Podcasts about Information security

  • 1,070PODCASTS
  • 3,513EPISODES
  • 38mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jul 16, 2025LATEST
Information security

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about Information security

Show all podcasts related to information security

Latest podcast episodes about Information security

Cooperatively Speaking
From Pen Testing to Protection: Ball State's Cybersecurity Journey

Cooperatively Speaking

Play Episode Listen Later Jul 16, 2025 33:41


What does it take to build a resilient cybersecurity strategy in higher education - especially with limited resources and rising threats?Tobey Coffman, Chief Information Security Officer at Ball State University, and Ron Pelletier, founder of Pondurance, share how their partnership grew from a single pen test into a fully managed, 24/7 detection and response program. Together, they break down the real-world challenges campuses face, the tipping point that led Ball State to invest in around-the-clock protection, and what makes a vendor-university relationship truly work.Whether you're just getting started or looking to deepen your institution's cybersecurity posture, this conversation delivers insight, strategy, and lessons learned from the front lines.Guests: Tobey Coffman, Executive Director of Information Security and Chief Information Security Officer, Ball State University & Ron Pelletier, Founder & Chief Customer Officer, Pondurance Host: Matt Levine, Category Marketing Manager, E&I Cooperative Services Relevant Links:E&I's Pondurance ContractCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.

Human-Centered Security
We Regret to Inform You: Your Phishing Training Did Nothing with Ariana Mirian

Human-Centered Security

Play Episode Listen Later Jul 16, 2025 46:52


You click on a link in an email—as one does. Suddenly you see a message from your organization, “You've been phished! Now you need some training!” What do you do next? If you're like most busy humans, you skip it and move on.Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker) uncovered similar results in their study “Understanding the Efficacy of Phishing Training in Practice.” The solution? Ariana suggests focusing on a more effective fix: designing safer systems.In the episode we talk about:Annual cybersecurity awareness training doesn't reduce the likelihood of clicking on phishing links, even if completed recently. Employees who finished training recently show similar phishing failure rates to those who completed it months ago. The study notes, “Employees who recently completed such training, which has significant focus on social engineering and phishing defenses, have similar phishing failure rates compared to other employees who completed awareness training many months ago.”Phishing simulations combined with training (where companies send out fake phishing emails to employees and, for those who click on the links, lead those employees through training) had little impact on whether participants would click phishing links in the future. Ariana was hopeful about interactive training but found that too few participants engaged with it to draw meaningful conclusions. The type of phishing lure (e.g., password reset vs. vacation policy change) influenced whether users clicked. Ariana warned that certain lures could artificially lower click rates.Ultimately, Ariana suggests focusing on designing safer systems—where the burden is taken off the end users. She recommends two-factor authentication, using phishing-resistant hardware keys (like YubiKeys), and blocking phishing emails before they reach users.This quote from the study stood out to me: “Our results suggest that organizations like ours should not expect training, as commonly deployed today, to substantially protect against phishing attacks—the magnitude of protection afforded is simply too small and employees remain susceptible even after repeated training.”This highlights the need for safer system design, especially for critical services like email, which—and this is important—inherently relies on users clicking links.Ariana Mirian is a senior security researcher at Censys. She completed her PhD at UC San Diego and co-authored the paper, “Understanding the Efficacy of Phishing Training in Practice.”G. Ho et al., "Understanding the Efficacy of Phishing Training in Practice," in 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2025, pp. 37-54, doi: 10.1109/SP61157.2025.00076.

Agent of Influence
Episode 072 - Cybersecurity Lessons on the Path to Private Equity - Paul Harragan

Agent of Influence

Play Episode Listen Later Jul 3, 2025 31:40


Cybersecurity Lessons on the Path to Private EquityDive into the world of private equity and cybersecurity with Paul Harragan, Global Cybersecurity Lead at KKR. In this episode, we cover strategies for managing risks, navigating M&A diligence, and aligning security with business growth.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Human-Centered Security
Trust Me Maybe: Building Trust in Human-AI Partnerships in Security

Human-Centered Security

Play Episode Listen Later Jun 30, 2025 43:58


In this episode, I speak with three guests from diverse backgrounds who share a common goal: Building trust in human-AI partnerships in security. We originally came together for a panel at the Institute of Electrical and Electronics Engineers (IEEE) Conference on AI in May 2025, and this episode recaps that discussion.Key takeaways:Security practitioners tend to be natural-born skeptics (can you blame them?!). They struggle to trust and adopt AI-powered security products, especially in higher-risk scenarios with overly simplified decision-making processes.AI can be a tool for threat actors and a threat vector itself, and its non-deterministic nature makes it unpredictable and vulnerable to manipulation.All AI models are biased, but not all bias is negative. Recognized and carefully managed bias can provide actionable insights. Purposefully biased (opinionated) models should be transparent.Clearer standards and expectations are needed for “human-in-the-loop” and human oversight. What does the human actually do, are they qualified, and do they have the right experience and information?What happens when today's graduates are tomorrow's security practitioners? On one end of the spectrum we have a lot of skepticism, on the other end not enough. We talk about over-reliance on AI, de-skilling, and loss of situational awareness.Dr. Margaret Cunningham is the Technical Director, Security & AI Strategy at Darktrace. Margaret was formerly Principal Product Manager at Forcepoint and Senior Staff Behavioral Engineer at Robinhood.Dr. Divya Ramjee is an Assistant Professor at Rochester Institute of Technology (RIT). She also leads RIT's Technology and Policy Lab, analyzing security, AI policy, and privacy challenges. She previously held senior roles in US government across various agencies.Dr. Matthew Canham is the Executive Director, Cognitive Security Institute. He is a former FBI Supervisory Special Agent, with over twenty years of research in cognitive security.

The Mindful Business Security Show
Measuring cybersecurity programs in small businesses

The Mindful Business Security Show

Play Episode Listen Later Jun 26, 2025 63:51


The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Alyssa Miller. Alyssa is the CISO of a multi-billion-dollar global company, board member, conference organizer, author, and speaker. Blending her deep technical expertise with sharp business acumen, she has taken her passion for hacking and turned it into a very successful 28-year career in the industry.   During the episode, Alyssa mentioned a TEDx talk that she gave about sustainability in cybersecurity careers. A video recording of the talk is available on YouTube.   You can connect with Alyssa on Bluesky: @alyssam-infosec.com, LinkedIn, or via her website, https://alyssasec.com.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

Accenture InfoSec Beat
InfoSec Beat: Careers in Information Security – Client Data Protection

Accenture InfoSec Beat

Play Episode Listen Later Jun 19, 2025 25:59


This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Kyle Friedman, who leads Security Contracting and Request for Proposal Support for our Information Security Client Data Protection team. She ensures that we have the right provisions in our proposal responses and contracts to run engagements in a secure fashion that works for both Accenture and our clients. Learn about Kyle's unconventional start at Accenture, passion for client data protection, and ability to translate information security topics to people outside the field. Her career advice? Always listen and keep an open mind.

The ISO Show
#220 EcoVadis – Platform Your Passport To Winning Sustainable Contracts

The ISO Show

Play Episode Listen Later Jun 18, 2025 19:34


We're past the point of simply saying you're committed to sustainability, it's time for tangible and verified action. This is what many are calling for in response to the recent rise in Greenwashing and subsequent erosion of trust from consumers and other stakeholders regarding any green claims. As a result, a number of voluntary disclosure schemes have been created to help benchmark and verify organisation's claims, should they choose to participate. One example being the focus of today's episode: EcoVadis. In this episode Mel Blackmore continues with our voluntary disclosure's series, discussing the ESG rating scheme EcoVadis, what is required to earn a Platinum rating and provides some tips on how to get that Platinum rating. You'll learn ·      What is EcoVadis? ·      What are the requirements to achieve a Platinum rating? ·      Top tips for earning an Platinum rating for EcoVadis ·      What are the advantages of earning a Platinum rating? ·      What are the disadvantages of getting involved with EcoVadis?   Resources ·      EcoVadis ·      Carbonology ·      Contribute to Mel's carbon verification commitment research by taking her Survey   In this episode, we talk about: [02:05] Episode Summary – Mel discusses the voluntary disclosure scheme: EcoVadis, including what's involved with taking part, how to achieve a Platinum rating and the pros and cons of being benchmarked.    [03:00] Why is there a need for EcoVadis? An increased number of investors and financial institutions, in addition to clients are demanding more than just financial reports. They want to know what a company's environmental footprint is, and at this point, it's time to move on beyond simply making pledges. This extends to other elements of governance as EcoVadis doubles as a crucial ESG rating scheme. [04:30] What is EcoVadis? EcoVadis is a globally recognised provider of business sustainability ratings. They assess companies' environmental, social, and ethical performance across 21 indicators and four main themes: Environment, Labor & Human Rights, Ethics, and Sustainable Procurement. EcoVadis aims to help organisations manage their supply chain sustainability risks and opportunities. If you're a supplier, you've likely received a request from a customer to complete an EcoVadis assessment. The assessment process involves completing a detailed questionnaire, submitting supporting documentation, and then EcoVadis analysts review your submission and assign a scorecard. This scorecard provides a detailed breakdown of your performance across the four themes and assigns an overall score and a medal status: Bronze, Silver, Gold, or Platinum. It's this medal status that's crucial, especially those coveted Gold and Platinum badges, which signal to your customers that you are a top-tier performer in sustainability. [05:40] We want to hear from you: Mel is currently running some research around CDP and the key drivers behind carbon emission verification, and would appreciate your feedback if you have a few minutes to spare. The results are completely anonymous, and it should only take 5 – 10 minutes. You can take the survey here. Thank you in advance to any contributors! [06:05] What is required to achieve an Platinum Rating? – While EcoVadis assesses across four themes, the 'Environment' theme often carries significant weight, and within that, greenhouse gas (GHG) emissions management is paramount for the higher ratings. To earn an EcoVadis Platinum rating, you'll generally need to achieve an overall score between 78-100 out of 100. Key areas that you need to excel in include:- 1) Comprehensive Environmental Management System: This includes policies, actions, and reporting on a wide range of environmental issues. For Platinum, EcoVadis expects to see highly structured and systematic approaches to environmental management. 2) Robust GHG Emissions Management: For this you need to: ·      Measure your GHG Emissions: Accurately calculate your Scope 1, Scope 2, and significant Scope 3 emissions. EcoVadis places increasing emphasis on Scope 3, as it often represents the largest portion of a company's footprint. ·      Set Ambitious Targets: Have clear, quantitative targets for GHG emission reduction. Aligning these with a science-based target (SBTi) is highly advantageous and often a de facto requirement for Platinum. ·      Implement Reduction Initiatives: Demonstrate concrete actions you are taking to reduce emissions, such as investing in renewable energy, improving energy efficiency, optimizing logistics, or engaging your supply chain. 3) Independent Verification of GHG Emissions Data: This is a non-negotiable for Platinum and often for Gold. EcoVadis awards significant points for having your Scope 1 and Scope 2 GHG emissions (and increasingly, relevant Scope 3 categories) independently verified by a third-party accredited body. This provides assurance that your reported data is accurate and reliable. As a CDP accredited verification body, we routinely help companies through this process, and it makes a profound difference in their EcoVadis and overall ESG scores. 4) Strong Policies and Actions Across All Themes: While we're focusing on environment, remember Platinum requires excellence across all four EcoVadis themes: ·      Labor & Human Rights ·      Ethics ·      Sustainable Procurement Implementing Standards such as ISO 37001 (Anti-Bribery and Corruption), ISO 27001 (Information Security), ISO 20400 (Sustainable Procurement) can help put some of these in place. 5) Effective Reporting and Transparency: You need to clearly articulate your policies, actions, and performance data within the EcoVadis questionnaire. This includes providing high-quality, relevant supporting documentation. To get the best result, don't just tick boxes; provide evidence! 6) Continuous Improvement: EcoVadis looks for evidence of ongoing improvement. It's not a one-off assessment; it's about demonstrating a commitment to continually raising your standards. [14:20] How to get an EcoVadis Platinum Rating with verified data? – Here's a few tips: ·      Start Early and Plan Strategically: Don't wait until the last minute. The EcoVadis assessment requires significant time and effort. Plan your data collection, policy development, and verification process well in advance. ·      Understand the EcoVadis Methodology: Download the EcoVadis methodology and scoring criteria. These double as guidance documents that explain what they're looking for in each section. Tailor your responses and documentation accordingly. ·      Invest in carbon accounting software: Accurate and consistent data is paramount. Implement systems (whether software or well-organized spreadsheets) to track your energy consumption, waste, water use, and especially your GHG emissions. ·      Prioritize GHG Emissions Verification: Engage a reputable, accredited third-party verification body (like Carbonology

Elevate - Women in Tech
S1 Ep 31 - Breaking the Binary: Why Cybersecurity Needs Gender Balance for Better Innovation

Elevate - Women in Tech

Play Episode Listen Later Jun 13, 2025 35:33


In this episode of the Elevate Women in Tech podcast, host Kellie Kwarteng engages with cybersecurity professionals Lisa Ventura MBE FCIIS (founder of Cybersecurity Unity), Richard Wilson (Group Head of Information Security at Spirax Group), and Amelia Hewitt (founder of Hewett Partnerships Limited and Cybaid) to explore the critical importance of genderDiversity in cybersecurity.Key Topics Covered:The Business Case for Diversity: Statistics show cybersecurity teams with above-average gender diversity are 35% more likely to identify novel attack vectors and 21% more effective at detecting security incidents before significant damage occurs. Recruitment Challenges: With women making up just 22% of the UK cybersecurity workforce and only 19% of FTSE 100 CISOs, the panel discusses the substantial skills gap in the industry and explores how to attract diverse talent through skill-based hiring rather than focusing solely on traditional qualifications.Early Education Misconceptions: Amelia shares how career perceptions form as early as age seven, emphasising the need to introduce cybersecurity concepts in primary education and challenge stereotypes about required skills for the profession.AI and Diverse Teams: The panel examines how diverse teams create more resilient security solutions by challenging assumptions, avoiding groupthink, and spotting blind spots in systems - particularly vital when developing AI security measures.Retention Strategies: The conversation highlights the importance of retention through inclusive policies like caregiver allowances, flexible working arrangements, and benefits that support all employees' needs, not just parents.Featured Insights:The myth that cybersecurity requires a strong technical background prevents many talented individuals from applyingAI bias in recruitment tools may be filtering out qualified candidates from underrepresented groupsThe cybersecurity threat landscape is evolving, requiring diverse perspectives to anticipate and counter new attack vectorsCreating truly inclusive workplaces requires understanding what different employees actually want, not making assumptionsWhy Listen:This episode delivers practical advice for organisations seeking to address the cybersecurity skills gap by attracting and retaining diverse talent. For individuals considering a career in cybersecurity, the panel offers encouragement to look beyond traditional pathways and recognise the value of varied skills and perspectives in the industry.Listen now to discover how gender diversity creates stronger cybersecurity teams and what actions you can take to break the binary in your organisation.Keywords:Gender equity, cybersecurity, diversity, recruitment, retention, women in tech, skills, talent attraction, neurodiversity, AI in cybersecurity, career pathways, inclusive workplace, skills gap

The Evolution Exchange Podcast Nordics
Evo Nordics #611 - Rethinking Cyber Operating Models

The Evolution Exchange Podcast Nordics

Play Episode Listen Later Jun 13, 2025 61:59


Host James Dyson is joined by Jani Arnell, Senior Director and Head of Digital Trust & Security at Capgemini Invent; Jussi-Pekka Liimatainen, Information Security Compliance Manager at Valmet; Tomi Kallio, CISO at Normet; and Mohamed Mahmoud, Lead Consultant in Information Security and Functional Safety at Huld. Together, they explore how organizations are rethinking their cyber operating models to tackle today's evolving threat landscape. This episode uncovers strategies around digital trust, security leadership, risk resilience, and functional safety in critical industries.

Agent of Influence
Episode 071 - The Future of HubSpot is Passwordless - Alyssa Robinson

Agent of Influence

Play Episode Listen Later Jun 11, 2025 25:39


The Future of HubSpot is PasswordlessLearn how HubSpot's CISO Alyssa Robinson breaks down passwordless authentication, innovative security strategies, and the art of balancing usability with protection on the latest episode. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

ITSPmagazine | Technology. Cybersecurity. Society
Beyond the Hoodie: Redefining Who Belongs in Cybersecurity with Community as the Missing Link in Cyber Resilience | An Infosecurity Europe 2025 Conversation with Amanda Finch | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 10, 2025 27:03


In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

IT Visionaries
The Future of IT and IT Visionaries

IT Visionaries

Play Episode Listen Later Jun 4, 2025 35:08


Meet Chris Brandt, the new host of IT Visionaries.In this special episode, outgoing host Albert Chou passes the mic to Chris—a seasoned Technology Strategist with a passion for connecting bold ideas to real business outcomes.Chris's career spans startups to global enterprises, from building an EMP-shielded data center deep underground to deploying 200PB HPC environments in Fintech. His expertise includes business strategy, IT operations, security, and network architecture.Outside of work, he enjoys life with his wife Julie, their two kids, Lily and Camden, and their dog, Hobs.Get to know the new voice behind IT Visionaries—and what's coming next. ---Produced by the team at Mission.org and brought to you by Brightspot.

Mediterranean Sustainability Partners
Data protection, disinformation  and hybrid threats: impact on national security in the digital age

Mediterranean Sustainability Partners

Play Episode Listen Later Jun 3, 2025 19:46


Data protection, disinformation  and hybrid threats: impact on national security in the digital ageThe objective of this talk is to provide a view on the problem of the importance and role of strategic global policies and investments in the protection and resiliency of critical infrastructure, national and international, in the context of modern hybrid threats. Disinformation, broadly defined as false information intended to mislead, emanates from both states and non-state actors, and affects communities across the globe. Fake news and deception are ages-old phenomena, but the digital age has facilitated the amplification and manipulation of false information to an unprecedented extent threw internet and new media. Acknowledging the importance of disinformation and its consequences and considering the fact that in future wars the primary target of the attack is going to be critical infrastructure (one or more) the cyberspace will be a tool for conducting attack(s) threw hybrid threats. Potential solution to the problem of insufficient state protection of critical infrastructure should be observed through the prism of building investment policies in broader national strategies for protecting critical infrastructure as well as national security budget defence expenditures/allocations leading to higher level of protection and resiliency of critical infrastructure.Short bioProf. dr. sc. Marija Boban,  Full Professor at Universtiy of Split Faculty of Law in Split is expert in the field of personal data protection, GDPR, information security and smart technologies; Head of Department of Economic, Financial and Information Sciences and Statistics, Faculty of Law, University of Split; Director and owner of the consulting company TechFuturo innovation specialized in business consulting in the digital age. Author and co-author of 7 books, more than 140 scientific papers in the field of personal data protection, cybersecurity, citizen's privacy, AI, robotics, right of access to information and computer forensics from which 45 scientific papers are cited in the Scopus and Web of science databases. Teaches courses Informatics in Law, Cyber crimes, Intellectual Property and Information Security, National Security Systems and Electronic Business at the Faculty of Law in Split and at the Department of Forensic Sciences at the University of Split. Also for many year is external associate professor of  the Polytechnic "Marko Marulić" in Knin and the Faculty of Law, University of Mostar. As invited speaker and lecturer has participated in more than150  international and domestic scientific and professional conferences with the presentation of papers published in proceedings and relevant scientific and professional journals. She has won a number of awards and recognitions and through her many years of scientific and professional work has profiled her as one of the most recognized experts in the Republic of Croatia in cyber security, personal data protection, e-Health, e-Government and computer forensics.

Closer Look with Rose Scott
Biden-era rule for medical debt on credit reports in limbo; KSU 2025 grad to research information security in Belgium

Closer Look with Rose Scott

Play Episode Listen Later May 29, 2025 50:34


In Jan. 2025, then-Vice President Kamala Harris announced a final rule by the Consumer Financial Protection Bureau to remove medical debt from consumers’ credit reports. The policy was to take effect in March, but just like many other Biden-era actions, the Trump administration is changing course. Now, a federal judge is expected to decide in mid-June about whether to vacate the consumer protection rule. Georgia ranks among the top five states with the most medical debt, with 13% of adults in the state owing money. Former health tech executive and consumer advocate Scott Speranza, the CEO of HealthLock, discusses what this could mean for Georgians. For “Closer Look’s” Class of 2025 graduation series, we hear from Bon Varlet. The standout Kennesaw State University graduate majored in information technology. She talks with Rose about her academic journey, including earning a Fulbright Study Award, and her aspirations to attend law school and to protect public institutions, particularly libraries.See omnystudio.com/listener for privacy information.

Human-Centered Security
XDR, EDR, SIEM, SOAR…Snooze: Cybersecurity Marketing Real Talk with Gianna Whitver

Human-Centered Security

Play Episode Listen Later May 29, 2025 34:09


You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.

Agent of Influence
Episode 070 - Advancing Exposure Management - Jorge Orchilles

Agent of Influence

Play Episode Listen Later May 28, 2025 38:19


Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

The Salesforce Admins Podcast
Why Secure AI Starts With You: What Admins Must Know About Agentforce

The Salesforce Admins Podcast

Play Episode Listen Later May 22, 2025 29:56


Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about what admins need to know about Agentforce and how to build secure AI experiences. You should subscribe for the full episode, but here are a few takeaways from our conversation with […] The post Why Secure AI Starts With You: What Admins Must Know About Agentforce appeared first on Salesforce Admins.

ILTA
#0088: (CT) Beyond the Tech

ILTA

Play Episode Listen Later May 19, 2025 21:08


In this podcast session, the speaker will provide a deeper dive into all the prospective questions organizations must ask their technology providers prior to moving forward with a deal.   Although, the technology works, great, but does the company as a whole?   Moderator: @Christina Wojcik - Head of Innovation & Partnerships, Pierson Ferdinand LLP   Speaker: @Krishna Vyas - Director of Third Party Risk Management and Information Security, CITI   Recorded 5-15-2025

The FIT4PRIVACY Podcast - For those who care about privacy
What is Information Security Standard

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later May 15, 2025 8:15


Understanding information security standards is the first step toward building a resilient and trustworthy organization. Cyber-attacks, data leaks, and rule-breaking are becoming more common. Businesses and people need to keep their information safe—but how can they do that? One way is by following security standards like ISO 27001. 

Human-Centered Security
Here Comes the Sludge with Kelly Shortridge and Josiah Dykstra

Human-Centered Security

Play Episode Listen Later May 15, 2025 43:23


Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about:The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems.Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them.The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.”Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience.Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.During this episode, we reference:Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022).Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66, Issue 1 (2022): 1116-1120.

Cybersecurity Where You Are
Episode 135: Five Lightning Chats at RSAC Conference 2025

Cybersecurity Where You Are

Play Episode Listen Later May 14, 2025 23:30


In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

The CyberWire
Scrutinizing the security of messaging apps continues.

The CyberWire

Play Episode Listen Later May 9, 2025 32:26


The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage  (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Security Student Podcast
Shaping Your Role in the Security Industry with Erin Grippo

The Security Student Podcast

Play Episode Listen Later May 8, 2025 61:15


#036 – In this next episode, I was joined by Erin Grippo, Senior Manager of Product Operations at Brivo, who brings nearly a decade of experience in the security industry across marketing, business strategy, partnerships, and product operations.Today's conversation explored Erin's career journey and how she navigated major transitions across roles, companies, and countries. We discussed her philosophy about career growth, overcoming early career challenges, and her advice for aspiring professionals. Erin also shared her perspective on leadership development, the value of networking, and why mentorship is important in our careers. I think you'll find this to be an honest and inspiring discussion!After graduating from DePauw University with a degree in Communication, Erin launched her career at Allegion in the U.S. and later relocated to Toronto to lead multifamily and PropTech initiatives for Allegion Canada. She continued to expand her expertise at Latch, managing partnerships and launching new products and programs before joining Brivo in 2023.Erin is active in the security industry's professional community, serving on the Security Industry Association's RISE Steering Committee and previously on the Foundation for Advancing Security Talent (F.A.S.T) board from 2020 to 2024. She was recently named one of the 2024 Women in Security Forum Power 100. Erin is passionate about mentoring early-career professionals and building stronger pathways for the next generation of security leaders—and it was a pleasure having her on the podcast.-- Get the resources and show notes mentioned in this episode --https://thesecuritystudent.com/shownotes

Feds At The Edge by FedInsider
Ep. 199 Protecting Healthcare Identity from Modern Cyber Attack

Feds At The Edge by FedInsider

Play Episode Listen Later May 7, 2025 59:25


The 2023 FBI Internet Crime Report reveals that nearly 21% of ransomware attacks targeted the healthcare and public health sectors—making them the top victims.   This week on Feds At The Edge, we explore how agencies can defend against these growing threats.   Benjamin Koshy, Chief Information Security Officer and Director, Division of Information Security of Indian Health Service, explains the unique identity management challenge in healthcare: balancing open patient access with strict data protection.  Keith Busby, Acting CISO at CMS, outlines how to go beyond Zero Trust with real-world risk assessments and robust incident response plans - not just a three-ring binder gathering dust on a shelf.  And Alec Lizanetz, Identity Protection Specialist from CrowdStrike, emphasizes the importance of prioritizing threats and using frameworks like CISA's to respond efficiently.   Tune in on your favorite podcasting platform today to hear practical, high-impact strategies to secure critical systems and protect patient care, perfect for healthcare leaders who must protect both data and lives.      

The Future of Security Operations
Circle's Dane VandenBerg on the future of security copilots and the evolution of threat intel

The Future of Security Operations

Play Episode Listen Later May 6, 2025 42:47


In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance

Agent of Influence
Episode 069 - Does Open-Source AI Create a False Sense of Security? - Suryaprakash Nalluri

Agent of Influence

Play Episode Listen Later May 6, 2025 23:50


Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

The CyberWire
Hardcoded credentials and hard lessons.

The CyberWire

Play Episode Listen Later May 5, 2025 29:46


Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC  info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Colorado = Security Podcast
274 - 5/5 - Jason Haddix, CEO/Hacker @ Arcanum Information Security

Colorado = Security Podcast

Play Episode Listen Later May 4, 2025 94:02


Our feature guest this week is Jason Haddix, CEO/Hacker @ Arcanum Information Security. We're also trying something new with our interviews and Jason will be doing an Ask Me Anything in the #AMA channel on Slack. Head on over there to ask him any questions you might have! News from and a lot more! Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver airport seeks $150M contract for new consolidated rental car facility Metro Denver a leader nationally for how fast unsold homes are piling up Centennial-based Boom Technology chooses Adams County as test site for its supersonic jet engines Denver coding school to close Denver dialysis giant DaVita hit with ransomware attack Davita 8-K (ransomware attack) Proposed changes to Colorado's AI regulation draw mixed reactions from business leaders Cybersecurity metrics that matter (and how to measure them) The New Security Model: A Blueprint for Successful SASE Deployment Protecting Your Business – Ransomware Prevention and Recovery Best Practices Why Strong Digital Identity is Essential—With or Without Executive Order 14144 Upcoming Events: Check out the full calendar ASIS Denver - Colorado Corporate Security Symposium - 5/7 ISSA COS - May Chapter Meeting - 5/13 Let's Talk Software Security - Is Using AI Really That Insecure? - 5/14 ISSA Denver - ISC2 Certified Cloud Security Professional (CCSP) Exam Preparation - 5/17/-5/18 LIFT - Hike #1 - 5/20 ISC2 Denver - Enhancing Privacy and Security in the Age of AI-Driven Social Engineering - 5/27 Rocky Mountain Information Security Conference (RMISC) - 5/28-30 ISC2 Pikes Peak - Chapter Meeting - 5/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

All Things Internal Audit
EQ Meets AI: Enhancing Internal Audit

All Things Internal Audit

Play Episode Listen Later May 1, 2025 26:44 Transcription Available


The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Andrew Guasp talks with Alex Gacheche about the importance of emotional intelligence (EQ) in the internal audit profession, especially in the context of AI advancements. They discuss how EQ can enhance internal audit effectiveness, the role of empathy and communication, and the impact of cultural differences on EQ. From active listening to handling difficult conversations, this episode unpacks the human side of internal auditing. HOST:Andrew Guasp, CIA Senior Manager, Standards & Professional Guidance, The IIA GUEST:Alex Gacheche, CISAHead of Internal Audit, Information Security, Technology Infrastructure, Emerging Technology, and AI, Meta   Key Points Introduction [00:00–00:01:16] What Is Emotional Intelligence? [00:01:17–00:03:34] Human Judgment with AI [00:03:35–00:05:01] Balancing Hard and Soft Skills [00:05:02–00:06:27] Developing EQ in Auditing [00:08:42–00:11:51] EQ in Communication and Reporting [00:11:52–00:13:16] Training for EQ Skills [00:13:17–00:14:31] Blending AI and EQ [00:14:32–00:15:49] Resources to Grow EQ [00:15:50–00:18:24] Using EQ in Remediation [00:18:25–00:21:42] EQ in Planning and Information Gathering [00:21:43–00:24:01] Cultural Sensitivity and Word Choice [00:24:02–00:26:32] Leading Multigenerational Teams [00:26:33–00:30:17] EQ's Role in the AI Era [00:30:18–00:32:25] Leadership, Retention, and EQ [00:32:26–00:35:02] EQ in Walkthroughs and Meetings [00:35:03–00:40:47] Final Thoughts [00:40:48–00:41:53] The IIA Related Content Interested in this topic? Visit the links below for more resources:  2025 AuditSphere Virtual Conference Building a Better Auditor: The Powerful Synergy of EQ and AI Knowledge Centers: Artificial Intelligence 'Mastering Soft Skills in Internal Auditing,' All Things Internal Audit Podcast The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

Afternoon Cyber Tea with Ann Johnson
Game Plans and Playbooks: Building and Implementing a Cybersecurity Strategy

Afternoon Cyber Tea with Ann Johnson

Play Episode Listen Later Apr 22, 2025 34:16


Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams.  Resources:  View Christina Morillo on LinkedIn    View Ann Johnson on LinkedIn   Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast  The BlueHat Podcast   Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.   

The Social-Engineer Podcast
Ep. 301 - Security Awareness Series - Leadership Relationships and Becoming a CISO with Travis Farral

The Social-Engineer Podcast

Play Episode Listen Later Apr 21, 2025 30:16


Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025]   00:00 - Intro 00:18 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online -          LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors -          Shawn Edwards -          Jay Leek 27:02 - Book Recommendations -          R. E. Lee: A Biography  - Douglas Southall Freeman 29:34 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Progressive Voices
There Is No Information Security Any More

Progressive Voices

Play Episode Listen Later Apr 21, 2025 30:59


There Is No Information Security Any More Karel Cast 25-56 I received a letter this weekend, a letter that I've gotten before. In fact, I've gotten six of them total. And you know what it says. It says that all the verification of who you are, all the information of yours that your health care provider has, including your charts, your conditions, your medications, might as well be at the public library. Because it certainly isn't safe. Is anything being done? Or is it a lost cause? Also, we now live in a society where our children can go through not one, but TWO mass shootings, and STILL nothing at all is done. The story of the Parkland survivor that ended up in the Florida shooting. Another study about plant based diets...what will it take for you to finally change? The Karel Cast is heard on all streaming services from Apple Music to iHeart Media, Spotify to Spreaker. The show is Monday through Thursday at 10:30 am Live PST. It can also be seen on TikTok and Instagram. Karel is a history-making broadcaster and entertainer currently in Las Vegas with his little service girl Ember. The Karel Cast is supported by your donations at patreon.com/reallykarel Please watch, like and subscribe to the videos at youtube.com/reallykarel

Hybrid Identity Protection Podcast
CISOs are the Top of the Information Security Food Chain with Allan Allford

Hybrid Identity Protection Podcast

Play Episode Listen Later Apr 21, 2025 26:02


In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.

The Salesforce Admins Podcast
Building Secure AI Agents with Salesforce Agentforce

The Salesforce Admins Podcast

Play Episode Listen Later Apr 3, 2025 29:56


Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about his recent presentation at TDX and how to build secure, reliable AI experiences with Agentforce. You should subscribe for the full episode, but here are a few takeaways from our conversation […] The post Building Secure AI Agents with Salesforce Agentforce appeared first on Salesforce Admins.

Paul's Security Weekly
Vulnerability Prioritization Can Produce Better Business Outcomes - Steve Lodin, Greg Fitzgerald - BSW #389

Paul's Security Weekly

Play Episode Listen Later Apr 2, 2025 33:34


Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389

Paul's Security Weekly TV
Vulnerability Prioritization Can Produce Better Business Outcomes - Greg Fitzgerald, Steve Lodin - BSW #389

Paul's Security Weekly TV

Play Episode Listen Later Apr 2, 2025 33:34


Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Show Notes: https://securityweekly.com/bsw-389

Business Security Weekly (Audio)
Vulnerability Prioritization Can Produce Better Business Outcomes - Steve Lodin, Greg Fitzgerald - BSW #389

Business Security Weekly (Audio)

Play Episode Listen Later Apr 2, 2025 33:34


Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389

The Rachel Maddow Show
War plans group chat scandal fits pattern of Trump's embarrassing weakness on information security

The Rachel Maddow Show

Play Episode Listen Later Mar 26, 2025 44:20


Rachel Maddow looks at Donald Trump's ridiculously poor track record of mishandling sensitive information, with the scandal of several of his top officials thoughtlessly discussing military plans in an insecure group text raising questions of criminality on top of the widespread outrage over the sheer sloppiness of their actions.

Transfix
Supply Chain Decoded | Feat. Kary Jablonski & Dr. Erika Voss

Transfix

Play Episode Listen Later Mar 26, 2025 49:45


The freight industry is evolving fast—so how do we keep it secure, innovative, and people-focused? In this episode of Supply Chain Decoded, we sit down with two powerhouse leaders from DAT Freight & Analytics: Kary Jablonski, VP & GM of Trucker Tools and Broker Growth, and Dr. Erika Voss, VP of Information Security. We dive into everything from tackling fraud and cybersecurity threats to driving innovation in freight technology. Kary and Erika share insights on building a people-first workforce, why trust is the backbone of supply chain relationships, and how DAT is creating smarter, more secure solutions for brokers and carriers. Plus, we explore the growing impact of women in leadership and what it takes to lead with vision in a historically male-dominated industry. Whether you're a broker, carrier, or logistics professional, this episode is packed with must-know insights that could change the way you think about security in freight. -- Disclaimer: All views and opinions expressed in this podcast are those of the speakers and do not necessarily reflect the views or positions of Transfix, Inc. or any parent companies or affiliates or the companies with which the participants are affiliated, and may have been previously disseminated by them. The views and opinions expressed in this podcast are based upon information considered reliable, but neither Transfix, Inc. nor its affiliates, nor the companies with which such participants are affiliated, warrant its completeness or accuracy, and it should not be relied upon as such. All such views and opinions are subject to change.

Agent of Influence
Episode 068 - Bridging the Cybersecurity Divide - Robert Wagner

Agent of Influence

Play Episode Listen Later Mar 26, 2025 25:22


Bridging the Cybersecurity DivideJoin host Nabil Hannan in conversation with Robert Wagner, Advisory CISO and Managing Director at NetSPI. The two discuss the cybersecurity divide and how to prioritize security efforts for small and medium-size businesses in the latest episode of Agent of Influence.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Microsoft Mechanics Podcast
Introducing Microsoft Purview Data Security Investigations

Microsoft Mechanics Podcast

Play Episode Listen Later Mar 24, 2025 13:54


Investigate data security, risk and leak cases faster by leveraging AI-driven insights with Microsoft Purview Data Security Investigations. This goes beyond the superficial metadata and activity-only signals found in incident management and SIEM tools, by analyzing the content itself within compromised files, emails, messages, and Microsoft Copilot interactions. Data Security Investigations allows you to pinpoint sensitive data and assess risks at a deeper level—quickly understanding the value of what's been exposed. Then by mapping connections between compromised data and activities, you can easily find the source of the security risk or exposure. And using real-time risk insights, you can also apply the right protections to minimize future vulnerabilities. Data Security Investigations is also integrated with Microsoft Defender incident management as part your broader SOC toolset. Nick Robinson, Microsoft Purview Principal Product Manager, joins Jeremy Chapman to share how to enhance your ability to safeguard critical information.  ► QUICK LINKS: 00:00 - Microsoft Purview Data Security Investigations 01:00 - Risks of data theft & data leaks 03:20 - Start an investigation 04:45 - Results of an investigation 06:15 - Vector-based search & semantic indexing 08:00 - Use AI for the investigation 09:21 - Map activities 10:44 - Connect SOC & Data Security teams 11:21 - Known leaked information 12:26 - Steps to get DSI up and running 13:15 - Wrap up  ► Link References Get started at https://aka.ms/DataSecurityInvestigations Stay up-to-date with our blog at https://aka.ms/DSIBlog ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics 

To The Point - Cybersecurity
Michele Rigby Assad on Cybersecurity: Tackling Modern Threats and Information Security Part 2

To The Point - Cybersecurity

Play Episode Listen Later Mar 18, 2025 19:15


Welcome back to the To the Point cybersecurity podcast, presented by Forcepoint! In this episode, hosts Rachael Lyon and Jonathan Knepper continue their engaging conversation with Michele Rigby Assad, a former CIA intelligence officer and renowned author of "Breaking Cover" and "Get Off the X." Join us as Michele shares her unique insights into the global threat landscape and the security challenges we face domestically. From discussing the imperative of modernizing the intelligence workforce with STEM education to her message of embracing discomfort and taking risks for meaningful growth, Michele offers a compelling perspective that is both inspiring and thought-provoking. We'll explore the impact of cultural and linguistic isolation on the U.S.'s ability to engage globally and the pressing threats poised by countries like Iran. Plus, Michele reveals her personal philosophy on overcoming adversity and the importance of getting "off the X" to achieve extraordinary things, no matter how ordinary you start. Tune in for an enlightening discussion filled with personal anecdotes and actionable advice for navigating today's complex world. Don't miss this opportunity to hear Michele's compelling stories and invaluable expertise on the intricacies of intelligence and cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e324

From CPA to CFO
Ethical AI in Action: Compliance, Innovation, and Accounting's Next Frontier

From CPA to CFO

Play Episode Listen Later Mar 17, 2025 46:15


On this episode of Blood, Sweat & Balance Sheets, host Mike Whitmire sits down with Vicky LeVay, Sr. Director of Compliance, Risk, and Information Security at FloQast, and Jaysen Dyal, Product Marketing Manager at FloQast and former accountant. Together, they discuss the growing role of AI in accounting and FloQast's achievements, including earning ISO 42001 certification.Vicky provides insights into what it takes to secure this critical certification and why it's essential for building trust and ensuring accountability in AI-driven processes. The conversation dives into the ethical challenges of implementing AI in the accounting field and how FloQast's vision paves the way for innovation, efficiency, and solving industry challenges. Learn how AI-powered tools are reshaping the profession, empowering accountants to move beyond manual tasks and tackle strategic work with confidence.Key TakeawaysAI's Role in Accounting: How artificial intelligence is streamlining accounting processes and enabling accountants to focus on strategic initiatives.ISO 42001 and Trust in AI: Why FloQast pursued ISO 42001 certification and its significance in ensuring trust and compliance in AI workflows.Addressing Ethical Challenges: Exploring risks like prompt injection, AI hallucinations, and the importance of integrating robust safeguards.FloQast's Vision for AI: How FloQast is driving innovation with AI-powered products, reducing workloads, boosting efficiency, and preventing burnout for accounting teams.Preparing for the Future: Insights into how ethical AI is shaping the future for accountants and helping them take on more impactful roles within their organizations.Listen in for actionable insights and perspectives on the intersection of AI, compliance, and innovation in accounting.

To The Point - Cybersecurity
Michele Rigby Assad on Cybersecurity: Tackling Modern Threats and Information Security

To The Point - Cybersecurity

Play Episode Listen Later Mar 11, 2025 31:26


In this episode of the "To the Point cybersecurity podcast," hosts Rachael Lyon and Jonathan Knepper dive into a compelling conversation with Michele Rigby Assad, a former CIA intelligence officer with vast experience in The Middle East. Michele shares insights from her latest book, "Get Off the X," which explores the importance of getting out of one's comfort zone and reassessing effectiveness in both personal and professional contexts. The discussion navigates the complexities of the current threat landscape, highlighting the dangers posed by nation-states like Iran and China, and the evolving challenges in cybersecurity. Michele underscores the significance of collaboration between public and private sectors to tackle these threats. With her background in intelligence, Michele offers a unique perspective on the interplay between traditional espionage techniques and modern technology, including the role of social engineering and the challenges of artificial intelligence in amplifying cyber threats. Tune in for an enlightening conversation about the need for innovation, proactive measures, and adept leadership in the realm of global cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e323

Cybercrime Magazine Podcast
Next Level CISO. M&A Integration. Greg Crowley, eSentire & Dwayne Smith, Vensure Employer Solutions.

Cybercrime Magazine Podcast

Play Episode Listen Later Mar 10, 2025 12:29


Greg Crowley is the CISO at eSentire. In this episode, he joins host Heather Engel and Dwayne Smith, Sr. VP Information Security and Global CISO at Vensure Employer Solutions, to discuss M&A integration, including how CISOs can ensure a secure process, tackling inherited vulnerabilities, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

The Logistics of Logistics Podcast
Taking the Uncertainty and Risk Out of Freight with Erika Voss

The Logistics of Logistics Podcast

Play Episode Listen Later Feb 25, 2025 43:22


Erika Voss and Joe Lynch discuss taking the uncertainty and risk out of freight. Erika is Vice President of Information Security at DAT Freight & Analytics, the largest truckload freight marketplace in North America. About Erika Voss Dr. Erika Voss, with over two decades of experience, has held high-level positions at companies including Capital One, Microsoft, and Amazon Web Services. Currently Vice President of Information Security at DAT Freight & Analytics, she leads the vision, strategy, and execution of advanced security protections. Recognized as a leader in her field, Erika has been honored with the CISO's Top 100 Accelerated CISOs Award (A100) and the 2024 Women in Supply Chain Award in the DEI Pioneer category. Erika holds a Ph.D. in Cybersecurity from Northcentral University, while teaching Cyber courses in the evening and advising Women in Leadership at the University of San Francisco. About DAT Freight & Analytics DAT Freight & Analytics operates the largest truckload freight marketplace in North America. Shippers, transportation brokers, carriers, news organizations and industry analysts rely on DAT for trends and data insights based on more than 400 million freight matches and a database of $150 billion in annual market transactions.Founded in 1978, DAT is a business unit of Roper Technologies (Nasdaq: ROP), a constituent of the Nasdaq 100, S&P 500, and Fortune 1000. Key Takeaways: Taking the Uncertainty and Risk Out of Freight Network Integrity Unit: DAT has a dedicated team, the Network Integrity Unit, which works around the clock to monitor the network for suspicious activity, investigate potential threats, and enforce security measures to protect users from fraud and cybercrime. Proactive Security Measures: DAT employs a range of proactive measures, including multi-factor authentication, advanced monitoring tools, and regular security testing, to safeguard user accounts and data, and to prevent fraudulent activities like identity theft and double brokering. Data-Driven Insights: DAT offers advanced analytics, providing shippers with actionable insights to optimize transportation decisions and mitigate risks. Comprehensive Freight Visibility: With access to vast transaction data, shippers can track rates across various modes (TL, LTL, Intermodal, Ocean) and equipment types (Dry Van, Flatbed, Temp-Control). RateView Analytics: DAT helps manage transportation costs with accurate market data, allowing shippers to set realistic budgets and adjust rates during volatile conditions. Network Analytics: Shippers gain granular visibility into capacity, helping them optimize sourcing and manage their transportation network more efficiently. Custom Analytics Services: DAT offers tailored analytics, API integrations, and consultative services to address specific business needs and improve decision-making. Proven Trust by Leading Companies: Over 1,400 shippers, including major brands like Walmart and Freshpet, rely on DAT's data for logistics decision-making. Market Benchmarking: DAT provides benchmarking tools that allow shippers to compare their freight spend against the broader market, identifying opportunities for cost savings and risk management. Learn More About Taking the Uncertainty and Risk Out of Freight Erika Voss | Linkedin DAT Freight & Analytics | Linkedin DAT security team: How to make safe connections online Transparency you can trust: A new approach to maximize your network Fraud Protection DAT Freight | Facebook DAT Freight | X DAT Freight | Instagram DAT Freight | YouTube DAT iQ: The Metrics that Matter with Samuel Parker The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube

AI, Government, and the Future by Alan Pentz
AI Trustworthiness and Cybersecurity: Navigating Enterprise Risks with Candy Alexander of NeuEon

AI, Government, and the Future by Alan Pentz

Play Episode Listen Later Feb 12, 2025 39:20


In this episode of AI, Government, and the Future, host Marc Leh is joined by Candy Alexander, a prominent cybersecurity leader with over 35 years of experience and current Chief Information Security Officer at NeuEon. As a two-time President of the Information Systems Security Association (ISSA) International and founding President of the ISSA Education and Research Foundation, Candy brings her extensive expertise to discuss AI trustworthiness, data governance, and enterprise security challenges.

ITSPmagazine | Technology. Cybersecurity. Society
Shadow IT: Securing Your Organization in a World of Unapproved Apps | A Zero Trust World Conversation with Ryan Bowman | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 7, 2025 23:34


Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

80,000 Hours Podcast with Rob Wiblin
#132 Classic episode – Nova DasSarma on why information security may be critical to the safe development of AI systems

80,000 Hours Podcast with Rob Wiblin

Play Episode Listen Later Jan 31, 2025 161:11


If a business has spent $100 million developing a product, it's a fair bet that they don't want it stolen in two seconds and uploaded to the web where anyone can use it for free.This problem exists in extreme form for AI companies. These days, the electricity and equipment required to train cutting-edge machine learning models that generate uncanny human text and images can cost tens or hundreds of millions of dollars. But once trained, such models may be only a few gigabytes in size and run just fine on ordinary laptops.Today's guest, the computer scientist and polymath Nova DasSarma, works on computer and information security for the AI company Anthropic with the security team. One of her jobs is to stop hackers exfiltrating Anthropic's incredibly expensive intellectual property, as recently happened to Nvidia. Rebroadcast: this episode was originally released in June 2022.Links to learn more, highlights, and full transcript.As she explains, given models' small size, the need to store such models on internet-connected servers, and the poor state of computer security in general, this is a serious challenge.The worries aren't purely commercial though. This problem looms especially large for the growing number of people who expect that in coming decades we'll develop so-called artificial ‘general' intelligence systems that can learn and apply a wide range of skills all at once, and thereby have a transformative effect on society.If aligned with the goals of their owners, such general AI models could operate like a team of super-skilled assistants, going out and doing whatever wonderful (or malicious) things are asked of them. This might represent a huge leap forward for humanity, though the transition to a very different new economy and power structure would have to be handled delicately.If unaligned with the goals of their owners or humanity as a whole, such broadly capable models would naturally ‘go rogue,' breaking their way into additional computer systems to grab more computing power — all the better to pursue their goals and make sure they can't be shut off.As Nova explains, in either case, we don't want such models disseminated all over the world before we've confirmed they are deeply safe and law-abiding, and have figured out how to integrate them peacefully into society. In the first scenario, premature mass deployment would be risky and destabilising. In the second scenario, it could be catastrophic — perhaps even leading to human extinction if such general AI systems turn out to be able to self-improve rapidly rather than slowly, something we can only speculate on at this point.If highly capable general AI systems are coming in the next 10 or 20 years, Nova may be flying below the radar with one of the most important jobs in the world.We'll soon need the ability to ‘sandbox' (i.e. contain) models with a wide range of superhuman capabilities, including the ability to learn new skills, for a period of careful testing and limited deployment — preventing the model from breaking out, and criminals from breaking in. Nova and her colleagues are trying to figure out how to do this, but as this episode reveals, even the state of the art is nowhere near good enough.Chapters:Cold open (00:00:00)Rob's intro (00:00:52)The interview begins (00:02:44)Why computer security matters for AI safety (00:07:39)State of the art in information security (00:17:21)The hack of Nvidia (00:26:50)The most secure systems that exist (00:36:27)Formal verification (00:48:03)How organisations can protect against hacks (00:54:18)Is ML making security better or worse? (00:58:11)Motivated 14-year-old hackers (01:01:08)Disincentivising actors from attacking in the first place (01:05:48)Hofvarpnir Studios (01:12:40)Capabilities vs safety (01:19:47)Interesting design choices with big ML models (01:28:44)Nova's work and how she got into it (01:45:21)Anthropic and career advice (02:05:52)$600M Ethereum hack (02:18:37)Personal computer security advice (02:23:06)LastPass (02:31:04)Stuxnet (02:38:07)Rob's outro (02:40:18)Producer: Keiran HarrisAudio mastering: Ben Cordell and Beppe RådvikTranscriptions: Katy Moore

The CyberWire
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

The CyberWire

Play Episode Listen Later Jan 26, 2025 8:20


Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices