Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment | The Adversarial Podcast

The podcast explores the parallels between enterprise security measures and authoritarian regimes, using Iran's internet blackouts as a case study. The discussion pivots to the balance between restrictive security policies and organizational culture, questioning whether companies should emulate a "North Korea" or "Norway" model. The hosts debate the effectiveness of privacy controls versus practical security measures like password managers, considering the risk of data exfiltration and the importance of threat modeling. They further analyze the role of threat intelligence, advocating for a focus on actionable insights relevant to a company's specific threat profile, and discuss the potential for private sector involvement in offensive cyber operations.

Outlines

Part 1: Global Context, Control, and Privacy

Part 2: Workplace Security and Employee Autonomy

Part 3: Threat Intelligence and Modeling for Organizations

Part 4: Offensive Security and Strategic Frameworks

Sign in to continue reading, translating and more.

Continue

Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment

The Adversarial Podcast

Part 1: Global Context, Control, and Privacy

Internet Blackouts in Iran: Protests, Starlink, and Technical Workarounds

Enterprise Security vs. Authoritarian Regimes: Control, Detection, and Consequences

The Wall of Shame: Privacy, Anonymization, and Enterprise Security Culture

Part 2: Workplace Security and Employee Autonomy

Balancing Security and Employee Privacy: The Gmail Blocking Debate

Prioritizing Security Controls: Password Managers vs. Blocking Personal Email

Part 3: Threat Intelligence and Modeling for Organizations

Threat Intelligence for Mid-Sized Companies: Prioritization and Competitive Analysis

Threat Modeling and Intelligence: Learning from Victims and Using a Lingua Franca

Daily Briefings for CISOs: Actionable Intelligence and Headline Awareness

Part 4: Offensive Security and Strategic Frameworks

Offensive Security and the Private Sector: Hack Back, Blackwater, and Mutually Assured Destruction

Frameworks vs. Tactical Security: Red Teaming and Optionality

Red Team Reports and Threat Modeling: Stress Testing and Visibility

Threat Modeling, Red Teams, and Bug Bounties: A Framework for Control Assessment

Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment

The Adversarial Podcast

Part 1: Global Context, Control, and Privacy

00:00Internet Blackouts in Iran: Protests, Starlink, and Technical Workarounds

Internet Blackouts in Iran: Protests, Starlink, and Technical Workarounds

02:31Enterprise Security vs. Authoritarian Regimes: Control, Detection, and Consequences

Enterprise Security vs. Authoritarian Regimes: Control, Detection, and Consequences

07:52The Wall of Shame: Privacy, Anonymization, and Enterprise Security Culture

The Wall of Shame: Privacy, Anonymization, and Enterprise Security Culture

Part 2: Workplace Security and Employee Autonomy

12:22Balancing Security and Employee Privacy: The Gmail Blocking Debate

Balancing Security and Employee Privacy: The Gmail Blocking Debate

24:44Prioritizing Security Controls: Password Managers vs. Blocking Personal Email

Prioritizing Security Controls: Password Managers vs. Blocking Personal Email

Part 3: Threat Intelligence and Modeling for Organizations

31:12Threat Intelligence for Mid-Sized Companies: Prioritization and Competitive Analysis

Threat Intelligence for Mid-Sized Companies: Prioritization and Competitive Analysis

35:52Threat Modeling and Intelligence: Learning from Victims and Using a Lingua Franca

Threat Modeling and Intelligence: Learning from Victims and Using a Lingua Franca

40:29Daily Briefings for CISOs: Actionable Intelligence and Headline Awareness

Daily Briefings for CISOs: Actionable Intelligence and Headline Awareness

Part 4: Offensive Security and Strategic Frameworks

47:59Offensive Security and the Private Sector: Hack Back, Blackwater, and Mutually Assured Destruction

Offensive Security and the Private Sector: Hack Back, Blackwater, and Mutually Assured Destruction

57:27Frameworks vs. Tactical Security: Red Teaming and Optionality

Frameworks vs. Tactical Security: Red Teaming and Optionality

1:01:16Red Team Reports and Threat Modeling: Stress Testing and Visibility

Red Team Reports and Threat Modeling: Stress Testing and Visibility

1:07:20Threat Modeling, Red Teams, and Bug Bounties: A Framework for Control Assessment

Threat Modeling, Red Teams, and Bug Bounties: A Framework for Control Assessment