Podcast appearances and mentions of Sam Curry

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler's scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.

The rise of artificial intelligence has opened up exciting possibilities, but it's also creating new challenges–particularly for cybersecurity. I sat down with my friend Sam Curry, Global VP and CISO in residence at Zscaler, for an in-depth conversation about the […] The post Navigating the Future of AI and Cybersecurity appeared first on TechSpective.

Today, we're talking to Sam Curry, Global VP, CISO in Residence at Zscaler. We discuss the AI threat landscape in 2025, why fighting AI with AI may not be your best strategy, and how to position yourself in a community to become a better leader. All of this right here, right now, on the Modern CTO Podcast! To learn more about Zscaler, check out their website here. Produced by ProSeries Media: https://proseriesmedia.com/ For booking inquiries, email booking@proseriesmedia.com

In cybersecurity, we need to understand the mindset of hacking, which is not ethics. We also need to realize that even if we have cybersecurity experts get hacked, there is no reason to feel embarrassed or ashamed when it happens to us. In today's show we're going deep into the world of cybersecurity with one of the industry's most seasoned experts, Sam Curry. With over 30 years of experience in information security, Sam has been defending against cyber threats, shaping security strategies and mentoring the next generation of cyber professionals.  Currently the Global VP and CISO-in-Residence at Zscaler, Sam has also held leadership roles at companies like RSA, McAfee and Arbor Networks where he helped pioneer innovations in VPN technology and personal firewalls. But cybersecurity isn't just about firewalls and encryption—it's about mindset. Sam joins us to talk about the hacker mentality, zero-trust security and why even the best security professionals get hacked.  From his early days in cryptography to mitigating major cyber breaches Sam shares his insights on how businesses and individuals can defend themselves in a digital world. If you've ever wondered how cybercriminals think, how AI is changing the security landscape or what you can do to stay one step ahead then this episode is for you.  Show Notes: [00:55] Sam is Global VP and CISO-in-Residence at Zscaler. For the last 32 years, he's been involved in every part of security at some point. [01:23] He teaches cyber and used to run RSA Labs at MIT. He currently teaches at Wentworth Institute of Technology, and he also sits on a few boards. [02:41] We learn how Sam ended up working in cyber security. He has patents in VPN technology, and was one of the co-inventors of the personal fire law which was sold to McAfee. [04:14] There were security principles before 1996. [07:38] Sam feels a need and a mission to protect people. It's very personal to him. [08:40] He was there for the breach that RSA had. He's also been spearfished. [12:47] The shepherd tone is an audio illusion that makes sound that can make people sick because it sounds like it's always increasing. [16:31] Scams are way under reported because people are too embarrassed to report them. [19:31] Challenges of keeping security up. In peacetime we have to remember to build resilience and be antifragile. [22:10] Zero trust is a strategy and architecture for minimizing functionality. [28:14] There are immediate benefits from a security perspective to start creating zero trust. [30:17] Problems need to be defined correctly. [33:03] Even people who've done incredible research on hacking techniques have gotten hacked. There's no shame in it. [34:02] We need the hacker mindset. It's an important part of the human community. [36:44] The importance of making things easier to understand. [38:18] Advice for people wanting to get into cybersecurity is being just this side of ready and tackling things that are a little too big and a little too scary. Also find allies and a network. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Sam Curry on Zscaler On The Hook: An InfoSec Podcast Sam Curry on LinkedIn Sam Curry on Twitter

https://youtu.be/rKnoP30Q6Ighttps://odysee.com/@NaomiBrockwell:4/Car-hacking:dSecurity researcher Sam Curry reveals shocking flaws in internet-connected vehicles, exposing how they can be hacked and why your car may not be as private as you think.00:00 Car Hacking Doesn't Seem Real01:13 How Sam Got Into Car Hacking04:55 Why Connected Cars Are Not Secure12:11 Types of Attacks Researched14:36 The Subaru Experiment16:53 Kia Connect Research18:11 Tesla Bug Bounty Program23:01 VPN Security23:37 Little Regard for Security of Consumers26:23 Jasper32:52 Tether Hacking34:10 The Problem with ISP Backdoors38:35 Self-Driving Cars39:43 Hacking Driver Accounts43:20 What People Can Do44:34 We Take Our Privacy For Granted Until It Is Summoned47:45 Where We Are Now and Where We Are GoingCars aren't just vehicles anymore—they're data goldmines, storing your messages, photos, and location history. We need to rethink how much personal info we're handing over and who has access to it.Special Thanks to Sam Curry! Check out his blog for his complete research report: https://samcurry.net/hacking-subaruBrought to you by NBTV team members: Lee Rennie, Cube Boy, Sam Ettaro, Will Sandoval and Naomi BrockwellNBTV is a project of the Ludlow Institute, a 501c3 non profit whose mission is to advance freedom through technology.To support NBTV, visit:https://LudlowInstitute.org/donate(As a 501(c)(3) non profit, all donations are tax-deductible in the USA as permitted by law.)Visit our shop!https://Shop.NBTV.mediaOur eBook "Beginner's Introduction To Privacy:https://amzn.to/3WDSfkuBeware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.Support the show

* Subaru Flaw Could Have Let Hackers Track and Control Vehicles* Hundreds of Fake Reddit Sites Push Lumma Stealer Malware* Cybersecurity Needs to Start Saying 'No' Again* GitHub Desktop and Other Git Clients Vulnerable to Credential Leaks* Sophisticated Voice Phishing Scam Attempt Exploiting Google Workspace Domain Verification FlawSubaru Flaw Could Have Let Hackers Track and Control Vehicleshttps://samcurry.net/hacking-subaruA critical security vulnerability in Subaru's Starlink service could have allowed attackers to remotely control and track vehicles in the United States, Canada, and Japan.The flaw, discovered by security researchers Sam Curry and Shubham Shah, enabled attackers to gain unrestricted access to customer accounts using limited information such as the victim's last name, ZIP code, email address, phone number, or license plate.This access would have allowed attackers to:* Remotely start, stop, lock, and unlock vehicles.* Track vehicle locations in real-time and access historical location data.* Access sensitive customer information, including personal details, billing information, and emergency contacts.The researchers exploited a vulnerability in the Starlink admin portal, allowing them to bypass authentication measures and gain unauthorized access to customer accounts. The portal has two-factor authentication (2FA) which was also easily bypassed by removing the client-side overlay from the portal's user interface.Subaru addressed the issue within 24 hours of being notified. While this specific flaw was not exploited, it highlights the critical importance of robust security measures for connected vehicles.This incident follows a similar vulnerability discovered in Kia's dealer portal, emphasizing the need for automakers to prioritize vehicle security and protect customer data.Hundreds of Fake Reddit Sites Push Lumma Stealer Malwarehttps://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware/Cybercriminals are leveraging hundreds of fake Reddit and WeTransfer websites to distribute the Lumma Stealer malware.These deceptive websites mimic the appearance of legitimate platforms, tricking users into downloading malicious payloads. For instance, the fake Reddit sites display fabricated discussion threads where users appear to be assisting each other with downloading files. The thread creator asks for help to download a specific tool, another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks him to make everything appear legitimate.These threads often link to fake WeTransfer pages, which then redirect users to download the Lumma Stealer malware.Lumma Stealer is a sophisticated info-stealer known for its advanced evasion techniques and data theft capabilities. It can steal sensitive information such as passwords, cookies, and other credentials, potentially allowing attackers to hijack accounts and gain access to valuable data.This campaign highlights the ongoing threat of social engineering and the importance of critical thinking when interacting with online content. Users are advised to be wary of unsolicited downloads and to verify the authenticity of websites and messages before clicking on any links.Cybersecurity Needs to Start Saying 'No' Againhttps://www.darkreading.com/cyber-risk/security-needs-start-saying-no-againFor years, cybersecurity teams were often perceived as the "Department of No," constantly blocking initiatives due to security concerns. However, in an effort to demonstrate value and foster collaboration, many teams have shifted towards a more accommodating approach.While this shift has its benefits, some experts argue that it may have gone too far, leading to security teams overlooking critical risks and compromising their ability to effectively protect the organization.Avoiding necessary "nos" can have detrimental consequences, including:* Misalignment: Lack of clear boundaries can lead to confusion and misalignment between security teams and other departments.* Overwhelmed Teams: Constant pressure to accommodate requests can overwhelm security teams and lead to burnout.* Unmanaged Risks: Compromising on security measures can increase the organization's vulnerability to cyber threats.However, saying "no" effectively is crucial. It requires careful consideration, clear communication, and a focus on aligning security decisions with broader business goals.By emphasizing the importance of well-considered "nos" and fostering open communication and collaboration, security teams can better protect their organizations while maintaining positive relationships with other departments.GitHub Desktop and Other Git Clients Vulnerable to Credential Leakshttps://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/Multiple vulnerabilities have been discovered in popular Git clients, including GitHub Desktop, that could allow attackers to steal user credentials.These vulnerabilities, stemming from improper handling of messages within the Git Credential Protocol, could be exploited by attackers to trick users into sending their credentials to malicious servers.One such vulnerability, CVE-2025-23040, affects GitHub Desktop and allows attackers to inject malicious URLs that can mislead the client into sending credentials to the wrong server.Other vulnerabilities impact the Git Credential Manager and Git LFS, also allowing attackers to exploit weaknesses in how these tools handle URLs and potentially leak credentials.GitHub CLI is also vulnerable, particularly when used within GitHub Codespaces, where it can inadvertently leak access tokens to unauthorized hosts.These vulnerabilities highlight the importance of keeping software updated and exercising caution when interacting with untrusted repositories.Users are advised to update their Git clients to the latest versions, avoid cloning repositories from untrusted sources, and minimize the use of credential helpers where possible.Sophisticated Voice Phishing Scam Attempt Exploiting Google Workspace Domain Verification Flawhttps://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4Google is fortifying its security measures following a recent, elaborate voice phishing attack documented by programmer Zach Latta.Latta, founder of Hack Club, detailed a close call he had with scammers who attempted to hijack his Google account through a series of tactics that bypassed traditional security measures.The scammers, posing as Google Workspace support staff, contacted Latta claiming to have detected a suspicious login attempt. They used a phone number associated with Google Assistant calls and a seemingly legitimate "Google" caller ID. Additionally, a password reset email was sent from a genuine Google Workspace address, making the scam highly convincing.However, Latta remained cautious and ultimately identified inconsistencies in the scammers' story. Notably, one scammer contradicted another on details, and a request to call them back was met with an unfazed response, raising a red flag.This incident exposes a critical vulnerability: the ability for attackers to create Google Workspace accounts using unverified g.co subdomains. This allows them to send password reset emails that appear to originate from Google itself.Google has acknowledged the issue and is taking steps to bolster its defenses against such scams. They have suspended the account used in this attempt and are working to prevent attackers from exploiting g.co subdomains during registration.The Latta case serves as a stark reminder to be wary of unsolicited calls, even if they appear to come from legitimate sources. Users should never provide sensitive information over the phone and should be extra cautious about emails originating from unverified senders.This incident also highlights the evolving nature of phishing tactics and the need for continuous vigilance and security improvements. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Do you use a DVI at your shop? Is it certified? If not, get a free DVI certification today and take your shop to the next level! CLICK HERE!Here are a few of the top stories covered on today's show: President Donald Trump is rolling back electric vehicle policies, which could impact US automakers' ability to compete globally. Cybersecurity researcher Sam Curry discovered a major vulnerability in Subaru's Starlink system, allowing hackers to control vehicle functions remotely. Additionally, Sonic Tools USA announced the Sonic Impact Scholarship program, offering aspiring technicians professional toolkits and toolboxes through a competitive application process.See The Institute for Automotive Business Excellence's Partnership ProgramApply for the Sonic Tools Scholarship ProgramEmail mconnerly@connerlyandassociates.com to register for the CTDA Luncheon

