Introducing Arlie Hartman, the esteemed Principal Security Technical Specialist at Microsoft, a global leader in technology and software solutions. With a wealth of experience and expertise in the realm of cybersecurity and technical solutions, Arlie has played a pivotal role in enhancing the security landscape for organizations worldwide.
As Principal Security Technical Specialist, Arlie is at the forefront of Microsoft’s efforts to develop and deploy cutting-edge security technologies that safeguard businesses against ever-evolving threats. His in-depth knowledge of cybersecurity trends and best practices allows him to provide invaluable guidance and support to Microsoft’s customers, ensuring they stay ahead of potential risks and vulnerabilities.
Throughout his career, Arlie has earned a reputation for his exceptional problem-solving skills and innovative approach to security challenges. His ability to dissect complex security issues and develop robust solutions has earned him the respect and admiration of colleagues and clients alike.
Beyond his professional achievements, Arlie is known for his personable nature and genuine passion for helping others succeed in the world of cybersecurity. He is actively involved in knowledge-sharing initiatives, contributing to industry forums, and participating in cybersecurity events to foster a culture of continuous learning and collaboration.
Arlie can be contacted via LinkedIn.
Recent Shows with Arlie Hartman
EP 322: Securing Your Customers, and Yourself – Interview with Arlie HartmanpodcastIf all the craziness you hear about malware, cybersecurity, data breaches, info security, and ransomware attacks have you feeling nervous, then you’ll want to learn how to fight back. Our special guest this week on the EDGE of the Web podcast is Arlie Hartman, Chief Information Security Officer at BraunAbility. He’ll be talking about cybersecurity with us, but will also provide opinion and analysis on some of the latest #DigitalMarketing headlines during the news roundup segment of episode 322.
Sponsor
EDGE of the Web is brought to you by Site Strategics and they are offering to help you find out your digital marketing ROI. The Digital Marketing ROI Report will examine your existing SEO, content, social media, and PPC to help you discover your TRUE ROI.
Visit https://edgeofthewebradio.com/roi/ to get 30% off your comprehensive review of your digital assets!
—
Download our show today or subscribe to our show on iTunes, Google Play, SoundCloud, TuneIn, iHeartRadio, or Stitcher! And now we’re on Spotify! [...]
August 13, 2019- Security in the Digital Age with Arlie Hartman of BraunAbilityInterviewWhen Site Strategics CEO Erin Sparks spoke with special guest Arlie Hartman, Chief Information Security Officer at BraunAbility for episode 322 of the EDGE of the Web podcast, they talked about how to achieve security in the digital age. Here’s what we learned:
00:19:46
Big Tech and Data Privacy
Here’s an old statement but it’s still true today: If you don’t know what the product is, then you’re the product. If you’re using a service and you’re not paying for it, just understand that the service provider has to monetize it in some way. If you want to communicate with friends and family and share pictures and do all those sorts of things, then you need to have a social media platform like Facebook. But you also have to understand that the data that you put in there or the activities you do while having the Facebook app installed on your phone or computer is going to feed back into the company running the platform.
But the flip-side is that greater regulation is in order, whether it’s something like the GDPR in Europe or the version California is working with, the CCPA. But there still isn’t a universal cyber regulation, nor a universal breach notification. All 50 states have different types of breach notification rules on how long it can be before you’re told that your data’s been compromised. And it varies by industry as well – different standards for healthcare, different standards for credit card data, New York has its own standards for financial institutions. Arlie does think that poorly-written regulations are worse than no regulations at all.
Consumers have a responsibility to know what they’re getting themselves into, but there’s also the corporate responsibility side of the equation. Companies should tell their customers and users in plain English what data they’re collecting and how they’re using it, and if they’re sharing it with anyone, letting users know how they can guarantee those other companies will treat the data in the same way. And users should always have an ability to opt-out. And opting out should mean that the company literally turns over all the data it has on you so you can take it with you and do with it as you please. But if they gave you all your data, would it be in any kind of format a regular person could even understand? Probably not. Most people don’t even bother to read “terms and condition” before hitting the accept button.
For a long time, oil was the most valuable commodity on the planet, but now the most valuable commodity has become data. Now, being targeted for specific types of marketing ads is one thing, but what’s much scarier are how the platforms are being manipulated into propaganda machines that actually threaten the integrity of elections and democracy itself. The fakery that’s happening out there for these purposes needs to be thoroughly outed so people know what’s going on. We’re already further down that rabbit hole than anyone cares to admit. And the results are profoundly unsettling. When you have a razor-thin election, it’s not like the manipulators have to swing 51% of voters in a mass influence campaign – they only need to nudge it a very small percentage one way or the other by 2% or even less.
00:29:28
The Digital Security Threats of Today
Packet Sniffing: Think of “packets” as the way data gets moved around physically on the internet or any digital network. Packet Capture or PCAP is when you interrupt the flow of data traffic on a digital network to eavesdrop or even modify the data. And the tool you use to do this is called a “packet sniffer.” When bad hackers do this, it’s called a man-in-the-middle attack. Going back to the previous discussion of VPNs, a VPN is a man-in-the-middle company you’re opting into for greater privacy in your web browsing. You better hope your VPN is trustworthy because they can see everything you do.
Phishing is when you send people emails that seem to be legitimately asking you for personal data or getting you to click through to a website (with malware) or open an attachment (with malware). Phishing is called “Whaling” when you’re targeting executives at companies. And it’s called “spear phishing” when you target specific individuals, such as the system engineers of a particular company you find on LinkedIn and you go after them at home in order to work your way back to their company.
Ransomware like CryptoLocker and others are various forms of digital extortion. The bad hackers are holding your systems and/or information hostage by locking you out of your systems or encrypting all your data until you pay a ransom.
Arlie once got a call from an executive who said he’d received an email that talked about compromising photos taken from his laptop, and they had a password as well. Aside from wondering why this executive seemed so nervous about the incident, Arlie pressed him about the password, which turned out was not for the website in question but for another website. This means the scammers got lucky with “credential spraying” or “credential packing.” The hackers take a bunch of those most commonly-used passwords and plug them in to see if they get lucky.
For all these different scams, an ounce of prevention is worth a pound of cure. What this means is have an incident response plan and exercise it, knowing what you’re going to do when the crisis hits. Making sure you have good quality backups and you’ve put thought into your business continuity and disaster planning so you don’t have to fall victim to extortion. Create a plan by starting with the kinds of attacks described above. If a scammer were to send an email to someone in our organization, what would be the worst thing that could happen? For anyone who has the ability to send cash outside the organization, then you need to make sure they understand what they should be doing. You have an emergency plan at home for fires and storms, active shooter plans in schools and companies, so have a cybersecurity breach plan as well.
Connect with Arlie Harman and BraunAbility
LinkedIn: https://www.linkedin.com/in/arliehartman/
Twitter: @BraunAbility (https://twitter.com/BraunAbility)
Facebook: @braunability (https://www.facebook.com/braunability)
Website: https://www.braunability.com
Site Strategics and Your Digital Marketing ROI
Is your investment in digital marketing paying off? We can help you find out how you’re really doing with a Digital Marketing ROI Report from EDGE sponsor Site Strategics that examines your existing SEO, content, social media, and PPC. Visit https://edgeofthewebradio.com/roi/ to get 30% off a comprehensive review of your digital assets!
[...]
August 13, 2019
