Skip to main content

Cybercrime is no chilled glass of Sauvignon blanc
on a hot summer’s day.

Wine About Cybercrime is a cybersecurity podcast where we invite cyber experts to take a break, enjoy some wine, and discuss the latest challenges and pain points in the field.

Episode #2: Between the Wines

In this episode of Wine About Cybercrime, we sit down with Joanna Dempsey, director of cyber solutions, to complain about the rapid expansion of the attack surface. The distributed workforce, internet of things (IoT) devices, and an overwhelming amount of data create a challenging threat landscape for cyber defenders to protect. We explore how regulation, cyber hygiene, and data help cyber defenders scale their defense over two bottles of Pinot Noir, Révélation and King Estate.

Watch along with a glass of Pinot!

See Full Episode Transcript

Joanna: Ooh. Ooh, oh. Startling.

[ laughing ]

[ theme music ]

Cheickna: Welcome to Wine About Cybercrime, where we pair wine with the latest cybercrime. Today, I’m here with Joanna Dempsey, Director of Cyber Solutions. Welcome Joanna, what are you here to whine about?

Joanna: I’m here to whine about how difficult our jobs have gotten over the past few years due to this rapidly growing attack surface that is our world.

Cheickna: I hear you, the Camembert will make it better.

[ glasses clink ]

Cheickna: Today, we’re going to be talking about Pinot Noir and Pinot Noir, there’s two big characteristic of Pinot Noir. We have some Pinot Noir that are from a cooler zone and some are from moderate zone. The two Pinot we have here today from the cooler zone. One is from France and one is from Oregon. This Révélation here, this is one from France. 80% of wine consumers love Pinot Noir. As a result, the Pinot Noir market has exploded in the last ten years.

Joanna: Because there’s so much demand for it.

Cheickna: Yes.

Joanna: So it’s similar to how the attack surface has exploded because there’s so much demand for things that make our lives easier and connect to the Internet. I had four smart plugs for my Christmas tree lights – this year alone, and I work in cyber, but this is the way of our life these days.

Cheickna: Wait four?

Joanna: Yes, it’s very convenient. You don’t want to have a Christmas tree light that doesn’t require password to authenticate your Wi-Fi?

Cheickna: Oomph, I really don’t want that. But, these days we got to do what you do.

[ laughing ]

[ glasses clink ]

Cheickna: What is important with Pino, all Pino it doesn’t matter where you pick them. They would all have the spice. I would like you to try and let me know what you what kind of flavor you’re getting out of.

Joanna: Definitely the berries, maybe raspberry.

Cheickna: Very close.

Joanna: Blackberry?

Cheickna: Cherry.

Joanna: Cherry? That’s not a berry.

Cheickna: That’s close enough.

Joanna: OK.

Joanna: So, we’re seeing, interestingly there is a there’s a trend and policy and regulation that is now making things that used to be considred sort of nice to haves the norm in terms of what companies have to do to protect their networks. There was an executive order last year, last May that has really changed the dynamic with the customers that we support. And then we’re also seeing a big push for the same kind of cyber hygiene things that we’ve been talking about for a while now. It’s becoming more and more important.

Cheickna: I see the similarity in the wine industry, as I mentioned earlier 80% of wine consumers love Pinot Noir. So, because of that, the Pinot Noir from a cooler region, for example, they knew they’re doing well in the market every year in the wine competition, these Pinot Noir come top 10. And then because of that, most of the Pinot Noir in those region have certain regulation that exists. And you can’t, they don’t judge the wine based on the wine makers, they concentrate based on the region where it’s from.

Joanna: So the regulation…

Cheickna: Regulations are very important because at the end of the day, who is using, who are the end users, and I, I believe in your, uh, in cybersecurity companies and people that are working for different company or government. And in a wine making is pretty much everybody – consumers.

[ glasses clink ]

Cheickna: So, here we have a nice charcuterie and then uh..

Joanna: Charcuterie.

Cheickna: You sure you don’t have a little bit of French on you?

Cheickna: Camembert. It’s from Normandy. And then you have salami, you have some grapes, some prosciutto, and some smoked salmon.

Joanna: I was going to use the cheese as the cracker and then put the salmon on the cheese and skip the cracker entirely. Is that acceptable in France?

Cheickna: As long as you have a wine added to it, it’s fine.

Cheickna: The adversary job is getting easier, and our job is getting harder. How do we scale?

Joanna: Data.

Cheickna: What kind of data?

Joanna:  So, we have a lot of data that all of these systems are generating, and we have policy that requires us to collect and aggregate this data. And there’s two, two things in particular that we’re looking for. One is called indicators of compromise or IOCs. And it’s exactly what it sounds like. It’s a piece of information that indicates your system might have been compromised, like an IP address that is on a known bad list and somebody is beaconing to that IP address from your network. And then the second one is something called Tactics, Techniques and Procedures, which is a little bit more complicated. But essentially it’s, it’s data that would indicate a behavior that is typical of a particular adversary, like lateral movement or pulling data out of your network. And ultimately, if you can use the data to identify whether or not your network’s been compromised and if somebody is attempting to access your network, then you can start to defend at scale because you can use the data to help inform your analysis as opposed to needing people like us to try to do it manually across all of the Christmas tree lights.

[ glasses clink ]

Cheickna: The second bottle that we’re going to be talking about today is the Willamette Pinot Noir, which is this one from Kings State that I just poured in my glass here. Willamette Valley, Oregon. If you look at, even if you put a map on it to Burgundy, it goes straight. They have the same climate. What I like about this, it has a little bit of blackcurrant touch, to it, it has a little bit softer finish – with mild spice.

Joanna: It tastes different though.

Cheickna: What are you tasting?

Joanna: Spice.

Cheickna: One of the main characteristic of the Pinot Noir is the spice.

Cheickna: So, we have all those data. So how do we deal with those data?

Joanna: Well, it can be, it can be difficult because a lot of times the data is not formatted in a way that allows you to make sense of it at scale.

Cheickna: Right.

Joanna: So, you could have data from different systems that really are saying similar things. But if you’re searching across it one time, it doesn’t give you a consistent result if it’s in all sorts of different formats. So, what we do, in the SOC, as you know, and then for some of our clients as well is we normalize that data to a common schema so that somebody can ask a question one time and it’s going to search across a lot of different systems and make that data really usable to inform intelligence and action to defend our networks.

[ glasses clink ]

Cheickna: How can large enterprise or federal government accomplish this with limited resources?

Joanna: It’s definitely not easy, and like a lot of things in our industry, it requires a pragmatic, layered approach. So, all of the data that we collect can be normalized to a common schema, and you can run common analytics on it that are very efficient. But, the challenge there is that you’re not going to identify things that are known, right? So, indicators that are have not yet been identified or behaviors that are not yet disclosed. And so there is still a need for manual analysis and threat hunters that are getting out there and are doing things to identify the non – the unknown threats that are within our environments. And it becomes about figuring out how to make that tradeoff between the scale and efficiency and the effectiveness of, of human analysts that are identifying threats on our networks.

Cheickna: Pinot Noir and cybercrime have a lot in common.

Joanna: That’s true. And in both cases, we’re sometimes sacrificing some quality because of the quantity and the challenges with keeping up with the quantity. So, in the case of cyber, we can use the data to help replicate what humans used to do. We can create formulas that will identify indicators of compromise and behaviors of threat actors that ultimately we can scale a lot easier than we can scale cyber analysts like yourself. So, really, it becomes all about balance.

Cheickna: Just like a balanced Pinot Noir.

Joanna: Exactly.

[ glasses clink ]

Cheickna: Thanks, Joanna Dempsey, for coming. It was really fun.

Joanna: Thank you for having me, it was fun.

Cheickna: If you like to join us, the cyber expert, please visit ECStech.com

[ theme music ]

Cheickna: We have a Camembert cheese, which is a stinking cheese. It’s 90% unpasteurized.

Joanna: Oh, that’s what that is.

[ laughter ]

Cheickna: It has a very good taste.

Cheickna: How do we scale the data?

Joanna: We have to harness the machines, become an army.

Cheickna: Gimme a second please…okay, gimme a second…how do we scale. OK.

[ theme music ]

Tasting Cards

Careers

If you want to work with ECS PROs, apply to one of our open positions today.

Recent Episodes

WE'RE HIRING