FOLLOW UP: GOVERNMENT INTERVENES OVER FINANCE SCANDALThe Chancellor of the Exchequer has written to the Supreme Court to ask them to not penalise car dealers and finance companies too much, for breaking common law. To read more, click this AMOnline article link here. For more context on how we are at this point, click this link here, from The Conversation. FOLLOW UP: WESTERN AND CHINESE EV MAKERS TAKE EU TO COURTBMW and Tesla has joined with BYD, SAIC and Geely to challenge the tariffs imposed on EVs made in China that are brought to Europe. They are arguing that the rates imposed are unfair. If you wish to read further on this, click this AMOnline link here. FOLLOW UP: NHTSA BLUECRUISE INVESTIGATION SHOCKSThe investigation into Ford's hands-off eyes-on driving system, called BlueCruise, by the National Highway Traffic Safety Administration in the US, has found that the system does not detect stationary vehicles when the car is going over 62mph. This has been implemented to try and prevent false positives being sensed and thus “phantom braking”. Click this Autoevolution article link for more. FOLLOW UP: GOVERNMENT BACKS GREATER MANCHESTER PLANSThe UK Government has assessed and approved the proposed plans from Greater Manchester, to reduce the amount of nitrogen dioxide in the air. This will take place without the need to charge drivers for a Clean Air Zone, as so many other cities have chosen. If you would like to learn more, click this article link from BBC News, here. VW GROUP DITCHES AGENCY MODEL FOR EVSIn the UK, the Volkswagen Group will end its use of the agency model, where they sell directly to customers, for their electric vehicles. They are the latest in a number of companies to make this move. Click this Auto Retail Agenda article to read more. SUBARU HACKEDEthical hackers found a vulnerability in Subaru's StarLink connected service that allowed them to access incredible amounts of data and even control some functions of cars remotely. This has now been patched and we have only found out after the fix was deployed by Subaru. If you want to learn more, click this link to Sam Curry's post detailing what he did and found. WAYMO HACKEDJane Manchun Wong, a security researcher, found a hidden element of the Waymo app that allowed her to change what the top dome, on the roof of their vehicles, displayed. Waymo have now closed this off to ‘normal users'. If you want to learn more, click this TechCrunch article link here. MANY THINGS HACKEDPwn2Own Automotive 2025 took place over three days last week and found 49 unknown vulnerabilities in software for head units and EV chargers, including...

Big thank you to DeleteMe for sponsoring this video. Go to http://joindeleteme.com/Bombal to receive a 20% discount. // Sam Curry's SOCIAL// X: https://x.com/samwcyo Website: https://samcurry.net/ Blog: https://samcurry.net/blog/ // YouTube video REFERENCE // Hackers remotely hack millions of cars! • Hackers remotely hack millions of cars! // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Intro 00:50 - DeleteMe sponsored segment 03:56 - The Kia hacking app 05:06 - The terrifying possibilities 06:08 - Hacking Kia cameras 07:44 - How the app works 12:18 - The vulnerability of connected cars // Breach of privacy 15:38 - Growing awareness to the issue 17:23 - Converting the license plate to the VIN number 20:04 - Reason for creating the app 21:39 - Simply hacking a Kia car 22:56 - What journalists think 24:34 - The right to repair congress hearing 25:13 - Security being left behind 27:57 - How taking over a car works 30:16 - Looking at the timeline 31:03 - Advice for new security researchers 34:46 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cars #hack #privacy

