In this edition of the Halcyon video/podcast series Last Month in Security, host Anthony M.
Freed and panelists Ben Carr and Stacey Cameron sit down with Richard Stiennon, Founder
and Chief Research Analyst at IT-Harvest:
We jump right with a discussion around President Biden's Executive Order to Strengthen U.S.
Cybersecurity, which – among other things – follows on to previous Secure-by-Design initiatives
from CISA. These efforts are ostensibly good, but the panel considers whether the US
government is offering enough “carrots” in thew form of incentives for free market solution
acceleration, or whether these provisions include too many “sticks” in the form of punitive
regulatory actions.
The EO also included specific measures to combat ransomware attacks, including Enhanced
Sanctioning Authority that allows the Department of Justice to go after the assets of known
offenders. It also includes language around the Promotion of Advanced Technologies to
encourage adoption of AI-based defenses and accelerates the transition to post-quantum
cryptographic algorithms.
While the EO seems to address a lot of things that were issues more than a decade ago (save
for mentions of AI and quantum capabilities), the panel debates whether the order goes far
enough and discusses whether the government can do more for organizations being
overwhelmed by ransomware attacks than offer guidelines and frameworks.
The conversation then moves to the ongoing attacks by China's Salt Typhoon Hackers.
Between December and January, the Chinese operation infiltrated five major telecoms and
internet service providers worldwide including entities in the US. The operation compromised
the communications of U.S. political figures – notably of President Trump and Vice President
Vance.
Other “Typhoon” operations being tracked include Volt Typhoon and Flax Typhoon, both
targeting organizations within U.S. critical infrastructure sectors. The panel discusses where we
should draw the line on cyberwarfare; at infiltration, or after they execute disruptive or
destructive payloads.
We close out the discussion with Stiennon with a look at his amazing work putting together the
Security Yearbook 2024, an annual publication that documents the history and current state of
the IT security industry, which serves as a valuable resource for understanding industry
developments and trends.
Stiennon tells us more about the genesis of the project, explains the process to put all this info
together and keep it updated, and what he learned along the way when putting the book series
together.
About Our Guest:
Richard Stiennon is a prominent cybersecurity expert and industry analyst with a career
spanning several decades. He is the founder and Chief Research Analyst at IT-Harvest, an
industry analyst firm he established in 2005 to cover the extensive landscape of IT security
vendors. Throughout his career, Stiennon has held significant positions, including Vice
President of Research at Gartner, Chief Marketing Officer at Fortinet, Vice President of Threat
Research at Webroot Software, Chief Strategy Officer at Blancco Technology Group, and more.
Stiennon’s educational background includes a Bachelor of Science in Aerospace Engineering
and a Master of Arts in War in the Modern World from King’s College, London. In addition to his
writing and research, Stiennon advises a range of security companies, from startups to large
enterprises, and contributes articles to publications such as Forbes, CSO Magazine, and The
Analyst Syndicate.
Your Hosts:
Your Hosts:
Anthony M. Freed, Halcyon Director of Research and Communications: An award-winning writer, publisher, and podcast producer with a history of investigative security journalism.
Ben Carr, Halcyon Chief Security and Trust Officer: A cybersecurity leader with 25+ years of experience, serving in executive roles at Visa, Nokia, and Tenable.
Stacey Cameron, Halcyon Chief Information Security Officer: A cybersecurity veteran with expertise in compliance, risk management, and securing federal and private sector environments.
Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon
to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal
data, and extort companies – talk to a Halcyon expert today to find out more,.
