Cyber Security Weekly Podcast

Follow Cyber Security Weekly Podcast
Share on
Copy link to clipboard

Without trust, society stagnates, economies decline, and businesses fail. This podcast series keeps abreast of the latest trends and challenges in cyber and physical security with interviews, event updates, industry suppliers & government initiatives.

MySecurity Media


    • Apr 15, 2025 LATEST EPISODE
    • weekly NEW EPISODES
    • 20m AVG DURATION
    • 296 EPISODES


    Search for episodes from Cyber Security Weekly Podcast with a specific topic:

    Latest episodes from Cyber Security Weekly Podcast

    Episode 451 - Connecting & Protecting in the Age of AI

    Play Episode Listen Later Apr 15, 2025 58:47


    In today's security world, there are numerous security solutions that can limit access to company data and IT resources and lock down access. However, when it comes to using AI apps and their back-end models, the answer is not so simple. In this session we take a deep-dive into the challenge that Cisco saw looming on the horizon years ago and has culminated in a brand-new solution called Cisco AI Defence.

    Episode 450 - Connecting and protecting in the age of AI

    Play Episode Listen Later Apr 15, 2025 20:50


    In today's security world, there are numerous security solutions that can limit access to company data and IT resources and lock down access. However, when it comes to using AI apps and their back-end models, the answer is not so simple.We speak with Carl Solder, Chief Technology Officer - Cisco Australia/New Zealand and get his insights into the challenge that Cisco saw looming on the horizon years ago and has culminated in a brand-new solution called Cisco AI Defence. Prior to this role, Carl was Cisco's Vice President of Engineering for the Enterprise Networking and Cloud Engineering organisation at Cisco HQ in San Jose, California. In this role he was responsible for Technical Strategy for the Enterprise Network and Cloud portfolio. His portfolio included the Catalyst Routing, Switching and Wireless platforms, the Intent Based Networking Software Innovations around Automation, Assurance, Machine Learning and Artificial Intelligence as well as the Policy, Identity and Segmentation Software solutions that include Cisco's Identity Services Engine (ISE).Through his time at Cisco, Carl has also held various Engineering leadership roles in Cisco HQ San Jose and served as a Distinguished Engineer working on early developments in the area of Mass Scale Data Centre Architectures, OpenFlow and Software Defined Networking. With more than 35 years of technical, business and sales leadership experience in the ICT industry, Carl has a diverse ICT background that provides great insight into emerging market transitions.Further Reading/WatchingCisco AI summit: https://www.ciscoaisummit.com/AI defence: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m01/cisco-unveils-ai-defense-to-secure-the-ai-transformation-of-enterprises.htmlOWASP Top Ten vulnerabilities for AI white paper -https://genaisecurityproject.com/resource/owasp-top-10-for-llm-applications-2025/#Cisco #AIdefence #mysecuritytv

    Episode 449 - CISO applying and securing an enterprise-ready trust management platform

    Play Episode Listen Later Apr 15, 2025 21:10


    Vanta is the first ever enterprise-ready trust management platform – one place to automate compliance workflows, centralize and scale your security program, and build and manage trust with customers and partners.We speak with Jadee Hanson, Chief Information Security Officer (CISO) for Vanta. Security is at the heart of what Vanta does —helping customers improve their security and compliance posture - and this starts with their own.For further information visit https://mysecuritymarketplace.com/vanta/ #mysecuritytv #vanta #stateoftrust

    Episode 448 - Global Technology Industry Association renews call to the IT Channel

    Play Episode Listen Later Mar 24, 2025 6:24


    We speak with Wayne Selk of the Global Technology Industry Association, or GTIA during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. GTIA was formerly CompTIA. The renaming is the result of the sale of the Computing Technology Industry Association's CompTIA brand in combination with its training and certification business, which will now operate as a separate for-profit company under the CompTIA name. As a result, the existing membership-based trade association, now known as GTIA, continues to operate with the same mission of service to the IT industry.Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry.#ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker #gtiaVisit gtia.org for details.

    Episode 447 - Protecting Microsoft 365 Tenants at Scale

    Play Episode Listen Later Mar 24, 2025 3:25


    We speak with Matthé Smit, Chief Product Officer of Inforcer during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry. #ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker #inforcer

    Episode 446 - Getting started with Rubber Ducky

    Play Episode Listen Later Mar 24, 2025 3:55


    We speak with Kieran Human, Special Projects Engineer with ThreatLocker during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. Kieran ran a hands-on lab to teach what a Rubber Ducky is and how to create and deploy your own payload. Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry. #ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker

    Episode 445 - Makes clients sleep better at night - Zero Trust World focuses on the serious business of cybercrime

    Play Episode Listen Later Mar 24, 2025 6:36


    We speak with Rob Allen, Chief Product Officer of Threatlocker during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry.#ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker

    Episode 444 - How vulnerable is your Mac

    Play Episode Listen Later Mar 24, 2025 5:02


    We speak with Slava Konstantinov, macOS Lead Architect of Threatlocker during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. How vulnerable do you think your Macs are to Malware? Mac expert Slava Konstantinova uncovers the hidden data and security risks lurking in your macOS browsers and apps. Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry.#ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker

    Episode 443 - Embracing a default-deny security posture

    Play Episode Listen Later Mar 24, 2025 8:37


    We speak with Danny Jenkins, CEO & Founder of Threatlocker during Zero Trust World 2025, held annually in Orlando, Florida with IT professionals from 28 countries in attendance. Zero Trust World 2025 aims to empower IT professionals to embrace a default-deny security posture and build stronger, more resilient cybersecurity frameworks. Attendees gain a deeper understanding of both known and unknown cyber threats and gain actionable strategies to secure their environments and elevate their cybersecurity efforts. Plus, it's a unique opportunity to network and collaborate with the brightest minds in the industry.#ztw25 #zerotrust #zerotrustworld #mysecuritytv #threatlocker

    Episode 442 - Maritime Domain Awareness Series - Securing our seas: Innovations and challenges

    Play Episode Listen Later Mar 19, 2025 62:01


    This session focused on gaining insights in the latest developments and capabilities for establishing and maintaining situational awareness across the maritime domain, with a focus on security, sustainability and space-earth observation. For Reference to the Maritime Domain and related activities – welcome to refer to the following links:https://www.iala.int/technical/mass/https://smartsatcrc.com/smartsat-crc-and-nz-government-announce-four-new-joint-research-projects-under-the-australia-new-zealand-collaborative-space-program/https://unseenlabs.space/our-product/ DISCUSSION KEY POINTS- Future of Maritime Autonomous Surface Ships (MASS)- Imagery utilization and availability (TPED) / configuration- On board processing for tip/cue scenarios- Algorithmic considerations for efficient ship detections (optical and SAR)- Synthetic aperture radar (SAR) missions – Australia - NZThomas Southall, Committee ManagerINTERNATIONAL ORGANIZATION FOR MARINE AIDS TO NAVIGATION (IALA)Thomas is Committee Manager for the International Organization for Marine Aids to Navigation (IALA) directing the technical output aligning deliverables with the organization's Strategic Vision and Committee Work Programme. He is also a Trustee and Fellow of the Royal institute of Navigation awarded to him in recognition for his contribution to improved Vessel Traffic Services practice, training and development of policy at national and international levels. He has recently been admitted into the Fraternity of the United Kingdom's Trinity House as Younger Brother in recognition of his experience and achievements.He was representative for the International Harbour Masters Association to IALA where he served as participant and Chair of the VTS Operations Working Group. In this role and as IALA Technical Officer, he made significant contribution to the adoption of the new IMO Resolution on VTS.Before joining IALA, Tom worked for the Australian Maritime Safety Authority as a maritime advisor. Previously, he oversaw the Port of London Authorities' VTS and led a commercial training organization. Tom served as a Navigational Officer in the Merchant Navy.Dr Carl Seubert, Chief Research OfficerSMARTSAT CRCDr Carl Seubert joined SmartSat in May 2021, after nine years NASA Jet Propulsion Laboratory (JPL) as a Senior Aerospace Engineer. After graduating First Class Honours in Aerospace Engineering from the University of Sydney, Dr Seubert completed a Master of Science degree in Aerospace Engineering from the Missouri University of Science and Technology (USA) and a PhD in Aerospace Engineering from the University of Colorado Boulder (USA).As NASA JPL's Manager of Formation Control Testbed and Guidance and Control Engineer, Dr Seubert led research and technology development for spacecraft formation flight, future Earth observation missions and precise planetary landing. This includes designing the spacecraft pointing control algorithms and software for the upcoming Europa Clipper mission and the next Mars lander mission.Kevin Jones, CTO & VP ProductCATALYST (PCI GEOMATICS)Kevin has a background in remote sensing applications, and began his career working on the RADARSAT-1 mission in Canada. Throughout his career, he has developed and delivered earth observation based solutions to clients globally spanning many applications areas. With the advent of AIS data, Kevin managed the implementation of near real time ship detect service that fused / correlated detections with known ship positions. At CATALYST, we are working to make the deep & rich algorithm stack available for efficient processing of earth observation imagery to enable innovative data as a service solutions for several application areas.Rachid Nedjar, Chief Strategy & Marketing OfficerUNSEENLABSRachid NEDJAR is the Head of Marketing at Unseenlabs. In this role, he focuses on developing tailored content and solutions to Unseenlabs customers involved in maritime security. Prior to joining Unseenlabs, Rachid had been working for Le Poool, giving support and consulting to early stage technological companies or in the process of growth. #australiainspacetv #ipsec #mass #maritime #maritimedomain #autonomoussystems #autonomousshipping #unseenlabs #iala #maritimesecurity #sar #spacetechnology #smartsatcrc

    Episode 441 - Space Medicine for Earthlings - Special Virtual Series - Episode 1

    Play Episode Listen Later Feb 13, 2025 63:10


    Transforming healthcare through innovations in extreme environments.Humans operating in extreme environments often conduct their operations at the edges of the limits of human performance. Sometimes, they are required to push these limits to previously unattained levels. As a result, their margins for error in execution are much smaller than that found in the general public. These same small margins for error that impact execution may also impact risk, safety, health, and even survival. Thus, humans operating in extreme environments have a need for greater refinement in their preparation, training, fitness, and medical care. (Source: Optimizing human performance in extreme environments through precision medicine: From spaceflight to high-performance operations on Earth) This session discusses the latest developments in Space & Earth medical science and research with leaders in this specialist, exciting and critically important domain of humans in space. Panelists:Dr Josef Schmid, First Human Holoported to Space | NASA Orion Medical Operations Lead | NASA Flight Surgeon, NASADr Shawna Pandya, First named Canadian female commercial astronaut; Physician & Director, International Institute for Astronautical Sciences Space Medicine GroupEkaterina Kostioukhina, Medical Consultant, Air Ambulance Flight Team, Human hibernation researcher, Health New ZealandVladimir Ivkovic, PhD, Director, Research Opportunities, Center for Space Medicine Research, Department of Psychiatry | Director, Laboratory for Neuroimaging and Integrative Physiology, Neural Systems Group, Department of Psychiatry, Massachusetts General Hospital & Harvard Medical School#australiainspacetv #spacemedicine #humansinspace

    Episode 440 - ZTW25 - Zero Trust World - Revolutionizing Incident Response

    Play Episode Listen Later Jan 22, 2025 13:39


    In the lead up to Zero Trust World 2025 we speak with Rob Allen, Chief Product Officer, ThreatLocker.ThreatLocker protects endpoints and data from zero-day malware, ransomware, and other malicious software, and provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions. Visit https://www.threatlocker.com/why-threatlockerZTW provides plenty of opportunity to learn, develop your skills, and network. Visit https://ztw.com/ #ztw #ztw25Rob Allen is a seasoned IT professional with over two decades of experience helping businesses embrace technology while navigating its evolving challenges. His career began with a strong technical foundation—working as a system administrator, technician, and engineer—which gave him a unique understanding of both the technical and operational needs of businesses.Rob spent his early career with an Irish-based MSP, where he served as a trusted advisor to hundreds of small and medium enterprises across diverse industries. During this time, he gained invaluable insight into the challenges faced by many businesses, particularly in the realms of security and cyber resilience.Joining ThreatLocker in 2021 as VP of Operations for EMEA, Rob's deep technical expertise and commitment to customer success fueled the company's expansion across the region. Rob currently serves as ThreatLocker Chief Product Officer, driving the development and delivery of innovative security solutions, empowering businesses to safely operate in an increasingly complex threat landscape. Now a recognized expert in cyber and ransomware remediation, Rob has been on the frontlines helping organizations recover from attacks and implement proactive defenses to secure their futures.#mysecuritytv

    Episode 439 - Deepfake fraud threats to financial institutions

    Play Episode Listen Later Jan 20, 2025 13:25


    Group-IB has released a fascinating case investigation on deep fake fraud. Group-IB's Fraud Protection team published a report on how threat actors use deepfake technology to bypass biometric security in financial institutions, including facial recognition and liveness detection. It also details how they recently assisted a major Indonesian financial institution in identifying over 1,100 deepfake fraud attempts. Criminals used AI-generated deepfake photos to bypass the institutions digital KYC process. Fraudsters are increasingly using deepfake technology to bypass biometric security systems in financial institutions. These criminals are using AI-altered deepfake images, emulators, app cloning, and even virtual cameras to breach multiple layers of security.We speak with Yuan Huang, Group-IB's Cyber Fraud Analyst for APAC and discuss the significant social and financial impact of deepfake fraud, with recent losses in Indonesia alone estimated at $138.5 million USD.The advanced deepfake techniques include app cloning, AI-powered face-swapping and virtual camera applications and we discuss the growing challenges financial institutions face in detecting AI-driven deepfakes and proactive measures financial institutions must take to mitigate risks caused by evolving deepfake technology.For more information visit https://www.group-ib.com/blog/deepfake-fraud/For more on the Women in Security ASEAN Region Awards visit https://womeninsecurityaseanregion.com/ #deepfakes #mysecuritytv #groupib #topwomeninsecurityASEAN

    Episode 438 - Hack the Hacker Series - Release of ITMOAH 2024

    Play Episode Listen Later Jan 17, 2025 22:14


    Learn what ethical hackers can teach us about the next era of artificial intelligence.We speak with Michael Skelton, VP of Operations and Sajeeb Lohani, Global TISO for Bugcrowd on the latest edition of 'Inside The Mind Of A Hacker'.We're also joined by CJ Fairhead who is a Senior Penetration Tester, OSCP Certified, Security obsessed and tinkerer of things. Passionate about combining years of Internal IT experience with his security knowledge for Red Team engagements, CJ is involved in the Bug Bounty scene and works on giving back to the community through tool development, blog posts or just general advice. In the latest edition of ITMOAH, dive inside the minds of 1000 hackers and see your organization from a new perspective, with the latest analysis on security researchers and their transformative use of generative AI.For more information and to access more, including the Bugcrowd Report series - visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity #ITMOAH #ethicalhackers

    Episode 437 - How the data center industry and its ecosystems are adapting to AI

    Play Episode Listen Later Jan 15, 2025 7:28


    We speak with Paul Tyrer, Global VP of IT Channel Ecosystem, Schneider Electric about the impact of AI on Data Centers in the coming years. Generative AI is expected to grow by US$158.6 billion by 2028, according to #canalys The growth of AI presents data center companies with opportunities to innovate, expand their service offerings, and cater to the evolving needs of AI-driven applications and enterprises. However, it also comes at a cost. Global data center capacity is projected to grow by over 120 GW by 2030, fuelled by AI demand, with energy consumption expected to double to ~1,400 TWh, compared to 1% of today's total. This growth outpaces current power demand trends, posing capacity and sustainability challenges. It requires data center companies to adapt in order to meet the evolving power needs of AI-driven applications effectively and sustainably.Recorded by MySecurity Media as media partners to the Canalys APAC Forum, Bali, 2-4 December 2024.#mysecuritytv #ai #datacenter #datacentre #schneiderelectric #canalys

