 - 26 minutes - 24.3 MBAs sleep and busyness gain prominence as status symbols, I wondered when or if good security would ever achieve the same notoriety. Investing in promising security technology is a good start. We’ve also seen an upsurge in biometrics as a form of authentication. And let’s not forget our high school cybersecurity champs! However, as we celebrate new technologies, sometimes we remain at a loss for vulnerabilities in existing technologies, such as one’s ability to guess a user’s PIN with the ph...
Christina Morillo, Enterprise Information Security Expert
April 18, 2017 16:00 - 28 minutes - 26.4 MBIf you want to be an infosec guru, there are no shortcuts to the top. And enterprise information security expert, Christina Morillo knows exactly what that means. When she worked at the help desk, she explained technical jargon to non-technical users. As a system administrator, Christina organized and managed AD, met compliance regulations, and completed entitlement reviews. Also, as a security architect, she developed a comprehensive enterprise information security program. And if you need...
Evolving Bank Security Threats
April 13, 2017 14:00 - 29 minutes - 27.4 MBIt was only last week that we applauded banks for introducing cardless ATMs in an effort to curb financial fraud. But with the latest bank heists, it may help to turn up the offense and defense. Why? Hackers were able to drill a hole, connect a wire, cover it up with a sticker and the ATM will automatically and obediently dispense money. Another group of enterprising hackers changed a bank’s DNS, taking over their website and mobile sites, redirecting customers to phishing sites. But let’s ...
Americans’ Cyber Hygiene
April 06, 2017 21:00 - 28 minutes - 26.1 MBRecently, the Pew Research Center released a report highlighting what Americans know about cybersecurity. The intent of the survey and quiz was to understand how closely Americans are following best practices recommended by cybersecurity experts. One question on the quiz reminded us that we’re entitled to one free copy of our credit report every 12 months from each of the three nationwide credit reporting companies. The reason behind this offering is that there is so much financial fraud. ...
What CISOs are Making, Reading and Sharing
March 30, 2017 15:00 - 24 minutes - 22.5 MBBesides talking to my fav security experts on the podcast, I’ve also been curious with what CISOs have been up to lately. Afterall they have the difficult job of keeping an organization’s network and data safe and secure. Plus, they tend to always be a few steps ahead in their thinking and planning. After a few clicks on Twitter, I found a CISO at a predictive analytics SaaS platform who published a security manifesto. His goal was to build security awareness into every job, every role, and...
No Data Left Behind
March 24, 2017 15:00 - 27 minutes - 25.1 MBOver the past few weeks, we’ve been debating a user’s threshold for his personal data seen in the public domain. For instance, did you know that housing information has always been public information? They are gathered from county records and the internet has just made the process of gathering the information less cumbersome. However, if our personal information leaks into the public domain - due a security lapse – it’s still not as serious as, say, a breach of 2 million records. The point i...
When Our Reality Becomes What the Data Says
March 20, 2017 16:00 - 24 minutes - 22.8 MBIn our "always-on" society, it's important that our conversation on IoT security continues with the question of data ownership. It's making its way back into the limelight when Amazon, with the defendant’s permission, handed over user data in a trial. Or what about a new software that captures all the angles from your face to build your security profile? Your face is such an intimate aspect to who you are, should we reduce that intimacy down to a data point? I discussed these questions wi...
Security Courts the Internet of Things
March 09, 2017 12:00 - 26 minutes - 24.6 MBAs more physical devices connect to the internet, I wondered about the responsibility IoT manufacturers have in building strong security systems within devices they create. There’s nothing like a lapse in security that could potentially halt the growth of a business or bring more cybersecurity awareness to a board. I discussed these matters with this week’s Inside Out Security Show panel – Cindy Ng, Forrest Temple, Kilian Englert and Mike Buckbee. First in line to be discussed was the shoc...
Proper Breach Notification
March 03, 2017 10:00 - 27 minutes - 25.3 MBI recently came across an article that gave me pause, “Why Data Breaches Don’t Hurt Stock Prices.” If that’s the case and if a breach doesn’t impact the sale of a company, does security matter? So I asked the Inside Out Security Panel – Cindy Ng, Forrest Temple, Mike Buckbee and Kilian Englert. They gently reminded me that there’s more than just the stock price to look at – brand, trust, as well as pending lawsuits. In addition to these worries, proper breach notification is becoming a bi...
Gambling with User Data
February 22, 2017 14:00 - 30 minutes - 27.9 MBThe debate between users volunteering their data for better service versus being perceived as a creepy company who covertly gathers user data remains a hot topic for the Inside Out Security panel –Cindy Ng, Kris Keyser, Mike Buckbee, and Kilian Englert. There were two recent stories that triggered this debate. Recently, a smart television manufacturer agreed to pay a $2.2 million fine to the Federal Trade Commission for “collecting viewing data on 11 million consumer TVs without the consume...
Professor Angela Sasse on the Economics of Security
February 14, 2017 15:00 - 12 minutes - 5.63 MBIn part two of my interview with Angela Sasse, Professor of Human-Centred Technology, she shared an engagement she had with British Telecom(BT). The accountants at BT said that users were resetting passwords at a rate that overwhelmed the helpdesk's resources, making the cost untenable. The security team believed that the employees were the problem, meanwhile Sasse and her team thought otherwise. She likened the problem of requiring users to remember their passwords to memory exercises. And...
Security Monk vs. Emperor Palpatine
February 10, 2017 03:00 - 26 minutes - 12.2 MBThis week, we continue our ongoing ransomware discussion with the Inside Out Security Show panel - Cindy Ng, Kilian Englert, Mike Buckbee, and Mike Thompson. But before we launched into our conversation, as an icebreaker, I asked the panel what their advice would be to this tired sysadmin who deleted the wrong directory on the wrong server? Buckbee: Do exactly what they did to fix the problem. Englert: It happens, just have to recover and move on. Thompson: Always take a snapshot before ...
An Extra Factor of Authentication
February 03, 2017 15:00 - 25 minutes - 11.6 MBInspired by this tweet, I asked the Inside Out Security Show panel – Cindy Ng, Kilian Englert, Mike Buckbee, and Alan Cizenski - if they could add an extra factor of authentication, what would it be? Plus, we covered a few hot topics: The risks of replacing passports and manned desks with biometric scanning and automation What would it take to set up AD for 28 million users? Buying technology is not a strategy A password manager that doesn’t encrypt everything? Does perfect security ex...