You do not have the right to repair your own belongings because of intellectual property rights granted to corporations by Congress in 1998. In this episode, listen to the debate happening in Congress about if and how they should grant customers the right to repair and get a status update on the multiple efforts under way in the current Congress, including one with a good chance of becoming law. Please Support Congressional Dish – Quick Links Contribute monthly or a lump sum via Support Congressional Dish via (donations per episode) Send Zelle payments to: Donation@congressionaldish.com Send Venmo payments to: @Jennifer-Briney Send Cash App payments to: $CongressionalDish or Donation@congressionaldish.com Use your bank's online bill pay function to mail contributions to: Please make checks payable to Congressional Dish Thank you for supporting truly independent media! Background Sources Recommended Congressional Dish Episodes McDonald's Ice Cream Machines Andy Greenberg. December 14, 2023. Wired. Joseph Fawbush. March 29, 2022. FindLaw. John Deere Luke Hogg. January 8, 2024. Reason. Internet of Things Updates and Maintenance Márk Szabó. August 27, 2024. WeLiveSecurity. Massachusetts Auto Repair Law Massachusetts Office of the Attorney General. DoD's Revolving Door OpenSecrets. OpenSecrets. Karl Evers-Hillstrom and Reid Champlin. June 18, 2019. OpenSecrets. OpenSecrets. Salary.com. Military Right to Repair Issues Kyle Mizokami. February 11, 2020. Popular Mechanics. Max Finkel. February 8, 2020. Jalopnik. Elle Ekman. November 20, 2019. The New York Times. Lucas Kunce and Elle Ekman. September 15, 2019. Technological Protection Measures (TPMs) Jennifer Zerkee. November 8, 2023. Simon Fraser University. Cyber Risks Sam Curry et al. January 3, 2023. samcurry.net. Apple Lawsuit Brandon Vigliarolo. December 18, 2023. The Register. NDAA Sec. 828 Jason Koebler. August 28, 2024. 404 Media. AdvaMed et al. July 30, 2024. DocumentCloud via 404 Media. Laws Bills Sec. 828 : REQUIREMENT FOR CONTRACTORS TO PROVIDE REASONABLE ACCESS TO REPAIR MATERIALS. Fair Repair Act Audio Sources May 16, 2024 Senate Armed Services Committee Witnesses: Carlos Del Toro, Secretary of the Navy Clip Sen. Elizabeth Warren: So the Navy acquires everything from night vision goggles to aircraft carriers through contracts with big defense contractors, but the contractors often place restrictions on these deals that prevent service members from maintaining or repairing the equipment, or even let them write a training manual without going back through the contractor. Now the contractors say that since they own the intellectual property and the technical data underlying the equipment, only they have the right to repair that equipment. These right to repair restrictions usually translate into much higher costs for DOD, which has no choice but to shovel money out to big contractors whenever DOD needs to have something fixed. So take the Navy's littoral combat ship, General Dynamics and Lockheed Martin considered much of the data and equipment on the ship to be proprietary, so the Navy had to delay missions and spend millions of dollars on travel costs, just so that contractor affiliated repairmen could fly in, rather than doing this ourselves. Secretary Del Toro, when a sailor isn't allowed to repair part of their ship at sea, and a marine isn't allowed to access technical data to fix a generator on a base abroad. One solution is for the Navy to buy the intellectual property from the contractors. So can you say a little bit about what the benefits are of the Navy having technical rights for the equipment that it has purchased. Sec. Carlos Del Toro: The benefits are enormous, Senator, and we've actually had tremendous success, I'd say, in the last year and a half to two years, through the taxpayer advocacy program that we initiated when I came in. There have been three examples, one, gaining the intellectual property rights for the new ACV class of ships that will replace the AAVs. The F-35 negotiations really proved themselves out in a significant way as well, too. And lastly, the 20 F-18s that the Congress authorized in ‘22 and ‘23, we were able to make significant gains in terms of the government finally getting the intellectual property rights that were necessary for us to be able to properly sustain those moving forward. Sen. Elizabeth Warren: So I am very, very glad to hear this. I like the taxpayer advocacy project and how you're training contract officers to secure technical equipment that the Navy buys, but I think you should have the support of Congress on this. Senator Braun and I have introduced the Stop price gouging the military act to give DoD more tools to get cost and pricing data so that you will be in a better position to negotiate better deals with contractors. There's also more that we can do to ensure that the Navy and the rest of the services have the rights they need to bolster readiness. So let me ask you, Secretary Del Toro, would having a stronger focus on right to repair issues during the acquisition process, like prioritizing contract bids that give DoD fair access to repair materials, and ensuring that contract officers are looking into buying technical rights early on, would that help the Navy save costs and boost readiness at the same time? Sec. Carlos Del Toro: Very much. Senator, in fact, one of the things that we have prioritized since I came in as Secretary of the Navy, given my acquisition background, is actually those negotiations need to happen as early as possible before that we even as we develop the acquisition strategy for that contract to go out to bid, and by doing so, we will reap tremendous returns. July 18, 2023 House Judiciary Committee Witnesses: Aaron Perzanowski, Thomas W. Lacchia Professor of Law, University of Michigan Law School , Legal Fellow, Hudson Institute's Forum for Intellectual Property Kyle Wiens, Co-founder and CEO, iFixit Paul Roberts, Founder, SecuRepairs.org; Founder and Editor-in-Chief, the Security Ledger Scott Benavidez, Chairman, Automotive Service Association; Owner, Mr. B's Paint & Body Shop Clips 41:25 Scott Benavidez: My name is Scott Benavidez. I'm the Chairman of the Automotive Service Association's Board of Directors. I am also a second generation shop owner from Albuquerque, New Mexico, Mr. B's Paint and Body Shop. Scott Benavidez: We do have concerns when some insurers insist on repairs that are simply cheaper and quicker, without regard to quality and safety. Repairers understand better than anyone the threat of replacement crash parts or lesser quality. We can and should have a competitive marketplace that doesn't compromise quality or safety, deciding to only cover the cheapest option without understanding implications for quality leaves collision shops and their customers in a tough position. Very few consumers have the knowledge about these types of crash parts used on their vehicles as numerous crash parts in the marketplace, such as OEM (original equipment manufactured) parts, certified aftermarket parts, aftermarket parts, reconditioned crash parts, and recycled crash parts. Repairers can make recommendations, but their customers are unlikely to hear if the insurance won't cover them. 46:45 Paul Roberts: My name is Paul Roberts, and I'm the founder of Secure Repairs. We're an organization of more than 350 cyber security and information technology professionals who support the right to repair. 46:55 Paul Roberts: I'm speaking to you today on behalf of our members to make clear that the fair access to repair materials sought by right to repair laws does not increase cyber risk, and in fact, it can contribute to a healthier and more secure ecosystem of smart and connected devices. Paul Roberts: Proposed right to repair legislation considered by this Congress, such as the Repair Act, or last session, the Fair Repair Act, simply asks manufacturers that already provide repair information and tools to their authorized repair providers to also provide them at a fair and reasonable price to the owners of the devices and to third parties that they may wish to hire to do their work. 47:35 Paul Roberts: By definition, the information covered by right to repair laws is not sensitive or protected, as evidenced by the fact that the manufacturers already distribute it widely to hundreds, thousands, or even tens of thousands of workers for their authorized repair providers. This could be everyone from mechanics working at auto dealerships to the folks staffing the Geek Squad at Best Buy. 48:00 Paul Roberts: Also, we have yet to find any evidence that the types of information covered by right to repair laws like schematic diagrams, service manuals, diagnostic software and replacement parts act as a portal to cyber attacks. The vast majority of attacks on internet connected devices - from broadband routers to home appliances to automobiles - today exploit weaknesses in the embedded software produced and distributed by the manufacturers, or alternatively, weak device configurations so they're deployed on the internet in ways that make them vulnerable to attack. These security weaknesses are an epidemic. A recent study of the security of Internet of Things devices, by the company Phosphorus Labs, or a cybersecurity company, found that 68% of Internet of Things devices contained high risk or critical software vulnerabilities. As an example, I'd like to call attention to the work of a group of independent researchers recently led by Sam Curry, who published a report, and you can Google this, "Web Hackers vs. the Auto Industry" in January 2023. That group disclosed wide ranging and exploitable flaws in vehicle telematics systems from 16 different auto manufacturers. At a leading GPS supplier to major automakers, the researchers claimed to obtain full access to a company-wide administration panel that gave them the ability to send arbitrary commands to an estimated 15.5 million vehicles, including vehicles used by first responders, police, fire and so on. Hacks like this take place without any access to repair materials, nor is there any evidence that providing access to repair software will open the doors to new attacks. 50:05 Paul Roberts: For the last 25 years, Section 1201 of the Digital Millennium Copyright Act has given manufacturers an incentive to deploy software locks widely and to limit access to security researchers. That's kind of a model what we call in cybersecurity, security through obscurity. In other words, by keeping the workings of something secret, you're making it secure. But in fact, that doesn't work, because cyber criminals are very resourceful and they're very determined, and they don't really care what the law says. 50:35 Paul Roberts: Section 1201 has also enabled what one researcher has described as dark patterns in the design and manufacture of hardware that includes everything from locking out customers from access to administrative interfaces, administrative features of the products that they own, as well as practices like part pairing, which Kyle will talk to you more about, in which manufacturers couple replaceable components like screens and sensors and cameras to specific device hardware. Such schemes make manufacturers and their authorized repair providers gatekeepers for repairs, and effectively bar competition from the owners of the devices as well as independent repair providers. 54:45 Kyle Wiens: You think about what is local? What is American? Main Street you have a post office and a repair shop. And unfortunately, we've seen the whittling down of Main Street as the TV repair shops went away when the manufacturers cut off access to schematics, as the camera repair shops went away when Nikon and Canon decided to stop selling them parts. We've seen this systematically across the economy. In the enterprise space, you have Oracle and IBM saying that you can't get security updates to critical cyber infrastructure unless you buy a service contract with them, so they're tying long term service contracts with the security updates that are necessary to keep this infrastructure secure. 56:45 Kyle Wiens: Over the last decade plus, I've been working on Section 1201, trying to get exemptions for the ability to repair products. The challenge that we've had in the section 1201 process every triennial I go back and we ask for permission to be able to fix our own things is that the exemptions we've gotten really only apply to individual consumers. They aren't something that I could use to make a tool to provide to one of you to fix yourself. So in order for someone to take advantage of a 1201 exemption that we have, they have to be a cybersecurity researcher and able to whittle their own tools and use it themselves, and that just doesn't scale. 57:45 Devlin Hartline: My name is Devlin Hartline, and I'm a legal fellow at the Hudson Institute's forum for intellectual property. 57:50 Devlin Hartline: I'd like to start with a question posed by the title of this hearing, is there a right to repair? And the answer is clearly no. A right is a legally enforceable claim against another, but the courts have not recognized that manufacturers have the duty to help consumers make repairs. Instead, the courts have said that while we have the ability to repair our things, we also have the duty not to infringe the IP rights in the process. So it is in fact, the manufacturers who have the relevant rights, not consumers. 58:30 Devlin Hartline: Right to repair supporters want lawmakers to force manufacturers to make the tools, parts, and know-how needed to facilitate repairs available to consumers and independent repair shops. And the assumption here is that anything standing in the way of repair opportunities must necessarily harm the public good, but these tools, parts and know-how, are often protected by IP rights such as copyrights and design patents. And we protect copyrighted works and patented inventions because, as the Constitution recognizes, this promotes the public good. We reward creators and innovators as an incentive for them to bring these things to the marketplace and the public benefits from the introduction of new products and services that increase competition. Thus, the right to repair movement isn't based on a pre-existing right. It's instead asking lawmakers to create a new right at the expense of the existing rights of IP owners. 1:00:45 Devlin Hartline: IP owners are merely exercising their federally protected IP rights, and this is not actionable anti-competitive conduct. It is instead how the IP system is supposed to work. We grant IP owners exclusive rights so they can exclude others, and this, in turn, promotes the investments to create and to commercialize these creative innovations in the marketplace, and that promotes the public good. Aaron Perzanowski: My name is Aaron Perzanowski. I am a professor of law at the University of Michigan, and for the last 15 years, my academic research has focused on the intersection of personal and intellectual property rights in the digital economy. During that time, the right to repair has emerged as a central challenge to the notion that we as consumers control the devices that we buy. Instead consumers, farmers, small businesses, all find that manufacturers exert post-sale control over these devices, often in ways that frustrate repair. Aaron Perzanowski: Repair is as old as humanity. Our Paleolithic ancestors repaired hand axes and other primitive tools, and as our technologies have grown more complex, from the Bronze Age through the Renaissance, to the high tech devices that we all have in our pockets here today, repair has always kept pace. But today, manufacturers are employing a range of strategies that restrict repair, from their hardware and software design choices to clamp downs on secondary markets, and we also troublingly see attempts to leverage IP rights as tools to restrict repair. These efforts are a major departure from the historical treatment of repair under the law, the right to repair is not only consistent with nearly two centuries of IP law in the United States, it reflects half a millennium of common law property doctrine that rejects post-sale restrictions on personal property as early as the 15th century. English property law recognized that once a property owner sells an item, efforts to restrain how the new owner of that item can use it are inconsistent with the essential nature of private property and obnoxious to public policy. As the Supreme Court has repeatedly recognized, IP laws' respect for the property interests of purchasers of copyrighted and patented goods was profoundly shaped by this common law tradition. In 1850, the Supreme Court recognized that the repair of a patented machine reflected "no more than the exercise of that right of care, which everyone may use to give duration to that which he owns." A century later, the Court held that the repair of a convertible car roof was justified as an exercise of "the lawful right of the property owner to repair his property." And just a few years ago, the court reaffirmed the rejection of post-sale restrictions under patent law in Impression Products vs. Lexmark, a case about refurbishing printer ink cartridges. Copyright law, not surprisingly, has had fewer occasions to consider repair restrictions. But as early as 1901, the Seventh Circuit recognized "a right of repair or renewal under US copyright law." When a publisher sued to prevent a used book dealer from repairing and replacing damaged components of books, the court said that "the right of ownership in the book carries with it and includes the right to maintain the book as nearly as possible in its original condition." A century after that, Congress itself acknowledged repair as a right that owners enjoy, regardless of copyright restrictions, when it enacted section 117 C of the Copyright Act. That provision was designed to undo a Ninth Circuit decision that allowed copyright holders to prevent third party repairs of computers. Section 117 C explicitly permits owners of machines to make copies of computer programs in the course of maintenance or repair. And finally, the US Copyright Office over the last decade has repeatedly concluded that diagnosis, repair, and maintenance activities are non-infringing when it comes to vehicles, consumer devices, and medical equipment. So the right to repair is firmly rooted in basic principles of US IP law. Aaron Perzanowski: Section 1201 of the DMCA makes it practically impossible for consumers to exercise their lawful right to repair a wide range of devices, from tractors to home electronics, even though the copyright office says those activities are not infringing, and the weakening of standards for design patents allow firms to choke off the supply of replacement parts needed to repair vehicles, home appliances, and other devices. Aaron Perzanowski: One way to think about a right is as an affirmative power to force someone else to engage in some behavior, and in some cases, that is what we're talking about. We're talking about imposing, especially on the state level, regulations that impose requirements on manufacturers. I think that's true of the Repair Act on the federal level as well. But, I think part of what we also need to keep in mind is that sometimes what you need to effectuate a right is to eliminate barriers that stand in the way of that right. So we can think about this, I think, helpfully in the context of tools that enable people to engage in repair. The state level solution has been to require manufacturers to give their own tools to repair shops, sometimes compensated under fair and reasonable terms. The other solution would be to change section 1201 to say, let's allow independent repair shops to make their own tools. I think both of those solutions have some value to them. I also think it's really important to keep in mind that when we're talking about IP rights, there are always multiple sets of interests at stake, and one of the key balances that IP law has always tried to strike is the balance between the limited statutory exclusive rights that the Patent and Copyright Acts create and the personal property rights of consumers who own these devices. And so I think a balancing is absolutely necessary and appropriate. 1:15:20 Aaron Perzanowski: I think the best solution for Section 1201 is embodied in a piece of legislation that Representatives Jones and Spartz introduced in the last Congress, which would create a permanent exception to Section 1201 for repair that would apply not only to the act of circumvention, but would also apply to the creation and distribution of tools that are useful for repair purposes that does not open the door to broad, unrestrained, creation of circumvention tools, but tools that are that are targeted to the repair market. 1:16:40 Devlin Hartline: He cited a case about where you can repair a cover on a book. That's very different than recreating the book, every single word in it, right? So there's a difference between repairing something and then crossing the line into violating the exclusive rights of IP owners in the patented product or the copyrighted book. And so the things that repair supporters are asking for is that, if somebody has a design patent that covers an auto body part, well, they have the right to exclude other people from making that part, but repair supporters say they shouldn't have that exclusive right, because, you know, we could increase competition if we just took away their design patent and now other people could make that part, and so that's competition. But that's not the type of competition that IP law and competition law seek to support. That's like saying, if we just let the Pirate Bay copy and distribute all of the Disney blockbuster movies, then that's competition, and prices would go down. But that's not the way that we do it, right? So competition means other people come up with new products and new services, and so that's what we should be trying to support. 1:26:45 Rep. Jerrold Nadler (D-NY): Repair advocates argue that section 1201, prevents non-infringing circumvention of access controls for purposes. But Congress contemplated this use when it passed the DMCA in 1998, allowing for a triennial exemption process. Is the exemption process working as intended? And if not, are there actions Congress can take to expand exemptions or make them easier to acquire? Devlin Hartline: What's important about the triennial rulemaking is that the proponent of an exemption has to come forward with evidence and demonstrate that there's actually a problem and it relates to a certain class of works, and then they can get a temporary exemption for three years. And so it is true that the Librarian of Congress, the last few rulemakings, has said that because using a copyrighted work in a way for repair, maintenance, etc, is Fair Use that they grant these exemptions. But these exemptions are quite narrow. They do not allow the trafficking of the computer programs that can crack the TPMs. And so it's very narrowly done. And the concern is that if you were to create a permanent exemption that opens things all the way up with access controls, copy controls and trafficking thereof, is now you're getting to the point of why we even have these TPMs under 1201 in the first place, and that's because they guard against piracy. And so the concern is that you're opening the piracy floodgates. You make these devices less secure, and then content owners are going to be less likely to want to put their content on these devices. Rep. Ben Cline (R-VA): How does section 1201 of the DMCA impact the ability of consumers and independent repair shops to modify or repair devices that have proprietary software and data in the consumer electronics industry? Aaron Perzanowski: Thank you so much for the question. As we've been talking about the copyright office in 2015, 2018, 2021, and they're in the process for the current rulemaking, has determined that engaging in circumvention, the removal or bypassing of these digital locks for purposes of repair, is perfectly lawful behavior, but there is a major practical mismatch here between the legal rights that consumers enjoy under federal law today and their practical ability to exercise those rights. And that's because, as Devlin was just describing, the section 1201 rulemaking does not extend to the creation or distribution of tools, right? So I have the right under federal law, to remove the technological lock, say, on my video game console, if I want to swap out a broken disk drive. How do I do that? I'd like to think of myself as a pretty technologically sophisticated person. I don't have the first clue about how to do that. I need a person who can write that code, make that code available to consumers so that I can. All I'm trying to do is swap out a broken disk drive on my video game. But you would argue that code is proprietary, correct? So I'm talking here about a third party making their own code that is simply allowing me to engage in activity that the Copyright Office has repeatedly said is non-infringing. Rep. Ben Cline (R-VA): So you want to give them a map. Is that, essentially, what you're saying? Aaron Perzanowski: Absolutely, yes, I do. Rep. Ben Cline (R-VA): Do trade secrets play a role in the right to repair debate? Aaron Perzanowski: There are occasions where trade secrets are important. I don't think in the context that we're talking about here with section 1201, that we're typically running into trade secret issues. The state-level bills that have been introduced do typically address trade secrets and often have carve outs there. And I think that's something worth considering in this debate. But I think it's important to keep in mind that just because we have some hypothetical worry about some unknown bad actor taking a tool that I use to fix my video game console -- Rep. Ben Cline (R-VA): It's not unknown. The Chinese do it all the time. Aaron Perzanowski: I don't think the Chinese are particularly worried about whether or not I can fix my video game console, and in fact, I think that point is important, but the bad actors already have these tools. All we're trying to do is get very targeted tools in the hands of law abiding citizens who just want to repair the stuff they buy for their kids for Christmas, right? If the Chinese are going to hack the PlayStation, they've already done it. 1:32:25 Aaron Perzanowski: So the 1201 process is what established the legality of circumvention for repair purposes. But when Congress created that rulemaking authority, it only extends to the act of circumvention, the actual removal. Congress did not give the [Copyright] Office or the Librarian [of Congress] the authority to grant exemptions to the trafficking provisions, and that's where I think legislative intervention is really important. 1:39:00 Kyle Wiens: One of the challenges was section 1201. It doesn't just ban repair tools, it also bans the distribution of cybersecurity tools. And so we've seen security researchers....Apple sued a company that made a security research tool under 1201 and that tool has markedly made the world more secure. It's very popular amongst government security researchers. So I think that's kind of the sweet spot is, allow some third party inspection. It'll make the product better. 1:41:25 Kyle Wiens: These ice cream machines are made by Taylor, and there is an incredibly complex, baroque set of touchscreens you have to go through. And then there's a service password you have to be able to get past in order to access the settings that really allow you to do what you want. And so, in an ideal world, you'd have an entrepreneur who would come along and make a tool to make it easier for McDonald's, maybe they could have an app on their phone that they could use to configure and help them diagnose and repair the machine. Unfortunately, the company who made that tool is struggling legally because of all these challenges across the board. If we had innovation outside of the manufacturers and to be able to develop new tools for fixing ice cream machines or anything else, you have a whole flowering ecosystem of repair tools right now. It doesn't exist. The US is like this black hole where innovation is banned in software repair. There's all kinds of opportunities I could see, I had a farmer ask me for help fixing his John Deere tractor, and I had to say, I can't do that particular repair because it's illegal. I'd love to build a cool app for helping him diagnose and fix his tractor and get back back in the field faster. We don't have that marketplace right now. It's like farmers have been forced to, like, use cracked Ukrainian versions of John Deere diagnostic software, right? Rep. Russell Fry (R-SC): So it's not just ice cream machines. I led off with that, but it's farmers, it's farm equipment, it's iPhones, it's somebody's Xbox, right? I mean, these are all things.... in your experience, what are the challenges that these customers and stakeholders face when they're trying to repair their own devices? What are some things that they face? Kyle Wiens: It's absolutely infuriating. So my friend, farmer in San Luis Obispo, Dave grows all kinds of amazing products. He has a $300,000 John Deere tractor, came to me and said, Hey, there's a bad sensor. It's going to take a week to get that sensor sent out from Indiana, and I need to use the tractor in that time. Will you help me bypass the sensor? I could hypothetically modify the software in the tractor to do that. Practically, I didn't have the legal ability, and so he had to go and rent an expensive tractor for the week. This is impacting people's lives every single day. 1:43:50 Rep. Russell Fry (R-SC): So, to pivot a little bit, what role do you see from a federal side, from legislation, and what specific measures do you think might be included in such legislation? Kyle Wiens: So we've seen the solutions being approached from two angles. At the state level, you have states saying John Deere and other manufacturers, if you have a dealership that has fancy tools, sell those tools to consumers and to independent shops, allow that competition. At the federal level, what we can do is enable a competitive marketplace for those tools. So rather than compelling John Deere to sell the tool, we can say, hey, it's legal for someone, an entrepreneur, to make a competing tool. And you have this in the car market. You can take your car down the AutoZone, you can buy a scan tool, plug it into your car, and it'll decode some of the error messages. Those tools exist on the auto market because we have a standard diagnostic interface on cars that you can access without circumventing a TPM. We don't have that for any other products. So another farmer in my town, he showed me how if he has a transmission go out on a truck, he can fix that. But if he has a transmission go out on his John Deere tractor, he can't. He can physically install the transmission, but he can't program it to make it work. I'd love to be able to make a software tool to enable him to replace his transmission. Aaron Perzanowski: So I think if we see passage of the SMART Act, we can anticipate significant reductions in the expenses associated with auto collision repairs. Estimates are that design patents on collision parts are responsible for about $1.5 billion in additional expenditures. We see price premiums on OEM parts over third party parts often reaching into like the 40% range, right? So these are pretty significant cost savings associated with that. Part of this problem, I think, does relate back to the kind of unique structure of this market. Most consumers are not paying out of pocket for collision repairs. Those costs are being covered by their auto insurance provider, and so the consumer doesn't see that the - I'm pulling this from memory, so don't hold me to this figure - but the side view mirror of a Ford Fiesta costing $1,500, that's not something that the consumer is confronted with, right? So this goes back to the question of notice. Do consumers know when they buy that vehicle that the repairs are going to be that expensive? I think in most cases, they don't. And so I think the SMART Act is a very targeted solution to this problem. I do think it's important to note that the design patent issue for replacement parts is not limited to the automotive industry. I think it's the most, I think that's the area where the problem is most pressing. But home appliances, consumer electronics, we see companies getting design patents on replacement water filters for refrigerators so that they can charge three times as much when the little light comes on on your fridge to tell you that your water might not be as clean as you want it to be. So I think we have to think about that problem across a range of industries, but the automotive industry, I think, is absolutely the right place to start. Paul Roberts: I mean, one point I would just make is that with the Internet of Things, right, we are facing a crisis in the very near future as manufacturers of everything from home appliances to personal electronics to equipment, as those products age and those manufacturers walk away from their responsibility to maintain them. So we're no longer supporting the software. We're no longer issuing security updates. Who will step in to maintain those devices? Keep them secure, keep them operating right? The manufacturers walked away. Do we just get rid of them? No, because the equipment still works perfectly. We're going to need a market-based response to that. We're going to need small businesses to step up and say, hey, I'll keep that Samsung dishwasher working for another 20 years. That's a huge economic opportunity for this country, but we cannot do it in the existing system because of the types of restrictions that we're talking about. And so this is really about enabling a secure future in which, when you buy a dishwasher with a 20 year lifespan, or 25 year lifespan, it's going to last that 25 years, not the five to six years that the manufacturer has decided, you know, that's how long we want to support the software for. Paul Roberts: My understanding is the use of design patents has increased dramatically, even exponentially, in the last 10 to 15 years. If you go back to the 90s or 80s, you know, parts makers, automakers were not applying these types of patents to replaceable parts like bumpers and rear view mirrors. Somebody had a business decision that, if you can do so, then we can capture more of that aftermarket by outlawing identical aftermarket replacements that has a huge downstream impact on car owners and on insurers and on all of us. 2:10:15 Paul Roberts: Both of the things that we're really proposing or talking about here, which would be changes to Section 1201 of the DMCA as well as passage of robust right to repair laws, would empower a market-based response to keeping the internet of things working, secure and functioning. DMCA 1201 reforms by making it clear that you can circumvent software locks for the purpose of repair and maintenance and upkeep, right? So that would take the threat of the federal crime away from small business owners as well as security researchers who are interested in, you know, plumbing that software for purposes of maintenance, upkeep and repair. And on the right to repair by making the tools available to maintain and upkeep products - diagnostic software, schematic diagrams, service manuals - available. Once again, you'll be empowering small business owners to set up repair shops and say, I'm going to keep your smart appliance running for its full 25 or 30 year lifespan, and I'm going to support my family doing that locally, and not be basically choked out of business by a company that says, Well, you don't have the right to access this product. From a cybersecurity perspective, that is really important, because one thing we don't want is a population of millions or tens of millions of out of date, unsupported, unpatched, insecure internet connected home appliances, webcams, home routers out there available to nation state actors, cyber criminal groups, to compromise and use for their own purposes. And that's something we already see, particularly around broadband routers and other types of devices, and it's a real threat going forward that I think this type of these types of changes would support. Aaron Perzanowski In a lot of instances, this conversation, and we've touched on this earlier, focuses on cost savings, right? And cost savings are an important consideration, right? Farmers aren't thrilled that they have to pay a technician from the John Deere dealer to drive maybe hours to get to their farm and connect their laptop and, you know, download these payload files to enable their equipment to work. But in the agricultural space, the thing I hear most often in the conversations I have with farmers is and Kyle touched on this a bit earlier, is a real concern about the time sensitivity of their work. If your tractor is out of commission for a week or two in the wrong part of the season, that is going to have disastrous effects, right, not only on that farm's economic outlook, but collectively, it can have an impact like, not to be hyperbolic here, but on our national food supply, and so I think it's really important that farmers have flexibility in terms of where and how they execute repairs, so that they can get their equipment back up and running. If my laptop breaks and I can't get it fixed for a week or two, I'm annoyed there will be emails that go unanswered, but like the world will continue to spin. That is not the case in the agricultural space where we, I think, have to be much more concerned. Rep. Darrell Issa (R-CA): If I remove from my BMW, at least during certain models, I remove the radio, unplug it, and then plug it back in, simply because I was fiddling around with the dash, I now have to go back to the dealer to reinstall it. Similarly, the transmission example. I've got two John Deere tractors. One's got a busted engine, the other's got a busted transmission. Currently, they will prohibit you from moving the transmission from one to the other. From a standpoint of intellectual property, where, in God's green earth or the Constitution, are any of those designed to be rights that belong to the manufacturer, rather than rights that belong to the owners of those two John Deere tractors? Devlin Hartline: So those are a bunch of different situations, and so I think there would be underlying facts that differ with each right. So we started on the iPhone, and I was going to point out that iPhone will actually give you the tool to synchronize it. In those other situations, I don't know the business justification for it. How is that an IP problem? Right? So if that's locked up with the TPM, and you have to bypass the TPM, well then that's a violation of 1201, so that's how they can that's how they can lock -- Rep. Darrell Issa (R-CA): So what you're saying is that Congress has created impediments to the right to repair. Mr. Roberts, would you say that is correct? That, in fact, the right to repair, were Congress never to have done anything since, you know, George and Thomas were our presidents, so to speak, knowing those two presidents, we'd be able to do things we're not able to do because they're now prohibited by acts of Congress. Paul Roberts: Yes, and we certainly know going back to the 50s, 60s, 70s, there was a much more you know....First of all, companies would ship products with service and repair manuals with detailed schematic diagrams with the understanding that owners would want to replace and service them. And what I would say is, yes, absolutely. I doubt very much. And I know we had members who were here in 1998 authoring the DMCA. I think if you had said to them, in 25 years time, this law will be used to prevent somebody with a broken dishwasher from getting that serviced by their local repair shop or by for fixing it themselves, this law will prevent them from doing that, I doubt very much they would have said, yeah, that's pretty much what we want. Rep. Darrell Issa (R-CA): Well, I will tell you that the I was the chairman of what is now the Consumer Electronics Association in 1998 and we did predict a lot of these items were going to be expanded beyond the scope of the original. Paul Roberts: Right now this is not an urgent issue, because most of the cars out there are older vehicles. As we move forward, as telematic systems evolve, as automakers continue their trend of moving more and more information to telematic systems, this is going to become a bigger problem. I'll point out another problem, which is the Massachusetts law is contingent on data transfers of diagnostic and repair information via the OBD or onboard diagnostic two port under the dashboard. That's only there because of federal Clean Air law. Electronic vehicles don't have that port because they don't have emissions, and so in the very near future, as we shift to electronic vehicles, that data access port will no longer be there. It will all be telematics data, and so the utility of the Massachusetts law is going to decline over time, going forward. And again, I you know, when you start talking about right to repair, you become like this crazy person who talks about right to repair every time it comes up. But one thing I try and stress to people when I talk to them about auto repair is, if you live in Michigan or California and you have taken your vehicle to the local independent repair shop, you have only done that because the voters in Massachusetts passed a ballot measure over a decade ago and then updated it in November 2020. That is the very thin thread that our right to use independent auto repair hangs by in this country. That's not the way it's supposed to be. This is something that affects vehicle owners, hundreds of millions of them in all 50 states. And it's a type of thing that the federal government needs to address with federal legislation. It should not hang by this very thin thread. 2:30:20 Rep. Hank Johnson (D-GA): Are software updates new creations, and thus copyrightable? Devlin Hartline: Software updates, yeah, they're computer programs, and so Congress said explicitly in 1980, but it was understood before then, that computer programs are literary works and they're protected, just like any other copyrighted work. Rep. Hank Johnson (D-GA): Thank you, Professor Perzanowski, do you disagree? Aaron Perzanowski: I don't disagree at all that software updates are protectable subject matter under the Copyright Act. But what I think is important to keep in mind right is the Copyright Act and copyrights exclusive rights, and all of the exceptions and limitations to copyrights exclusive rights are created by Congress, and so if you think those rights are interfering with other important issues and concerns, then I think Congress clearly has the power to make changes to the copyright law in order to best serve what you ultimately determine to be in the public interest. 2:35:30 Aaron Perzanowski: Access to firmware and other code is really essential to the functioning and repair of lots of devices. I think there's some important differences between the standard essential patent context and kind of what we're talking about here in that in the standard essential patent context, we're relying on standard setting bodies to identify technologies and to require companies to license their patents under fair, reasonable and non-discriminatory terms. We don't quite have that infrastructure in place in the copyright context, but what we do have are compulsory licenses that exist within the Copyright Act already, one of which you were alluding to earlier, the mechanical license for musical works. We also have compulsory licenses for retransmissions of satellite and broadcast content that essentially say the copyright owner is entitled to compensation of some form, but they're not entitled to prevent people from using or accessing that underlying work, and I think that could be a useful framework here for getting owners of devices access to the firmware that they need. Music by Editing Production Assistance

Stopping Chinese AI/Robot imports, Substrate for political platforms, sun vs. smoking, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Forecast = Expect a 90% chance of phishing

Sam Curry, VP & CISO at ZScaler explores the implications of new SEC reporting requirements, the increasing challenges of ransomware attacks, and the shift towards encryptionless extortion. Sam shares insights into how critical infrastructure is becoming more vulnerable and discusses new reporting standards introduced in 2024. The conversation also touches on the importance of robust incident response strategies, the role of AI in cybersecurity, and the need for architectural transformation to enhance security frameworks.

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Starbucks, his own is ISP router, and even getting detained at the airport.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest:https://samcurry.net/Resources:Don't Force Yourself to Become a Bug Bounty HunterhackcomputeStarbucks BugrecollapseTimestamps:(00:00:00) Introduction(00:02:25) Hacking Journey and the limits of Ethical Hacking(00:28:28) Selecting companies to hack(00:33:22) Fostering passion vs. Forcing performance(00:54:06) Collaboration and Hackcompute(01:00:40) The Efficacy of Bug Bounty(01:09:20) Secondary Context Bugs(01:25:01) Mindmaps, note-taking, and Intuition.(01:46:56) Back-end traversals and Unicode(01:56:16) Hacking ISP(02:06:58) Next.js and Crypto(02:22:24) Dev vs. Prod JWT

Sam Currry is the CISO at Zscaler

How are organizations harnessing the transformative power of generative AI (GenAI) while navigating the labyrinth of security risks it introduces? In this episode of Tech Talks Daily, we're joined by Sam Curry, the Chief Information Security Officer at Zscaler, who delves into the intricate dance between innovation and security in the age of GenAI.  As we unfold the layers of Zscaler's latest global study, "All Eyes on Securing GenAI," Sam offers an enlightening perspective on how businesses are rapidly integrating these tools, the security implications at play, and the steps crucial for safeguarding their digital ecosystems. The study's findings are a wake-up call, highlighting the enthusiasm for GenAI across sectors, alongside an acute awareness of its potential security pitfalls. With an overwhelming majority of organizations jumping on the GenAI bandwagon, the conversation shifts to the delicate balance between seizing opportunities and mitigating risks.  Sam shares his insights on the pivotal role of IT in driving GenAI adoption, the pressure points from various stakeholders, and the transformative impact of a zero-trust approach in securing GenAI usage. Through a deep dive into the challenges of data leakage, the necessity of comprehensive visibility and control over AI applications, and the strategic implementation of data protection measures, this episode is an essential guide for businesses at the frontier of the GenAI revolution.

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out! Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry:

The business need for board members to understand cyber risks has never been greater. Listen to this panel discussion featuring Andy Brown–a member of Zscaler's board of directors since October 2015 and CEO of Sand Hill East, and Sam Curry, VP & CISO in Residence at Zscaler, to learn how to effectively lead cyber risk at your organization. Topics covered include: The new expectation placed on corporate boards for cybersecurity oversight Defining cyber materiality, including financial and non-financial factors How CXOs and boards should interact What should boards know about zero trust

https://youtu.be/eIryvRwxp9Ahttps://open.lbry.com/@NaomiBrockwell:4/Car-Tracking:7It's worse than you realize. In this video we dive into all the types of data your car is collecting about you: from video footage, microphone recordings, location data, biometrics, all the way to files/contacts/photos ingested from your phone!00:00 Cars are NO place for a private conversation!02:11 What data is our car collecting?05:41 Video footage06:16 Microphones08:09 Location08:40 There's a SIM card in your phone, sending off all your data!10:01 Telematics10:56 Sensors: Capturing weight, emotions, etc11:10 DON'T CONNECT YOUR PHONE TO YOUR CAR!13:00 Who is getting access to our data?14:06 This is a huge problemThis is the first video in a series we're doing on car privacy. Later in the series we examine:- how easy it is to hack modern cars- trackers in cars that you had no idea existed- the perverse incentives that drive companies to collect as much data about us as possible- the history of when this all started- dangers of used cars: the previous owner of your car might still have access to all your car's remote features, tracking tools, and cameras! - how to wipe your own information and location history from your car before you sell it- how to opt out of this collection and better protect yourselfWe really need to get a conversation going around car privacy, and increase awareness. It's so important we push back against the normalization of these practices, starting now. Special Thanks to Andrea Amico, Dale Wooden, Sam Curry and Ghost Exodus for lending their expertise to this piece!Brought to you by NBTV team members: Lee Rennie, Cube Boy, Sam Ettaro, Ghost Exodus, Will Sandoval and Naomi BrockwellTo support NBTV, visit https://www.nbtv.media/support(tax-deductible in the US)NBTV's new eBook out now!Beginner's Introduction To Privacy - https://amzn.to/3WDSfkuBeware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.Visit the NBTV website:https://nbtv.mediaSupport the show

Burnout is real and rampant among C-level cybersecurity professionals. How can you avoid it? Zscaler CISO Sam Curry shares his thoughts.Gene and Sam also talk about making the path from secondary school to entry-level cybersecurity job easier, why collegiate cybersecurity competitions are important, and what's GOOD about cybersecurity careers (it's not all stress and burnout!). Sam Curry on LinkedIn: https://www.linkedin.com/in/currysam/Zscaler: https://www.zscaler.com/Northeast Collegiate Cyber Defense League: https://neccdl.org/

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSmashing the State articlehttps://portswigger.net/research/smashing-the-state-machine?ps_source=portswiggerres&ps_medium=social&ps_campaign=race-conditionsNagles Algorithmhttps://en.wikipedia.org/wiki/Nagle%27s_algorithm HTTP/2 RFC https://httpwg.org/specs/rfc7540.html Tweet by Alex Chapmanhttps://twitter.com/ajxchapman/status/1691103677920968704?s=20Cookieless Duodrop IIS Auth Bypasshttps://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/ Xss and .Nethttps://blog.isec.pl/all-is-xss-that-comes-to-the-net/Shopify Account Takeoverhttps://ophionsecurity.com/blog/shopify-acount-takeoverShort Name Guesserhttps://github.com/projectmonke/shortnameguesserHacking Points.comhttps://samcurry.net/Points-com/Hacking Starbucks https://samcurry.net/hacking-starbucks/Bug Bounty Tag Requesthttps://twitter.com/ajxchapman/status/1688892093597470720Sandwich Attackhttps://www.landh.tech/blog/20230811-sandwich-attack Timestamps:(00:00:00) Introduction(00:01:25) Smashing the State(00:11:30) HTTP/2 RFC(00:17:30) Cookieless Duodrop IIS Auth Bypass(00:24:45) Takeovers and Tools(00:32:30) Sam Curry writeup(00:53:10) Community requests(00:55:10) Sandwich Attacks

Artificial Intelligence is innovating at a faster than ever before. Could there be a better response than fear? Sam Curry is the VP and Chief Information Security Officer at Zscaler, and he joins us to share his perspective on what AI means for cyber security. Tune in to hear how AI is advancing cybersecurity and the potential threats it poses to data and metadata protection. Sam delves into the nature of fearmongering and a more appropriate response to technological development before revealing the process behind AI integration at Zscaler, why many companies are opting to build internal AI systems, and the three buckets of AI in the security world. Sam shares his opinion on eliminating the offensive use of AI, touches on how AI uses mechanical twerks to get around security checks, and discusses the preparation of InfoSec cycles. After we explore the possibility of deception in a DevOps context, Sam reveals his concerns for the malicious use of AI and stresses the importance of advancing in alignment with technological progress. Tune in to hear all this and much more!