    Episode 436 - Unified SASE with increasing focus on channels in the APAC region

    Play Episode Listen Later Jan 13, 2025 5:41


    We speak with Craig Patterson, Senior Vice President of Global Channels at Aryaka Networks, where he leads the company's channel strategy worldwide, enabling alignment across partner sales and marketing teams and programs in North America, Europe, Africa and the Middle East (EMEA) and Asia-Pacific (APAC). Patterson joined Aryaka Networks as Channel Chief and Vice President of Sales - Americas in September 2021 where he led go-to-market strategies within the agent, reseller and distribution channels in North America, including the launch of the Aryaka Accelerate Global Partner Program. Prior to Aryaka, Patterson was the West Division Vice President for Lumen's indirect channel. In this role, he led all sales and revenue strategy for a $1 billion organization within the Lumen Channel Partner Program and managed more than 100 sales professionals. Before joining Lumen, Patterson was a founding member of the Level 3 Channel Partner Program, where he grew revenue from $0 to $500 million over 15 yearsAryaka has an increasing focus on channels in the APAC region with a commitment and investment in the region in terms of expanding the Aryaka team and partner recruitment. Aryaka have recently hired two senior additions to the team in Hong Kong and Singapore, to gain increased traction in the regional with partners and customers. Aryaka as an organization are doubling down on the SASE market with their partners in APACRecorded by MySecurity Media as media partners to the Canalys APAC Forum, Bali, 2-4 December 2024. #pax8 #mysecuritytv #canalys

    Episode 435 - CISO Perspectives - Interview with CISO of Carvana

    Play Episode Listen Later Jan 10, 2025 42:15


    We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity. Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds. For more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity

    Episode 434 - Global IT market intelligence and analytics with expansion into APAC region

    Play Episode Listen Later Jan 7, 2025 7:01


    Context is a B Corp™ Certified market intelligence and analytics service provider for the technology industry.CONTEXT forecasts, analytics and data-management solutions are embedded in the information systems of the world's major technology companies. They track over $200 billion of sales transactions for the global ITC channel every year. Their team of more than 400 staff operates from locations including London, Berlin, Paris, Madrid, Milan, Warsaw, Johannesburg, Istanbul, Dubai, Chicago, Buenos Aires, São Paulo, Mumbai, Auckland, Singapore, Seoul, Taipei, and Tokyo.We speak with CEO and Founder Howard Davies in Bali at the 2024 Canalys APAC Forum.#canalys #context #mysecuritytv

    Episode 433 - Bug Bounty Leadership Series - Interview with CEO of Bugcrowd

    Play Episode Listen Later Jan 6, 2025 12:33


    As part of our Bugcrowd Leadership Series, we speak with Dave Gerry, Chief Executive Officer of Bugcrowd on his most recent visit to Sydney and the region. His visit for Cybercon in Melbourne also follows with the company recently securing a USD50 million capital growth facility from the Silicon Valley Bank and also appointing Trey Ford, as chief information security officer for the Americas.We also refer to the latest edition of ITMOAH, which dives inside the minds of 1,000 hackers and the latest analysis on security researchers and their transformative use of generative AI.For more on the CxO Perspectives and Hack the Hacker Series with Bugcrowd visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv #cisoseries #bugbounty

    Episode 432 - Cyber Security Protections for Critical Infrastructure

    Play Episode Listen Later Dec 18, 2024 57:36


    Are you prepared for a cyber-attack? Whether you're managing a national or state-wide critical infrastructure organisation, or you're a small rural provider with a lean team, the stakes are higher than ever for Australia's Energy and Utility operators.Recorded on 20 November 2024 this webinar discusses the SOCI Act 2018 and the Essential Eight Framework, equipping you with practical strategies to strengthen your organisation's cyber resilience.Speakers:Tony Campbell - Principal, Security Consulting & Advisory, Kinetic ITGayatri Prasad - Information Security Manager, Kinetic ITHeath Moodie - Senior OT Threat Intelligence Analyst, DragosModerator: Chris Cubbage - Executive Director & Editor of MySec.TVFor more information visit www.kineticit.com.au To register for the series visit: https://mysecuritymarketplace.com/security-risk-professional-insight-series-kinetic-it/#otcybersecurity #cybersecurity #mysecuritytv #kineticit #dragos

    Episode 431 - New cybersecurity laws to have implications and expectations on Australian industry

    Play Episode Listen Later Dec 16, 2024 6:43


    Fortifying Australia's Data Resilience and Security Luncheon held 31 October 2024 at the National Press Club in Canberra gathered industry leaders, government officials and cybersecurity experts to explore Australia's pressing cyber security challenges.As one of the most attacked countries in the world, Australia faces significant threats that demand urgent attention and innovative solutions. This event will focus on the sovereignty of Australian cyber and data residency, emphasising the need for robust strategies to protect our digital landscape.At this luncheon, the audience heard from keynote speakers and panellists discussing vital topics, including:An update on the 2023-2030 Australian Cyber Security StrategyProposed Cyber Security Legislative Package 2024, consisting ofCyber Security Bill 2024Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024Global trends in Artificial Intelligence, data resilience and protection across government and corporate sectorsStrategies and reforms to safeguard Australian organisations and ensure data sovereignty and residencyThe event featured an open panel discussion discussing the current cyber security landscape.We spoke with Simon Bush, CEO of the Australian Information Industry Association (AIIA) who participated in the session. #MySecurityytv #cybersecurity

    Episode 430 - Legal framework changes for Australia's national cybersecurity

    Play Episode Listen Later Dec 13, 2024 9:33


    Fortifying Australia's Data Resilience and Security Luncheon held 31 October 2024 at the National Press Club in Canberra gathered industry leaders, government officials and cybersecurity experts to explore Australia's pressing cyber security challenges. As one of the most attacked countries in the world, Australia faces significant threats that demand urgent attention and innovative solutions. This event will focus on the sovereignty of Australian cyber and data residency, emphasising the need for robust strategies to protect our digital landscape.At this luncheon, the audience heard from keynote speakers and panellists discussing vital topics, including:An update on the 2023-2030 Australian Cyber Security StrategyProposed Cyber Security Legislative Package 2024, consisting ofCyber Security Bill 2024Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024Global trends in Artificial Intelligence, data resilience and protection across government and corporate sectorsStrategies and reforms to safeguard Australian organisations and ensure data sovereignty and residencyThe event featured an open panel discussion discussing the current cyber security landscape.We spoke with Annie Haggar, Partner and head of cyber security for Australia at global law firm Norton Rose Fulbright who participated in the panel. #MySecurityytv #cybersecurity

    Episode 429 - Fortifying Australia's Data Resilience and Security

    Play Episode Listen Later Dec 10, 2024 5:42


    Fortifying Australia's Data Resilience and Security Luncheon held 31 October 2024 at the National Press Club in Canberra gathered industry leaders, government officials and cybersecurity experts to explore Australia's pressing cyber security challenges.As one of the most attacked countries in the world, Australia faces significant threats that demand urgent attention and innovative solutions. This event will focus on the sovereignty of Australian cyber and data residency, emphasising the need for robust strategies to protect our digital landscape.At this luncheon, the audience heard from keynote speakers and panellists discussing vital topics, including:An update on the 2023-2030 Australian Cyber Security StrategyProposed Cyber Security Legislative Package 2024, consisting ofCyber Security Bill 2024Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024Global trends in Artificial Intelligence, data resilience and protection across government and corporate sectorsStrategies and reforms to safeguard Australian organisations and ensure data sovereignty and residencyThe event featured an open panel discussion discussing the current cyber security landscape.We spoke with Rafe Berding, Chief Corporate Affairs Officer with AUCloud, AUCyber who chaired the session. #MySecuritytv #cybersecurity

    Episode 428 - Australian cloud and cybersecurity changes underway

    Play Episode Listen Later Dec 9, 2024 5:37


    Fortifying Australia's Data Resilience and Security Luncheon held 31 October 2024 at the National Press Club in Canberra gathered industry leaders, government officials and cybersecurity experts to explore Australia's pressing cyber security challenges. As one of the most attacked countries in the world, Australia faces significant threats that demand urgent attention and innovative solutions. This event will focus on the sovereignty of Australian cyber and data residency, emphasising the need for robust strategies to protect our digital landscape. At this luncheon, the audience heard from keynote speakers and panellists discussing vital topics, including:An update on the 2023-2030 Australian Cyber Security StrategyProposed Cyber Security Legislative Package 2024, consisting ofCyber Security Bill 2024Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024Global trends in Artificial Intelligence, data resilience and protection across government and corporate sectorsStrategies and reforms to safeguard Australian organisations and ensure data sovereignty and residencyThe event featured an open panel discussion discussing the current cyber security landscape.We spoke with Samantha Maher, Head of Government Relations with AUCloud, AUCyber who participated in the session. #MySecurityytv #cybersecurity

    Episode 427 - Phishing, Voice Clones, Deepfakes

    Play Episode Listen Later Dec 5, 2024 18:18


    Jane Lo, MySecurity Media Singapore Correspondent sat down with Syed Ubaid Ali Jafri, Head of Cyber Defense and Offensive Security at Habib Bank Limited (HBL), at Tech Week Singapore, to get his insights on the sophistication of these threats. We delved into:Motivations for Attacks on Financial Institutions:Financial gain and data exploitation are prime motivations behind phishing and cyber attacks targeting banks. Attackers seek customer data, card details, and account balances, which they can use to extort or sell for profit.Financial institutions are particularly vulnerable due to their reputational concerns, leading some to pay ransoms to protect customer privacy.Increasing Accessibility of Cybercrime Tools:Advanced phishing tools, previously available only on the dark web, are now accessible on the surface web, enabling even less-skilled cybercriminals to launch attacks.With the rise of AI, non-experts can craft convincing phishing emails, bypassing traditional spam filters and reaching unsuspecting targets.Role of AI in Sophisticated Cyber Attacks:Gen AI and voice cloning technology make phishing more personalized and convincing, allowing attackers to craft emails and messages that mimic the target's language and communication style.The evolution from simple phishing to sophisticated voice and deepfake attacks was also highlighted, showing how AI can now be used to clone voices and create realistic fake videos with as few as 15 images.Challenges in Detecting AI-Driven Phishing and Deepfake Attacks:Deepfake technology makes it challenging for the average user to distinguish between real and fake communications. Convincing voice and video deepfakes are increasingly used in spear-phishing, targeting specific individuals with tailored scams.AI-powered tools generate flawless text, removing traditional phishing indicators like spelling errors or urgency cues, which previously helped users identify phishing emails.Recommendations for Protection:Users are advised to be cautious about what they share online, as personal information posted publicly can help cybercriminals tailor their attacks.Security tools like deepfake detection software can help individuals identify fake voices or videos, though awareness and cautious online behavior remain critical.Cybersecurity education is essential, with both vendors and users needing awareness of AI-driven threats to implement better protective measuresRecorded 10th Oct 2024, Tech Week Singapore 2024, 12.40pm.#mysecuritytv

    Episode 426 - New Standard for Machine Identity Security

    Play Episode Listen Later Dec 3, 2024 17:51


    We speak with Venafi's Chief Innovation Officer, Kevin Bocek following the acquisition by Cyberark, effective as 1 October, 2024.Given Kevin's role over a decade with Venafi, he gives insight into what the acquisition of Venafi means for the customers of both companies and the market.We also discuss how the IAMs compliment each other and reflect the preference of customers to reduce the number of vendors, as well as responding to the state of play in terms of companies securing machine identities, and reflecting on the last 10 years how this will develop over the short to medium term.We also consider the emergence of Quantum and recent news that scientists have cracked a shortened RSA encryption.Recorded at Impact World Tour in Sydney, an identity security event, where, importantly Kevin has a key message for customers in APAC and Australia.#mysecuritytv #venafi #cyberark #impact2024 #iam #pam #identitysecurity

    Episode 425 - AI & Quantum: The next legal frontiers

    Play Episode Listen Later Dec 2, 2024 22:37


    We sat down with Mr. Yeong to delve into the rising tensions around AI ownership, the need for more transparency, and the importance of human oversight in this rapidly changing field. Our chat took us into the fascinating convergence of quantum tech and law—paving the way for a whole new frontier in tech law. Here is a summary of the conversation under four key areas:Copyright: Cases like Getty vs. Adobe and Shutterstock are testing the limits of fair use as AI scrapes data to create new content. Different countries, like the U.S. and China, are adopting contrasting approaches to copyright. The U.S. Copyright Office has dismissed the notion that prompts given to AI can grant copyright to the user, while Chinese courts have ruled in some cases that if AI-generated content demonstrates sufficient creativity via prompts, the user may claim copyright. Human-in-the-Loop: While AI can assist with tasks like summarizing legal cases or generating reports, professionals remain accountable for the final output. The Singapore Academy of Law has developed a prompt engineering guide to help lawyers use AI effectively while ensuring human supervision and responsibility in legal services.Transparency & Explainability: Transparency means knowing how AI works, but explainability is the key to understanding why it makes certain decisions. The EU AI Act mandates transparency, but explainability is still optional. Mr. Yeong highlighted the importance of explainability in building trust with users and encouraged businesses to voluntarily offer this feature, particularly in areas like healthcare.Quantum Law: While quantum computing is currently expensive and not widely accessible, its future could disrupt assumptions about data encryption and security. Mr. Yeong noted that as quantum technology advances, policies related to data protection may need to be revisited, especially for data with long-term value.Mr Yeong Zee Kin holds a Master of Laws from Queen Mary University of London and completed his undergraduate law degree at the National University of Singapore. His experience as a Technology, Media and Telecommunications lawyer spans both the private and public sectors. He has spoken and published in areas relating to electronic evidence and intellectual property, as well as legal issues relating to Blockchain and AI deployment.Zee Kin is an internationally recognized expert on AI ethics. He spearheaded the development of Singapore's Model AI Governance Framework, which won the UNITU WSIS Prize in 2019. He is currently a member of the OECD Network of Experts on AI (ONE AI). In 2019, he was a member of the AI Group of Experts at the OECD (AIGO), which developed the OECD Principles on AI. These principles have been endorsed by the G20 in 2019. He was also an observer participant at the European Commission's High-Level Expert Group on AI, which fulfilled its mandate in June 2020.Zee Kin is also a well-regarded expert on data privacy issues. He has contributed to publications on legal issues relating to data privacy and has spoken at many well-recognised international and domestic platforms on this topic.Recorded 12th September 2024 3pm. Tech Law Fest, Singapore.#mysecuritytv #ailawyer

    Episode 424 - The focus of communicating cybersecurity to company directors

    Play Episode Listen Later Nov 28, 2024 6:08


    We speak with Chirag Joshi, Founder and CISO at 7 Rules Cyber – an innovative cyber security advisory and thought leadership company. He is a multi-award winning, seasoned cyber security executive with extensive experience leading cyber security and risk management programs in multiple countries across various industries. These include financial services, government, energy, higher education, and consulting. Chirag is the author of the two-bestselling books – “7 Rules to Become Exceptional at Cyber Security” and “7 Rules to Influence Behaviour and Win at Cyber Security Awareness." Chirag is featured in the prestigious CSO30 list of top cyber security executives in Australia. He is a Board Director and Vice President at ISACA Sydney. He is a well-known keynote speaker and has presented at numerous leading international and regional conferences and forums. Chirag has led teams and multi-million-dollar cyber transformation initiatives. He has experience in both IT and OT environments and managing cyber security through mergers and acquisitions.Cyber Security Asia 2024 took place on 7 – 8 October 2024 at ParkRoyal Hotel, Kuala Lumpur – bringing together top experts and practitioners for in-depth talks, and exclusive networking opportunities. It is a platform for the development of partnerships and strategies and highlights the latest technologies that are ensuring the safety and security of government, industry and individual.#7rulecyber #mysecuritytv #CSA2024

