Kitecast

Jason Rebholz: Evolution of Ransomware and Other Cyber Topics

Tim Freestone and Patrick Spencer

This Kitecast episode features Jason Rebholz who has an extensive background in cybersecurity. He is currently the CISO at Corvus Insurance, which he joined in 2021. He also serves as an advisor for NetDiligence and MOXFIVE. Previously, Jason served as the VP of Strategic Partnerships for ICEBRG, which was acquired by Gigamon, VP of Professional Services for The Crypsis Group, and Manager at Mandiant.

Jason founded the educational initiative, “Teach Me Cyber,” that is available on YouTube and LinkedIn with the objective of making cybersecurity topics more accessible to general audiences. This was motivated by often seeing technical news coverage using jargon and screenshots that average readers would struggle to comprehend. Through short daily lessons on platforms LinkedIn and YouTube, Jason breaks down cybersecurity topics in simple terms anyone can understand. His goal is to help even one more person gain practical knowledge to improve their organization’s security.

In the podcast interview, Jason discussed a recent high-profile ransomware attack and provided insight into the challenges of containing and remediating active attacks, noting that it is very difficult to fully kick attackers out of an environment within a short time frame. Jason emphasized the importance of having strong monitoring and rapid response capabilities in place.

Multi-factor authentication (MFA) was another topic Jason covered. He highlighted that while MFA is crucial, organizations must be thoughtful about which types they enable, as weaker forms can still be bypassed. He advocated for the adoption of the most secure MFA options available to get the full risk reduction benefit using zero-trust principles.

Managing third-party cyber risk was also discussed. Jason argued that current third-party assessments often provide a false sense of security. He recommended assuming vendors have poor security and mitigating the impact via actions like limiting data sharing, controlling where sensitive data goes, and ensuring you can revoke access.

LinkedIn: www.linkedin.com/in/jrebholz

YouTube: www.youtube.com/@teachmecyber 

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

People on this episode