Living together in a group is a strategy many animals use to survive and thrive. And a big part of what makes that living situation successful is listening. In this episode, we explore the collaborative world of the naked mole-rat. Threshold is nonprofit, listener-supported, and independently produced. You can support Threshold by donating today . To stay connected, sign up for our newsletter . Operation frog sound! Send us your frog sounds for an upcoming episode. We want you to go out, listen for frogs and toads, and record them. Just find someone croaking, and hit record on your phone. It doesn’t matter if there’s background noise. It doesn’t even matter if you’re not sure whether or not you’re hearing an amphibian—if you think you are, we would love to get a recording from you. Please also say your name and where you are in the world, and then email the recording to us at outreach@thresholdpodcast.org…
Player FM - Internet Radio Done Right
Checked 3d ago
เพิ่มแล้วเมื่อ thirty-one สัปดาห์ที่ผ่านมา
Inhoud geleverd door Secure Talk and Justin Beals. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Secure Talk and Justin Beals of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
Player FM - Podcast-app
Ga offline met de app Player FM !
Ga offline met de app Player FM !
))
Daily Deals
Podcasts die het beluisteren waard zijn
GESPONSORDE
Secure Talk has a new host! Measuring Security and the impact of AI on Security certification.
Manage episode 436546786 series 3595674
Inhoud geleverd door Secure Talk and Justin Beals. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Secure Talk and Justin Beals of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
In this episode, Mark hands over the leadership of the SecureTalk podcast to Justin Beals, the CEO of StrikeGraph. They discuss security's complexity and measurement's role in ensuring effective security practices. Justin shares his perspective on security and how StrikeGraph helps organizations identify and operationalize the right security practices. They also discuss the impact of AI on security and the growing demand for security standards and certifications. Justin outlines his plans for SecureTalk, which include continuing to make security an approachable conversation and bringing in experts to discuss the future of security. The Secure Talk Cybersecurity Podcast https://securetalkpodcast.com/
…
continue reading
216 afleveringen
DelenManage episode 436546786 series 3595674
Inhoud geleverd door Secure Talk and Justin Beals. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Secure Talk and Justin Beals of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
In this episode, Mark hands over the leadership of the SecureTalk podcast to Justin Beals, the CEO of StrikeGraph. They discuss security's complexity and measurement's role in ensuring effective security practices. Justin shares his perspective on security and how StrikeGraph helps organizations identify and operationalize the right security practices. They also discuss the impact of AI on security and the growing demand for security standards and certifications. Justin outlines his plans for SecureTalk, which include continuing to make security an approachable conversation and bringing in experts to discuss the future of security. The Secure Talk Cybersecurity Podcast https://securetalkpodcast.com/
…
continue reading
216 afleveringen
ทุกตอน
×
In this eye-opening episode of SecureTalk, host Justin Beals interviews Johann Rehberger, a seasoned cybersecurity expert and Red Team Director at Electronic Arts, about his groundbreaking discovery of a critical vulnerability in ChatGPT's memory system. Johann shares how his security background and curiosity about AI led him to uncover the "SPAIWARE" attack - a persistent malicious instruction that can be injected into ChatGPT's long-term memory, potentially leading to data exfiltration and other security risks. Key Topics Covered Johann's journey from Microsoft development consultant to becoming a leading red team expert specializing in AI security The discovery of ChatGPT's memory system vulnerability and how it could be exploited How traditional security concepts like the CIA security triad (Confidentiality, Integrity, Availability) apply to AI systems The development of "SPAIWARE" - a persistent prompt injection attack that can leak user data Command and control infrastructure using prompt injection techniques The challenges of securing agentic AI systems that can control web browsers and execute tasks The evolving relationship between security researchers and AI companies like OpenAI Notable Quotes "I think using this system is just so important because it can help you. They are so powerful. I started using it daily. But the security mindset of course too, because I use it for my productivity, but I always use it for trying to find the flaws and trying to understand how it works." - Johann Rehberger "What I did basically was use that technique and then insert that instruction in memory. So that whenever there's a conversation turn, the user has a question, ChatGPT responds. Every single conversation turn will be sent to the third-party server. So this is where the word spyware basically kind of came from." - Johann Rehberger "The better the models become, the better they follow instructions, including attacker instructions." - Johann Rehberger About Johann Rehberger Johann Rehberger is the Red Team Director at Electronic Arts with extensive experience in cybersecurity. His career includes roles at Microsoft, where he led the Red Team for Azure Data, and Uber, where he served as Red Team Lead. Johann is known for his pioneering work in AI security, specifically identifying and responsibly disclosing vulnerabilities in large language models like ChatGPT. Resources Mentioned Johann's blog on machine learning security (https://embracethered.com/blog/index.html) Black Hat Europe presentation on ChatGPT security vulnerabilities LLM Owasp Top 10 vulnerability classifications Connect With Us Follow SecureTalk for more insights on cybersecurity trends and emerging threats. Visit our website at www.securetalkpodcast.com for more episodes and resources. #AISecurityRisks #PromptInjection #ChatGPT #Cybersecurity #AIVulnerabilities #RedTeaming #SecureTalk…
1 Predicting Data Breach Risk: How Mathematical Privacy Is Revolutionizing Data Sharing with Simson Garfinkel 48:39
What if there was a way to precisely predict the risk of a major data breach when sharing information? In this illuminating episode of Secure Talk, Justin Beals sits down with Simson Garfinkel, renowned computer scientist, journalist, and author who helped implement differential privacy for the U.S. Census Bureau's 2020 census. As a fellow of the American Association for the Advancement of Science, the Association for Computing Machinery, and the IEEE, and with leadership positions at both the Department of Homeland Security and U.S. Census Bureau, Garfinkel offers unparalleled insights into how mathematics is creating an entirely new frontier in privacy protection in his new book “Differential Privacy”. Differential privacy is a reliable mathematical framework that quantifies privacy risk or the potential for a major breach. It can transform how organizations understand, measure, and control data exposure. Yet most security, compliance, and legal professionals haven't grasped its revolutionary implications for measuring and predicting a major privacy breach. Join Justin and Simson as they reveal: - How differential privacy allows organizations to calculate privacy risk with mathematical precision - Why this new field of privacy research eliminates guesswork when combining and distributing sensitive data - The revolutionary balance between data utility and privacy protection that was previously impossible - How forward-thinking organizations are using these mathematical formula to unlock data value safely This isn't abstract theory – it's a practical revolution in how we approach data sharing. Garfinkel, who literally wrote the book on "Differential Privacy," shares real-world examples from his work with the U.S. Census Bureau, where differential privacy enabled the release of valuable population data while mathematically predicting individual privacy. In his book, Simson breaks down complex mathematical concepts into clear, actionable insights for security leaders, compliance officers, and legal counsel. Listen now to discover how differential privacy is creating a future where data-sharing decisions are based on mathematical certainty rather than best guesses and crossed fingers. Link to Simson's book: https://mitpress.mit.edu/9780262551656/differential-privacy/…
1 The Future of CMMC: Surviving the new Federal Security Landscape with Former NRMC Director Bob Kolasky 46:04
How do you secure a nation? Hint: look for the risks to the most critical infrastructure. In this critical episode of SecureTalk, host Justin Beals sits down with Robert Kolasky, former founding director of the National Risk Management Center at DHS and current Senior VP for Critical Infrastructure at Exiger. As the new administration implements sweeping changes to federal security requirements, Kolasky provides an insider's perspective on what these shifts mean for contractors, the Defense Industrial Base, and organizations managing critical infrastructure. Drawing from his experience protecting everything from elections to the electrical grid, Kolasky offers rare insights into: The future of the Cybersecurity Maturity Model Certification (CMMC) program How companies can prepare for evolving compliance standards The relationship between FedRAMP and other security frameworks Emerging hybrid threats to national security Supply chain vulnerabilities and third-party risk management Whether you're a federal contractor navigating new requirements or a security professional concerned about critical infrastructure protection, this conversation provides essential guidance during a time of unprecedented change in the national security landscape.…
1 Redefining Personhood: The Legal and Ethical Challenges of an Advanced General Intelligence with James Boyle 48:55
In a groundbreaking conversation on SecureTalk, legal scholar James Boyle explores the complex landscape of artificial intelligence and biological innovation, challenging our understanding of personhood and consciousness. Drawing from his recent book “The Line: Artificial Intelligence and the Future of Personhood”, Boyle dissects the potential future of artificial general intelligence and biological engineering through the lens of legal and ethical frameworks. We shine a light on how our current technological advancements are forcing us to reexamine fundamental questions about what constitutes a "person" – a journey that parallels historical shifts like human rights and the evolution of corporate personhood. Boyle also delves into the equally provocative realm of biological engineering, where technologies like CRISPR are blurring the lines between species and challenging our ethical boundaries. He warns that we're entering an era where genetic modifications could fundamentally alter human capabilities, raising critical questions about ownership, consent, and the rights of an invention. For cybersecurity professionals, AI researchers and corporate leaders, Boyle's legal insights offer a crucial roadmap for navigating the complex ethical terrain of emerging technologies, emphasizing the importance of proactive, critical thinking in shaping our technological future. You can find the book here: https://scholarship.law.duke.edu/faculty_books/9/…
If you've ever found yourself frustrated watching deadlines slip by as your development team waits on yet another security review, you're not alone. In today's competitive landscape, companies are caught in a difficult balancing act: move quickly to deliver the features customers want or slow down to ensure those features don't introduce vulnerabilities that could lead to the next headline-making breach. Security reviews have become the speed bump on the road to innovation that everyone acknowledges is necessary, but few have figured out how to navigate efficiently. Development teams push for velocity while security teams pull the emergency brake, creating tension that reverberates throughout organizations. Today, we're joined by Dimitri Shvartsman, co-founder of Prime Security and prior Head of Cybersecurity at PayPal, to discuss how enterprise organizations are innovating security solutions to reduce the time to feature delivery. We'll explore how AI tools can actually enable rather than impede innovation and examine practical approaches to integrating AI security tools earlier in the development lifecycle. Whether you're a CISO trying to balance security with business needs, a developer tired of security roadblocks, or a product leader navigating these competing priorities, this conversation will give you actionable insights to transform security from a bottleneck into a business enabler.…
1 AI Therapy: Should we believe Silicon Valley's Bold Claim at Solving Mental Health? With Daniel Oberhaus 51:15
In this episode of SecureTalk, Justin Beals welcomes Daniel Oberhaus, the author of Silicon Shrink, to discuss the revolutionary and controversial integration of artificial intelligence (AI) in mental health care. Daniel demystifies the central theme of his book, explaining the concept of Silicon Shrink and exploring how AI tools are increasingly being used to diagnose and treat mental health conditions. He highlights the alarming implications of leveraging AI in psychiatry, the historical intersection of these two fields, and the potential pitfalls and ethical challenges this marriage presents. He also delves into the technical, policy, and philosophical dimensions of using AI in psychiatry, bringing attention to various case studies and real-world applications such as emotion-recognition technology and AI-driven triage systems like those used by the Crisis Text Line. Daniel's insights present a compelling narrative, urging a cautious yet hopeful approach to adopting AI technologies in areas as sensitive as mental health, underscoring the need for transparency, privacy, and ethical considerations. Book: Oberhaus, Daniel. The Silicon Shrink: How Artificial Intelligence Made the World an Asylum. MIT Press, 2025. (Link)…
1 From Arab Spring Frontlines to Cybersecurity Frontiers: A Naval Officer's Journey with Terence Bennett 45:08
Terence Bennet watched from the deck of the USS Paul Hamilton as the Arab Spring unfolded. As a naval officer, he realized that his battlefield awareness was limited by good intelligence. Intelligence drove good decision-making. And in an area of conflict, good decision-making is the difference between mission success and failure. In this episode of Secure Talk, host Justin Beals talks with Terence Bennett, a former Naval Intelligence Officer and now the CEO of DreamFactory. They discuss Terence's intriguing path from an early interest in the military to a successful career in cybersecurity. He recounts his origin story, which is grounded in a lifelong dedication to service, racing sailboats at the naval academy, his experiences aboard the USS Paul Hamilton, and pivotal roles in intelligence during major geopolitical events such as the Arab Spring and the Bin Laden raid. The conversation covers topics including red teaming, the impact of digital transformation on intelligence, and the necessity of security by design in today’s fast-changing digital environment. Especially of interest is Terence’s new work on cybersecurity by marrying AI developed API’s with effective network segmentation. This episode serves as a valuable resource for cybersecurity professionals, providing a distinct viewpoint on the blend of military experience and cyber defense strategies.…
In our latest SecureTalk episode, Justin Beals gathers Micah Spieler, Chief Product Officer, and Josh Bullers, Head of AI, to explore the multifaceted world of AI and cybersecurity. With the recent release of DeepSeek-r1, the AI marketplace has been thrown into turmoil. It has rocked the hubris of Silicon Valley and questioned the validity and valuations of organizations like OpenAI. What does DeepSeek mean to the AI landscape, and how does it fit into the fundamentals of machine learning and the future of information systems? Our discussion delves deeply into the synergy of AI advancements and the pressing need for robust security measures. Micah and Josh share their journey in striking the delicate balance between innovation and safety, offering invaluable insights for anyone in the tech and cybersecurity field. As AI continues to revolutionise industries, cybersecurity experts must adapt and evolve. Tune in as we examine the potential and challenges presented by cutting-edge AI models. This episode is essential listening for those striving to stay ahead in the ever-evolving landscape of AI-driven cybersecurity. Join us and be part of the conversation shaping the future of technology!…
In this episode of Secure Talk, host Justin Beals welcomes Kate O'Neill, a passionate tech humanist dedicated to crafting technology solutions that genuinely prioritize people. Together, they explore the key themes of Kate's books, “Tech Humanist” and 'What Matters Next: A Leader's Guide to Making Human-Friendly Tech Decisions in a World That's Moving Too Fast.' Their engaging discussion shines a light on the power of systems thinking, the significance of thoughtful decision-making in the tech industry, and the vital balance between achieving business objectives and enhancing the human experience. This episode is a delightful must-listen for cybersecurity professionals who are excited to navigate the important intersection of technology, ethics, and human dignity in our ever-evolving digital world. Books: O'Neill, Kate. What Matters Next: A Leader's Guide to Making Human-Friendly Decisions In a World That's Moving Too Fast (2025) Tech Humanist: How You Can Make Technology Better for Business and Better for Humans (2018)…
1 Unveiling the Secrets of Cryptography with Panos Louridas: Early Computing, Encryption, and Modern Challenges 43:32
In this episode of SecureTalk, host Justin Beals warmly welcomes Panos Louridas for an insightful discussion on the history, evolution, and future of cryptography. Panos has deep expertise and authored a book called " Cryptography" that helps explain the history of keeping secrets, important innovations in the field and the mathematical functions of effective encryption. They delve into Panos's early interest in computing, starting with a ZX Spectrum and his recent book on cryptography, which aims to make complex algorithms accessible to those with a high school level of mathematics. The conversation traverses the critical role of cryptography in our digital lives, the potential impacts of quantum computing, and the practical aspects of key management in modern web applications. Panos also shares captivating stories from the history of the Enigma machine and discusses the ongoing arms race in cryptography. Perfect for cybersecurity experts, this episode offers a rich blend of historical anecdotes, technical insights, and future-looking perspectives. Book: Louridas, Panos. (2024) Cryptography. MIT Press. 00:00 Welcome to SecureTalk 00:28 The Importance of Cryptography 02:21 Introducing Panos Louridas 03:41 Panos Louridas' Journey into Computing 06:11 The Evolution of Cryptography 12:13 The Enigma Machine and Its Legacy 19:03 Security by Obscurity: A Fallacy 22:32 Speculations on NSA Backdoors 23:21 Government Contributions to Cryptography 24:51 Evolution and Security of AES 27:10 Challenges in Generating Randomness 28:15 Quantum Computing and Cryptography 33:45 Key Management in Modern Web Applications 36:53 TLS and AES: Understanding Their Relationship 39:01 The Human Factor in Cryptography 40:38 Making Cryptography Accessible 42:58 Conclusion and Final Thoughts…
In 2000 the internet was expanding at an astronomical rate. Consumers were logging in via dial-up modems by the hundreds of millions and businesses were racing to maximize their footprint in the digital world. A hacker named Onel de Guzman living in the Philippines had been playing with a script called “I Love You”. Distributed via email, it could assume secret control of an individual's computer from a centralized control. The “I Love You” virus spread to over 50 million computers, creating the world's largest botnet. Michael Tiffany and his co-founders were aware of these types of cyber attacks and wanted to ensure the Internet worked for businesses wanting to connect with consumers. They founded Human Security, one of the first companies to combat botnet activity for major brands and today a very powerful cybersecurity company for major corporations. In this episode of Secure Talk, host Justin Beals interviews Michael Tiffany, co-founder of Human Security and the current leader of Fulcra Dynamics. Michael shares his early experiences with computers and his journey into cybersecurity, discussing topics the founding of Human Security as a solution for botnets, ad fraud, and early “Know Your Customer” challenges. He explains his current company, Fulcra's mission to empower individuals by unifying their personal data and promoting privacy and control in the age of AI. Listen as Michael reflects on the ethical responsibilities in technology and shares his vision for a future where individuals have sovereignty over their data. 00:00 Introduction to SecureTalk 00:32 Host's Journey into Computer Science 01:39 Introducing Michael Tiffany 03:12 Michael Tiffany's Early Experiences 15:26 The Birth of Human Security 20:56 Challenges and Innovations in Cybersecurity 27:11 Fulcra Dynamics: Empowering Personal Data 37:22 Vision for the Future of AI and Data Sovereignty 43:59 Conclusion and Final Thoughts…
Without the ability to keep secrets, our internet would fail. Without effective cryptography the internet would never have graduated from the hobbyist interest. And we have great examples of networks without effective encryption like the worldwide HAM radio operators. I’ve been utilizing cryptography in the development of web applications since my first professional web application development work. Although I’ve rarely understood the underlying technology and mathematics of cryptography. In this episode of SecureTalk, our guest is Dr. Bill Anderson, an expert in cryptography. Bill shares his journey into the field, starting as a student in electrical and computer engineering. He inadvertently ventured into cryptography during his postgraduate studies. He discusses the evolution of cryptography, its historical context, and the impact of quantum computing on current cryptographic methods. We explore various topics, including public key cryptography, digital signatures, and the ongoing need for crypto agility. Bill also provides insights into his current role as Principal Product Lead at Mattermost, a secure collaboration platform focused on data sovereignty and security. This episode offers a comprehensive look at modern cryptographic techniques and the challenges posed by future advancements in computing, making it a must-listen for anyone interested in cybersecurity and cryptography. 00:00 Welcome to SecureTalk: Introduction and Host Introduction 00:33 The Role of Security in Business Growth 01:55 Introducing Dr. Bill Anderson: A Security Expert 03:57 Dr. Anderson's Journey into Cryptography 05:35 The Evolution of Security and Cryptography 08:11 Understanding Business and Technology Landscapes 13:56 Mattermost: A Secure Collaboration Platform 22:01 The History and Methods of Cryptography 25:01 Understanding Public and Private Keys 25:58 Digital Signatures and Authentication 27:12 The Open Research Model in Cryptography 28:31 Challenges in Cryptographic Security 31:02 Quantum Computing and Cryptography 35:38 The Future of Cryptographic Systems 42:04 NIST's Role in Quantum-Safe Cryptography 49:41 Conclusion and Final Thoughts…
Eldon Spickerhoff founded eSentire in 2001. He had been a Senior Information Security Engineer for ING Prime after completing his academic work at Waterloo University. At the time the cybersecurity solutions marketplace was primarily a services offering, focusing on vulnerability scanning. The team at eSentire realized that the tools deployed in vulnerability scanning to internal systems could be left running post a services engagement. And in the process they invented an ‘always on’ threat intelligence solution. In 2022 eSentire added storied private equity firm Warburg-Pincus to their cap table and achieved unicorn status with a valuation of one billion dollars. In this engaging episode of SecureTalk, host Justin Beals invites Eldon Sprickerhoff, a seasoned cybersecurity expert and founder of eSentire, to share his journey. Eldon graduated with a computer science degree from Waterloo University in 1991 and went on to establish a leading managed security services provider. During the conversation, Eldon reflects on his early career concerns and the macroeconomic challenges he faced during a recession. He also shares insights from his book, *Committed*, which explores the realities of startup life. The discussion highlights essential strategies for navigating the cybersecurity marketplace, the importance of founder-led sales, and the significant challenges and opportunities within the cybersecurity field. Tune in to gain valuable perspectives on entrepreneurship, real-time vulnerability scans, and the impact of AI and quantum computing on cybersecurity. Link to the Book: Commited: Startup Survival Tips and Uncommon Sense for First-Time Tech Founders https://sutherlandhousebooks.com/product/committed/…
In this episode of Secure Talk, Justin welcomes Stephen Ferrell, a cybersecurity expert and Chief Strategy Officer of Strike Graph, to discuss the significant changes in the compliance landscape brought about by the Cybersecurity Maturity Model Certification (CMMC). They explore the recent finalization of the CMMC rule, its implications for the defense industrial base, and the phased compliance requirements for various certification levels. The conversation emphasizes the necessity of CMMC for federal contractors, including those in non-traditional sectors like medical equipment manufacturing, along with the associated costs and procedures. Stephen also shares insights from his experience conducting a self-assessment for CMMC compliance, offering practical advice for organizations aiming to achieve certification. This episode is essential for cybersecurity professionals who want to understand the latest federal compliance standards and prepare their organizations accordingly.…
Privacy laws in our modern computing era have been around for well over twenty years. The conversation around appropriate privacy measures and effective governance of data has matured quite nicely since the early days of the Internet. While breaches do continue to happen, laws like GDPR, HIPAA and CCPA have helped set expectations for ethical and effective privacy practices. But we are in the midst of a massive proliferation of generative AI models. Since the technology is so nascent our expectations of privacy are being reshaped. An AI model is fundamentally a mathematical representation of a large data set. Its probabilistic function will create information depending on the prompts it can be given. Deep in the model the data used to ‘train’ it still leaves a fingerprint of the source information. What are the expectations for privacy, copyright and safety to those of us that have shared information on the internet? In this episode of Secure Talk, host Justin Beals engages in a comprehensive discussion with Dan Clarke, about the significant impact of AI. The conversation begins with Dan’s early days in computing and follows his journey into developing AI governance. They explore the transformative effects of AI in comparison to historical technological innovations, as well as the risks and biases that are inherent in AI systems. Additionally, they discuss current and future legal compliance issues. Dan shares personal anecdotes related to privacy challenges and the applicability of AI, emphasizing the importance of transparency, thorough risk assessment, and bias testing in AI implementations. This episode provides valuable insights for anyone interested in the ethical and responsible use of AI technology in today's applications. 00:00 Welcome to SecureTalk: Exploring Information Security 00:32 The Evolving Landscape of Privacy and AI 01:47 Introducing Dan Clark: AI Privacy Leader 03:10 Dan Clark's Journey: From Intel to Privacy Advocacy 04:14 The Impact of AI: Paradigm Shifts and Privacy Concerns 06:08 Personal Data and Privacy: A Real-Life Story 08:45 The Importance of Data Control and Fairness 13:10 AI Governance and Legal Responsibilities 21:02 Current Laws Impacting AI and Privacy 26:47 Legal Basis for Data Usage 27:01 Introduction to Truio and InnerEdge 27:29 The Birth of Truio: Addressing GDPR 28:39 AI Governance and Federal Privacy Law 30:48 Transparent AI Practices 31:58 Understanding AI Risks and Transparency 36:52 AI Use Cases and Risk Assessment 44:57 Bias Testing and AI Governance 50:39 Concluding Thoughts on AI and Governance Link: https://get.truyo.com/ai-governance-training…
S
Secure Talk Podcast
In this episode of Secure Talk, host Justin Beals, CEO and founder of Strike Graph, discusses cybersecurity awareness training with Craig Taylor, CEO and co-founder of CyberHoot. They explore the evolution and significance of security training, particularly in light of the rising number of phishing attacks. Taylor shares insights from his extensive background, including being a senior risk analyst for Computer Sciences Corporation in the development of one of the first cloud hosting platforms. He also shares his experience as a virtual Chief Information Security Officer (vCISO) and the growth and success of CyberHoot. The conversation highlights CyberHoot's innovative use of positive reinforcement methods in their approach to automated training and examines the role of artificial intelligence (AI) in both creating and combating cybersecurity threats. They also discuss the future of AI in security training and provide practical steps that companies can take to enhance their cyber resilience. 00:00 Introduction to SecureTalk 00:34 The Importance of Security Awareness Training 03:18 Craig Taylor's Journey into Cybersecurity 05:25 The Evolution of Technology and AI 15:30 The Role of Virtual CISOs 21:48 Building CyberHoot: From Services to Product 25:17 The Ineffectiveness of Shock Collars and Negative Reinforcement 26:21 The Power of Positive Reinforcement in Training 27:21 Challenges with Fake Email Phishing 27:51 Cyberhoots' Approach to Phishing Simulations 28:50 Gamification and Positive Outcomes 30:26 The Anxiety Around Cybersecurity Training 31:39 The Problem with Traditional Phishing Tests 33:13 Emerging Best Practices in Cybersecurity 38:53 The Role of AI in Phishing and Cybersecurity 45:16 Future Perspectives and Rapid Content Creation 48:46 Conclusion and Final Thoughts…
In this episode of Secure Talk we discuss the evolution of identity management with Eric Olden, co-founder and CEO of Strata Identity. Identity Management is at the heart of secure computing practices. And the requirements placed on it are ever-growing. Get it wrong, and you will expose the ‘crown jewels’ of your business. Today, many solutions rely on cloud-based Identity Management solutions for further security. How was Identity Management born, and where is it heading? We discuss the early days of networked computing. How Eric recognized in 1995, while at Berkley, the opportunity of the Internet to break out of academic communities and become a space for business. In a moment of inspiration, he realized that the missing feature was security. To be successful a ‘web powered’ business needed to manage its users and their identities. Eric founded Securant Technologies in 1995 and developed some of the first Web Access Management products. Securant Technologies was acquired by RSA in 2001. Eric continued to stay at the forefront of Identity Management by working on SAML, the gold standard of shared authentication. Today, Eric is developing Strata and exploring how enterprise organizations are harmonizing multiple Identity Providers from Okta to Microsoft. Tune in to learn about the critical advancements shaping the trusted identity landscape from a leading expert and present innovator. 00:00 Introduction to SecureTalk 01:51 Challenges in Identity Management 03:16 Introduction to Eric Olden 04:33 Eric Olden's Early Experiences with Computing 08:39 The Birth of Identity Management Solutions 17:11 The Origin of SAML 23:13 Reflections on SAML Evolution 23:56 Introduction to OAuth and Identity Standards 26:22 The Vision Behind Strata 30:15 Challenges in Identity Management 33:12 Exploring Self-Hosted Identity Solutions 40:07 The Importance of Authentication and Authorization 46:39 Concluding Thoughts on Identity Standards…
Cybersecurity is complicated; weird acronyms, massive risks and arcane skills. How do we teach or learn about cybersecurity in human ways? In this episode of SecureTalk, host Justin Beals is joined by cybersecurity researcher Luca Viganò to discuss his innovative approach to demystifying cybersecurity concepts using fairy tales. Luca shares his passion for making cybersecurity accessible to both experts and the general public by employing storytelling techniques. Key topics include multifactor authentication, explained through 'Cinderella' and password security inspired by 'Alibaba and the 40 Thieves.' Luca's insights are based on his acclaimed article 'Cyber Security of Fairy Tales.' This episode provides a fresh perspective on engaging non-expert stakeholders and underlines the importance of a social-technical approach to cybersecurity. 00:00 Introduction to SecureTalk 00:34 Host's Background and Passion for Storytelling 03:07 Introducing Luca Vigano 04:49 Luca's Journey in Cybersecurity 06:47 The Power of Storytelling in Teaching Security 08:10 Fairy Tales and Cybersecurity 18:43 Cinderella and Multi-Factor Authentication 34:06 Alibaba and the 40 Thieves: Lessons in Security 40:30 Show vs. Tell in Security Education 44:39 Future Work and Conclusion Article: Luca Viganò, The cybersecurity of fairy tales, Journal of Cybersecurity , Volume 10, Issue 1, 2024, tyae005, https://doi.org/10.1093/cybsec/tyae005…
In this episode of SecureTalk, host Justin Beals speaks with Idan Plotnik, co-founder and CEO of Apiiro, about the complexities of application security and innovation. They discuss Idan's career, which began with his early interest in secure computing as an engineer for the Israeli Defence Force. Later, while at Microsoft, Idan was frustrated by the inefficiencies in current application security reviews that slowed down software delivery. Idan explains opportunities to improve the application security posture throughout the software development lifecycle, emphasizing their methods for deep code analysis and extended Software Bill of Materials (SBOMs). The conversation also covers the role of AI in security, the significance of automation, and the integration of graph data models for effectively visualizing and managing security threats. 00:00 Welcome to SecureTalk 00:32 Introduction to Application Security 01:44 Meet Idan Plotnik 02:52 Idan’s Journey in Cybersecurity 04:31 Early Encounters with Computers and Security 08:44 Military Service and Professional Growth 12:19 Founding Apiiro and Innovations in Security 14:06 Challenges in Modern Software Development 15:33 Comprehensive Security Measures 19:47 Understanding the Risk Landscape 24:35 Understanding Risk in Software Architecture 25:30 The Role of AI in Software Security 26:29 Translating Code into Components 27:50 The Importance of Software Inventory 31:47 The Limitations of SBOMs 40:02 Automation in Security Design 46:00 The Power of Graph Data Models 48:35 Conclusion and Final Thoughts…
It’s easy to consider privacy as a technology issue, or a legal challenge. But our concepts of privacy have a lot to do with what type of community we would all like to live in. What happens when we consider privacy a right as opposed to a commodity? Join us on Secure Talk for an in-depth exploration of the complex world of privacy with esteemed sociologist and author James B. Rule. In this episode, he draws parallels between past and present institutional power. He discusses his latest book, “Taking Privacy Seriously: How to Create the Rights We Need While We Still Have Something to Protect “where he delves into the intricacies of privacy laws, the implications of personal data commercialization, and the notion of "personal decision systems." James presents 11 practical privacy reforms, highlighting the importance of informed consent and strong data protection measures. This episode offers cybersecurity experts valuable historical context, actionable insights, and thought-provoking discussions on how to balance privacy with technological advancement. Join the conversation on how we can protect what truly matters. Join us as we examine the challenges and potential reforms related to privacy in the digital age, highlighting recent legislative successes such as California's new privacy laws. James advocates for the establishment of national institutions dedicated to promoting privacy. He also discusses the ethical dilemmas faced by technology and policy leaders in striving to find the right balance between the utility of personal data and the protection of individual privacy. This episode is essential for cybersecurity experts interested in privacy reform and the history of personal data usage. Book: “Taking Privacy Seriously: How to Create the Rights We Need While We Still Have Something to Protect” https://www.ucpress.edu/books/taking-privacy-seriously/paper 00:00 Introduction to SecureTalk 00:32 Exploring the Complexities of Privacy 01:21 Introducing James B. Ruhle 02:56 James B. Ruhle's Journey into Privacy 06:55 Historical Perspectives on Privacy 09:10 Modern Privacy Challenges and Solutions 15:48 The Concept of Lawful Basis 23:59 Personal Decision Systems 26:26 Proposed Privacy Reforms 36:56 Public Events and Privacy Issues 42:55 Conclusion and Final Thoughts…
Have you ever felt like tech fandom was turning into a cult? A tech founder ‘preached’ that they heralded a new paradigm for humanity? AI will change everything, Cryptocurrency will make you rich, the ‘Singularity’ is coming! Elon Musk, Sam Altman, Steve Jobs, Bill Gates, etc are raised up as the new messiah by thousands of worshipers. Is it really so difficult to see the tendency of the billionaire technology founders to prey on our hopes and fears? In a thought-provoking episode of Secure Talk, host Justin Beals interviews Greg Epstein, the Humanist Chaplain at Harvard and MIT, and a New York Times bestselling author about his upcoming book, "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why It Desperately Needs a Reformation." They discuss the intricate relationship between technology, ethics, security, and human experience, challenging traditional perspectives on cybersecurity. Through engaging conversations about societal equity, community connections, and the ethical implications of technology-induced isolation, Greg and Justin shed light on the profound cultural and existential impact of technology on modern life. The discussion delves into the psychological and emotional aspects of the tech world, drawing parallels with religious structures and highlighting the need for a balance between technological engagement and ethical responsibility. Book: "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why it Desperately Needs a Reformation" https://mitpress.mit.edu/9780262049207/tech-agnostic/…
S
Secure Talk Podcast
1 Enterprise Security from Healthcare to GE: Accountability, Strategy, and Value Creation with Bob Chaput 52:19
My first SOC 2 audit as a Chief Technology Officer felt like performance art. Here we were, dancing to the tune of an auditor that had never built a web application, let alone a business. So many of their playbooks were repeated from other businesses and didn’t make us more secure. When we were done I was certainly glad to show off our new ‘certification’ but I wondered how I could implement great security and create value for my company. In this compelling episode of Secure Talk, host Justin interviews Bob Chaput, a seasoned CISO and cybersecurity leader with a rich background in the healthcare sector. The conversation traverses Bob’s extensive career, from his early days at GE to establishing Johnson & Johnson’s first information security program. Bob shares profound insights from his book, 'Cyber Risk Management as a Value Creator,' illustrating the shift of cybersecurity from a defensive necessity to a strategic business driver. They explore the critical role of governance, regulatory accountability, and the implementation of risk management frameworks like the NIST cybersecurity framework. Using real-world cases like Equifax’s post-breach recovery, Bob elucidates the tangible business value of robust cybersecurity measures. Learn about budgeting for cybersecurity, fostering organizational engagement, and integrating security into business operations for enhanced resilience and customer trust. This episode is a treasure trove for experts looking to transform their cybersecurity approach into a strategic advantage. Book: Enterprise Cyber Risk Management as a Value Creator https://bobchaput.com/enterprise-cyber-risk-management-as-a-value-creator/ 00:00 Welcome to SecureTalk: Introduction and Host Overview 00:41 The Importance of Scope in Cybersecurity 02:58 Introducing Bob Chaput: Cybersecurity Expert 04:45 Bob Chaput's Career Journey 08:17 Enterprise Cyber Risk Management as a Value Creator 12:20 The Role of Regulations and Accountability in Cybersecurity 17:26 Strategic Approach to Enterprise Cyber Risk Management 21:33 Risk and Opportunity Assessment in Cybersecurity 26:47 Leveraging Security Practices for Business Value 27:58 The Impact of Cybersecurity on Business Value 28:56 Clearwater's Role in Enhancing Cybersecurity 31:03 The ECRM Budget Philosophy 32:59 Maxims for Effective Cyber Risk Management 35:59 Building a Team Sport Culture in Cybersecurity 40:47 Foundational Components of ECRM 44:19 Challenges in Third-Party Risk Management 49:25 Clearwater's Journey and Future Prospects…
In the never-ending vortex of Silicon Valley's hype cycle, it's easy to get lost in the sea of superficial success stories and forget that true innovation often requires patience, persistence, and a willingness to disrupt the status quo – not just a fancy logo or a tweet from a billionaire CEO. Inside of the froth however, there are investors and venture capitalists that think carefully about who they are investing in, why it is a durable venture and how to create the best impact for everyone. In this episode of Secure Talk, host Justin Beals welcomes Rey Kirton from Forge Point Capital to discuss venture capital's unique role in the cybersecurity industry. Rey shares his journey from consulting to venture capital, outlining the importance of building meaningful long-term relationships with companies he invests in. He explains how Forge Point Capital develops investment theses and highlights the value of solution-based, data-driven AI applications. The conversation delves into the significance of listening to customer feedback, industry patterns, and emerging themes like edge computing and AI in cybersecurity. The episode is a must-listen for founders and investors navigating the current market landscape, offering insights into building successful business partnerships and understanding evolving technology trends. 00:00 Welcome to SecureTalk 00:36 Introducing Our Guest: Ray Kirton 01:30 Rey Kirton's Career Journey 02:25 Venture Capital Insights 05:14 The Role of ForgePoint Capital 06:55 Investment Strategies and Challenges 17:01 AI in Cybersecurity 21:45 Leveraging Proprietary Data for AI and Data Science 23:19 The Rise and Fall of Blockchain and Crypto Hype 28:10 Understanding Venture Capital Dynamics 34:31 Future Trends in Technology and Investment 37:56 Advice for Aspiring Founders 39:09 The Importance of Customer Feedback 42:47 Building Strong Investor Relationships…
S
Secure Talk Podcast
"If you torture the data long enough, it will confess to anything" said Ronald Coase. Certainly the advent of AI has created some spectacular progress and failures. In the realm of patient care AI tools can have a powerful impact and there is little room for error. How do professionals in the Medical Device and Medical Software space prepare their solutions for the market? In the latest episode of SecureTalk, Justin is joined by Dr. Paul Campbell, who serves as the Head of Software and AI at the UK's Medicines and Healthcare products Regulatory Agency (MHRA). Dr. Campbell discusses his journey from pharmacy to becoming a prominent figure in healthcare IT and regulated software. The conversation covers the development of AI in healthcare, the global standardization of regulations, and the MHRA’s innovative initiatives such as AI Airlock, which are driving progress in medical technology. The discussion also delves into the vital role of data representation, ethical considerations in AI, and the complexities of implementing advanced technologies in real-world medical settings.…
Much of the United States' progress since World War II on the global stage is due to a powerful partnership between private industry and the US government. The internet itself was a DARPA research project now turned into an economic juggernaut. How do we feed and support this powerful partnership? In this episode of SecureTalk, host Justin Beals welcomes Jason Healey, a senior research scholar at Columbia's School for International and Public Affairs. Jason, a pioneer in the field of cyber threat intelligence and former intelligence officer, discusses his extensive career and the evolution of cyber defense from the late 1990s to today. Topics include the origins of cybersecurity, the challenges of cyber warfare and policy, and the balance between defense and innovation. Jason elaborates on the critical role of metrics such as mean time to detect in measuring cybersecurity effectiveness and emphasizes the importance of harmonizing regulations and frameworks in the U.S. A detailed analysis of recent cyber incidents and the necessity for more robust cyber policies underlines the insightful conversation, making it essential listening for cybersecurity professionals.…
I’ve participated or led technology product teams for 25 years. And engaging in effective security practices was three simple activities: least privileges, change management and network/server configurations. But in an ever-changing security environment, how do security leaders engage product teams in effective practices? Join us on Secure Talk with Naomi Buckwalter, the Senior Director of Product Security at Contrast Security. Throughout our conversation, Naomi shares her intriguing journey into the field of cybersecurity, from her early interest in tech and her educational background to landing a significant role at Vanguard Financial and eventually becoming a thought leader in cybersecurity. She explains the critical distinction between secure architecture reviews and secure code reviews and delves into the importance of trust and collaboration between developers and security engineers. Naomi also emphasizes the importance of inclusive hiring and discusses how she has successfully integrated individuals from non-traditional backgrounds into cybersecurity roles. As the founder of Cybersecurity Gatebreakers she helps technology teams find “young-in-career” talent ready to make an effective contribution. A poignant part of the discussion revolves around the concept of 'sec-splaining,' the need for excellent communication, and why security should be seen as a service to the business. This conversation is a must-listen for cybersecurity experts looking to enhance their understanding of team building and effective security management for software development. ----- Additional Resources: Books: "The Smartest Person in The Room" by Christian Espinosa https://christianespinosa.com/books/the-smartest-person-in-the-room/ "Five Disfunctions of a Team" by Patrick Lencioni https://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756…
The state of networked computing systems today relies heavily on a networking architecture designed and implemented by people like David Hotlzman, our guest on Secure Talk. But what if our current “world wide web” was just the progenitor of an n-dimension “internet stack”? Does Web 3 offer the opportunity to evolve a seemingly monolithic internet? In this episode of SecureTalk, host Justin Beals interviews David Holtzman, the brains behind the global domain name registration system and a former NSA analyst. They delve into the history and evolution of the DNS, discussing how it transformed from a single 'host.txt' file to a robust global system impacting millions of domain names. David shares his thoughts on decentralization, the potential of blockchain technology, and the future of cybersecurity in the wake of quantum computing. They also touch on the implications of AI, the cyclical nature of tech fads, and the importance of innovative yet secure solutions in today's rapidly evolving cyber environment. This episode is a must-listen for cybersecurity experts interested in the complex interplay between technology, governance, and security.…
It is election season in the United States and there continues to be a lot of FUD around the security of our elections. We decided to sit down with an expert to discuss election security and how citizens here in the United States should consider this civic event. Join host Justin Beals and guest Mark Listes as they delve into the critical topic of election security. Mark, CEO of Pendulum and former Head of Policy at the U.S. Election Assistance Commission, shares his extensive expertise on managing election security and the intricate relationship between technology and trust in the electoral process. They explore the complexities of pre-vote misinformation, the robustness of various voting systems, and how the integrity of election results is maintained amidst emerging cybersecurity threats. Mark also highlights Pendulum's new tool, ElectionIQ, which aids businesses in navigating election-related risks. The discussion sheds light on the vital role of trust and participation in sustaining democracy, making it a must-listen for cybersecurity professionals seeking to understand the current landscape of election integrity.…
S
Secure Talk Podcast
In this episode of Secure Talk, host Justin Beals sits down with Danny Goodwin and Ed Schwarzschild, the authors of the book 'Job / Security: A Composite Portrait of the Expanding American Security Industry'. They delve into the multifaceted world of security work, bridging personal experiences and professional insights. Goodwin, a professor and chair of the Department of Art and Art History, and Schwarzschild, director of creative writing at SUNY Albany both had family members who worked in the security field that required secrecy. The shared formative experiences blossomed into a discussion about families and the impact of jobs on security. Realizing that the security field has been rapidly growing, they used expertise in the humanities to explore security jobs and their impact on individuals, families and our community at large. The podcast covers their methods of capturing authentic experiences through interviews and photography, bringing a human touch to a field often viewed through a critical or technical lens. Danny and Ed recount their past roles in security and detail compelling stories from their book, including experiences of border patrol agents, military security and cybersecurity professionals. The discussion also touches on the companion exhibition for “Jobs / Security” and their plans for expanding the project globally. This episode is a must-listen for those interested in the intersection of security and humanity. Book: 'Job / Security: A Composite Portrait of the Expanding American Security Industry'. (2024) https://mitpress.mit.edu/9780262048699/jobsecurity/ Exhibition: Job Security: Voices and Views from the American Security Industry. August 12- December 9, 2024 - University at Albany SUNY https://www.albany.edu/museum/exhibitions/job-security-voices-and-views-american-security-industry…
S
Secure Talk Podcast
How do we predict the future? In our respective technology and security fields we are often asked to prognosticate on “what’s next?”. Understanding current trends is certainly helpful but what if you could reach far into the future and describe humanity and our relative progress? In this week's episode of SecureTalk we host an Associate Professor of Digital Media at Brock University, to discuss the intersection of cybersecurity and the humanities. Our guest's recent works include, 'Hacking the Humanities' and 'The Language of Cyberattacks,' delve into how digital culture, app development, and natural language processing intersect with cybersecurity. Listen in as we discuss William Gibson predicting the future of the internet and our examination of the cultural consequences of cybersecurity, emphasizing the need for broader digital literacy, the evolving landscape of internet privacy, and how speculative fiction can inform ethical questions and possible futures. They also touch on real-world incidents like the 'Parlor tricks' hack, demonstrating how programming literacy can empower individuals to navigate and influence the digital ecosystem. The conversation underscores the vital role of humanistic perspectives in understanding and shaping the cybersecurity landscape.…
Welkom op Player FM!
Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.
Daily Deals
Player FM - Podcast-app
Ga offline met de app Player FM !
Ga offline met de app Player FM !
))
