POPULARITY
Let us know your thoughts. Send us a Text Message. Follow me to see #HeadsTalk Podcast Audiograms every Monday on LinkedInEpisode Title:
In this episode, Sean Martin speaks with Richard Seiersen, Chief Risk Technology Officer at Qualys, about a new way to think about cybersecurity—one that puts value and business resilience at the center, not just threats.Richard shares the thinking behind Qualys' Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.From Security Operations to Risk OperationsWhile a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.A CISO's Role in the Business of RiskRichard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?Learn more about Qualys: https://itspm.ag/qualys-908446Note: This story contains promotional content. Learn more.Guest: Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/ResourcesLearn more and catch more stories from Qualys: https://www.itspmagazine.com/directory/qualysLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, richard seiersen, risk, cybersecurity, data, resilience, telemetry, automation, ciso, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Send us a textShownotes can be found at https://www.profitwithlaw.com/476If you think that your firm isn't susceptible to a cyber attack, your whole practice is at risk.Veeam blog columnist Cole Hanks writes that “up to 60% of small businesses fail after a successful cyberattack.” Many firm owners think their practice is too small to be of any importance to cyber attackers and malpractice, but that very thought can be very costly.Join Moshe Amsel and guest Mark Bassingthwaite, a seasoned risk management expert with ALPS, as they delve into the crucial topic of risk management for law firms and ensure that you are educated and prepared to keep your firm from the aftermath. In this episode, you can find:Insights into cyber security risks, like wire fraud and ransomwareEssential tips on selecting the right malpractice insuranceVital steps law firms need to take to protect themselvesThe role insurance plays in safeguarding your firm's futureListen now to learn how to fortify your law firm against unforeseen risks and enhance your risk management strategies!Chapters:[00:00] Introduction to Risk Management with Mark Bassingthwaite [03:00] Mark's Journey into Risk Management [06:22] Cybersecurity Risks in Law Firms [07:10] It Can Happen to You: Real Life Wire Fraud [11:23] Understanding Cyber Security Threats[13:58] How Does Ransomware Apply to Me?[15:47] Understanding Cybersecurity Threats and How to Prevent Them[24:18] Malpractice Insurance Coverage Essentials[26:33] ALPS and What They Can Do For Your Firm [27:58] Malpractice Insurance: What is it and Why Should I Invest?[34:14] The Importance of Being Thorough in Your Firm's Risk Management [35:49] Closing Thoughts and Key TakeawaysResources mentioned:Book your FREE strategy session today!: profitwithlaw.com/strategysessionTake the Law Firm Growth Assessment and find out how you rate as a law firm owner! Check out our Profit with Law YouTube channel!Learn more about the Profit with Law Elite Coaching Program hereConnect with Mark Bassingthwaite: Email | WebsiteALPS Cyber guideJoin our Facebook Community: https://www.facebook.com/groups/lawfirmgrowthsummit/To request a show topic, recommend a guest or ask a question for the show, please send an email to info@dreambuilderfinancial.com.Connect with Moshe on:Facebook - https://www.facebook.com/moshe.amselLinkedIn - https://www.linkedin.com/in/mosheamsel/
In this bonus episode, Steve speaks with Dr. Ellie Pavlick, a professor of computer science at Brown University. Dr. Pavlick's research focuses on computational models of semantics and pragmatics which emulate human inferences in artificial intelligence. Steve and Ellie discuss generative AI, developing a pipeline of talent to work with it, and perspectives on its developing uses for organisations. Related Resources from ISF: ISF Podcast: The AI-Quantum Revolution: Today, tomorrow and the future ISF Podcast: Steve Durbin & Nicholas Witchell - The Case for Social Responsibility in AI ISF Podcast: Boosting Business Success: Unleashing the potential of human and AI collaboration Navigating Boardroom Concerns: Top 9 Cybersecurity Risks and Challenges Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter
In this bonus episode, Steve speaks with Dr. Ellie Pavlick, a professor of computer science at Brown University. Dr. Pavlick's research focuses on computational models of semantics and pragmatics which emulate human inferences in artificial intelligence. Steve and Ellie discuss generative AI, developing a pipeline of talent to work with it, and perspectives on its developing uses for organisations. Related Resources from ISF: ISF Podcast: The AI-Quantum Revolution: Today, tomorrow and the future ISF Podcast: Steve Durbin & Nicholas Witchell - The Case for Social Responsibility in AI ISF Podcast: Boosting Business Success: Unleashing the potential of human and AI collaboration Navigating Boardroom Concerns: Top 9 Cybersecurity Risks and Challenges Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter
In this episode, Ryan Williams Sr. and Shannon Tynes discuss the pressing cybersecurity challenges faced by rural hospitals, particularly in the aftermath of the COVID-19 pandemic. They explore the optimism of rural healthcare providers regarding their finances despite the ongoing risks, the role of AI in healthcare, and the importance of maintaining cyber hygiene. The conversation emphasizes the need for human oversight in medical technology and the potential consequences of neglecting cybersecurity in healthcare settings. Article: Can rural hospitals face cybersecurity risks alone? https://www.healthcareitnews.com/news/can-rural-hospitals-face-cybersecurity-risks-alone?fbclid=IwZXh0bgNhZW0CMTAAAR1zwtAlBwe7loYYDtlvbvLLehphtRkDoAMjM0EgFPXDNwwxEQ9Iv-zoK-I_aem_5mQU05dp8QeL3x6kTfEFMg Please LISTEN
Felicia Marcus is one of the most significant public servants in water, having served on the Board of Public Works for the City of LA, served as Regional Administrator for the EPA in Region 9, COO of the Trust for Public Land and Western Director of the NRDC. As if that wasn't enough, she was also the Chair of the State Water Resources Control Board of California during the business end of the 2011-2017 California drought, which was rather scary and is now taking a “breather” as a Fellow at Stanford's “Water in the West Program”. Felicia is delightful, the speed of her mind matched only by the quality of her communication. We're so lucky to have such extraordinarily dedicated people who choose service when they could be doing a lot of different things, and the water sector is so much better off for it. Please enjoy my conversation with the excellent Felicia Marcus. Subscribe to The Fundamental Molecule here: https://www.burntislandventures.com/the-fundamental-molecule For the full show notes, transcript, and links to mentioned content, check out the episode page here: https://podcasts.apple.com/us/podcast/the-fundamental-molecule/id1714287205 ----------- Felicia Marcus, a powerhouse in water policy, joins Tom today to discuss California's drought response, elevating water's importance, and the role of communication in public service. Felicia shares insights from her career, including her time as Chair of the State Water Resources Control Board and at the EPA, highlights the need for more support for water technology innovation, and expresses concerns about the current state of the EPA. Geopolitics of water and AI's implications are discussed, and Felicia offers her invaluable advice for water entrepreneurs. 00:00 - Meet Felicia Marcus 02:06 - Why Water Needs a Bigger Spotlight 03:16 - The Hidden Complexity of Water Infrastructure 06:15 - Why Water Lags Behind Energy in Investment and Innovation 07:16 - California's Water Crisis 10:02 - Lessons from Droughts 12:58 - A Career in Water Policy 16:26 - The Future of LA's Water and Infrastructure Challenges 20:47 - How Politics Shapes Water Policy Decisions 22:09 - Lessons from Managing California's Drought 25:04 - Balancing Environmental Protection and Water Use 26:47 - Why Water Tech Innovation Lags Behind Energy 27:07 - The Operator vs. The Visionary 31:13 - The Power of Communication in Water Policy 36:53 - Stanford Water in the West Program 40:15 - The Role of AI in Water Management 42:52 - Water and Global Geopolitics 45:36 - Cybersecurity Risks in the Water Sector 45:58 - Advice for Water Entrepreneurs Links: Burnt Island Ventures: https://www.burntislandventures.com/ Felicia Marcus: https://www.linkedin.com/in/feliciamarcus/ SM Material Key Takeaways: "Water is a necessity for life and economic development. It's amazing how it's just assumed and taken for granted." "Energy is appreciated because people notice when the lights go out. Water is less understood, less appreciated." "California's drought taught us a lot. The public saved nearly 25% when asked. Education was key." "The disparity in funding between water and energy is a self-inflicted wound in California." "I like helping people move. You can't just say, “Do it.” You have to help them see another way." "Know your audience beyond who you want to sell to. Educate yourself on the context in which you sell."
How do we protect ourselves in a world where cyber threats are not just possible, but inevitable? In this episode of A Little Bit Radical, host Rob Fawkes speaks with Steve Durbin, CEO of the Information Security Forum (ISF), a global, not-for-profit organisation helping businesses manage cybersecurity risks.Steve shares his unconventional leadership journey, from growing up in Kenya and developing an instinct for questioning the status quo to leading one of the most influential cybersecurity organisations in the world. He talks about risk management, human behaviour in cybersecurity, and why you should aim to be the least attractive target for cybercriminals.
Episode NotesSMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.Reports included security ratings on ten key areas and recommendations for improvement.Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.Different risk communication strategies were tested to encourage SMEs to act on the findings.“Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.Engagement was low, with only a small number of businesses reaching out after receiving the report.Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.A follow-up version of the project will introduce an opt-out option before scanning businesses.Industry associations may partner with the project to increase credibility and adoption.The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions. About Our GuestDr. Susanne van 't Hoff-de Goedehttps://www.linkedin.com/in/susanne-van-t-hoff-de-goede/https://www.thuas.com/research/centre-expertise/team-cyber-security Resources and Research MentionedExamining Ransomware Payment Decision-making Among SMEsMatthijsse, S. R., Moneva, A., van 't Hoff-de Goede, M. S., & Leukfeldt, E. R.European Journal of Criminology.Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experimentvan 't Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.Journal of Crime and Justice, 47(4), 472-491 (2024).How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizensvan der Kleij, R., van 't Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.The Online Behaviour and Victimization Studyvan 't Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …In:Cybercrime in Context: The human factor in victimization, offending, and … (2021). OtherDutch Government Cybersecurity Resourcehttps://english.ncsc.nl(English-language site for the Netherlands' National Cyber Security Centre)Secure Internetting (in Dutch)https://veiliginternetten.nl/
Cybersecurity Insights: February Review & Current Trends Join us in this comprehensive discussion on February's cybersecurity highlights, featuring experts Laura Payne from White Tuque and David Shipley from Beauceron Security. We delve into Canada's cybercrime progress, discuss significant global cyber incidents, and explore the ongoing challenges in cybersecurity regulation, AI integration, and digital identity. Additionally, we address the impacts of U.S. policy changes on cybersecurity standards and the vital need for effective cybersecurity education in the face of rapid technological advancements. Stay tuned for crucial insights and pragmatic advice to navigate today's cybersecurity landscape. 00:00 Introduction and Panel Welcome 01:30 Cybercrime Trends in Canada 05:59 International Cybercrime and Ransomware 08:08 Nation-State Cyber Heists 14:14 Legacy Systems and Cybersecurity Challenges 17:08 Open Banking and FinTech Security 24:35 US Federal Cybersecurity Cuts 30:57 The Reality of Cyber Threats 31:13 Cultural Perceptions of Cybersecurity 31:57 Political Will and Cybersecurity Policies 32:44 North Korean Cyber Threats 33:17 Generational Knowledge and Cybersecurity 34:20 Cryptocurrency Regulation Challenges 35:11 Digital Identity Concerns 41:00 Encryption and Privacy Debates 47:08 AI and Cybersecurity Risks 57:06 Concluding Thoughts and Future Directions
Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Encryption Dilemmas: When Government Access May Threaten Individual SecurityPub date: 2025-02-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow gets into pressing cybersecurity issues currently making headlines. Listeners are invited to explore the complex challenges governments face to ensure accountability without compromising security. Aaron examines the implications of global policies that could force tech companies to undermine encryption. Steering clear of political discourse, he focuses on real cybersecurity risks, from untracked government spending to potential backdoors in personal devices and broader national security concerns. Aaron provides critical insights into how these issues impact businesses, private citizens, and infrastructure, raising questions about privacy and data protection in today's digital age. Whether you're a cybersecurity expert, a business leader, or someone who values privacy, this episode offers valuable perspectives and strategies to navigate the intricate IT and OT cybersecurity landscape. Join Aaron as he tackles these pressing topics and discusses how to maintain transparency and security for everyone. Key Moments 00:00 Demanding Oversight for Sensitive Expenditures 05:42 Fragmented Infrastructure and Cybersecurity Challenges 09:19 Suing for Backdoors in Secure Communication 11:35 Phone Security and Privacy Concerns 13:40 Cybersecurity Risks of Government Backdoors 16:54 Encryption Backdoors: Security vs. Privacy? Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Video -https://youtu.be/trI4s7P3Q88Is cutting cybersecurity staff a smart move or a dangerous gamble? With AI and automation revolutionizing the field, some roles are becoming obsolete—but does that mean we can afford to downsize critical security experts? As CISA trims its workforce, the real question isn't just about numbers—it's about who stays, who goes, and whether our national security is at risk. Dive into the debate on whether this is a necessary evolution or a cybersecurity mistake we'll regret.I used ChatGPT-4o, VLC, ZOOM's Clips, ScreenPal, and Pictory.ai to put this information together.If you're interested in trying Pictory.ai please use the following link. https://pictory.ai?ref=t015o
In this episode of the Other Side of the Firewall podcast, the hosts discuss the critical issues surrounding cybersecurity in space technology. They express concerns over potential cuts to cybersecurity efforts related to spacecraft and the implications of deregulation in this area. The conversation highlights the need for government oversight and the risks posed by private industry interests in space exploration. The hosts emphasize the importance of maintaining robust cybersecurity measures to protect national interests and the future of space technology. Article: US Cybersecurity Efforts for Spacecraft Are Up in the Air https://www.darkreading.com/threat-intelligence/us-cybersecurity-spacecraft?fbclid=IwZXh0bgNhZW0CMTAAAR0-sXbX8m_kJ5cGlTDRBI8EFAwNiCoXwgi4va6dMlAzgc9bxh4X0HpB5uU_aem_npEGoQQtaNFOadnQnVptRw Please LISTEN
(00:00) - Introduction to Automotive Cybersecurity(06:18) - Tom Zaubermann's Journey in Cybersecurity(12:22) - The Intersection of Cybersecurity and Automotive(16:06) - Challenges in Automotive Cybersecurity Development(21:23) - The Role of Over-the-Air Updates(25:20) - Consumer Awareness and Best Practices in Cybersecurity(29:54) - Navigating Cybersecurity Vulnerabilities in Automotive(32:35) - The Role of Regulations in Automotive Cybersecurity(34:22) - Understanding Automotive Vulnerabilities(36:34) - Complexities of Car Hacking(40:07) - Consumer Awareness of Cybersecurity Risks(42:51) - Choosing Safe Vehicles in a Digital Age(48:56) - Engaging with SAE International for Cybersecurity EducationThis episode is part of a series brought to you by SAE International to explore the leading edge of mobility with the support of experts from industry & academia. Other episodes in this series include Episode 202, where we talked about the cyber threats to vehicles.You can learn more about the automotive cybersecurity courses Tom will be teaching in May HERE. Enjoyed listening to Tom? Want to hear more from him? Check out his links below:Tom's LinkedIn Become a founding reader of our newsletter: http://read.thenextbyte.com/ As always, you can find these and other interesting & impactful engineering articles on Wevolver.com.
Cybersecurity Today: DeepSeek AI Disruptions, Nvidia Breach, and TalkTalk Hack Revisited In this weekend edition of Cybersecurity Today, our panel reviews the most significant cybersecurity stories of the past month. This episode features Laura Payne from White Tuque, David Shipley from Beauceron Security, and Dana Proctor from IBM. Key topics include the sudden emergence of DeepSeek AI, Nvidia's vulnerabilities and their effect on stock prices, and TalkTalk's latest data breach. Additionally, the discussion covers the soaring API security vulnerabilities reported by Wallarm and the UK's potential legislative action on ransomware payments. Stay tuned for expert insights and analysis on these pressing issues in the world of cybersecurity. 00:00 Introduction and Panel Welcome 00:41 DeepSeek AI Disruption 02:09 Security Concerns and Reactions 04:06 NVIDIA's Vulnerabilities and AI Security 07:15 Economic and Geopolitical Implications 12:13 AI in Business and Security Practices 20:57 Open Source AI and Cybersecurity Risks 25:37 Responsibility in Data Management 26:25 AI's Unstoppable Progress 26:53 API Security Concerns 28:41 Non-Human Identities and API Challenges 30:36 The State of Cybersecurity Awareness 35:05 Legislative Hopes and Cybersecurity 37:25 TalkTalk Breach Revisited 44:10 Ransomware Legislation Proposals 45:34 Shoutout to Cyber Police 47:04 Closing Remarks and Audience Engagement
Welcome to the CRE podcast. 100% Canadian, 100% commercial real estate. In this episode of the Commercial Real Estate Podcast, Adam and Aaron sit down with James Trainor, Senior Vice President at AON, to explore the pressing issue of cybersecurity in the real estate sector. Drawing from James's extensive experience in cybercrime, the discussion covers... The post Cybersecurity Risks in Real Estate with James Trainor, SVP of AON appeared first on Commercial Real Estate Podcast.
Send us a textCybersecurity risk management has taken center stage for organizations across all industries in the wake of recent high-profile cyberattacks, such as the SolarWinds breach and the Colonial Pipeline ransomware incident. As a CISO, you know firsthand the challenges and complexities that organizations face in navigating this ever-evolving threat landscape. Today, I'll share insights and leadership advice on how to build a robust and resilient cybersecurity program using four key thematic words: Align, Agency, Awareness, and Adaptability.Dr. B.Advisory Services: https://www.execcybered.com/advisory-services>>Schedule Call
Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: Understanding Cybersecurity Risks and Management: Insights from Harry ThomasPub date: 2024-12-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives into cybersecurity and risk management with guest Harry Thomas, CTO and co-founder of Freanos. This episode tackles the complexities of managing security risks in large organizations, from outdated systems to inconsistent cybersecurity postures across various sites. Listeners will learn how companies leverage consultants and community support to bridge knowledge gaps and the importance of operationalizing cybersecurity tools. Harry Thomas shares his views on the evolving landscape of OT security tools, the role of AI in enhancing productivity, and innovative approaches to addressing vulnerabilities in critical infrastructure. The episode also explores the advantages of hybrid cloud models for improved resilience and ROI and offers practical advice on risk management and adaptability. Get Harry's book recommendations and learn about Freanos' platform, which is designed to efficiently prioritize and mitigate risks. Tune in for essential knowledge and strategies to "protect it all," whether you're an experienced cybersecurity professional or just starting out. This discussion is packed with actionable insights and innovative perspectives you won't want to miss. Key Moments: 04:07 Understanding comprehensive risk environments requires collective expertise. 11:43 Flexible onboarding for diverse technological infrastructures. 14:21 Tools are costly; operational transfer challenges value. 17:22 Replicated improves network security troubleshooting efficiency. 21:07 OT must embrace new technologies for growth. 25:17 Cloud's benefits outweigh outdated equipment's drawbacks. 27:12 Fast internet enables remote power plant operation. 30:46 Prioritize resources over patching 80,000 devices. 35:13 Patching insufficient in OT, unlike IT systems. 37:43 Different risk approaches for IT vs. OT scenarios. 45:41 All business involves people, adaptability, and growth. 47:42 Cybersecurity will shift focus to customer impact. About the guest : Harry Thomas, a cybersecurity veteran with over a decade of expertise, specializes in offensive penetration testing and securing industrial and healthcare infrastructure. As CTO of Frenos, Harry leads the company's strategic innovation, focusing on advanced cybersecurity solutions to safeguard critical systems against evolving threats. An accomplished educator and speaker, Harry has taught “Hacking PLCs” at DefCon and BSIDES Orlando, spoken at BSIDES NH, and appeared on the Secure Insights podcast, sharing insights on cybersecurity challenges and advancements. Previously, he served as Director of Product R&D at Dragos, where he strengthened security in industrial control systems, and at AWS, where he developed AI/ML-driven User Behavioral Analytics to enhance security. Known for his technical expertise and leadership, Harry is a prominent speaker at global cybersecurity conferences, offering strategic insights into threat mitigation. Connect Harry: https://frenos.io/ https://frenos.io/blog/atlas-advanced-threat-landscape-analysis-system https://frenos.io/blog/proactive-defense-zero-disruption-why-frenos-won-the-datatribe-challenge Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
At Amazon's reInvent conference the company unveiled a range of AI-centric innovations. AWS CEO Matt Garman highlighted the transformative potential of generative AI across various industries, introducing Amazon Bedrock, which aims to streamline model training and reduce costs. The new Nova family of foundation models, including Nova Micro, Nova Lite, and Nova Premier, was also announced, showcasing AWS's commitment to enhancing AI capabilities. Additionally, updates to Q-Business, AWS's AI assistant, promise seamless integration with over 40 enterprise tools, enhancing workflow efficiency.The episode also delves into AWS's hardware advancements, particularly the Graviton processor, which offers significant improvements in price performance and energy efficiency. New instances featuring NVIDIA's Blackwell chips and the launch of Tranium 2, AWS's second-generation AI chip, further emphasize the company's focus on supporting AI workloads. To address reliability concerns, AWS introduced automated reasoning to combat AI hallucinations and model distillation for efficient multi-agent collaboration. Furthermore, AWS's new Aurora DSQL engine and Data Transfer Terminal locations aim to enhance data processing and storage capabilities.Shifting gears, Host Dave Sobel discusses a major cyber attack on U.S. telecommunications companies, urging the use of encrypted messaging apps to safeguard communications. The hacking campaign, attributed to China, has raised significant privacy concerns, with officials recommending encryption to protect sensitive information. The episode also touches on the role of AI in the recent global elections, where despite fears of misinformation, AI was utilized positively for language translation and voter engagement, highlighting a more balanced narrative than anticipated.Finally, the episode explores broader industry trends, including Intel's challenges following the forced exit of its CEO and the potential resurgence of monolithic architectures as companies reconsider the complexities of microservices. Sobel emphasizes the evolving role of IT departments, which are gaining recognition and influence within organizations due to the rise of AI. The discussion encourages listeners to reflect on their technology choices, partnerships, and the strategic contributions of IT in navigating these changes.Three things to know today00:00 Amazon Unveils AI-Centric Updates at re:Invent: Nova Models, Hardware Breakthroughs, and Legacy System Modernization06:04 Balancing Risks and Relief: Encryption and AI Oversight Take Center Stage in 2024's Security Landscape08:41 From Intel's Future to Microservices' Decline and IT's Strategic Rise Supported by: http://blumira.com/radio/https://www.coreview.com/msp All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14
Send us a textOrganizations face an ever-increasing array of cyber threats. A proactive and strategic approach to cybersecurity risk management is essential to counter these risks. This process not only safeguards an organization's valuable digital assets but also elevates the visibility and influence of the cybersecurity team.The cybersecurity team can demonstrate its indispensable value by strategically aligning risk management practices with the core business objectives. This alignment ensures that security measures are not seen as mere roadblocks but as enablers of business growth and continuity. It showcases the team's expertise in understanding and mitigating risks that could potentially impact the organization's bottom line and reputation, ultimately contributing to its continued success.Dr. B.Advisory Services: https://www.execcybered.com/advisory-services>>Schedule Call
In this podcast, Walt Zerbe, Sr. Director of Technology and Standards at CEDIA and host of the CEDIA podcast, talks with Dr. Hailey Daly of Wired by MJD, Shannon Marsh of eQ Technologies Pty Ltd, and Steve Thomas of GEOHAVEN about ethical technology design within our industry. We talk about accepting ULA's on our customers behalf, agreeing to data collection on devices and a whole plethora of related items. Timestamps by PodSqueezeIntroduction to the Podcast (00:01:20) Walt Zerbi introduces the podcast and the topic of ethical technology design at the Australian Tech Summit. Panelist Introductions (00:02:19) Dr. Haley Daly, Shannon Marsh, and Dave Thomas introduce themselves and their roles related to the discussion. General Discussion on Ethics (00:03:07) The group reflects on the broad topic of ethics before diving deeper into ethical technology design. Ethical Obligations in Technology (00:04:30) Haley discusses the complexities of ethical obligations and the responsibilities of manufacturers and installers. Navigating Ethical Technology Design (00:05:29) Shannon elaborates on the challenges of balancing ethical, legal, and client expectations in technology design. Artificial Intelligence and Ethics (00:06:59) Shannon highlights the opaque nature of AI decision-making and the need for ethical frameworks in technology. Data Collection Ethics (00:08:37) Haley addresses the ethical implications of installers agreeing to terms on behalf of clients without full understanding. Client Goals in Technology Design (00:09:57) Dave emphasizes the importance of meeting all client goals in assistive technology design for effective solutions. Challenges in Assistive Technology (00:12:49) Haley discusses the ethical concerns of technology limitations, such as voice-controlled locks for disabled clients. Emergency Egress Considerations (00:13:53) The panel debates the ethics of using voice control for locking doors, emphasizing the importance of safety. Voice Control and Security (00:14:14) Discussing the integration of voice control technology for door access and its security implications. Experience and Automation (00:15:10) Exploring the importance of user experience in implementing automated systems, like pool covers. Ethics and Liability in Technology (00:16:11) Debating the fine line between ethical design and legal liability in technology solutions. Responsibility and Client Needs (00:17:00) Examining the responsibility of technology providers when clients' needs change over time. Cybersecurity Risks (00:19:17) Highlighting the potential cybersecurity risks posed by new technologies and their implications. Hacking and Smart Technology (00:20:10) Discussing the growing threat of hacking smart devices and the need for better protection. AI and Ethical Considerations (00:22:51) Examining the ethical concerns surrounding AI development and its potential consequences. Building Awareness in Technology (00:24:39) Stressing the importance of awareness in technology design to mitigate future risks. Pacing AI Development (00:25:12) Addressing the urgency of slowing down AI advancements for ethical considerations. Insurance and Ethical Obligations (00:26:05) Discussing the need for insurance to cover ethical obligations in technology deployment. Policing AI Technology (00:27:10) Contemplating the challenges of regulating AI and ensuring ethical practices. Building Ethical Concepts (00:27:32) Discussion on creating ethical frameworks and understanding their applications in technology ecosystems. Positive Duty in Ethics (00:28:42) Emphasis on the need for companies to proactively address ethical concerns, moving beyond mere prohibitions. Terms and Conditions Awareness (00:30:04) The importance of clear communication regarding ethical practices in terms and conditions for clients. Liability and Best Practices (00:31:24) Exploring the implications of liability for technology providers and the necessity of documented best practices. Impact of Budget Constraints (00:32:03) Challenges faced by companies when government funding limits ethical considerations in technology projects. Standardizing Practices (00:33:50) The need for standardized practices and clear terms of use to enhance ethical technology deployment. Home Network Vulnerabilities (00:34:32) Discussion on the security risks associated with home networks and the need for better controls. Parental Controls and Ethics (00:36:08) The ethical dilemma of balancing parental controls with children's autonomy and privacy in technology use. AI and Psychological Impact (00:38:05) Concerns about the long-term psychological effects of AI on users and clients in technology applications. Home Network Security Solutions (00:39:10) Emergence of products designed to enhance home network security and manage user access effectively. Here are the extracted timestamps and their corresponding titles from the podcast episode transcription segment: Discussion on Security and Accessibility (00:39:51) Explores the balance between security measures and accessibility for children and vulnerable users. Insurance and Consumer Protection (00:42:16) Discusses the potential for insurance models to protect consumers in technology use. Recognition of Technology Integrators (00:43:25) Highlights efforts to officially recognize technology integrators as a trade in the U.S. and Australia. Advice for Ethical Technology Design (00:45:04) Emphasizes the importance of education and curiosity in understanding ethical technology design. Communication and Transparency (00:46:48) Stresses the need for communication and transparency in technology practices across various stakeholders. Ethical Principles in Technology (00:47:18) Introduces ethical principles from the Australian Ethics Centre to guide technology design. Responsibility in Technology Integration (00:49:04) Discusses the moral obligations of professionals in technology to ensure best practices for clients. Challenges of Integrating Different Systems (00:50:25) Explores ethical dilemmas faced when integrating multiple smart technologies in homes and businesses. Communication and Transparency in Technology (00:53:11) Discussion on the importance of clear communication and transparency in technology implementation. Ethical Considerations in Technology (00:53:35) Exploration of the current state of ethics in technology design and its relevance to businesses. Encouragement for Further Study (00:54:05) Invitation for listeners to study ethical technology design and provided resources in show notes. Reflection on Previous Topics (00:54:06) Mention of prior podcast episodes and their positive themes related to technology and ethics. Call for Community Input (00:54:21) Encouragement for listeners to share their ideas and engage in discussions about ethical technology. Open Mindset Reminder (00:54:49) A reminder to listeners to maintain an open mind regarding discussions on technology ethics.
In this podcast, Walt Zerbe, Sr. Director of Technology and Standards at CEDIA and host of the CEDIA podcast, talks with Dr. Hailey Daly of Wired by MJD, Shannon Marsh of eQ Technologies Pty Ltd, and Steve Thomas of GEOHAVEN about ethical technology design within our industry. We talk about accepting ULA's on our customers behalf, agreeing to data collection on devices and a whole plethora of related items. Timestamps by PodSqueezeIntroduction to the Podcast (00:01:20) Walt Zerbi introduces the podcast and the topic of ethical technology design at the Australian Tech Summit. Panelist Introductions (00:02:19) Dr. Haley Daly, Shannon Marsh, and Dave Thomas introduce themselves and their roles related to the discussion. General Discussion on Ethics (00:03:07) The group reflects on the broad topic of ethics before diving deeper into ethical technology design. Ethical Obligations in Technology (00:04:30) Haley discusses the complexities of ethical obligations and the responsibilities of manufacturers and installers. Navigating Ethical Technology Design (00:05:29) Shannon elaborates on the challenges of balancing ethical, legal, and client expectations in technology design. Artificial Intelligence and Ethics (00:06:59) Shannon highlights the opaque nature of AI decision-making and the need for ethical frameworks in technology. Data Collection Ethics (00:08:37) Haley addresses the ethical implications of installers agreeing to terms on behalf of clients without full understanding. Client Goals in Technology Design (00:09:57) Dave emphasizes the importance of meeting all client goals in assistive technology design for effective solutions. Challenges in Assistive Technology (00:12:49) Haley discusses the ethical concerns of technology limitations, such as voice-controlled locks for disabled clients. Emergency Egress Considerations (00:13:53) The panel debates the ethics of using voice control for locking doors, emphasizing the importance of safety. Voice Control and Security (00:14:14) Discussing the integration of voice control technology for door access and its security implications. Experience and Automation (00:15:10) Exploring the importance of user experience in implementing automated systems, like pool covers. Ethics and Liability in Technology (00:16:11) Debating the fine line between ethical design and legal liability in technology solutions. Responsibility and Client Needs (00:17:00) Examining the responsibility of technology providers when clients' needs change over time. Cybersecurity Risks (00:19:17) Highlighting the potential cybersecurity risks posed by new technologies and their implications. Hacking and Smart Technology (00:20:10) Discussing the growing threat of hacking smart devices and the need for better protection. AI and Ethical Considerations (00:22:51) Examining the ethical concerns surrounding AI development and its potential consequences. Building Awareness in Technology (00:24:39) Stressing the importance of awareness in technology design to mitigate future risks. Pacing AI Development (00:25:12) Addressing the urgency of slowing down AI advancements for ethical considerations. Insurance and Ethical Obligations (00:26:05) Discussing the need for insurance to cover ethical obligations in technology deployment. Policing AI Technology (00:27:10) Contemplating the challenges of regulating AI and ensuring ethical practices. Building Ethical Concepts (00:27:32) Discussion on creating ethical frameworks and understanding their applications in technology ecosystems. Positive Duty in Ethics (00:28:42) Emphasis on the need for companies to proactively address ethical concerns, moving beyond mere prohibitions. Terms and Conditions Awareness (00:30:04) The importance of clear communication regarding ethical practices in terms and conditions for clients. Liability and Best Practices (00:31:24) Exploring the implications of liability for technology providers and the necessity of documented best practices. Impact of Budget Constraints (00:32:03) Challenges faced by companies when government funding limits ethical considerations in technology projects. Standardizing Practices (00:33:50) The need for standardized practices and clear terms of use to enhance ethical technology deployment. Home Network Vulnerabilities (00:34:32) Discussion on the security risks associated with home networks and the need for better controls. Parental Controls and Ethics (00:36:08) The ethical dilemma of balancing parental controls with children's autonomy and privacy in technology use. AI and Psychological Impact (00:38:05) Concerns about the long-term psychological effects of AI on users and clients in technology applications. Home Network Security Solutions (00:39:10) Emergence of products designed to enhance home network security and manage user access effectively. Here are the extracted timestamps and their corresponding titles from the podcast episode transcription segment: Discussion on Security and Accessibility (00:39:51) Explores the balance between security measures and accessibility for children and vulnerable users. Insurance and Consumer Protection (00:42:16) Discusses the potential for insurance models to protect consumers in technology use. Recognition of Technology Integrators (00:43:25) Highlights efforts to officially recognize technology integrators as a trade in the U.S. and Australia. Advice for Ethical Technology Design (00:45:04) Emphasizes the importance of education and curiosity in understanding ethical technology design. Communication and Transparency (00:46:48) Stresses the need for communication and transparency in technology practices across various stakeholders. Ethical Principles in Technology (00:47:18) Introduces ethical principles from the Australian Ethics Centre to guide technology design. Responsibility in Technology Integration (00:49:04) Discusses the moral obligations of professionals in technology to ensure best practices for clients. Challenges of Integrating Different Systems (00:50:25) Explores ethical dilemmas faced when integrating multiple smart technologies in homes and businesses. Communication and Transparency in Technology (00:53:11) Discussion on the importance of clear communication and transparency in technology implementation. Ethical Considerations in Technology (00:53:35) Exploration of the current state of ethics in technology design and its relevance to businesses. Encouragement for Further Study (00:54:05) Invitation for listeners to study ethical technology design and provided resources in show notes. Reflection on Previous Topics (00:54:06) Mention of prior podcast episodes and their positive themes related to technology and ethics. Call for Community Input (00:54:21) Encouragement for listeners to share their ideas and engage in discussions about ethical technology. Open Mindset Reminder (00:54:49) A reminder to listeners to maintain an open mind regarding discussions on technology ethics.
This Cybersecurity Awareness Month, tune into The ERP Advisor podcast where James McQuiggan, Cybersecurity Expert from KnowBe4, joins us for the fifth year straight. This year, he will tackle AI's evolving impact on organizational cybersecurity strategies. In this special episode, we will explore the cybersecurity risks of AI while understanding the real benefits of implementing AI tools throughout your organization. Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup
(0:00) Intro(1:12) About the podcast sponsor: The American College of Governance Counsel.(1:59) Start of interview. (2:57) Heather Gates' "origin story."(5:17) Wolfe Tone's "origin story."(10:23) On the governance of privately-owned businesses. Distinction with having "outside investors." (15:20) On the nuances of family-owned businesses. *Reference to my podcast series on Succession show.(18:28) On growth of LLC structures.(20:53) On VC-backed company governance. *Note UC Law SF's VCBA.(23:42) On the value of boards and good governance. When is the right time for a more formal governance structure.(27:40) Deloitte Private Company Pulse Survey on Governance (from July 2024).(31:40) On Climate Risk and ESG in private companies.(34:16) On Cybersecurity Risk.(38:20) On the evolving role of independent directors in private companies.(42:28) On the rise of the public benefit corporation (PBC) structure in AI companies(46:08) On the role of the board in developing talent.(48:38) On the future of trust as a core tenant of governance.(50:38) What are the 1-3 books that have greatly influenced your life: Wolfe:The Art of War by Sun Tzu (roughly 5th century BC)Anything by Stephen Covey.When the Game Is Over, It All Goes Back in the Box by John Ortberg (2007)Heather:The Hard Thing about Hard Things by Ben Horowitz (2014)Boundary Boss by Terri Cole (2021)The Untethered Soul by Michael Singer (2007)(51:52) Who were their mentors, and what they learned from them.(53:36) Quotes they think of often or live their life by.(54:13) An unusual habit or an absurd thing that they love.(54:40) The living person they most admire.Wolfe Tone is the leader of Deloitte Private for the US and globally, and Heather Gates is the national Emerging Growth Company (EGC) business leader for Deloitte, overseeing the firm's EGC, Private Equity, and Deloitte Private Audit & Assurance teams. You can follow Evan on social media at:Twitter: @evanepsteinLinkedIn: https://www.linkedin.com/in/epsteinevan/ Substack: https://evanepstein.substack.com/__You can join as a Patron of the Boardroom Governance Podcast at:Patreon: patreon.com/BoardroomGovernancePod__Music/Soundtrack (found via Free Music Archive): Seeing The Future by Dexter Britain is licensed under a Attribution-Noncommercial-Share Alike 3.0 United States License
George Pappas, CEO of Intraprise Health, works with various healthcare organizations across the healthcare industry and healthcare ecosystem to help address cybersecurity risks. While recent cyber attacks have raised awareness about the need for better cybersecurity measures, the complexity of healthcare IT systems creates significant challenges for comprehensive risk management. Proactive measures, including employee training, enhanced identity confirmation, and limiting access, are critical to mitigating the risk of cyber attacks. George explains, "The net situation is that these large technology companies that serve healthcare and hospital systems and large medical practices change are clearinghouses, revenue cycle managers, and manage real-time price transparency. What medication management companies manage is so complicated, and they have so many ways that something can be attacked. As you mentioned at the beginning, the attackers are getting very clever and sharing a lot of their methods, so you have to do a comprehensive continuous review of your entire cybersecurity posture. Because if you don't, there are invariably going to be challenges and small things that are small at the time that end up not being small and being the way that an attacker got in." "And in the case of Change, it was a multifactor authentication problem accessing a certain system through a certain technology stack that was rather old. But these things exist in companies this size. They have tens of thousands of machines and have accumulated different companies they acquired over time with different technology systems that don't all work together. So, the vulnerabilities are there, and they require comprehensive risk management and some candidly, more investment than we've seen to address fully." "I'll give you another example. So maybe it helps your listeners place this a little better. If you think about someone who has a home and is trying to protect their home from all the various threats or things that can happen. Well, their home insurance company requires them to have a smoke detector and carbon monoxide sensor. They get a credit on their policy. If they have a burglar alarm system, they might have a ring doorbell camera or any number of things like that. What you see across the industry is these large hospital systems, small hospital systems, doctor's offices, and they're doing those basic things. But here's the issue. In that same house that I mentioned, you could have 30 windows, the roof might be a little old, you might have a ground floor, and a door that has glass could be easily broken if someone tried to break in." #IntrapriseHealth #HealthcareCybersecurity #PatientDataProtection #CyberThreats #HITRUSTCompliance #RiskManagement #DataPrivacy intraprisehealth.com Download the transcript here
George Pappas, CEO of Intraprise Health, works with various healthcare organizations across the healthcare industry and healthcare ecosystem to help address cybersecurity risks. While recent cyber attacks have raised awareness about the need for better cybersecurity measures, the complexity of healthcare IT systems creates significant challenges for comprehensive risk management. Proactive measures, including employee training, enhanced identity confirmation, and limiting access, are critical to mitigating the risk of cyber attacks. George explains, "The net situation is that these large technology companies that serve healthcare and hospital systems and large medical practices change are clearinghouses, revenue cycle managers, and manage real-time price transparency. What medication management companies manage is so complicated, and they have so many ways that something can be attacked. As you mentioned at the beginning, the attackers are getting very clever and sharing a lot of their methods, so you have to do a comprehensive continuous review of your entire cybersecurity posture. Because if you don't, there are invariably going to be challenges and small things that are small at the time that end up not being small and being the way that an attacker got in." "And in the case of Change, it was a multifactor authentication problem accessing a certain system through a certain technology stack that was rather old. But these things exist in companies this size. They have tens of thousands of machines and have accumulated different companies they acquired over time with different technology systems that don't all work together. So, the vulnerabilities are there, and they require comprehensive risk management and some candidly, more investment than we've seen to address fully." "I'll give you another example. So maybe it helps your listeners place this a little better. If you think about someone who has a home and is trying to protect their home from all the various threats or things that can happen. Well, their home insurance company requires them to have a smoke detector and carbon monoxide sensor. They get a credit on their policy. If they have a burglar alarm system, they might have a ring doorbell camera or any number of things like that. What you see across the industry is these large hospital systems, small hospital systems, doctor's offices, and they're doing those basic things. But here's the issue. In that same house that I mentioned, you could have 30 windows, the roof might be a little old, you might have a ground floor, and a door that has glass could be easily broken if someone tried to break in." #IntrapriseHealth #HealthcareCybersecurity #PatientDataProtection #CyberThreats #HITRUSTCompliance #RiskManagement #DataPrivacy intraprisehealth.com Listen to the podcast here
Emily speaks with cybersecurity expert Terry Zimniak about balancing security spending with business development and the importance of penetration testing and backup plans. Terry shares insights from his shift from technical roles to overseeing security, including how strategic partnerships like Ascension Health's acquisition come with risks. They also discuss the role of frameworks like NIST CSF and the growing threat of AI in phishing and deepfake scams.Links Mentioned:Terry Zimniak's WebsiteCybersecurity Frameworks and Guides: ◦ NIST Cybersecurity Framework ◦ FTC Cybersecurity Guidance for Small BusinessesClarity Call with EmilyFree Resources:Strategic Planning Checklist Chief of Staff Skills Assessment ChecklistA Day in the Life of a Chief of StaffChief of Staff ToolkitGet in touch with Emily:Connect on LinkedInFollow on YouTubeLearn more about coaching Sign up for the newsletterClarity Call with Emily Who Am I?If we haven't yet before - Hi
In this episode of the Global Medical Device Podcast, host Etienne Nichols continues his conversation with regulatory expert Mike Drues in part two of their series on home use medical devices. The discussion centers on critical topics such as labeling, usability challenges, and the future of medical devices in home settings. They explore how these devices, increasingly used by non-healthcare professionals, face unique hurdles such as user training, environmental factors, and technological concerns like cybersecurity and data security. Together, Etienne and Mike also delve into how regulatory frameworks need to adapt for home use, and they highlight potential future issues with devices as AI and robotic assistance grow in prominence.Key Timestamps:[02:20] - Recap of Part 1 & Introduction to Home Use DevicesMike revisits key topics from part 1, focusing on why home use devices matter.[10:45] - Defining the Intended User and EnvironmentDiscussion about how labeling must account for who will use the device and where.[15:30] - Technological and Environmental Challenges for Home Use DevicesExploring temperature, humidity, and power inconsistencies affecting performance.[30:05] - Reprocessing and Cleaning Devices at HomeThe challenges and risks associated with reusing and cleaning devices like CPAPs.[40:15] - Usability Testing & Human FactorsImportance of considering non-healthcare users when designing home devices.[55:12] - Cybersecurity Risks in Home DevicesThe growing significance of data security and strategies for protecting devices in non-clinical settings.[1:05:30] - Post-Market Surveillance and Reporting for Home DevicesThe complexities of tracking device performance and recalls when used in home environments.Memorable Quotes:"When we talk about intended users, we must shift our thinking from healthcare professionals to patients. Designing for non-clinicians is crucial because usability directly impacts safety." – Mike Drues"If your device has to be recalibrated, why not have a mechanism that disables it when calibration is overdue? That's a much stronger safeguard than relying on users to remember." – Mike Drues"Cybersecurity is a growing challenge in home devices. It's not just about protecting personal data—imagine if a critical medical device was hacked." – Etienne NicholsKey Takeaways:Latest MedTech Trends:Increasing Use of Home Medical Devices: Patients are increasingly managing their own health at home, necessitating devices that are user-friendly and adaptable to various home environments.AI & Robotics in Home Devices: With the rise of AI and robotic assistance, the definition of an "intended user" is evolving, requiring future-proof regulatory considerations.Data Security: As more devices become connected, cybersecurity is becoming a top priority, particularly for critical, life-sustaining technologies.Practical Tips for MedTech Professionals:Understand the End-User: When designing devices, consider that patients, not healthcare professionals, will be the primary users. Usability is key.Incorporate Environmental Testing: Take environmental factors like humidity, power outages, and storage conditions into account during the device development phase.Push Updates Automatically: For connected devices, push software updates automatically to mitigate cybersecurity risks, rather than relying on users to pull...
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well. Segment Resources: CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs). ForgeArmory provides TTPs that can be used with the TTPForge Wired, by Lily Hay Newman: Facebook's ‘Red Team X' Hunts Bugs Beyond the Social Network's Walls MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers. BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc This week in the enterprise security news, we've got: Torq, Tamnoon, and Defect Dojo raise funding Checkmarx acquires ZAP Commvault acquires Clumio Would you believe San Francisco is NOT the most funded metro area for cybersecurity? Auto-doxxing Smart glasses are now possible Meta gets fined $100M for storing plaintext passwords AI coding assistants might not be living up to expectations Worst Practices Dumpster fires and truth bombs All that and more, on this episode of Enterprise Security Weekly! The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access. This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them! Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics. Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/ This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-378
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well. Segment Resources: CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs). ForgeArmory provides TTPs that can be used with the TTPForge Wired, by Lily Hay Newman: Facebook's ‘Red Team X' Hunts Bugs Beyond the Social Network's Walls MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers. BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc This week in the enterprise security news, we've got: Torq, Tamnoon, and Defect Dojo raise funding Checkmarx acquires ZAP Commvault acquires Clumio Would you believe San Francisco is NOT the most funded metro area for cybersecurity? Auto-doxxing Smart glasses are now possible Meta gets fined $100M for storing plaintext passwords AI coding assistants might not be living up to expectations Worst Practices Dumpster fires and truth bombs All that and more, on this episode of Enterprise Security Weekly! The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access. This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them! Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics. Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/ This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-378
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well. Segment Resources: CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs). ForgeArmory provides TTPs that can be used with the TTPForge Wired, by Lily Hay Newman: Facebook's ‘Red Team X' Hunts Bugs Beyond the Social Network's Walls MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers. BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc Show Notes: https://securityweekly.com/esw-378
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well. Segment Resources: CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs). ForgeArmory provides TTPs that can be used with the TTPForge Wired, by Lily Hay Newman: Facebook's ‘Red Team X' Hunts Bugs Beyond the Social Network's Walls MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers. BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc Show Notes: https://securityweekly.com/esw-378
This episode covers the growing importance of managing cybersecurity risks in medical devices under the EU Medical Device Regulation (MDR). Key topics include integrating cybersecurity into device design, maintaining security throughout the device lifecycle, and best practices for manufacturers to stay compliant and safeguard patient safety.Speakers: Susanna Al Halabi- Regulatory Lead of Notified Body - Medical Devices, MDD Follow us on- Intertek's Assurance In Action || Twitter || LinkedIn.
In Episode 3 of The Marketing Corner, we had very special guest, Marc Enzor, founder of Geeks 2 You and co-host, Roger LaFaye of LaFaye processing. The Marketing Corner is proudly sponsored by: David Bradley Insurance, Medicare A to Z C Eaton Photography LaFaye Processing dba MiCamp Last Bridge Media Mark Weiss | Sales Performance Strategies In this episode, we'll dive deep into why marketing and cybersecurity are essential for small businesses, how they intersect, and what strategies you can implement to protect and grow your business in the digital age. Why Marketing Matters for Small Businesses Marketing is the lifeblood of any small business. It's the key to building brand awareness, attracting new customers, retaining loyal clients, and driving sales. For many small businesses, particularly those that don't have the luxury of a massive advertising budget, marketing can be the most efficient way to reach target audiences and stand out in the marketplace. 1. Building Brand Awareness One of the most significant benefits of marketing is that it helps establish brand awareness. In a world where consumers are bombarded with options, making your business known is critical. Through consistent branding, targeted content, and customer engagement, small businesses can build a reputation and gain recognition within their industries. 2. Connecting with Customers Effective marketing enables businesses to connect with their audience on a personal level. With the right strategies, small businesses can create a sense of community, respond to customer needs, and build trust. Personalized marketing messages, customer reviews, and interactive social media campaigns help foster relationships that are the backbone of small business success. 3. Driving Sales and Growth At the end of the day, every small business needs marketing to drive sales. Whether it's through online ads, content marketing, or direct outreach, a smart marketing plan ensures you reach potential customers where they are, increasing the likelihood of conversions. The more visibility your business has, the more opportunities you create for growth. The use of tools like Google Analytics, Facebook Insights, and email marketing software helps small businesses track the effectiveness of their marketing campaigns. By understanding what works and what doesn't, businesses can make data-driven decisions that maximize return on investment (ROI). The Growing Threat of Cybersecurity Risks for Small Businesses While marketing helps businesses grow, cybersecurity ensures that growth is not derailed by digital threats. Cybersecurity has become a critical concern for small businesses, as they are increasingly targeted by cybercriminals. The misconception that small businesses are too small to be attacked is one of the main reasons they fall victim to cyber threats. In fact, small businesses often have weaker security systems, making them an easier target for hackers. 1. Data Protection Small businesses often handle sensitive customer information, including payment details, personal data, and confidential communications. Protecting this data is paramount, not only for maintaining trust but also for complying with regulations such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). A data breach can have devastating effects, leading to financial losses, reputational damage, and even legal repercussions. Implementing strong cybersecurity measures, such as encryption, secure payment gateways, and firewalls, is critical to ensure customer data is safe from cybercriminals. Educating employees about phishing attacks and password security can also greatly reduce the risk of breaches.
Artificial intelligence, with its remarkable ability to digest and analyze enormous amounts of data, has nearly limitless positive applications for utilities. But it could be used just as effectively as a malicious tool by hackers and scammers. Co-ops are moving cautiously with AI, finding ways to safely implement new, enhanced systems while marginalizing tools that could increase cyber risk. Learn more from NRECA's Carter Manucy as well as Dairyland Power Cooperative's Nate Melby and Vlad Tsoy.
The yuan carry trade is emerging as a viable strategy for investors, particularly as the yen carry trade faces challenges due to Japan's monetary policy. With China's dovish approach and stable interest rates, traders are finding attractive opportunities in the yuan market. This shift highlights the yuan's potential as a more resilient option in the forex landscape, especially in uncertain economic conditions. Today's Stocks & Topics: DELL - Dell Technologies Inc. Cl C, Market Wrap, BKNG - Booking Holdings Inc., Yuan Carry Trade: A Rising Forex Strategy Amid Yen Weakness, FHLC - Fidelity MSCI Health Care Index ETF, MO - Altria Group Inc., Key Benchmark Numbers and Market Comments for: Treasury Yields, Gold, Silver, Oil and Gasoline, Annuities, Cybersecurity Risk, Dividend vs. Value Investment, International Exposure, ENB - Enbridge Inc., The Rental Market.Our Sponsors:* Check out Moorings: moorings.comAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
The Hidden Dangers in Spreadsheets and Work Laptops: Hashtag Trending In this episode of Hashtag Trending, host Jim Love discusses critical errors found in 94% of business spreadsheets and their significant impact. The episode also highlights the reliability of top work-related services like Dropbox, Asana, and Airtable, and explores alarming cybersecurity risks associated with personal use of company laptops. Tune in to learn about these issues and the importance of improved quality assurance and security measures. 00:00 Introduction and Host Welcome 00:20 The Shocking Truth About Spreadsheet Errors 02:39 Learning from Reliable Work Platforms 04:14 Cybersecurity Risks of Using Work Laptops for Personal Use 06:12 Conclusion and Show Wrap-Up
In episode 95 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®).Together, they discuss AI augmentation in terms of how cyber defenders are using generative artificial intelligence to enhance their capabilities.Here are some highlights from our episode:01:16. How artificial intelligence has changed the landscape for cybersecurity defenders03:49. How AI is starting to augment threat detection10:12. What security researchers are exploring around AI and cyber defense20:54. Key challenges and limitations for AI-based cyber defense30:54. Future trends and innovations for cybersecurity defenders' use of AIResourcesEpisode 56: Cybersecurity Risks and Rewards of LLMsEpisode 59: Probing the Modern Role of the PentestSEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionalsfr0gger / Awesome-GPT-AgentsThe LLM Misinformation Problem I Was Not ExpectingSeparating FUD from Practical for Post-Quantum CryptographyIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Government Accountability Office (GAO) Podcast: Watchdog Report
The Department of Defense plans to spend big bucks modernizing the IT systems it uses for everything from health care and human-capital needs, to logistics and contracting. Congress asked GAO to look at whether DOD's efforts are meeting costs…
Microsoft and Apple will not have advisory roles on OpenAI's board of directors, despite their investments, as regulatory scrutiny on big tech companies increases. OpenAI faced a security breach in its internal messaging systems, raising concerns about the potential theft of AI technology by foreign adversaries. The company also addressed a security issue in its ChatGPT Mac OS app, highlighting the importance of cybersecurity in AI development.A federal judge has delayed the implementation of the FTC's ban on non-compete agreements, siding with the U.S. Chamber of Commerce and a tax firm. This decision could impact future regulatory actions and business practices. Additionally, the U.S. Supreme Court's overturning of the Chevron Deference Doctrine challenges the Biden administration's cybersecurity regulations on critical infrastructure organizations. The episode also touches on the ongoing debate over net neutrality rules and the Republican National Committee's promise to repeal President Biden's executive order on artificial intelligence.The episode delves into the cybersecurity challenges faced by MSPs, with a high percentage experiencing cyberattacks and unplanned expenses. A new ransomware group called Volcano Demon has emerged, utilizing phone calls for payment negotiations and intimidation. The discussion also includes vulnerabilities in Apple devices and the importance of companies like Enable signing the Secure by Design Pledge to enhance security in products and services. Google's Advanced Protection Program and its impact on high-risk users are also highlighted as a new security measure in the tech industry.Four things to know today00:00 No Advisory Roles for Microsoft and Apple on OpenAI's Board Despite Investments 03:38 Federal Judge Delays FTC's Noncompete Ban Implementation Amid Legal Challenge07:54 MSPs Face Heightened Cyberattack Risks: 76% Targeted, Unplanned Expenses Rise10:21 Volcano Demon Ransomware Utilizes Phone Calls for Payment Negotiations and Intimidation Supported by: https://www.huntress.com/mspradio/https://www.coreview.com/msp All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social
In this episode, host Jordan L. Fischer, Esq. interviews Diane M. Janosek, current CEO of Janos LLC, on the challenges that both the private and the public sector have in complying with evolving cybersecurity risks and regulations.
In episode 89 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by the following guests:Rian Davis, Elections Cyber Threat Intelligence Intern at the Center for Internet Security® (CIS®)Timothy Davis, Sr. Elections Cyber Threat Intelligence Analyst at CISTogether, they discuss how cyber threat actors (CTAs) are using generative artificial intelligence (GenAI) as an enabler of their attacks.Here are some highlights from our episode:01:04. Why it's important to raise awareness of how CTAs are using GenAI01:59. How the CIS Cyber Threat Intelligence (CTI) team is seeing generative AI in CTAs' attack methodology03:50. The types of attacks that are using this technology and how the frequency of those attacks is changing05:46. Some notable attacks that have used GenAI in their methodology16:10. The ways in which CTAs are incorporating generative AI into social engineering24:17. What defenders can do in response to CTAs' use of GenAIResourcesAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsEpisode 56: Cybersecurity Risks and Rewards of LLMsElection Security Spotlight – Generative AI and ElectionsMS-ISAC Security Primer – Spear PhishingWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk, Compliance (GRC), and ESG space. She co-authored the book Governance in the Digital Age: A Guide for the Modern Corporate Board Director, co-hosts “The Corporate Director Podcast,” and co-created Diligent Institute's Certification programs for directors and executives, including AI Ethics & Board Oversight. Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She graduated from the University of Pennsylvania and is a Fellow of the Salzburg Global Seminar Corporate Governance Forum. Diligent and Bitsight recently issued an important report on corporate board oversight of cybersecurity risks. Dottie Schindlinger, Executive Director of Diligent Institute, joins Michael Volkov to discuss the important findings of Diligent's report.You'll hear Dottie and Michael discuss:Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders' Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range.Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650.The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew toward the basic security performance range.Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization's performance.Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Highly regulated industries tend to outperform other industries in terms of cybersecurity performance. Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall was healthcare at 730. Nearly a quarter (24%) of companies with basic security performance ratings came from the industrial sector. ResourcesDottie Schindlinger on LinkedInDiligent Institute | Diligent | Board EffectThe Report can be downloaded at: Cybersecurity, Audit and the Board ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group
In Episode 101 of the Afterburn Podcast, host John "Rain" Waters sits down with Joe Weiss, a nuclear engineer and pioneer in ICS cybersecurity, to discuss the critical importance of securing industrial control systems. With over 40 years of experience in industrial instrumentation, control systems, and automation, Joe sheds light on the vulnerabilities within our infrastructure that are often overlooked. From power plants and water systems to the complex networks that keep our daily lives running, Joe explains how these systems are at risk and what needs to be done to protect them. This eye-opening conversation is essential for anyone interested in cybersecurity, industrial systems, and the future of our nation's critical infrastructure.Joe Weiss Blog: https://www.controlglobal.com/unfetteredView on Youtube: https://www.youtube.com/@AfterburnPodcastSupport The Afterburn Podcast for on Patreon and gain early access and AD Free episodes. Plus access to “There I was…” stories. https://www.patreon.com/theafterburnpodcastAfterburn Podcast Links: Website – https://www.theafterburnpodcast.comPatreon - https://www.patreon.com/theafterburnpodcastInstagram - https://www.instagram.com/rainwaters27/?hl=en
In this episode of the Crazy Wisdom Podcast, Stewart Alsop talks with John Ballentine, the founder and CEO of Alchemy.ai. With over seven years of experience in machine learning and large language models (LLMs), John shares insights on synthetic data, the evolution of AI from Google's BERT model to OpenAI's GPT-3, and the future of multimodal algorithms. They discuss the significance of synthetic data in reducing costs and energy for training models, the challenges of creating models that understand natural language, and the exciting potential of AI in various fields, including cybersecurity and creative arts. For more information on John and his work, visit Alchemy.ai. Check out this GPT we trained on the conversation! Timestamps 00:00 - Stewart Alsop introduces Jon Ballentine, founder and CEO of Alchemy.ai, discussing Jon's background in machine learning and LLMs. 05:00 - Jon talks about the beginnings of his work with the BERT model and the development of transformer architecture. 10:00 - Discussion on the capabilities of early AI models and how they evolved, particularly focusing on the Google Brain project and OpenAI's GPT-3. 15:00 - Exploration of synthetic data, its importance, and how it helps in reducing the cost and energy required for training AI models. 20:00 - Jon discusses the impact of synthetic data on the control and quality of AI model outputs, including challenges and limitations. 25:00 - Conversation about the future of AI, multimodal models, and the significance of video data in training models. 30:00 - The potential of AI in creative fields, such as art, and the concept of artists creating personalized AI models. 35:00 - Challenges in the AI field, including cybersecurity risks and the need for better interpretability of models. 40:00 - The role of synthetic data in enhancing AI training and the discussion on novel attention mechanisms and their applications. 45:00 - Stewart and Jon discuss the relationship between AI and mental health, focusing on therapy and support tools for healthcare providers. 50:00 - The importance of clean data and the challenges of reducing bias and toxicity in AI models, as well as potential future developments in AI ethics and governance. 55:00 - Jon shares more about Alchemy.ai and its mission, along with final thoughts on the future of AI and its societal impacts. Key Insights Evolution of AI Models: Jon Ballentine discusses the evolution of AI models, starting from Google's BERT model to OpenAI's GPT-3. He explains how these models expanded on autocomplete algorithms to predict the next token, with GPT-3 scaling up significantly in parameters and compute. This progression highlights the rapid advancements in natural language processing and the increasing capabilities of AI. Importance of Synthetic Data: Synthetic data is a major focus, with Jon emphasizing its potential to reduce the costs and energy associated with training AI models. He explains that synthetic data allows for better control over model outputs, ensuring that models are trained on diverse and comprehensive datasets without the need for massive amounts of real-world data, which can be expensive and time-consuming to collect. Multimodal Models and Video Data: Jon touches on the importance of multimodal models, which integrate multiple types of data such as text, images, and video. He highlights the potential of video data in training AI models, noting that companies like Google and OpenAI are leveraging vast amounts of video data to improve model performance and capabilities. This approach provides models with a richer understanding of the world from different angles and movements. AI in Creative Fields: The conversation delves into the intersection of AI and creativity. Jon envisions a future where artists create personalized AI models that produce content in their unique style, making art more accessible and personalized. This radical idea suggests that AI could become a new medium for artistic expression, blending technology and creativity in unprecedented ways. Challenges in AI Interpretability: Jon highlights the challenges of understanding and interpreting large AI models. He mentions that despite being able to see the parameters, the internal workings of these models remain largely a black box. This lack of interpretability poses significant challenges, especially in ensuring the safety and reliability of AI systems as they become more integrated into various aspects of life. Cybersecurity Risks and AI: The episode covers the potential cybersecurity risks posed by advanced AI models. Jon discusses the dangers of rogue AI systems that could hack and exfiltrate data, creating new types of cyber threats. This underscores the need for robust cybersecurity measures and the development of defensive AI models to counteract these risks. Future of AI and Mental Health: Stewart and Jon explore the potential of AI in the field of mental health, particularly in supporting healthcare providers. While Jon is skeptical about AI replacing human therapists, he sees value in AI tools that enhance the ability of therapists and doctors to access relevant information and provide better care. This highlights a future where AI augments human capabilities, improving the efficiency and effectiveness of mental health care.
Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/On Twitter | https://twitter.com/Cassie_CrossleyOn Mastodon | https://mastodon.social/@Cassie_Crossley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThis discussion shed light on various aspects of cybersecurity, technology, and the evolving role of IT professionals in addressing the challenges of the digital age.The conversation kicked off with Sean Martin providing a warm welcome to the audience as he introduced the topic of software supply chain security. Cassie Crossley shared insights from her extensive experience in cybersecurity at Schneider Electric, emphasizing the critical importance of safeguarding product security and supply chain integrity.Embracing Innovation and Resilience in CybersecurityThe discussion dive into the concept of resilience in cybersecurity and the need for proactive risk management strategies. Both speakers emphasized the importance of leveraging AI-driven decision-making processes to enhance efficiency and reduce false positives in security operations. They also highlighted the role of machine learning and behavior analytics in strengthening cybersecurity posture.Bridging the Gap between IT and Business ObjectivesCrossley and Martin discussed the evolving role of IT professionals in bridging the gap between technical cybersecurity measures and broader business objectives. They stressed the significance of aligning cybersecurity initiatives with the overall strategic goals of the organization and fostering communication between C-suite executives and security professionals.Navigating the Complexities of Hardware Development and CybersecurityThe conversation also touched upon the complexities of hardware development and the unique challenges faced in securing chipboards and other hardware components. Crossley highlighted the nuances of cybersecurity in defending against a myriad of potential threats and underscored the need for robust verification processes in hardware security.Empowering Businesses with GRC Controls and Cybersecurity Best PracticesAs the discussion progressed, Crossley shared practical insights from her book on software supply chain security, emphasizing the essential GRC controls and cybersecurity best practices that organizations can implement to enhance their security posture. She highlighted the need for startups and companies to prioritize cybersecurity measures despite budget constraints.Concluding Thoughts and Looking Towards the FutureIn wrapping up the conversation, both speakers expressed optimism about the future of software supply chain security and the potential for innovation in AI-driven cybersecurity technologies. They encouraged businesses to prioritize cybersecurity education, resilience planning, and proactive risk management to stay ahead of emerging threats.The engaging discussion between Cassie Crossley and Sean Martin at RSA Conference 2024 provided valuable insights into the evolving landscape of software supply chain security and the key challenges facing cybersecurity professionals. As organizations navigate the complexities of the digital age, proactive cybersecurity measures and a strategic alignment with business objectives are essential for safeguarding critical assets and maintaining a strong security posture.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube: