Trust Issues

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.

In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don't forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.

In this episode of Security Matters, host David Puner sits down with Eric Olden, co-founder and CEO of Strata Identity, and a pioneer in modern identity management. Eric shares his career journey, from founding Simplified to leading Oracle's global identity division, and discusses the critical importance of resilience in identity systems.Discover how organizations can eliminate single points of failure, test their backup plans and ensure their digital operations remain robust even in the face of unexpected outages. Eric also delves into the concept of identity orchestration, explaining how it can unify multiple identity systems and enhance security.Tune in to learn about the latest trends in identity management, including the intersection of AI and identity, and gain insights into how businesses can proactively assess and mitigate risks associated with identity outages.Don't miss this engaging conversation filled with practical advice and forward-thinking strategies to help safeguard your organization's identity infrastructure.

In this episode of Security Matters, host David Puner, dives into the world of evolving cyberthreats with Bryan Murphy, Senior Director of CyberArk's Incident Response Team. Imagine a scenario where an attacker uses AI-generated deepfakes to impersonate your company's VP of finance, gaining unauthorized access to your environment. Bryan Murphy shares insights on how these sophisticated attacks are turning identity into the attack surface and why your first line of defense might be as simple as a video call. Learn about the latest trends in social engineering, credential tiering and the importance of visual verification in incident response. Don't miss this eye-opening discussion on how to protect your organization from the ever-evolving threat landscape.

In this episode of the Security Matters podcast, host David Puner sits down with Lior Yaari, CEO and co-founder of Grip Security, for a discussion that covers the concept of identity debt and its implications for modern cybersecurity. Lior shares insights from his experience in Israel's elite Unit 8200 and explains why identity is now the new security perimeter. They delve into the challenges organizations face in managing SaaS applications, the impact of generative AI on cybersecurity and the importance of proactive identity governance. Tune in for tips on how to protect your organization from within and stay ahead of evolving threats.

Imagine receiving an urgent email from your bank that looks perfectly legitimate. It warns you of a suspicious transaction and prompts you to verify your identity. You hesitate but click, and suddenly, your credentials are compromised. This scenario, crafted by AI-powered fraud-as-a-service, is happening now.In this episode of the Security Matters podcast, host David Puner is joined by Blair Cohen, Founder and President of AuthenticID, to discuss the evolving identity threat landscape. They explore the rise of synthetic fraud, the role of biometric authentication and how AI-driven security is reshaping the fight against cybercrime. Blair shares insights on the challenges of detecting deepfakes, the advancements in biometric authentication and the impact of generative AI on security measures.Tune in to learn how security leaders can stay ahead in this rapidly changing environment and what organizations can do to prepare for the next generation of cyberthreats.

In this episode of the Security Matters podcast, host David Puner is joined by Lavi Lazarovitz, Vice President of Cyber Research at CyberArk Labs, to explore the transformative impact of AI agents on cybersecurity and automation. They discuss real-world scenarios where AI agents monitor security logs, flag anomalies, and automate responses, highlighting both the opportunities and risks associated with these advanced technologies.Lavi shares insights into the evolution of AI agents, from chatbots to agentic AI, and the challenges of building trust and resilience in AI-driven systems. The conversation delves into the latest research areas, including safety, privacy, and security, and examines how different industries are adopting AI agents to handle vast amounts of data.Tune in to learn about the critical security challenges posed by AI agents, the importance of trust in automation, and the strategies organizations can implement to protect their systems and data. Whether you're a cybersecurity professional or simply curious about the future of AI, this episode offers valuable insights into the rapidly evolving world of AI agents.

In this episode of Security Matters, we dive into the world of retail technology and cybersecurity. Imagine a bustling retail chain during its busiest shopping season, only to be disrupted by a cyberattack. Our guest, Jason James, Chief Information Officer (CIO) at Aptos Retail, shares his insights with host David Puner on how to stay ahead of these threats. Discover the strategies for building cyber resilience, the role of AI in retail, the importance of protecting consumer trust and the critical role of identity in safeguarding sensitive data. JJ's journey from tech enthusiast to CIO offers actionable insights and expert advice for cyber professionals, business leaders and anyone with a seat at or view of the cybersecurity table.

In the inaugural episode of the Security Matters podcast, host David Puner dives into the world of AI security with CyberArk Labs' Principal Cyber Researcher, Eran Shimony. Discover how FuzzyAI is revolutionizing the protection of large language models (LLMs) by identifying vulnerabilities before attackers can exploit them. Learn about the challenges of securing generative AI and the innovative techniques used to stay ahead of threats. Tune in for an insightful discussion on the future of AI security and the importance of safeguarding LLMs.What's Security Matters? Check out the show trailer to learn more. Make us your top cybersecurity podcast.Links referenced in this episode:FuzzyAI GitHub pageFuzzyAI Discord Community

Welcome to Security Matters, the next evolution of CyberArk's podcast. Previously known as Trust Issues, this show has always brought expert insights into the world of identity security.Hosted by David Puner, Senior Editorial Manager at CyberArk, Security Matters refines its focus to emphasize a proactive approach to cybersecurity. The podcast will delve into the principle of "Think like an attacker," highlighting the importance of staying ahead of threats rather than merely reacting to them.Each episode will feature deep insights, expert perspectives, and actionable strategies to help empower listeners to defend and protect their organizations and the digital world. Topics will include securing the entire spectrum of identities—both human and machine—protecting hybrid and multi-cloud environments and analyzing the latest attack methods.Join Security Matters to explore why how you approach security truly matters.Coming mid-Feb. 2025 to this stream and most major podcast platforms. 

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs' Senior Offensive Research Evangelist, and Joe Garcia, CyberArk's Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity. Tune in to learn how to help bolster your defenses against future cyber threats.To read CyberArk Labs' analysis of the U.S. Treasury attack, check out the teams' blog, "The US Treasury Attack: Key Events and Security Implications." 

In this episode of the Trust Issues podcast, host David Puner dives into the complexities of secrets management with Ritesh Desai, General Manager at AWS Secrets Manager. They discuss the evolving landscape of secrets management, emphasizing the importance of a multi-layered defense strategy as organizations increasingly adopt cloud services, digital transformation and agile development practices. Ritesh highlights the critical role of machine identities in managing secrets and the growing significance of AI and automation in enhancing security measures. He also underscores the necessity of a comprehensive approach that includes discovery, visibility and leak detection to safeguard sensitive information effectively. The conversation covers the challenges of managing secrets in multi-cloud environments and the importance of regular secret rotation and access control. This episode provides valuable insights into best practices and strategies for securing secrets. 

In this episode, Trust Issues host David Puner wraps up 2024 with a conversation with Red Hat's Field CTO Ambassador E.G. Nadhan about the future of cybersecurity. They discuss the importance of cloud security principles, the impact of emerging technologies like AI and quantum computing, and the challenges of managing machine identities. Nadhan emphasizes the need for organizations to prepare for future security challenges by understanding the attacker mindset and taking proactive steps today to protect for tomorrow. The conversation also touches on collaboration within the open source community and the role of Red Hat's Field CTO organization in driving innovation and addressing market opportunities.

In this episode of the Trust Issues podcast, host David Puner sits down with Andrew Shikiar, the Executive Director and CEO of the FIDO Alliance, to discuss the critical issues surrounding password security and the innovative solutions being developed to address them. Andrew highlights the vulnerabilities of traditional passwords, their susceptibility to phishing and brute force attacks, and the significant advancements in passwordless authentication methods, particularly passkeys. He explains how passkeys, based on FIDO standards, utilize asymmetric public key cryptography to enhance security and reduce the risk of data breaches. The conversation also covers the broader implications of strong, user-friendly authentication methods for consumers and organizations, as well as the collaborative efforts of major industry players to make the internet a safer place. Additionally, Andrew highlights the importance of identity security in the context of these advancements, emphasizing how robust authentication methods can protect personal and organizational data. Tune in to learn about the future of authentication and the steps being taken to eliminate the reliance on passwords.

In this episode of Trust Issues, host David Puner interviews James Imanian, Senior Director of the U.S. Federal Technology Office at CyberArk. They discuss the critical topic of election security, focusing on the recent 2024 U.S. presidential election. Drawing from his extensive background in cybersecurity including a career in the Navy and a stint at the U.S. Department of Homeland Security, James brings a wealth of experience to the conversation, which explores AI's impact on election security—highlighting how AI has transformed the landscape by increasing the scale, speed and sophistication of misinformation and disinformation campaigns. James explains the differences between misinformation, disinformation and malinformation and their roles in the information environment surrounding elections.He also highlights the importance of public-private partnerships in securing election infrastructure and the role of international collaboration in countering nation-state threats. The episode examines the challenges of maintaining trust in the digital age and the potential of identity verification technologies to enhance information trustworthiness.Finally, the discussion touches on the parallels between election security and enterprise cybersecurity, emphasizing the need for critical thinking and proactive measures to uphold the integrity of both elections and organizational security.For more insights from James Imanian on election security, check out his blog, "Six Key Measures for Upholding Election Security and Integrity." 

In this episode of the Trust Issues podcast, host David Puner and David Lee, aka “The Identity Jedi,” delve into the evolving landscape of identity security. They discuss the critical challenges and advancements in securing both human and machine identities. Lee shares insights on the fear and misconceptions surrounding AI, drawing parallels to pop culture references like Marvel's Jarvis. They explore the potential of autonomous AI in monitoring and managing security tasks, emphasizing the need for real time data analysis and context understanding. The conversation highlights the importance of providing context on both human and machine sides to enhance security measures. They also touch on the role of investors in the identity security space and the need for better storytelling in the industry.

In this episode of the Trust Issues Podcast, host David Puner sits down with CyberArk's resident technical evangelist, white hat hacker and transhuman, Len Noe. They dive into Len's singular journey from a black hat hacker to an ethical hacker, exploring his identity reinvention and the fascinating world of subdermal microchip implants and offensive security. Len shares insights from his new book, "Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker," which releases on October 29. They also discuss the relevance of Len's transhuman identity to his work in identity security.

In this episode of Trust Issues, host David Puner welcomes back Lavi Lazarovitz, Vice President of Cyber Research at CyberArk Labs, for a discussion covering the latest developments in generative AI and the emerging cyberthreats associated with it. Lavi shares insights on how machine identities are becoming prime targets for threat actors and discusses the innovative research being conducted by CyberArk Labs to understand and mitigate these risks. The conversation also touches on the concept of responsible AI and the importance of building secure AI systems. Tune in to learn about the fascinating world of AI security and the cutting-edge techniques used to protect against AI-driven cyberattacks.

In this episode of the Trust Issues podcast, host David Puner sits down with Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral guidance on identity-centric security strategies to help organizations reduce the risk of identity-related attacks. They explore the evolution of digital identity, discussing how it has transformed from simple identifiers to complex, multifaceted digital identities for both humans and machines. In today's threat landscape, the number and types of identities, attack methods and environments have dramatically increased, making it more challenging to secure identities. Jeff discusses the challenges and efforts in creating sustainable, interoperable digital identity hubs for cross-border applications, the future of digital passports and the importance of encryption and multi-factor authentication (MFA) for securing sensitive data. The conversation also highlights the significance of thought leadership and maintaining a vendor-agnostic approach in identity security.

Aaron Painter, CEO of NameTag, joins host David Puner for a conversation that covers several key themes, including the inadequacies of current identity verification methods, the rise of deep fakes and AI-generated fraud – and the importance of preventing identity fraud rather than merely detecting it. Aaron discusses the role of advanced technologies like cryptography, biometrics and AI in improving identity verification. He also highlights the critical issue of social engineering attacks at help desks and the need for trust in digital interactions.Aaron stresses the importance of preventing identity fraud by using a combination of cryptography, biometrics and AI, rather than solely relying on detection methods. He also touches on the challenges of verifying human identities and the need for platforms to verify their users to create safe online communities.Put your name on it and give it a listen! 

In this episode of the Trust Issues podcast, Roland Cloutier, who served as TikTok's Global Chief Security Officer (CSO) from April 2020 to September 2022, joins host David Puner for a discussion that covers his extensive experience in the field of security. He previously held similar roles at ADP and EMC and is now a partner at the Business Protection Group.Roland discusses his challenges in protecting sensitive data at TikTok, the social media platform with over 1 billion active users. He also talks about the complexities of ensuring data security and compliance. Roland emphasizes the importance of identity in modern security, explaining how privilege controls across the IT estate are crucial for protecting workforce users, third-party vendors, endpoints and machine identities.Roland also highlights the need for a deep understanding of the business and its culture to implement security measures effectively. He shares insights into the role of identity in determining access to data and the importance of continuous controls assurance and validation. The episode provides a fascinating look into the security imperatives of a major social media platform and the measures taken to protect user data. Listeners will gain valuable insights into the strategies and principles Roland employed during his tenure at TikTok, as well as his broader views on security and privacy in the digital age.

In this episode of the Trust Issues podcast, Debashis Singh and host David Puner explore the intricate world of digital transformation and identity security. Debashis, the Global CIO at Persistent Systems, shares his frontline insights on the singular challenges and strategies organizations face on their digital transformation journeys. The conversation highlights the importance of integrating identity security into digital initiatives, ensuring compliance – and protecting against the evolving cyber threat landscape.Debashis also discusses the delicate balance between innovation and security, the impact of AI on cybersecurity and the significance of organizational cyber awareness. Additionally, he talks about the role of generative AI in the industry and the potential risks it poses, such as sophisticated deepfake attacks and ransomware threats.This episode offers valuable perspectives on how businesses can navigate the complexities of digital transformation while maintaining robust security measures to safeguard their operations and identities.

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This "black swan" event highlights, among other things, the importance of preparedness, adaptability and robust crisis management. CyberArk Global Chief Information Officer (CIO) Omer Grossman discusses with host David Puner the outage's ramifications, the shaking of trust in technology – and the criticality of resilience against cyberthreats. This conversation underscores the need to be ready for the unexpected and the value of adaptability and resilience in unforeseen circumstances. 

In this episode of the Trust Issues podcast, we explore the transformative impact of artificial intelligence (AI) on identity security. Guest Peretz Regev, CyberArk's Chief Product Officer, joins host David Puner, for a discussion about how AI is reshaping cyber protection, offering solutions that are as intelligent as they are intuitive. With the ability to predict threats and adapt with unprecedented agility, AI is ushering in a new era of proactive security. Regev shares insights into the company's strategic vision and the role of AI in enhancing customer security and productivity. He also discusses the launch of CyberArk's AI Center of Excellence and the introduction of CyberArk CORA AI, an umbrella of AI capabilities infused within CyberArk's products.Join us as we examine the challenges and opportunities presented by AI in the cybersecurity landscape, the importance of fostering a culture of innovation and how CyberArk is leading the charge in securing identities in the AI era. This episode is a must-listen for anyone interested in the intersection of AI and identity security – and the future of cyber protection.

In the latest episode of the Trust Issues podcast, the focus is on the criticality of time in organizational security. The conversation with host David Puner and guest Katherine Mowen, SVP of Information Security at Rate (formerly Guaranteed Rate), highlights the importance of swift decision-making and prompt threat response. They discuss the role of just-in-time (JIT) access and AI in accelerating response times, as well as the ever-evolving threat landscape that requires constant vigilance. The episode emphasizes the strategies and technologies shaping the future of cybersecurity, particularly at the intersection of time management and identity protection. Join us for a timely discussion that underscores the intersection of time management and identity protection.

In this episode of Trust Issues, Daniel Schwartzer, CyberArk's Chief Product Technologist and leader of the company's Artificial Intelligence (AI) Center of Excellence, joins host David Puner for a conversation that explores AI's transformative impact on identity and access management (IAM). Schwartzer discusses how CyberArk's AI Center of Excellence is equipping the R&D team to innovate continuously and stay ahead of AI-enabled threats. Learn about the future of AI in IAM, the role of AI in shaping new business models and the importance of an experimentation culture in driving user experience (UX) improvements. Gain insights into the methodical, data-driven approaches to monetization strategies and the significance of learning from on-the-job experiences. This episode is a must-listen for anyone interested in the intersection of AI and IAM, and the opportunities it presents for leading the transition in the industry. Tune in to uncover what's coming down the AI pike and how it will influence the future of IAM.For more from Daniel on this subject, check out his recent blog, "Predicting the Future of AI in Identity and Access Management." 

In this episode of the Trust Issues podcast, we explore the nexus of mindfulness, identity security and leadership with Jitender Arora, Partner and Chief Information Security Officer (CISO) for Deloitte North and South Europe, and Deloitte's Global Deputy CISO. Arora discusses with host David Puner how a Zen-like mindset can be influential in helping to bolster organizational cyber defenses, sharing his wisdom on the critical role of emotional intelligence, empathy and the human touch within the cyber realm. This episode offers a glimpse into innovative strategies for navigating the intricate cybersecurity landscape, emphasizing the significance of maintaining a Zen-like composure for effective decision-making and risk management. Listeners will gain insights into the evolving role of CISOs and the transformative impact of integrating Zen principles into leadership and cybersecurity practices. Tune in for a fresh perspective on leading with tranquility amid an ever-expanding threat landscape and about the pivotal role of identity security in protecting both human and non-human identities.

In this episode of Trust Issues, we dive into the complex and rapidly evolving world of cyber insurance. We discuss the challenges and opportunities facing companies seeking to protect themselves from the ever-present threat of cyberattacks. Joining host David Puner, today's guest is Ruby Rai, Cyber Practice Leader, Canada at Marsh McLennan, who shares her insights into the current state of the cyber insurance market, its future trajectory and the key requirements companies need to meet to obtain coverage. We also explore the impact of third-party access and non-human identities on cyber insurance requirements and how companies can adopt an identity security approach to meet these requirements. Join us as we dig into the complexities of the cyber insurance market and discuss the importance of collaboration between insurers and clients in ensuring that companies have the coverage they need.

In this episode of the Trust Issues podcast, host David Puner interviews CyberArk Founder and Executive Chairman Udi Mokady on the occasion of the company's 25th anniversary. They discuss that milestone and reflect on CyberArk's growth to becoming the global leader in identity security and the ever-evolving threat landscape – and how the company has scaled to meet it. Udi shares his insights on the company's culture, values, philosophies and lessons he has learned. He also dives into the importance of innovation, the role of AI in cybersecurity and his future aspirations for the company. And, because we say in the episode that we'll share it here, Mark Knopfler's new album is entitled ‘One Deep River' … Udi describes it as great for driving and optimistic. Enjoy the podcast! 

In this episode of Trust Issues, host David Puner interviews Eric Hussey, SVP, Chief Information Security Officer (CISO) at Finastra, a leading provider of financial software solutions and services. Hussey shares his insights on the evolving role of the CISO, the challenges of keeping up with new and evolving cybersecurity regulations, and the importance of balancing innovation with security in the FinTech space. He also discusses how identity factors into the equation, mentioning the importance of identity security in the future of FinTech and banking, and the need for frictionless enhancements in identity security. Hussey also talks about his career path, AI's emerging and evolving role in cybersecurity, and the importance of good governance and risk management in prioritizing security concerns. 

In the 50th episode of the Trust Issues podcast, host David Puner interviews Justin Hutchens, an innovation principal at Trace3 and co-host of the Cyber Cognition podcast (along with CyberArk's resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe). They discuss the emergence and potential misuse of generative AI, especially natural language processing, for social engineering and adversarial hacking. Hutchens shares his insights on how AI can learn, reason – and even infer human emotions – and how it can be used to manipulate people into disclosing information or performing actions that compromise their security. They also talk about the role of identity in threat monitoring and detection, and the challenges and opportunities AI presents organizations in defending against evolving threats and how we can harness its power for the greater good. Tune in to learn more about the fascinating and ever-changing landscape of adversarial AI and identity security.

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them. He also discusses how browsers have been designed for consumers, not for the enterprise, and how this creates a fundamental problem in the way we treat and design identities around the usage of browsers... until now. Shay introduces the CyberArk Secure Browser, which eliminates cookies from the disk completely and provides an end-to-end control of the flow of identity. The conversation also touches on the expanding attack surface, new identities, and how organizations can protect themselves from session-based attacks. Shay emphasizes the importance of least privilege, monitoring, and an assume breach mindset. 

In this episode of the Trust Issues podcast, Kaivan Karimi, Global Partner Strategy and OT Cybersecurity Lead – Automotive Mobility and Transportation at Microsoft, discusses with host David Puner the complexities of the automotive cybersecurity ecosystem, and they explore the challenges and considerations facing the industry. Karimi shares his insights on the role of identity security in automotive cybersecurity and how it helps ensure that only authenticated entities have the privilege to engage in the high-speed exchange of information. He also talks about the importance of data sovereignty, data privacy and compliance in the automotive industry. This episode provides a fascinating look into the present and future world of automotive cybersecurity and the measures being taken to protect against cyber threats. Take the audio ride!  

In this episode of Trust Issues, Jan Vanhaecht, the Global Digital Identity Leader at Deloitte Belgium, delves into the intricate realms of digital trust and risk management with host David Puner. The discussion covers topics ranging from the impact of regulations on cybersecurity practices to the pivotal role of identity in building a robust security culture. Unpacking the nuances of digital trust maturity, the episode explores how organizations can navigate the delicate balance between risk and reward. From the emergence of passwordless authentication to the practical applications of Zero Trust principles, the conversation provides valuable perspectives on safeguarding digital landscapes. Join us as we unravel the complexities of cybersecurity and discover how it intertwines with innovation, compliance and the pursuit of trust in the digital age. 

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.

In this episode of Trust Issues, CyberArk's resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills. Noe explains how these AI kiddies use prompt engineering to circumvent the built-in protections of LLMs like ChatGPT and get them to generate malicious code, commands and information. He also shares his insights on how organizations can protect themselves from these AI-enabled attacks by applying the principles of Zero Trust, identity security and multi-layered defense. All this and a dollop of transhumanism … Don't be a bot – check it out! 

Guest Dr. Magda Chelly, Managing Director and CISO of Responsible Cyber, joins Trust Issues host David Puner for a conversation about third-party risk management and cyber resilience. Dr. Chelly underscores the imperative of prioritizing identity management, particularly as decentralized work environments are becoming the norm in today's evolving digital landscape. She also explains how breaking things played a critical role in propelling her into a career in cybersecurity – and then in fostering and advancing it. The interview unfolds against the backdrop of Dr. Chelly's extensive experience and recently authored book, "Building a Cyber Resilient Business," which serves as a handbook for executives and boards navigating the complexities of cybersecurity. If you're seeking insights on how to gain stronger visibility and control over your organization's digital identities, this episode is for you.Join us to learn how build resiliency against today's ever-growing array of cyber threats – and what's to come in 2024 and beyond.

In this year-end Trust Issues podcast episode, host David Puner takes listeners on a retrospective jaunt through some of the show's 2023 highlights. The episode features insightful snippets from various cybersecurity experts and thought leaders, each discussing crucial aspects of the ever-evolving cyber landscape. From discussions on the dynamic nature of threat actors and the need for agile security approaches to insights on identity security challenges in the cloud and the intricacies of safeguarding data, the episode encapsulates a wealth of knowledge shared by industry professionals. With diverse perspectives on generative AI, risk management, cloud security, DevSecOps – and even a personal bear wrestling story – Trust Issues' 2023 cannon delivers an engaging compilation for both cybersecurity enthusiasts and industry practitioners. As the podcast looks back on the year's diverse lineup of guests, it serves as a valuable resource for anyone seeking to stay informed about the latest cybersecurity trends, strategies and challenges. The episode emphasizes the importance of adapting to the rapidly changing threat landscape, adopting innovative security practices and fostering collaboration to address the multifaceted nature of cyber risks in the modern digital era. Clips featured in this episode from the following guests:Eran Shimony, Principal Security Researcher, CyberArk LabsAndy Thompson, Offensive Security Research Evangelist, CyberArk LabsEric O'Neill, Former FBI Counterintelligence Operative & Current National Security Strategist Shay Nahari, VP of Red Team Services, CyberArkDiana Kelley, CISO, Protect AI Len Noe, Technical Evangelist, White Hat Hacker & Biohacker, CyberArkTheresa Payton, Former White House CIO, Founder & CEO of Fortalice SolutionsLarry Lidz, VP & CISO, Cisco CX CloudMatt Cohen, CEO, CyberArkCharles Chu, GM of Cloud Security, CyberArkBrad Jones, CISO & VP of Information Security, Seagate TechnologyDusty Anderson, Managing Director, Global Digital Identity, ProtivitiPhilip Wylie, Offensive Security Professional, Evangelist & Ethical Hacker

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today's cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies. The discussion extends to the impact of cloud and hybrid environments, the nuances of cyber insurance trends – and the challenges presented by mergers and acquisitions in relation to identity hygiene. Gurevich highlights the growing importance of considering both cloud and on-prem systems with equal rigor, emphasizing the need for comprehensive cybersecurity measures to combat threats and risks. 

Today's Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets. Contos delves into the pressing issues surrounding IoT, Extended IoT (xIoT) and OT devices' security vulnerabilities – and explores how these vulnerabilities pose threats to consumer privacy, sensitive data and public safety. The conversation also touches on the intersections of identity security with asset intelligence and the importance of understanding the complete asset landscape in cybersecurity. We're calling this one “The Identity of Things” … Check it out!

In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs' Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta's support unit. The conversation delves into the details of the attacks – who's behind them, how identity plays a pivotal role in both – and the larger implications of this new breed of supply chain attack amid the evolving threat landscape. Thompson also shares insights into how organizations can better protect themselves and their customers. Check out the CyberArk blog for further insights into the MGM and Okta breaches. And, watch Andy Thompson in the CyberArk Labs' webinar, "Anatomy of the MGM Hack."

Today's guest is Charles Chu, CyberArk's General Manager of Cloud Security, who's spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments. Chu sheds light on the complexities of cloud security, emphasizing the need for tailored solutions to protect against evolving cyber threats. Don't miss this insightful conversation that demystifies cloud security and redefines safeguarding digital assets – and answers the pivotal question: Why doesn't cloud security taste like chicken?  

Arati Chavan, Staff Vice President, Global Head of Identity and Access Management (IAM) at Elevance Health joins host David Puner for a conversation that sheds light on how federated identity solutions are pivotal in achieving efficient and secure access control across diverse entities. Chavan also explores the challenges and opportunities in cloud transformation, the evolving role of AI in healthcare and the delicate balance between customer simplicity and robust security measures. Listen in for a deep dive into the heart of identity security and its impact on the healthcare industry.

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling.  Considering a cybersecurity career? You won't want to miss this episode – Wylie's passion for cybersecurity education and mentorship is contagious. Plus, you'll discover many unexpected parallels between pro wrestling and red teaming – and how they can help strengthen your organization's digital defenses.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.  

Today's episode of Trust Issues focuses on spycatching! Eric O'Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history. O'Neill details his “cover job” of working beside Hanssen in the FBI's new information assurance (cybersecurity) division, while secretly uncovering his espionage activities. O'Neill's made-for-the-big-screen experiences emphasize the challenges posed by malicious insiders – some of the most difficult and expensive cybersecurity threats of our time. His gripping account draws intriguing parallels between spies and cyber criminals, shedding light on identity security's significant role in thwarting insider espionage and defenders' continuous push to outpace attacker innovation. 

Crystal Trawny, Optiv's Practice Director, Privileged Account and Endpoint Privilege Management (PAM/EPM), joins host David Puner in exploring the ever-evolving identity landscape and how emerging threats impact organizations' cybersecurity requirements. Through the eyes of an end user, Trawny shares best practices for overcoming change resistance, creating effective deployment timelines and avoiding scope creep. This episode maps the correlation between critical program elements – such as robust endpoint privilege management and dynamic access controls – and privileged access management (PAM) maturity. In the face of complexity and ransomware, insider threats and other sophisticated cyberattacks, organizations can use these insights to help assess their current strategy and chart a course for success.  

In this episode of Trust Issues, host David Puner talks with CyberArk CEO Matt Cohen, who shares his distinct take on leadership – emphasizing the importance of leading without fanfare. Cohen talks about his transition into the CEO role, insights on identity security and the current threat landscape. He also touches on the significance of company culture, professional development – and his admiration for a particular Boston Red Sox manager's leadership style. The discussion delves into CyberArk's mission to secure the world against cyber threats by securing identities, and empower organizations to move forward, fearlessly to unlock growth, innovation and progress.   Three key takeaways from this episode are:  1) The significance of authenticity and humility in leadership. 2) The criticality of identity security in today's evolving threat landscape. 3) The value of customer-centricity and trust-building in successful business relationships.

While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we're still just in the early days of the technology. In this episode, CyberArk Labs' Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders. 

Diana Kelley, Chief Information Security Officer (CISO) at Protect AI joins host David Puner for a dive into the world of artificial intelligence (AI) and machine learning (ML), exploring the importance of privacy and security controls amid the AI Gold Rush. As the world seeks to capitalize on generative AI's potential, risks are escalating. From protecting data from nefarious actors to addressing privacy implications and cyber threats, Kelley highlights the need for responsible AI development and usage. The conversation explores the principle of least privilege (PoLP) in AI, the privacy implications of using AI and ML platforms and the need for proper protection and controls in the development and deployment of AI and ML systems.