    Episode 423 - Hacking the sky and uncovering the vulnerabilities of satellites

    Play Episode Listen Later Nov 27, 2024 7:47


    We speak with Shahmeer Amir, CEO & Co-Founder of SpeeQR and his activities in hacking satellite transmissions.Shahmeer stands as a globally recognized Entrepreneur, world renowned public speaker and Ethical Hacker, awarded Entrepreneur of the year 2024 for founding multiple startups including Speeqr and also ranking as the third most accomplished bug hunter globally. Shahmeer has been invited to speak at 130 international conferences including Blackhat, DefCON, GiSec, National Security Summit, One Conference, and International Cyber Security. His expertise has been instrumental in assisting over 400 Fortune companies, such as Facebook, Microsoft, Yahoo, and Twitter, in resolving critical security issues within their systems. Shahmeer's entrepreneurial ventures in the technology realm have led to the establishment of multiple startups, with his current role involving the leadership of Speeqr, and involvement in Veiliux and Authiun. He serves as the Cyber Security Advisor to the Ministry of Finance in the Government of Pakistan. His involvement spans various projects, including Deep Sea Tracking, Digital Transformation of Legislation, and the Digitization of Pakistani Cultural Content. As a testament to his influence in the tech industry, he holds a position on the Forbes Technology Council.Cyber Security Asia 2024 took place on 7 – 8 October 2024 at ParkRoyal Hotel, Kuala Lumpur – bringing together top experts and practitioners for in-depth talks, and exclusive networking opportunities. It is a platform for the development of partnerships and strategies and highlights the latest technologies that are ensuring the safety and security of government, industry and individual.#mysecuritytv #austaraliainspacetv #csa2024 #spacecyber

    Episode 422 - Keeping to the basics in the Shadow World of cybersecurity

    Play Episode Listen Later Nov 25, 2024 4:38


    We speak with Craig Ford who has over 20+ year ICT and Cyber professional with experience in all three Blue team, Red team and Purple teams across my career with more recently senior consulting and CISO engagements. He is the Head Unicorn (Cofounder and Director) for Cyber Unicorns. Cyber Unicorns is a cyber security consultancy with a big difference; we are on a mission to educate everyday people on how to be safer in this online world we all live in. Yes, we offer the usual cyber security consulting such as vCISO, cyber security strategy and maturity uplift but we do it all with education in mind. People are the key to improving cyber security safety around the world. He is Australia's best-selling author of three different book series with a total of six books with more in the works. These series are A Hacker I Am, Foresight and The Shadow World.Cyber Security Asia 2024 took place on 7 – 8 October 2024 at ParkRoyal Hotel, Kuala Lumpur – bringing together top experts and practitioners for in-depth talks, and exclusive networking opportunities. It is a platform for the development of partnerships and strategies and highlights the latest technologies that are ensuring the safety and security of government, industry and individual.#csa2024 #mysecuritytv #cyberunicorns

    Episode 421 - Introducing inaugural Asia International Security Summit & Expo 2025

    Play Episode Listen Later Nov 22, 2024 5:35


    We speak with Anita Jacobson, Managing Director and Marina Yahya, Business Advisor at Alpine Integrated Solution Sdn Bhd in the lead up to the Top Women in Security ASEAN Region Awards 2024, Malaysia Awards Dinner.The Inaugural Asia International Security Summit & Expo (AISSE) 2024 at the Putrajaya International Convention Centre (PICC) will be held from 20th to 22nd January 2025.AISSE 2025 is rapidly shaping up to become one of the world's most vital internal security events. It is hosted by the Ministry of Home Affairs and Royal Malaysia Police, and is jointly organised by Alpine Integrated Solution Sdn Bhd and Royal Malaysian Police Cooperative Limited.AISSE is designed as a vital rendezvous point for law enforcement, security, and policing bodies to engage, network and exchange intelligence and expertise and at the same time synergise with security experts, technicians and strategists.In addition to a high-tech showcase of the latest advanced technological solutions for law enforcement, security and policing, AISSE will feature the first-ever ASEAN+ Security High Roundtable Meeting 2025, comprising approximately 100 high-level delegates, including Ministers of Home Affairs, Internal Security, Interior and Chiefs of Police. These distinguished delegates and their entourage will also be programmed to visit booths of security companies, engage in networking sessions, and attend bilateral meetings.Besides these Foreign VIP delegations, the event will naturally attract the entire ‘who's who' from all relevant Ministries, Agencies and Bodies of the Malaysian Government, who will be in attendance throughout the three-day event.The Inaugural Cybercrime Prevention Summit will also be held in conjunction with AISSE, in collaboration with the National Cyber Security Agency of Malaysia (NACSA). Another notable element of AISSE is that there will be approximately 30 forum sessions which will be run over the three-day period covering all areas of internal security and policing. For more information on Asia's Premium Security Showcase, AISSE 2025, please visit www.aisse.myFor the Women in Security ASEAN Region Awards visit https://womeninsecurityaseanregion.com/#topwomeninsecurityasean #mysecuritytv

    Episode 420 - State of Cybersecurity 2024 report insights with ISACA

    Play Episode Listen Later Nov 19, 2024 21:28


    In response to new questions asked by the annual study, sponsored by Adobe—which showcases the feedback of more than 1,800 global cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape—security teams in Oceania noted they are primarily using AI for:Automating threat detection/response (36 percent vs 28 percent globally)Endpoint security (33 percent vs 27 percent globally)Automating routine security tasks (22 percent vs 24 percent globally)Fraud detection (6 percent vs 13 percent globally)Sixty-four percent of cybersecurity professionals in Australia say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. The annual study, sponsored by Adobe, showcases the feedback of more than 1,800 cybersecurity professionals globally on topics related to the cybersecurity workforce and threat landscape. According to the data, Australian cybersecurity professionals are feeling the stress at slightly higher rates than their global peers for reasons including: An increasingly complex threat landscape (85 percent vs 81 percent globally) Low budget (48 percent vs 45 percent globally) Worsening hiring/retention challenges (50 percent vs 45 percent globally) Lack of prioritisation of cybersecurity risks (35 percent vs 34 percent globally) Global cybersecurity professionals are feeling the strain of insufficiently trained staff at a higher rate than in Australia, at 45 percent compared to 37 percent locally. We speak with ISACA's Jon Brandt, Jenai Marinkovic and Jo Stewart-Rattray on the outcomes of the latest report.Read more: https://australiancybersecuritymagazine.com.au/isaca-research-reveals-cyber-professionals-are-feeling-the-strain/Get a copy of the report here: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

    Episode 419 - Facing the challenges and achieving benefits of AI - CxO Perspectives Series

    Play Episode Listen Later Nov 11, 2024


    We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity. Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds. For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity

    Episode 418 - Scoping and managing a Bug Bounty with Bugcrowd - CxO Perspectives Series

    Play Episode Listen Later Nov 11, 2024


    We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity. Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds. For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity

    Episode 417 - CISO insights into working with Bugcrowd - CxO Perspectives Series

    Play Episode Listen Later Nov 11, 2024


    We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity. Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds. For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity

    Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024

    Play Episode Listen Later Nov 8, 2024


    We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

    Episode 415 - The Risk Story – Software Supply Chain Security

    Play Episode Listen Later Sep 26, 2024 22:13


    We sat down with Cassie Crosley to explore the complexities of supply chain risks, particularly within the realm of operational technology (OT).Comprehensive Supply Chain Security - Crosley detailed the various stages in the supply chain—design, development, and fabrication—where both deliberate and accidental abuses can occur. Each stage presents unique risks, such as compromised design specifications, development flaws, or issues during fabrication. She emphasized that securing the software supply chain requires a holistic approach that goes beyond protecting just software; it must also include firmware and hardware. For example, when working with an Intel chip, securing both the software and firmware associated with that chip is critical. Firmware, which operates at a low level on hardware, is vital for overall system security. Any vulnerabilities in firmware can significantly compromise the entire system, making it essential to secure it alongside software and hardware.Challenges in Secure by Design - Crosley also noted that while "secure by design" principles often originate from an IT perspective, they may not seamlessly translate to OT environments. This disparity creates challenges, as certain IT security measures, like multi-factor authentication (MFA), may not be practical or necessary in OT due to specific operational needs. Additionally, OT devices are often multi-generational, increasing the risk of outdated security designs. OT systems, such as programmable logic controllers (PLCs) used in industrial settings, have distinct requirements and constraints, necessitating tailored security approaches.Automated Patching Issues - Crosley highlighted that automated patching in OT environments can pose safety concerns and lead to downtime. Unlike IT systems where automated updates are common, OT systems often require careful, manual handling to avoid disrupting critical processes. Automated patching can interfere with vital safety mechanisms, underscoring the need for controlled and deliberate update management.SBOM (Software Bills of Materials) - Crosley pointed out that while generating accurate Software Bills of Materials (SBOMs) for modern technologies is relatively straightforward, it becomes more complex for multi-generational OT products due to outdated build practices and the limitations of current scanning tools. While scanners effectively identify open-source components, they struggle with proprietary or commercial libraries, and discrepancies in version identification can be problematic, particularly if certain versions have known vulnerabilities.Role of AI in Software Development – She also pointed out how AI can quickly analyze vast amounts of data, identifying risks and correlations between projects that would take humans much longer to detect. For example, AI can track a maintainer's contributions across multiple projects to spot potential security risks, such as involvement in both malicious and non-malicious projects. AI is also increasingly offering developers precise guidance on addressing specific vulnerabilities. Instead of generic suggestions, AI now recommends the best code modifications for a given context, speeding up development and enhancing code security.Supplier Assessment - Crosley advised that supplier assessments should focus on specific aspects of vulnerability management and product security rather than generic compliance questions. It's crucial to inquire about suppliers' vulnerability management practices and their methods for ensuring product security. She emphasized the importance of transparency from suppliers regarding their manufacturing processes, product variations, and supply chain details, advocating for detailed questions to effectively understand and mitigate risks.Positive Cultural Shift - Crosley shared an encouraging trend where companies are increasingly prioritizing supply chain security. A notable example is a supplier that created a position for a Product Security Officer after facing rigorous scrutiny, reflecting a positive shift towards more robust supply chain security practices.Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. #mysecuritytv

    Episode 414 - Winning the OT Security Battle

    Play Episode Listen Later Sep 24, 2024 28:09


    We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.CrowdStrike Lessons LearnedTim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.Cyber Threat LandscapeRobert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems. He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.Critical Control – ICS Network VisibilityTim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.Critical Control – Incident Response PlanTim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support. OT and IT ConvergenceTim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.Celebrating WinsFinally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts. Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/ SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks. Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H#mysecuritytv #otcybersecurity

    Episode 413 - Operational Technology (OT) Cybersecurity - Episode 4

    Play Episode Listen Later Sep 22, 2024 60:06


    This episode dives into OT Cybersecurity and discusses:SCADA, ICS & IIoT CybersecurityHow do we define an OT-related cyber incident?What are the leading standards and guidelines for managing OT Cybersecurity and resilience?Threat intelligence and suitable ISAC modelsVendor platform insights and cyber maturity landscapeSpeakers include:Daniel Ehrenreich, Secure Communications and Control ExpertsLesley Carhart, Director of Incident Response - DragosIlan Barda, Founder - RadiflowRahul Thakkar, Team Lead, System Engineering, ANZ, ForescoutDean Frye, Solutions Architect ANZ, Nozomi NetworksTo visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/#mysecuritytv #otcybersecurityFurther reading:https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/ https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/

    Episode 412 - AI, ML & Automation | Aligning Safety & Cybersecurity - Episode 6

    Play Episode Listen Later Sep 8, 2024 62:41


    In March 2024, the Australian Senate resolved that the Select Committee on Adopting Artificial Intelligence (AI) be established to inquire into and report on the opportunities and impacts for Australia arising out of the uptake of AI technologies in Australia. The committee intends to report to the Parliament on or before 19 September 2024.More than 40 Australian AI experts made a joint submission to the Inquiry. The submission from Australians for AI Safety calls for the creation of an AI Safety Institute. “Australia has yet to position itself to learn from and contribute to growing global efforts. To achieve the economic and social benefits that AI promises, we need to be active in global action to ensure the safety of AI systems that approach or surpass human-level capabilities.” “Too often, lessons are learned only after something goes wrong. With AI systems that might approach or surpass human-level capabilities, we cannot afford for that to be the case.”This session has gathered experts and specialists in their field to discuss best practice alignment of AI applications and utilisation to safety and cybersecurity requirements. This includes quantum computing which is set to revolutionise sustainability, cybersecurity, ML, AI and many optimisation problems that classic computers can never imagine. In addition, we will also get briefed on: OWASP Top 10 for Large Language Model Applications; shedding light on the specific vulnerabilities LLMs face, including real world examples and detailed exploration of five key threats addressed using prompts and responses from LLMs; Prompt injection, insecure output handling, model denial of service, sensitive information disclosure, and model theft; How traditional cybersecurity methodologies can be applied to defend LLMs effectively; and How organisations can stay ahead of potential risks and ensure the security of their LLM-based applications.PanelistsDr Mahendra SamarawickramaDirector | Centre for Sustainable AIDr Mahendra Samarawickrama (GAICD, MBA, SMIEEE, ACS(CP)) is a leader in driving the convergence of Metaverse, AI, and Blockchain to revolutionize the future of customer experience and brand identity. He is the Australian ICT Professional of the Year 2022 and a director of The Centre for Sustainable AI and Meta61. He is an Advisory Council Member of Harvard Business Review (HBR), a Committee Member of the IEEE AI Standards, an Expert in AI ethics and governance at the Global AI Ethics Institute (GAIEI), a member of the European AI Alliance, a senior member of IEEE (SMIEEE), an industry Mentor in the UNSW business school, an honorary visiting scholar at the University of Technology Sydney (UTS), and a graduate member of the Australian Institute of Company Directors (GAICD).Ser Yoong GohHead of Compliance | ADVANCE.AI | ISACA Emerging Trends Working GroupSer Yoong is a seasoned technology professional who has held various roles with multinational corporations, consulting and also SMEs from various industries. He is recognised as a subject matter expert in the areas of cybersecurity, audit, risk and compliance from his working experience, having held various certifications and was also recognised as one of the Top 30 CSOs in 2021 from IDG. Shannon DavisPrincipal Security Strategist | Splunk SURGeShannon hails from Melbourne, Australia. Originally from Seattle, Washington, he has worked in a number of roles: a video game tester at Nintendo (Yoshi's Island broke his spirit), a hardware tester at Microsoft (handhelds have come a long way since then), a Windows NT admin for an early security startup and one of the first Internet broadcast companies, along with security roles for companies including Juniper and Cisco. Shannon enjoys getting outdoors for hikes and traveling.Greg SadlerCEO | Good Ancestors PolicyGreg Sadler is also CEO of Good Ancestors Policy, a charity that develops and advocates for Australian-specific policies aimed at solving this century's most challenging problems. Greg coordinates Australians for AI Safety and focuses on how Australia can help make frontier AI systems safe. Greg is on the board of a range of charities, including the Alliance to Feed the Earth in Disasters and Effective Altruism Australia. Lana TikhomirovPhD Candidate, Australian Institute for Machine Learning, University of AdelaideLana is a PhD Candidate in AI safety for human decision-making, focussed on medical AI. She has a background in cognitive science and uses bioethics and knowledge about algorithms to understand how to approach AI for high-risk human decisionsChris CubbageDirector - MYSECURITY MEDIA | MODERATORFor more information and the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/

    Episode 411 - Pragmatic AI Maturity Model

    Play Episode Listen Later Aug 15, 2024


    In this interview, we sat down with Greg Smith (Head of Global Product and Solution Marketing, Certinia) to get his insights into the stages of data maturity within the AI adoption journey.Greg advices that a key distinction in the nature of data handling between generative and predictive AI. Unlike predictive AI, which primarily analyzes existing data, generative AI creates new data from existing information. This fundamental shift necessitates a robust data strategy aligned with AI objectives to maximize the technology's potential.The maturity model outlines a progression from fragmented data usage to a sophisticated, integrated approach. Organizations initially leverage external data for efficiency gains, but internal data becomes crucial for deeper insights and influencing business metrics. As AI adoption matures, a focus on closed-loop systems emerges, where predictions are continuously refined based on real-world outcomes. This journey involves both technological and cultural transformations, with early stages emphasizing technology and later stages prioritizing cultural changes such as data governance and AI skill development.The ultimate goal is to transition from efficiency gains to improved decision-making and scaled impact. ---- Greg Smith, Head of Global Product and Solution Marketing, Certinia.A primary focus of Greg's is to help services organizations of any size run a more efficient, profitable, and data-driven services organization.---- Recorded at SuperAI Singapore, 6th June 2024, 2.30pm. #mysecuritytv #ai #certinia #superai

    Episode 410 - Series Insight 4 of 4 - CISO perspectives for the Asia Pacific region

    Play Episode Listen Later Aug 14, 2024


    We speak with Nick McKenzie, CI&SO and Sunil Joshi, Head of Digital & Communication Solutions, APJC, Orange Business about the CISO perspectives in the Asia Pacific Region.#mysecuritytv #bugcrowd For the full interview and to join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    Episode 409 - Series Insight 3 of 4 - Supply chain defence and Third Party Risk Management

    Play Episode Listen Later Aug 13, 2024


    Nick McKenzie, CI&SO with Bugcrowd & Sumit Bansal, VP Asia Pacific & Japan, BlueVoyant discuss CxO perspectives on supply chain defence and Third Party Risk Management (TPRM).To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/ #bugcrowd #mysecuritytv

    Episode 408 - Series Insight 2 of 4 - Hack the Hacker Series introduction with Bugcrowd's CSO & TISO

    Play Episode Listen Later Aug 12, 2024


    Unlock the secrets of effective threat management with cybersecurity experts plus representatives from the Hacker community. This series will dive into the realm of cybersecurity and cybercrime analytics as our line-up of hackers and technologists debate the crucial role ethical hacking plays in fortifying digital defences. This includes exploring the 'living off the land' strategies, offensive best practices, and insights on harnessing the ethical hacker's prowess to stay one step ahead in the ever-evolving threat landscape. Don't miss this illuminating series on proactive cybersecurity measures that can redefine the way organizations safeguard their digital assets. Casey Ellis, Chief Strategy Officer with Bugcrowd was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections. Saj Lohani, is a celebrated Whitehat hacker and in the Hacker Hall of Fame for Amazon, Yahoo, Github, AT&T, US Defense and others. At Bugcrowd his role is Global TISO & Snr Director, Cybersecurity. To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/ #bugcrowd #mysecuritytv

    Episode 407 - Series Insight 1 of 4 - Bugcrowd's future plans for growth and expansion throughout the Asia Pacific

    Play Episode Listen Later Aug 11, 2024


    Hot on the heels of Bugcrowd recently achieving Unicorn status, following their recent USD $102 million fund raise, Bugcrowd's CEO Dave Gerry and founder and Chief Strategy Officer, Casey Ellis outline Bugcrowd's vision for the future and plans for growth and expansion throughout the Asia Pacific region in 2024/5 and beyond.Dave Gerry has been in the AppSec market for nearly a decade and has held key leadership positions within several cybersecurity companies such as WhiteHat Security, Veracode, Sumo Logic, and The Herjavec Group. Dave is passionate about building programs that are repeatable, scalable, and predictable, helping to drive customer business outcomes and technical value.Casey Ellis was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections.To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv

    Episode 406 - Technology Leadership in the AI era

    Play Episode Listen Later Aug 11, 2024


    Prior to Joining Seaco as CIO, Damian Leach held the position of Chief Technology Officer for Workday Asia Pacific and Japan. Prior to his CTO position at Workday Damian spent 13 years in the Banking and Finance industry in Global Technology roles, most recently working for Standard Chartered Bank based in Singapore. Damian led the Digital Transformation program for the Bank to move to the cloud and pioneered Voice Biometric technologies for the retail Banking customers. Prior to coming to Asia, Damian spent many years managing professional services teams to develop core banking interactive technology systems in Europe. Damian is a certified AI professional having studied AI Bias and Governance at NTU and also completed an EMBA in Business Administration focused on Asian Leadership and Entrepreneurship with overseas segments in Wharton Penn university and UC Berkley HaaS. In his spare time Damian coaches, mentors, and is a panelist on startups / innovation contest across Asia. --- In this interview, Damian shares the highlights of how Seaco, a global company HQ in Singapore leverages a network of shipping ports and depots and has over 3million TEUs in circulation. The Seaco IT team in partnership with the business are running a series of experiments with AI and Big data to help it adapt to stay ahead of the curve. While there is a lot of hype surrounding AI, Damian emphasizes the importance of understanding the core business problems before jumping to technology solutions. He introduced the ACE framework (Analytics, Conversational, and Experience) which can help pinpoint the most relevant business cases for AI adoption. For instance, at Seaco, they evaluated 30 potential use cases and narrowed it down to 3 that deliver the biggest boost to productivity and revenue.However, successful AI adoption goes beyond technology. Damian highlights the importance of employee and stakeholder buy-in. This means addressing fears of job displacement and showcasing how AI can actually enhance productivity. For example, he explains how success stories from pilot projects can pave the way for realizing the technology's full impact. He also emphasizes fostering a culture of "psychological safety" where employees feel comfortable experimenting with new technologies. Looking to the future, he acknowledged that AI presents both opportunities and challenges for business leaders. As such, it's essential to have a clear vision and strategy in place, along with a commitment to ongoing learning and development for his employees.Recorded 29th May 2024, ATxSG Singapore Expo, 12.30pm.

    Episode 405 - United Nations Office on Drugs and Crime: Counter-Cybercrime

    Play Episode Listen Later Jul 14, 2024


    In this interview at SINCON 2024, Dr. Joshua James, a Regional Counter Cyber Crime Coordinator for the United Nations Office on Drugs and Crime (UNODC), shared his insights on the Regional Counter-cybercrime programme at UNODC.Dr. James argued that while law enforcement agencies are getting better at responding to cybercrime, the cyber criminals are also getting better at what they do. This is because cybercrime is a business for them, and they invest heavily in security measures to protect their operations.He believes that the key to defeating cybercrime is for governments to see their citizens as assets rather than liabilities. If people are viewed as assets, then more will be invested in educating them and giving them the tools they need to protect themselves online.He also said that international cooperation is essential in the fight against cybercrime. The current system for international cooperation, called mutual legal assistance, was created before the internet and is not effective for cybercrime. New tools and methods for international cooperation are needed.In conclusion, Dr. James said that he is confident that cybercrime can be defeated, but it will take a lot of work from governments and citizens alike.Recorded 23rd May 2024, 10.30am, SINCON 2024, Singapore.Dr. Joshua James is the United Nations Office on Drugs and Crime (UNODC) Regional Counter-Cybercrime for Southeast Asia and the Pacific, based in Bangkok, Thailand. He and his team implement counter-cybercrime programme in the region through capacity building and awareness programmes at all levels of government. He has worked as a seconded researcher with the Irish Police Computer Crimes Investigation Unit, INTERPOL's Financial and High-Tech Crime Unit, and the Korean National Police. He has also worked closely with public and private sector groups to raise awareness about cybersecurity and cybercrime issues. He completed his Bachelor's degree in Network Security from Purdue University, and his PhD in Computer Science with a focus on automating human inference in investigations from University College Dublin.#mysecuritytv #unodc #cybercrime

    Episode 404 - AI Trust: The Philippine Airlines Journey

    Play Episode Listen Later Jun 19, 2024


    In this interview, we speak with Mac Munsayac, Head of Customer Experience at Philippine Airlines, to explore the transformative role of AI in the aviation industry. Mac elaborates on the integration of generative AI and tools to enhance customer interactions by providing personalized, proactive, and frictionless experiences, especially in scenarios involving flight disruptions and service-related concerns.He underscores the significance of recognizing AI's limitations and stresses the necessity of human intervention in high-risk tasks to ensure accuracy and reliability. Training employees effectively and maintaining ongoing communication are crucial to successfully implementing AI. Mark highlights that starting with high-volume, less complex pain areas allows for immediate impact and smoother adoption.Using the example of checking flight statuses—a high-volume but straightforward task—he illustrates how AI can significantly reduce customer queries and improve service efficiency. This approach serves as a training ground, gradually extending AI's application to more complex scenarios. Mark also touches on the importance of defining clear metrics for operational efficiency, customer experience, and cost savings to measure AI's success.Ultimately, he advises organizations to adopt a phased approach, beginning with manageable tasks to build trust and progressively enhancing AI capabilities. This ensures that AI is leveraged effectively to improve customer experiences and operational efficiency while managing risks and expectations realistically.Mac Munsayac, Head of Customer Experience, Philippine Airlines: A dynamic leader with 20 years of diverse leadership experience spanning global finance, business process outsourcing, and aviation. Currently serving as the head of PAL Customer Experience, he excels in fostering innovation, problem-solving, and maximizing organizational performance. In this capacity, he oversees initiatives aimed at enhancing passenger satisfaction, streamlining services, and elevating the overall customer journey. Beyond his professional pursuits, Mac is an avid traveler, deeply passionate about immersing himself in diverse cultures and experiences.Recorded 8 May 2024, 3pm, World Tour Essentials Asia 2024, Singapore Marina Bay Sands Convention Centre #mysecuritytv

    Episode 403 - Beyond AI Hype - Trust, Transparency & Security

    Play Episode Listen Later Jun 16, 2024


    As Vice President and CTO, Solutions, for Salesforce ASEAN, Gavin Barfield leads a team of Salesforce engineers across the region to develop and drive integrated technology solutions for Salesforce customers. Gavin works closely with customers in ASEAN on their digital transformations, bringing together the full value of the Salesforce platform to drive positive business outcomes. A seasoned IT veteran with over 20 years of experience, Gavin has a deep technology background in areas like IT infrastructure, enterprise architecture, cybersecurity, and program management for a variety of industries. Prior to joining Salesforce, he has held C-level positions managing IT and transformation for some of Southeast Asia's largest companies, such as Ayala Corporation and Meralco. Gavin also brings many years of experience in management consulting into his work for customers.Gavin has a passion for emerging technologies and he regularly speaks at international conferences and other forums on the future of disruptive technologies and how they affect people and work.- In this interview, Gavin discusses how, to drive AI adoption and reap the benefits of AI, businesses need accurate, complete data and humans in the driver's seat. He highlights several key points:• Trust and Value Gaps: Two main barriers to AI adoption are the trust gap and the value gap. Trust in generative AI is essential, as companies need to ensure that AI outputs are accurate, unbiased, and secure.• Human at the Helm: Gavin emphasizes the importance of having humans oversee AI operations. AI should complement human work by enhancing capabilities while maintaining transparency and trust with customers.• Quality Data: AI systems need to be grounded in high-quality, trusted data. Many companies struggle with AI outputs due to a lack of trust in the data used to train these models.• Use Case Awareness: Understanding the appropriate use cases for AI is crucial. Companies need to educate employees and align AI implementations with specific business problems to maximize benefits.• Governance and Training: Effective governance and training are necessary to build trust in AI. Organizations should focus on data accuracy, transparency, and the role of AI as a supportive tool, not a replacement for humans.• Security and Privacy: Protecting customer and company data is paramount. Salesforce has implemented a trust layer that masks personal information, uses secure gateways, and ensures data is not retained by large language models (LLMs).• Future of AI: Gavin anticipates that within a year, the AI landscape will evolve with more specialized LLMs tailored to specific industries and regions. Trust, security, and embedding AI into everyday workflows will remain critical factors for successful AI adoption. Recorded 8th May 2024, 12noon, Singapore Marina Bay, Salesforce World Tour Essentials 2024 Singapore

    Episode 402 - AI Security - Backdoors and Poisoned Data

    Play Episode Listen Later May 23, 2024


    In this interview at Black Hat Asia 2024, we spoke with Adrian Wood and Mary Walker, security engineers from Dropbox, about the critical issues surrounding AI security, backdoors, and malware.Adrian and Mary explained that many users rely on pre-existing machine learning (ML) models from public repositories rather than creating their own. This introduces vulnerabilities similar to those found in open-source software. Using in-house data requires careful handling to avoid bias and unintended consequences, while third-party models can be compromised.They emphasized that downloading and running models from the internet can introduce malware. Attackers can backdoor models to alter their functions or insert malicious code, posing significant threats, especially in sensitive industries.Adrian and Mary also stressed the importance of understanding the ML environment, ensuring proper logging, and having incident response plans in place. Companies should prepare by conducting tabletop exercises and securing their supply chains.For more educational information on machine learning: https://gist.github.com/5stars217/236bab5d1d8d50e9785a4136aca8cf20 --------Dropbox, Security Engineer - Adrian Wood, aka threlfall, currently works for Dropbox on their red team. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive security research team at a US bank. His research recently has been in supply chain attacks on CI/CD and ML systems, which includes maintaining the offsec ml playbook and has presented on these topics at DEFCON 30, 31, the DEFCON AI village, Cackalackycon and more.Dropbox, Security Engineer - Mary Walker, aka mairebear, currently works for Dropbox on their threat intelligence team; she splits her time at work between research (primarily focused on ML) and building tooling to help her team move faster. She's previously worked at a major online retailer on their malware analysis and forensics team, a US bank on their red team, and an energy company in their SOC. Her background is primarily in DFIR and malware analysis, with a keen interest in production environments.Recorded 18th April 2024, 4.30pm, BlackHat Asia 2024, Singapore #BHAsia #mysecuritytv #blackhat

    Episode 401 - Episode 2 - Security & Risk Professional Insight Series 2024

    Play Episode Listen Later May 16, 2024


    Now in its fourth year we'll be starting this year's series at a heightened time of risk and significant activity across the security domain - the opening episodes will be discussing how these events impact private security and emergency services and what may be the broader requirements and implications. To open the series, which will run regular episodes of live webinars, pre-recorded interviews and in-person events, we wanted to open with the current state of play – regional conflicts in the Middle East and Europe with a steadily growing risk of an Indo-Pacific conflict and how this will and may impact on the private security and emergency management sector. In this episode we're joined by:Paul Riley, Director, Foreign Risk at Curtin University Bryan de Caries, CEO, Australian Security Industry AssociationDr Shannon Ford, Faculty of Humanties, Curtin UniversityProf Sissel Jore, visiting Professor with Edith Cowan UniversityWebinar title: Requirements and implications on the private security sector in a phase of multi-region conflict• Implications of war (and pre-war) in the Indo-Pacific and impacts on the private security sector• Alignment and consistency of national security advice• Trust in information systems and delivery/interpretation• Current and required national response frameworks should war break out in the Indo-Pacific• Learning outcomes from the Pandemic – what went wrong and what needs to change?#mysecuritytv

    Claim Cyber Security Weekly Podcast

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel