WEBVTT

1
00:00:06.270 --> 00:00:07.580
STEPHEN ROSE: I am so excited today

2
00:00:07.580 --> 00:00:08.950
to have a very good friend of mine

3
00:00:08.950 --> 00:00:11.680
join us to talk about security

4
00:00:11.680 --> 00:00:13.290
and all that is important in security.

5
00:00:13.290 --> 00:00:15.790
Paula, calling in from Warsaw, no less.

6
00:00:15.790 --> 00:00:17.280
Thank you so much for joining us today.

7
00:00:17.280 --> 00:00:18.700
How are you?

8
00:00:18.700 --> 00:00:19.533
PAULA JANUSZKIEWICZ: Well, thank you so much

9
00:00:19.533 --> 00:00:21.923
for the invitation. Everything is good.

10
00:00:21.923 --> 00:00:22.907
And how are you doing?

11
00:00:22.907 --> 00:00:23.740
STEPHEN ROSE: I'm doing great.

12
00:00:23.740 --> 00:00:24.573
So, I've known you for about 12 years, but even then,

13
00:00:24.573 --> 00:00:25.406
you were doing security. So, tell us a little bit about

14
00:00:25.406 --> 00:00:26.239
yourself and the work that you do and how you have gotten

15
00:00:26.239 --> 00:00:27.072
to this point in being one of the top security

16
00:00:27.072 --> 00:00:27.905
experts . . . you know, speakers in the world.

17
00:00:38.070 --> 00:00:38.903
PAULA JANUSZKIEWICZ: Well, thank you for this.

18
00:00:38.903 --> 00:00:39.736
Yeah we know each other for so many years, right?

19
00:00:39.736 --> 00:00:40.569
But well, I've been in the industry for the past

20
00:00:40.569 --> 00:00:41.402
15 years actually, and the company that I have

21
00:00:41.402 --> 00:00:42.235
established called CQURE is right now 12 years old.

22
00:00:42.235 --> 00:00:43.068
And also to show how cybersecurity has grown for so many

23
00:00:43.068 --> 00:00:43.901
years, at the very beginning, I was the only one,

24
00:00:43.901 --> 00:00:44.734
and right now we've got 42 team members.

25
00:01:04.780 --> 00:01:05.613
STEPHEN ROSE: That's crazy.

26
00:01:05.613 --> 00:01:06.446
That really shows how important it has become back

27
00:01:06.446 --> 00:01:07.279
since the Windows 7 days and NT.

28
00:01:07.279 --> 00:01:08.112
Well, you were doing like Windows 2000 security,

29
00:01:08.112 --> 00:01:08.945
and then sort of moved up from that as I continued

30
00:01:08.945 --> 00:01:09.778
to know you and work with you over the years.

31
00:01:09.778 --> 00:01:10.611
So, our show today is on security,

32
00:01:10.611 --> 00:01:11.444
and I thought it would be great to ask you,

33
00:01:11.444 --> 00:01:12.277
what are the three or four questions that you consistently

34
00:01:12.277 --> 00:01:13.110
get that you say, "I wish I didn't have to answer these four

35
00:01:13.110 --> 00:01:13.943
because either so many other great things to dig into."

36
00:01:13.943 --> 00:01:14.776
So what are three or four things that every person who's

37
00:01:14.776 --> 00:01:15.609
looking at security should really think about or should

38
00:01:15.609 --> 00:01:16.442
really know?

39
00:01:40.529 --> 00:01:41.362
PAULA JANUSZKIEWICZ: Oh, well.

40
00:01:41.362 --> 00:01:42.195
Some of them are quite generic that I'm getting.

41
00:01:43.379 --> 00:01:44.728
STEPHEN ROSE: Which is fine, yeah.

42
00:01:44.728 --> 00:01:45.561
PAULA JANUSZKIEWICZ: OK. So, this is the first funny

43
00:01:45.561 --> 00:01:46.394
one I'm getting if, for example, during the pen test,

44
00:01:46.394 --> 00:01:47.227
as well, or after the speech at the conferences

45
00:01:47.227 --> 00:01:48.060
and so on, and that question is simple

46
00:01:48.060 --> 00:01:48.893
and it sounds, How to hack Windows?

47
00:01:57.129 --> 00:01:59.795
[Both laughing]

48
00:01:59.795 --> 00:02:00.628
STEPHEN ROSE: OK.

49
00:02:00.628 --> 00:02:01.461
PAULA JANUSZKIEWICZ: That really makes me laugh because

50
00:02:01.461 --> 00:02:02.294
there are so many things, right? that are dependent

51
00:02:02.294 --> 00:02:03.127
on like while you were getting into the infrastructure

52
00:02:03.127 --> 00:02:03.960
things can be misconfigured, and there's a platform

53
00:02:03.960 --> 00:02:04.793
security in Windows, which is great, so there's plenty of

54
00:02:04.793 --> 00:02:05.626
things that that the answer isn't very short, yeah?

55
00:02:05.626 --> 00:02:06.459
But on the other hand I don't want to fall into the

56
00:02:06.459 --> 00:02:07.292
typical consultant and answer it, which will be,

57
00:02:07.292 --> 00:02:08.125
"Well, it depends."

58
00:02:22.125 --> 00:02:22.970
[Paula laughing]

59
00:02:22.970 --> 00:02:23.803
STEPHEN ROSE: Yeah, but it is.

60
00:02:23.803 --> 00:02:24.636
I mean, there it's not that Windows is not a secure

61
00:02:24.636 --> 00:02:25.469
platform on its own, it's how people configure it or

62
00:02:25.469 --> 00:02:26.302
misconfigure it or don't finish things is where

63
00:02:26.302 --> 00:02:27.135
those areas lie. So absolutely, I think it depends

64
00:02:27.135 --> 00:02:27.968
on the person, how they're looking at things.

65
00:02:27.968 --> 00:02:28.801
So what advice, if somebody is saying,

66
00:02:28.801 --> 00:02:29.634
"I want to secure Windows," what are one or two

67
00:02:29.634 --> 00:02:30.467
things you say are the absolute must-dos?

68
00:02:30.467 --> 00:02:31.300
Where does somebody kind of start?

69
00:02:47.850 --> 00:02:48.683
PAULA JANUSCZKIEWICZ: So when we, for example,

70
00:02:48.683 --> 00:02:49.516
look from the enterprise perspective, one of the top things

71
00:02:49.516 --> 00:02:50.349
to consider right now would be the whole platform that is

72
00:02:50.349 --> 00:02:51.182
related with preventing running the software, in general,

73
00:02:51.182 --> 00:02:52.015
the code that we don't know.

74
00:02:52.015 --> 00:02:52.848
So simply speaking, whitelisting implemented through

75
00:02:52.848 --> 00:02:53.681
AppLocker, Device Guard, application control, and also

76
00:02:53.681 --> 00:02:54.514
the attack surface reduction rules, which are related to

77
00:02:54.514 --> 00:02:55.347
Exploit Guard that are, for example, preventing us from

78
00:02:55.347 --> 00:02:56.180
running micros from the documents while also taking into

79
00:02:56.180 --> 00:02:57.013
consideration phishing right now.

80
00:02:57.013 --> 00:02:57.846
That is a really nice thing to have because phishing

81
00:02:57.846 --> 00:02:58.679
has grown within the pandemic time in a massive way.

82
00:03:28.266 --> 00:03:29.099
STEPHEN ROSE: Yeah.

83
00:03:29.099 --> 00:03:30.930
It's crazy how much it has gone up

84
00:03:30.930 --> 00:03:33.280
and how many "your Netflix account didn't go through"

85
00:03:33.280 --> 00:03:34.850
and things like that that are hitting.

86
00:03:34.850 --> 00:03:35.750
How about MFA?

87
00:03:35.750 --> 00:03:37.744
How important is it for folks to put in MFA

88
00:03:37.744 --> 00:03:41.860
or some sort of two-factor authentication?

89
00:03:41.860 --> 00:03:42.693
PAULA JANUSCZKIEWICZ: Yeah, it's good that you

90
00:03:42.693 --> 00:03:43.526
mentioned it because not a really long time ago,

91
00:03:43.526 --> 00:03:44.359
I was actually doing a pen test for an oil

92
00:03:44.359 --> 00:03:45.192
and gas company and there were approximately

93
00:03:45.192 --> 00:03:46.025
6,000 accounts that I was supposed to test,

94
00:03:46.025 --> 00:03:46.858
and that was one of the first stages of the

95
00:03:46.858 --> 00:03:47.691
penetration test.

96
00:03:47.691 --> 00:03:48.524
And I started with the simplest possible thing

97
00:03:48.524 --> 00:03:49.357
that is out there, which is a password spraying

98
00:03:49.357 --> 00:03:50.190
[and these guys did not have MFA],

99
00:03:50.190 --> 00:03:51.023
and 29 accounts out of that 6,000, approximately,

100
00:03:51.023 --> 00:03:51.856
they actually had the user name, of course, as the

101
00:03:51.856 --> 00:03:52.689
name within the company but the password was

102
00:03:52.689 --> 00:03:53.522
"companyname2020."

103
00:03:53.522 --> 00:03:54.355
So, like it's just statistics, right?

104
00:04:19.953 --> 00:04:23.203
STEPHEN ROSE: Right. That's exactly it.

105
00:04:31.615 --> 00:04:32.448
Yeah, what is another thing that people tend to overlook?

106
00:04:32.448 --> 00:04:33.321
One of the interesting things is during the pandemic,

107
00:04:33.321 --> 00:04:36.077
so many people rush to move things

108
00:04:36.077 --> 00:04:37.680
that were on prem to the cloud

109
00:04:37.680 --> 00:04:39.325
to be able to support people externally.

110
00:04:39.325 --> 00:04:40.759
One of the things that we've continually

111
00:04:40.759 --> 00:04:41.592
said is,

112
00:04:41.592 --> 00:04:43.055
It's really important to go back now

113
00:04:43.055 --> 00:04:44.720
and take a look at your security

114
00:04:44.720 --> 00:04:47.210
because you changed a lot of things to allow people to work

115
00:04:47.210 --> 00:04:48.560
from any device anywhere

116
00:04:48.560 --> 00:04:50.660
and to be able to do it securely.

117
00:04:50.660 --> 00:04:52.437
Templates are really important to go back

118
00:04:52.437 --> 00:04:54.440
and to go take a look at and to put those in.

119
00:04:54.440 --> 00:04:57.749
To run Secure Score and things like that.

120
00:04:57.749 --> 00:05:00.060
What is one of the big things that you've seen

121
00:05:00.060 --> 00:05:01.610
as people have rushed

122
00:05:01.610 --> 00:05:04.510
to roll out things in weeks that they had planned to do

123
00:05:04.510 --> 00:05:07.080
in months that you found as a gap?

124
00:05:07.080 --> 00:05:08.010
PAULA JANUSCZKIEWICZ: Well, first of all,

125
00:05:08.010 --> 00:05:10.688
I think allowing private,

126
00:05:10.688 --> 00:05:13.672
like, personal devices to connect to the infrastructure

127
00:05:13.672 --> 00:05:18.200
without clearly defined strategy where they can connect

128
00:05:18.200 --> 00:05:21.590
is one of the biggest mistakes that they make.

129
00:05:21.590 --> 00:05:22.980
And the reason why I think so

130
00:05:22.980 --> 00:05:24.008
is because,

131
00:05:24.008 --> 00:05:25.720
well, I understand that, in a sense,

132
00:05:25.720 --> 00:05:27.810
because they have to provide the access,

133
00:05:27.810 --> 00:05:30.170
but they rushed as you mentioned for it.

134
00:05:30.170 --> 00:05:31.003
So, there was no clear action

135
00:05:32.670 --> 00:05:34.540
on the security side taken,

136
00:05:34.540 --> 00:05:36.880
for example, that is filtering

137
00:05:36.880 --> 00:05:38.582
the traffic that is

138
00:05:38.582 --> 00:05:41.600
happening from the personal device.

139
00:05:41.600 --> 00:05:43.120
And what I mean by this is that

140
00:05:43.120 --> 00:05:45.280
that device gets infected.

141
00:05:45.280 --> 00:05:46.560
You've got attacks,

142
00:05:46.560 --> 00:05:48.890
for example, like VPN pivoting that

143
00:05:48.890 --> 00:05:51.920
are allowing to use the personal workstation

144
00:05:51.920 --> 00:05:53.420
to hop through

145
00:05:53.420 --> 00:05:57.260
the infrastructure's items.

146
00:05:57.260 --> 00:05:58.970
And then you've got the concept

147
00:05:58.970 --> 00:05:59.804
of somethings that

148
00:05:59.804 --> 00:06:02.274
we call "shadow IT."

149
00:06:02.274 --> 00:06:03.290
And in general,

150
00:06:03.290 --> 00:06:06.660
these are all solutions items

151
00:06:06.660 --> 00:06:09.470
that are within the organizational infrastructure

152
00:06:09.470 --> 00:06:11.650
that are put out of the compliance.

153
00:06:11.650 --> 00:06:15.470
So that could significantly increase the risk

154
00:06:15.470 --> 00:06:17.090
of getting access somewhere

155
00:06:17.090 --> 00:06:18.560
and especially because the hacker

156
00:06:18.560 --> 00:06:21.190
is not really directly connecting to network.

157
00:06:21.190 --> 00:06:22.590
It's connecting through

158
00:06:22.590 --> 00:06:25.740
the workstation that is under attack.

159
00:06:25.740 --> 00:06:26.573
So, the hacker could be also sitting on that

160
00:06:26.573 --> 00:06:27.656
workstation, yes?

161
00:06:30.013 --> 00:06:31.679
So, there are plenty of options here.

162
00:06:31.679 --> 00:06:33.800
And I think that this is currently the biggest risk

163
00:06:33.800 --> 00:06:36.060
because we are allowing devices

164
00:06:36.060 --> 00:06:38.297
that we have no control on

165
00:06:38.297 --> 00:06:41.000
to connect to the infrastructure.

166
00:06:41.000 --> 00:06:41.833
STEPHEN ROSE: Yeah.

167
00:06:41.833 --> 00:06:43.840
So probably one of the best things that accompany can do

168
00:06:43.840 --> 00:06:46.560
is maybe bring in a security expert to go ahead

169
00:06:46.560 --> 00:06:49.050
to take a look at their networks, to see what they've done.

170
00:06:49.050 --> 00:06:51.570
It's certainly money well spent considering

171
00:06:51.570 --> 00:06:53.550
the billions and billions of dollars

172
00:06:53.550 --> 00:06:57.350
that companies have lost in data being lost,

173
00:06:57.350 --> 00:07:01.000
in names getting out as personally identifiable information.

174
00:07:01.000 --> 00:07:03.440
So, how do they get a a hold of someone like you

175
00:07:03.440 --> 00:07:06.283
and set up to get a security consultation?

176
00:07:08.740 --> 00:07:09.573
PAULA JANUSCZKIEWICZ: Someone needs to find a

177
00:07:09.573 --> 00:07:10.406
security consulting company

178
00:07:11.340 --> 00:07:13.140
and discuss the scope.

179
00:07:13.140 --> 00:07:15.200
Basically, the first question would be

180
00:07:15.200 --> 00:07:17.330
how to secure remote work.

181
00:07:17.330 --> 00:07:19.950
And one of the things would be to analyze

182
00:07:19.950 --> 00:07:22.380
our external cybersecurity posture

183
00:07:22.380 --> 00:07:25.140
to verify what kind of services are in general published.

184
00:07:25.140 --> 00:07:25.973
So, something similar

185
00:07:26.860 --> 00:07:29.320
pretty much to the external pen test

186
00:07:29.320 --> 00:07:32.600
but also defining how these devices are configured;

187
00:07:32.600 --> 00:07:34.930
what are the images, like you mentioned;

188
00:07:34.930 --> 00:07:37.280
and how people are actually connecting.

189
00:07:37.280 --> 00:07:40.050
So, is it also VPN with multifactor authentication

190
00:07:40.050 --> 00:07:43.060
because that is also a really nice concept here.

191
00:07:43.060 --> 00:07:44.230
So, that will be pretty much the first step to take.

192
00:07:46.660 --> 00:07:47.493
STEPHEN ROSE: Yeah, and we're seeing a lot

193
00:07:47.493 --> 00:07:48.501
of split tunneling

194
00:07:48.501 --> 00:07:50.270
because of Teams and things like that,

195
00:07:50.270 --> 00:07:51.430
so it's super important.

196
00:07:51.430 --> 00:07:52.263
Great. Where do people go to learn more about you

197
00:07:53.810 --> 00:07:55.280
and your company and can reach out to you

198
00:07:57.275 --> 00:07:58.230
if they have questions?

199
00:07:58.230 --> 00:07:59.063
PAULA JANUSCZKIEWICZ: Well, thank you.

200
00:07:59.063 --> 00:07:59.918
So, within in our team, we've got first thing

201
00:08:02.390 --> 00:08:05.550
simply a website, which is CQUREAcademy.com,

202
00:08:05.550 --> 00:08:08.890
which is our educational part of the team.

203
00:08:08.890 --> 00:08:11.490
We spend 70 percent of our time on the projects

204
00:08:11.490 --> 00:08:13.670
and approximately 30 percent of our time

205
00:08:13.670 --> 00:08:15.850
performing some research,

206
00:08:15.850 --> 00:08:17.780
delivering trainings, presentations.

207
00:08:17.780 --> 00:08:19.000
And in this website,

208
00:08:19.000 --> 00:08:22.510
there is a huge amount of videos that we recorded

209
00:08:22.510 --> 00:08:25.090
and articles about cybersecurity.

210
00:08:25.090 --> 00:08:28.180
And that is also a really nice step to reach us

211
00:08:28.180 --> 00:08:31.550
because that could be through getting knowledge simply.

212
00:08:31.550 --> 00:08:33.210
And we are sitting behind it, yes?

213
00:08:33.210 --> 00:08:34.043
So, there is . . . well,

214
00:08:34.043 --> 00:08:37.890
my email is very simple: It's Paula@Cqure.pl,

215
00:08:37.890 --> 00:08:41.690
and I'm also on Twitter @PaulaCqure--also very easy.

216
00:08:41.690 --> 00:08:43.822
Also easy to find me on Facebook or LinkedIn.

217
00:08:43.822 --> 00:08:44.838
So, in the current time, especially

218
00:08:46.290 --> 00:08:47.740
when we have to work remotely,

219
00:08:47.740 --> 00:08:48.770
you have to stay connected.

220
00:08:48.770 --> 00:08:49.603
So, it is actually very easy to find us.

221
00:08:51.269 --> 00:08:52.102
[Paula laughing]

222
00:08:52.102 --> 00:08:53.820
STEPHEN ROSE: Awesome. It is so great to see you.

223
00:08:53.820 --> 00:08:54.737
I'm sorry we weren't able to connect this year at ignite

224
00:08:56.760 --> 00:08:58.750
because I'm missing you and Gregors

225
00:08:58.750 --> 00:08:59.583
and everybody else,

226
00:08:59.583 --> 00:09:00.520
but it is wonderful.

227
00:09:00.520 --> 00:09:01.970
I really appreciate you joining us.

228
00:09:01.970 --> 00:09:03.020
I know how busy you are.

229
00:09:03.020 --> 00:09:05.912
I know that you, because you can be virtual, can do two

230
00:09:05.912 --> 00:09:08.717
or even three conferences at the same time, and you are.

231
00:09:08.717 --> 00:09:11.930
So, thanks again for joining us. Stay well.

232
00:09:11.930 --> 00:09:14.480
And everybody, check out Paula's information.

233
00:09:14.480 --> 00:09:15.760
It's absolutely tremendous.

234
00:09:15.760 --> 00:09:17.960
And thank you again for being on the show today.

235
00:09:17.960 --> 00:09:18.960
PAULA JANUSCZKIEWICZ: Thank you so much.