The podcast crew is back! On this episode of the Cybersecurity Hot Takes podcast we are joined by CISO, Sam Curry from Zscaler. Sam takes us through a conversation of Negative Trust, and how we can evolve our zero trust security architecture to go both ways. Follow Beyond Identity: twitter.com/beyondidentity linkedin.com/company/beyond-identity-inc Website: beyondidentity.com Send any voice submissions to Podcast@beyondidentity.com Informal security chat with Beyond Identity's CTO Jasson Casey, Founding Engineer Nelson Melo, and VP of Global Sales Engineering Husnain Bajwa and our host Marketing Empress Reece Guida. Join us for the good, the ugly, and the unexplored in the cybersecurity space. Chat topics include MFA, authentication, passwordless solutions, and how Beyond Identity is utilizing asymmetric cryptography to create the best phishing-resistant multi-factor authentication on the planet. --- Send in a voice message: https://podcasters.spotify.com/pod/show/beyondidentity/message

Guest: Sam Curry, VP, CISO at Zscaler [@zscaler]On Twitter | https://twitter.com/samjcurryOn LinkedIn | https://www.linkedin.com/in/currysam/Host: Chloé MessdaghiOn ITSPmagazine  

Sam Curry is a security researcher, bug bounty hunter, and ethical hacker who, with his team, hacked Apple and discovered 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. This microcast is a short version of our full interview with Curry, which you can listen to at https://soundcloud.com/cybercrimemagazine/bug-bounty-hunting-hacking-apple-getting-paid-sam-curry

The nexus of cyber, AI, and education is getting more complex, but CISO and polymath Sam Curry delivers sharp insights and memorable anecdotes for leaders facing asymmetric threats from a borderless offense.

In this episode @GabeMarzano & @BenSullivan host Sam Curry who is a seasoned security professional with a wealth of experience in the world of hacking and web application security. He is a Staff Security Engineer at Yuga Labs and a well-known bug bounty hunter, who has worked with top companies such as Google, Twitter, and Airbnb.   // SUPPORT THIS CHANNEL //

NEW CAR REGISTRATION FIGURES FOR NOVEMBER 2022The SMMT has revealed the new car registration figures for November 2022 and there is reason to be more optimistic as the rise is genuinely impressive, if not up to pre-pandemic standards. Supply has allowed for 142,889 cars to be registered, with BEVs and to a certain degree PHEVs being a major factor in the push. Click here to read more, from SMMT.FORD INVESTING IN HALEWOOD PLANTFord Motor Company is investing in the Merseyside Halewood plant, to enable the production of electric drivetrains. The aim is for the site to produce 70% of the drivetrains required for Europe, by 2026. To read more, click this link to The Guardian article. RIMAC EXPANDING UK R&D CENTRERimac is beginning a recruitment drive for their UK Technology R&D Centre, where they will add to the control systems, battery and electrical systems teams. Click here to learn more from TheBusinessDesk article. GOVERNMENT FUNDING TOYOTA HYDROGEN RESEARCHThe UK Government is allocating £11 million to a project run by Toyota, researching hydrogen use for zero emission vehicles in isolated areas of the UK. There are plenty of places, in the UK, that it is not practical to set up an EV charging station, particularly in industrial settings, therefore investigating if this is viable is important. Click this Autocar link for more. SIRIUSXM VULNERABILITY EXPOSES CARS TO HACKINGIn the US SiriusXM is known, on the consumer side of things, as a streaming/radio platform. However, they also provide connected car services to many major car brands. Ethical hacker Sam Curry found a vulnerability tied into the VIN numbers of cars which then allowed him to access certain vehicles, unlocking doors, activating the horn, starting engines and the likes. All due to basic protection being non existent. SiriusXM claim they have fixed the issue. To learn more, click the AutoEvolutions article link here. To see exactly what Sam did, click his Twitter thread here. EUROPEAN AUTOMOTIVE CYBER SECURITY HUB FORMEDEurope's first automotive cyber security hub has been formed in Sweden, where the Research Institute of Sweden will join forces with telecom experts and ethical hackers. For more on this story, click the AMOnline article link here. BORGWARD FINALLY DECLARED OFFICIALLY BANKRUPTIn a Chinese court, Borgward has been declared as officially bankrupt, closing the door on what was once a much hyped EV company that only seemed to sell anything in Luxembourg. Click this Autocar link to find out more. NOTTINGHAM EXTENDING ESCOOTER TRIALWhere many other trials are coming to an end and some places are even considering banning...

Your weekly source for locksport news and sometimes interviews. Full show notes, including links, can be found at http://www.thelocksportscast.com  In this week’s episode: Assa Abloy selling Emtek, Yale New clues in Brink’s heist Multiple Car Brands Exposed to Hacking Criminals continue to prey on locksmiths Products Events Meetups Sales Giveaways and more Announcements: The Locky Awards  Corrections: [128] 300 subscribers appreciation giveaway

Doing your own research makes sense. You should not believe everything you see, or read, or hear. Critical thinking is a crucial skill. It is not only fair to question information and seek out alternative perspectives to determine what is … Sam Curry Talks about Misinformation Online and ‘Doing Your Own Research’ Read More » The post Sam Curry Talks about Misinformation Online and ‘Doing Your Own Research’ appeared first on TechSpective.

"The temptation is to think the cost of ransomware as 'What's the ransom? How much do I have to pay?' That's just a fraction of it." Welcome to the SWFL Business Podcast, where we interview business owners in the Southwest Florida area to learn about their business and where they're heading. Today's guests are John Schlager (CEO) and Lee Noriega (COO) of Inceptus, and Sam Curry (CSO) of Cybereason. Do you know what ransomware is? You may have heard it in the news, especially when a major company like Target is attacked. Maybe a company in your industry had their data held for ransom. Maybe your company. Either way, the cost of a ransomware attack goes deeper than you think. We're joined by John, Lee, and Sam to discuss the unconsidered impacts of ransomware attacks on your business, the methods attackers use to breach systems, and a "zero trust" or "least trust" approach to defending yourself and mitigating the risks of cyber attacks on your business. Implementing these practices comes from the C-suite. Listen to how they reframe the conversation around cybersecurity in a way that executives can understand: risk mitigation. Listen on Apple Podcasts: https://apple.co/3NYks1F (https://apple.co/3NYks1F) Listen on Spotify: https://spoti.fi/3x1rufI (https://spoti.fi/3x1rufI) Watch on YouTube: https://bit.ly/3j69E3g (https://bit.ly/3j69E3g) Connect with Sam on LinkedIn at https://www.linkedin.com/in/currysam/ (https://www.linkedin.com/in/currysam/) Learn more about the work Cybereason is doing by visiting https://www.cybereason.com/ (https://www.cybereason.com/) Connect with John on LinkedIn at https://www.linkedin.com/in/schlagej/ (https://www.linkedin.com/in/schlagej/) Connect with Lee on LinkedIn at https://www.linkedin.com/in/lnoriega/ (https://www.linkedin.com/in/lnoriega/) Learn more about Inceptus and reach out them by visiting https://inceptussecure.com/home (https://inceptussecure.com/home) Like what you hear? Want to have your own podcast produced in the Bonita Springs, FL area? Visit www.swflpodcasts.com to learn more.

For security leaders, it can be hard to catch a break when faced with the increasingly challenging task of defending their organizations from evolving threats while simultaneously fighting the battle of the budget in an effort to do more with less. What issues should CISOs be prioritizing, and how can they get the most bang for their buck with regard to minimizing potential risks and maximizing potential outcomes? CISO Stories Podcast hosts Sam Curry, CSO at Cybereason, and Todd Fitzgerald, VP of Strategy at the Cybersecurity Collaborative, are joined by an esteemed panel of accomplished security leaders to discuss these challenges and more. Join our panel of seasoned CISOs from multiple industries as they share their valuable perspectives on: - Ransomware and the impact on global stability - Supply chain attacks and trusted infection vectors - Detection and response across the network and in the Cloud - Incident Response readiness - Attracting and retaining the right talent   Show Notes: https://securityweekly.com/csp62 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Eating nuts and peanuts associated with reduced overall, cardiovascular death   Vanderbilt University School of Medicine, March 2, 2022   Eating nuts and peanuts was associated with a reduced risk of overall death and death from cardiovascular disease across different ethnic groups and among individuals with low socioeconomic status, which suggests that peanuts, because of their affordability, may be a cost-effective measure to improve cardiovascular health, according to an article published by JAMA Internal Medicine. The authors analyzed three large study groups involving 71,764 low-income black and white men and women living in the southeastern United States and 134,265 Chinese men and women living in Shanghai, China. Men in both the U.S. and Chinese study participant groups consumed more peanuts than women. In the U.S. group, about 50 percent of the nut/peanut consumption was peanuts and in the participant groups from China only peanut consumption was assessed.   (NEXT)   People with diabetes who eat less processed food at night may live longer   Study finds eating carbs earlier in the day is linked to better heart health   Harbin Medical University (China), March 15, 2022   The time of day that people with diabetes eat certain foods may be just as important to their well-being as portion size and calories, according to a new study published in the Endocrine Society's Journal of Clinical Endocrinology and Metabolism. Mealtimes should be in line with the biological clock—a natural, internal process that regulates the sleep–wake cycle and repeats every 24 hours. Health outcomes for people with diabetes may be improved if certain foods are eaten at different times of the day.   (NEXT)   Researchers find out why yogurt lowers the risk of developing diabetes   Université of Laval (Quebec), March 15, 2022    Scientists have known for some years that eating yogurt is associated with a reduced risk of diabetes, but the reasons behind this protective effect were unclear. A study published today in Nature Communications reveals that this protection could come partly from the gut microbiota as well as from specific metabolites produced by the lactic bacteria in yogurt. “These metabolites, called branched chain hydroxy acids (BCHA), result from the action of yogurt lactic bacteria on naturally occurring amino acids in milk. “ The researchers made this discovery when observing the effects of yogurt on mice fed a diet rich in sugars and fats. One of the groups was given the equivalent of two daily servings of yogurt. After the 12-week experiment, the researchers found better control of blood sugar, insulin resistance, and liver function in the yogurt fed group. They then analyzed all the metabolites present in their livers and observed changes in BCHA.   (NEXT)   Low blood folate may be linked to heightened dementia and death risks in older people   Icahn School of Medicine at Mount Sinai, March 15, 2022   Low levels of folate (vitamin B9) in the blood may be linked to a heightened risk of dementia and death from any cause in older people, suggests research published online in the journal Evidence Based Mental Health. Levels should be routinely monitored and deficiencies corrected in older age, especially given that blood levels of folate tend to tail off with age, with up to 1 in 5 older adults estimated to be folate deficient, say the researchers. The evidence to date suggests that folate deficiency affects cognition and nerve signaling in the brain, making it a possible risk factor for subsequent dementia.   (OTHER NEWS)   Darktrace and Cybereason: The Intelligence Front Companies Seeking to Subjugate the World with the A.I. Singularity   Meet two power cybersecurity companies riddled with American, British, and Israeli intelligence agents who plan on using AI technology to target foreign populations as well as their own. BY JOHNNY VEDMORE UNLIMITED HANGOUT NOVEMBER 3, 2020   We have all been dreaming, a dream where you can float or glide across your dreamscape effortlessly. This leads to the feeling of trepidation, as though you have the ability to let go, and if you do let go, you'll either soar or fall. We're now at a point in history where either the coming events will be studied for thousands of years, or it will be remembered as the point where we lost our humanity completely. Artificial Intelligence (A.I.) technology has entered a new phase over the past several years, where instead of the A.I. algorithms learning from humans, they are now teaching themselves, changing their own algorithms as they learn. We are on the cusp of letting go of control entirely, so early on, because of a few small companies who have quietly been given free reign under the guise of “protecting” our digital lives, all within a tech sector that is moving so fast that we can no longer see what's just around the bend. The entire free thinking population of Earth would love a little more time to discuss such epochal change. However, the technocrats and scientists, supported by venture capitalists, are already putting into action the future before the masses have a chance to even consider discussing its consequences. With very little legislation governing A.I. technologies on the books, our governments are eager to get every tech pioneer inventing whilst there is no accountability for any resulting harm. We're not talking major societal disruption, we're talking about a potential extinction level event of our own creation. Where we should be taking cautious baby steps, instead we're expecting to fly just by letting go. We are about to experience a monumental change in technology, starting with “next-generation” cybersecurity that will then move quickly into the unknown. Unsupervised A.I., now running on critical networks throughout the world as a “cybersecurity” product, is evolving its own algorithm without the need for humans to be involved. Meanwhile, the wealthy patrons funding this cutting edge future tech are out in force, working to propel our societies into this new, unexplored and dystopian technological frontier. But who are the companies that these eager wealthy venture capitalists are funding to create an autonomous, A.I.-powered cyber defence system like never before? Are they even companies at all when we consider their deep and direct ties to intelligence agencies? Should these firms instead be reclassified as simply extensions of state intelligence apparatus acting without the restrictions of public accountability? Each of these companies have been built by teams of former intelligence operatives, some of who have sat in the highest echelons of the intelligence apparati of their respective countries. MI5 and C.I.A. both carry considerable weight in these sinister sounding enterprises, but it is Israel's Unit 8200 that are the main group capitalising on this advance into the world-altering realm of unsupervised Artificial Intelligence algorithms. Yet, these very companies appear to be selling a defence against a potential apocalypse that they themselves may be responsible for. They have the solutions to everyone's cyber-woes, or at least that's the image they wish to portray. Let me introduce you to the most dangerous intelligence operations masquerading as cybersecurity companies on planet Earth. Darktrace – The Unsupervised Machine Learning A.I. Cybersecurity Solution The members of Darktrace are open about their aims. They talk about publicly held dataas though they already have the rights to sell it to anyone around the world. Data is the fuel of the Fourth Industrial Revolution and Darktrace has made almost $2 billion in the data business during its relatively short history, reaching Unicorn status with great ease. When Darktrace first launched its website in 2013, its description of the company's vision was entitled, “The New Normal: Learn Human and Machine Behavior to Reduce Cyber Security Risks.” Back then we were less familiar with the term “the new normal,” but now it surrounds us. Darktrace is already active within the NHS, the U.K. power grid, and many other major parts of Britain's critical infrastructure and they are rapidly expanding around the globe. Dave Palmer was an MI5 anti-terror agent working on the 2012 London Olympics when he and some of his colleagues first bashed out the initial idea for what would become Darktrace. They wanted to create an A.I. cybersecurity system that was based on the human immune system, a system that differed from the traditional, reactive antivirus software approach. This system would look for abnormalities in a computer network's processes to target a wider range of more sophisticated cyber issues. In a TechCrunch talk in 2016, the freshly installed co-CEO of Darktrace, Poppy Gustafsson, is caught misleading the audience about the company's origins. She uses the TechCrunch stage to claim that the “spark” for the creation of Darktrace originally came from the mathematicians at Cambridge and downplayed the involvement of intelligence agencies like MI5, GCHQ, and the C.I.A. The TechCrunch moderator, Natasha Lomas, displayed some fine journalistic integrity on this occasion and asked for clarification. “So did the maths research come first and then you got together with the spies. Which way round was it?” asked the intrepid Lomas. Gustafsson squirms a little before saying, “it was exactly that. First the machine learning that was talking about how to critique a computer to help it understand itself. And then it was the, um, experts from the government intelligence agencies who thought ‘ooh, this could be applied to the problem of cybersecurity.'” But that statement was an outright lie and Gustafsson isn't the most skilled deceiver. Gustafsson, who was initially CFO and COO for the fledgling Darktrace, runs the company alongside the other co-CEO Nicole Eagen, an alumnus of Oracle, a major tech company that also has its origins in intelligence. Both parts of Darktrace's female power duo were brought over from Invoke Capital by Darktrace's initial angel investor and advisory boardmember, UK billionaire Dr. Mike Lynch OBE. Describing himself as the “UKs answer to Bill Gates“, Dr. Mike Lynch is lauded as one of the most influential investors in the tech sector. His previous successful endeavours had been with Autonomy, a tech firm that has Lynch caught up in a legal wrangle with HP over the fraudulent inflation of its valuation, and Blinkx, a video search company where Lynch was later forced to step down from the board. Yet, Darktrace is not just one man working alone. The company boasts that over 4000 organisations worldwide now rely on Darktrace's A.I. technologies. With headquarters in San Francisco, US, and Cambridge, UK, Darktrace has over 1300 employees spread across 44 countries and their numbers are rising. And although the connections to the state intelligence agencies are clear and obvious, Darktrace is officially a completely private enterprise with big investors including KKR, Summit Partners, Vitruvian Partners, Samsung Ventures, TenEleven Ventures, Hoxton Ventures, Talis Capital, Invoke Capital and Insight Venture Partners. Sitting alongside the controversial Dr. Mike Lynch OBE on the advisory board for Darktrace are some seriously influential people deeply connected to US and UK intelligence agencies. If you were to walk into the advisory boardroom at Darktrace, you could be forgiven for thinking that you were actually attending a U.K. Home Office meeting from the past. The former Home Secretary under Prime Minister Theresa May, Amber Rudd, became part of Darktrace after her time in government ended in 2019. She is also on the advisory team of Teneo, a consulting firm co-founded and led by Doug Band, the former advisor to Bill Clinton and close friend of the infamous Jeffrey Epstein. As always, when investigating the murky world of intelligence, many connections to Epstein and his partner Ghislaine Maxwell are revealed. With that being said, yet another member of Darktrace's advisory board also has Epstein/Maxwell links. The C.I.A. stalwart, Alan Wade, is one of the most interesting members of the Darktrace advisory team. He was announced as joining their growing advisory board on 10 May 2016 and had been the former Chief Information Officer of the Central Intelligence Agency. His thirty- five year career at the top echelons of the C.I.A. ended in 2006 and afterwards he would dedicate his time to assisting companies with C.I.A. links from the private sector. While he had been at one of the top posts in the entire U.S. intelligence community, Wade co-founded Chiliad alongside Ghislaine Maxwell's sister, Christine Maxwell. As Unlimited Hangout reported earlier this year, Christine Maxwell was personally involved in leading the opeartions of the front company used by Robert Maxwell to market the PROMIS software, which had a backdoor for Israeli intelligence, to both the U.S.' public and private sectors. Given this history, it is certainly telling that Wade would choose to co-found a major software company with Christine Maxwell of all people. Cybereason – From Offensive, State-Sponsored Hackers to A.I. Cybersecurity As we have experienced at other memorable moments in history, coincidental simulations prior or during any intelligence agency led manipulated event are commonplace. On this occasion, a company named Cybereason is here to provide us with a short glimpse of our pending fearful futures. In multiple simulations Cybereason has run over the last few years, they have been gaming out how potential cyberattacks could cause unthinkable disaster for the U.S. 2020 election. Cybereason's CEO and co-founder is an enigmatic former Israeli Intelligence agent Lior Div-Cohen, often simply referred to as Lior Div. Div, an IDF Medal of Honor recipient and former Israeli Unit 8200 member, co-founded Cybereason in 2012 alongside Yossi Naar and Yonatan Striem-Amit, who are also fellow veterans of Israel's military cybersecurity corps. A scholar from the Academic College of Tel-Aviv, Lior Div afterwards worked as a software engineer for Xacct a network service provider followed by the notorious firm Amdocs, which was accused of eavesdropping on American government officials on behalf of Israel. In between Amdocs and Cybereason, Lior Div was the CEO and co-founder of Israeli cybersecurity firm AlfaTech which is described in its national media as“a cybersecurity services company for Israeli government agencies.” Some of the simulations that Cybereason have hosted over the past two years lead us to election day. In a video entitled: 2018 -10 Hacking the Vote from a scenario and simulation which was actually entitled Blackout; Protect the Vote, the simulation examines which parts of an election day processes were vulnerable to hackers. They make clear from the start it won't be all about voting machines themselves. Operation Blackout Nolandia, the fictional city which was ground zero during Operation Blackout, was based on an average American city nestled within a crucial swing state on election day. Here in Nolandia, three teams of cyber-fighters would battle with each other over control of the city. These would be the three teams each with succinct roles in the polling day pretence, as told to us by Cybereason's Ross Rustici and Sam Curry: Red Team AKA Broken Eagle Task Force: The basic aim of the Broken Eagle's Task Force was to disrupt the election processes in real time. The Red's approach evolved throughout the simulation from causing as much harm as they could into making the result of the election as in doubt and politically biased as possible. They attempted to control the narrative that the system was broken and that the elections could not be trusted. Blue Team AKA Nolandia Event Task Force: The Blue's were fundamentally reactive during the simulation and were constantly on the backfoot. The Blue's, responding to a reported gas leak at a Nolandia polling station early in the scenario, contacted the Secretary of State's office to ask whether they needed to close the polling station. Luckily, the real State Department had two advisors sitting in on the simulation who were able to offer alternative contingency plans that existed in real world America. By the end of the simulation, the Blue's were all aware that they had largely failed the exercise. White Team AKA White Control Team: This team acted as support to give advice or permission to either team, in a role very much like the Dungeon Master in a D&D game. The White's main task was to balance the realism of the scenario and create problems for either team that they'd experience in the real world. In November 2019, Cybereason re-ran their election day attack simulation at an event in Washington D.C. and have run multiple simulations over the last year. The last imagined American city was called Adversaria. As the election day creeps ever closer, Cybereason have been releasing it's more well produced promo videos online. If you're paying very close attention then you will have noticed that Cybereason have spent all of October 2020 marketing heavily as their big day approaches. Representatives of Cybereason are being quoted in every mainstream scare story out there. Vice News released an article on 7 October entitled: “Hospitals Have Become ‘Prime Targets' for Crippling Ransomware Attacks,” where they quote Israel Barak, Cybereason's Chief Information Security Officer, the article states that Barak is “a cyber warfare expert at Cybereason, spent nine years in the Israel Defence Forces specialising in cyber defence systems.” And when Computer Weekly's Adam Scroxton, on 20 October, was reporting on the conviction of the six supposed Russian hackers in the famous NotPetya attack, Cybereason rolled out their CSO, Sam Curry, to give a statement. In a Wired article on 22 October titled: 12 Cyber Threats That Could Wreak Havoc on the Election, Wired explains: “The security firm Cybereason last year ran a series of tabletop exercises specifically looking at how real-world attacks might impact Election Day. One exercise focused on a hacktivist group—known in the exercise as “Kill Organized Systems (K-OS),” pun intended—that disrupted traffic lights and brought the election to a standstill by paralyzing the city's transportation system.” The media appearances for Cybereason have never come so thick and fast as they have this past October. One could even assume that these appearances are a media campaign leading up towards a big event.

On today's episode of The Daily Scoop Podcast, federal agencies will be able to draw on support from the U.S. Digital Service and the General Services Administration to implement the White House EO on customer experience. Loren DeJonge Schulman, vice president for research and evaluation at the Partnership for Public Service, explains why she thinks the executive order is one of the most exciting pieces of policy to come out of the Biden Administration. The latest continuing resolution funds the federal government through February 18. Bob Hale, senior advisor at the Center for Strategic and International Studies and former DOD Comptroller and CFO, explains why starting the fiscal year on October 1 and the series of CRs that follows is bad for the Pentagon. The Army will update its data plan and its cloud plan to sync with its new Digital Transformation Strategy. Army Chief Information Officer Raj Iyer says those updates will happen this coming fiscal year. Iyer also breaks down lessons learned from Project Convergence 2021. Sam Curry, chief security officer at Cybereason, explains how elevating the role of cybersecurity teams can help organizations improve their cyber posture. This interview is underwritten by Cybereason. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

Sam Curry is the chief security officer at Cybereason. He has devoted his career to empowering defenders in cyber conflict and fulfilling the promise of security enabling a safe, reliable, connected world. In this episode of Cybersecurity Unplugged, Curry discusses: Financing and building up an agile cybersecurity company; Improving company recognizability and trust by using commercial media, streaming and Cybereason's signature owl; How SMBs can increase visibility into indicators of compromise.

Inoffensive in every region of the world. Thank you to everyone who has listened to my previous episodes. This is the final episode in the Infosec Podcasts series. I listen to many, MANY podcasts. The vast majority of these are related to information security. Because there are so many podcasts to list, I have broken them down into 6 different episodes based on topics: Part 1 - News & Current Events - Episode 3324 Part 2 - General Information Security - Episode 3334 Part 3 - Career & Personal Development - Episode 3344 Part 4 - Social Engineering - Episode 3368 Part 5 - Episode 3387 Hacks & Attacks Technical Information & Learning Infosec Community / Social / History Part 6 - Infosec Leadership Preamble Term: CISO Pronounced SEE-so or SAI-so Chief Information Security Officer Sounds like executive leadership position, similar to Chief Executive Officer (CEO), Chief Financial Officer (CFO), etc but this is often not the case Security leadership is changing Old way: Experienced technologists (Usually old white guys) worked way up ranks Usually reported through IT (CIO/CTO) Department of "No" - Block everything bad Slows down business New way: Experienced business professionals with leadership skills and security understanding Can report through: IT (CIO/CTO) Legal (For compliance reasons) Finance (CFO) for governance or compliance reasons Financial impacts of attacks Direct costs Fines CEO - Seat at the table with other C-level execs Direct to board Empowers the business to succeed in a secure way Can still slow down the business, but only when needed Brakes on a race car Infosec Leadership Podcasts CISO Tradecraft - G Mark Hardy (Weekly) Discussion of topics related to becoming a CISO or maturing as a CISO https://www.cisotradecraft.com/ CISO Vendor Relationship Podcast - David Spark & Guests (Weekly) Weekly podcast addressing the challenges experienced by both security professionals and the vendors with whom they interact. https://cisoseries.com/subscribe-podcast/ CISO Talks (Weekly) The talk show series with discussions of current trends in the world of information security with CISOs on the front line. https://www.lepide.com/ciso-talks.html CISO Talk - James Azar (Weekly) Presents the CISO view on cybersecurity, talent development, technology, leadership and much more. https://cisotalk.podbean.com/ The Cyber Ranch Podcast - Allan Alford & Hacker Valley Studios (Weekly) Interviews with security leaders discussing relevant topics https://hackervalley.com/cyberranch/ CISO's Secrets - Currently hosted by Grant Asplund and sponsored by Checkpoint Interviews with security leaders across a wide range of industries Addresses real issues facing security professionals and businesses https://cp.buzzsprout.com/ CISO Stories - Hosted by Todd Fitzgerald and Sam Curry and part of the Security Weekly family of podcasts Based originally on interviews with security leaders who contributed to the book "CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers" Episodes are usually only about 20 minutes https://securityweekly.com/category-shows/the-ciso-stories-podcast/ The New CISO - Hosted by Exabeam's Chief Security Strategist, Steve Moore and Sponsored by Exabeam Interviews with industry leading and visionary security leaders How do lead security teams and business Interacting with business leaders https://www.exabeam.com/fr/library-by-type/ciso-podcasts/ That wraps up this series. I welcome any feedback you might have in the comments section for this episode on the HPR site. Thank you very much for listening.

Guest:  Sam Curry,  Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute Topics: EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities? Where has EDR fallen short on its initial hype? How focused are the attackers on bypassing EDR? How do you think EDR works in the cloud? In your view, how would future EDR work for containers, microservices, etc? Why aren't we winning the war against ransomware? XDR is an interesting concept, so how do you define XDR? Is XDR just EDR++ or is XDR SIEM 4.0? Resources: “The Pyramid of Pain” blog by David Bianco “Named: Endpoint Threat Detection & Response” “Dune” book “The Bomber Mafia“ book

Sam Curry, Chief Security Officer at Cybereason enlightens us on how to keep your organization security aware especially while remote, dropping some gems for Chief Information Security Officers and why security breaches are on the rise in 2021.

TechSpective Podcast Episode 057 We frequently see data referred to as the “new oil” or the “lifeblood of business.” Hyperbolic catch phrases aside, though, data is everywhere. All of the things are data. As the rate of data creation skyrockets exponentially, we are struggling as a global community with how to store it, or protect [...] The post Sam Curry Discusses Privacy, Data Ownership, and Business Continuity appeared first on TechSpective.

Sam Curry is a security researcher, bug bounty hunter, and ethical hacker who, with his team, recently hacked Apple and discovered 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. He joined host Hillarie McClure to discuss these discoveries and more. To learn more about Sam, visit his website https://samcurry.net/ • For more on cybersecurity, visit us at https://cybersecurityventures.com/

2020 has been a year of unexpected disasters, from forest fires to a pandemic, election uncertainty, and economic recession on an unprecedented scale. eCommerce dramatically transformed this year due to the pandemic and fraud trends adapted too. This holiday shopping season is projected to be one of the biggest ecommerce years ever, and potentially one of the most heavily targeted by cybercriminals. Red Curry, Solutions Marketing Manager for the RSA Fraud and Risk Intelligence team, joins the podcast to discuss expectations for the current holiday shopping season, some trends revealed in the newly released RSA Quarterly Fraud Report, and how both businesses and consumers can protect themselves. On December 7th, RSA will host a Fireside Chat: Securing eCommerce During the 2020 Holiday Shopping Season. Speakers will include Angel Grant, CMO of RSA's Fraud and RIsk Intelligence Business unit; Hector “Sabu” Monsegur, Corporate Pen-Tester & Expert Security Researcher; and Sam Curry, Chief Security Officer at Cybereason. Registration for the event is now open to all podcast listeners: https://bit.ly/3mnLukM

2020 has been a year of unexpected disasters, from forest fires to a pandemic, election uncertainty, and economic recession on an unprecedented scale. eCommerce dramatically transformed this year due to the pandemic and fraud trends adapted too. This holiday shopping season is projected to be one of the biggest ecommerce years ever, and potentially one of the most heavily targeted by cybercriminals. Red Curry, Solutions Marketing Manager for the RSA Fraud and Risk Intelligence team, joins the podcast to discuss expectations for the current holiday shopping season, some trends revealed in the newly released RSA Quarterly Fraud Report, and how both businesses and consumers can protect themselves. On December 7th, RSA will host a Fireside Chat: Securing eCommerce During the 2020 Holiday Shopping Season. Speakers will include Angel Grant, CMO of RSA's Fraud and RIsk Intelligence Business unit; Hector “Sabu” Monsegur, Corporate Pen-Tester & Expert Security Researcher; and Sam Curry, Chief Security Officer at Cybereason. Registration for the event is now open to all podcast listeners: https://bit.ly/3mnLukM

The tables are finally turned, as Sam finds himself in the hot-seat. We join Sam’s brother, Red Curry, as he interviews Sam to find out more about their childhood, Sam’s journey into security, and his inspirations. What’s the significance we put on stories? What does it mean to “take in the strays”, and taking care […] The post Special Interview: Sam Curry- CSO at Cybereason appeared first on Malicious Life.

What role does security play in the growth of a business? Sam Curry is a podcaster, the Chief Security Officer of Cybereason, and a visiting fellow at the National Security Institute. Sam has been through a lot of growth in his career, working for two startups in the 90's, one of which sold to security giant McAfee. Hear Sam talk about the importance of breaking out of your box and becoming a lifelong learner to make an impact at the leadership level, and how investing in security is not about making a return on your investment but making a sound investment in what you've already built.   Resources: cybereason.com linkedin.com/in/currysam   Learn more and get the full show notes at: 3PillarGlobal.com

The New Zealand stock exchange suffered trading halts last week, as five days of distributed denial-of-service attacks took its website offline. Other websites - including RNZ's - as well as Stuff, Westpac and MetService have been targeted by cyber attacks in recent days. Corin Dann speaks to Sam Curry, the chief security officer at Cybereason, a cybersecurity technology company based in Boston.

The adoption of advanced data technologies is one of the defining characteristics of the connected world. From ML to AI, we are getting a smarter, more personal world. The dystopic view is that not only Big Brother but many parties can monitor, control and manipulate us. What are the implications for trust? The need for privacy-enforcing technologies is now, not after the ghost is in the machine.What will you learn from attending?·         How machine learning & AI play into conversations around trust and privacy·         A framework to bring us into the future when it comes to privacy·         What each of us can do now to further protect our privacy About the speaker: Sam Curry, Chief Security Officer, is an IT security visionary with over 20 years of IT security industry experience. Sam served as Chief Technology and Security Officer at Arbor Networks, where he was responsible for the development and implementation of Arbor's technology, security and innovation roadmap. Previously, he spent more than seven years at RSA (the Security Division of EMC) in a variety of senior management positions, including Chief Strategy Officer and Chief Technologist and Senior Vice President of Product Management and Product Marketing. Sam has also held senior roles at Microstrategy, Computer Associates, and McAfee. Alon Kaufman, Co-Founder and CEO of Duality Technologies, has 20 years of experience in the hi-tech arena, commercializing data-science technologies, leading industrial research and corporate innovation teams. Prior to founding Duality he served as RSA's global director of Data Science, Research and Innovation. In addition to his leadership experience, he is accomplished in the fields of artificial intelligence, machine learning and how they interplay with security and privacy, with over 30 approved US patents in these fields. He holds a PhD. in Computational Neuroscience and machine learning from the Hebrew University and an MBA from Tel Aviv University.

The adoption of advanced data technologies is one of the defining characteristics of the connected world. From ML to AI, we are getting a smarter, more personal world. The dystopic view is that not only Big Brother but many parties can monitor, control and manipulate us. What are the implications for trust? The need for privacy-enforcing technologies is now, not after the ghost is in the machine. What will you learn from attending? ·         How machine learning & AI play into conversations around trust and privacy ·         A framework to bring us into the future when it comes to privacy ·         What each of us can do now to further protect our privacy

Sam är en globalt erkänd thought leader med erfarenhet från såväl framgångsrika start-ups som industrins giganter. I avsnittet får vi höra om dessa erfarenheter men också hans syn på hur avsaknaden av en silver bullet driver behovet av samarbete och ekosystem i vår industri.Vi får också höra hur Sam ser på inkludering och behovet av att bygga diversifierade team för att lyckas. Avslutningsvis får vi också höra hur Sam ser på vilken roll cyber-industrin och dess practitioners kan spela inför höstens amerikanska presidentval.In this week's episode of CyberTalks Rolf sits down with Sam Curry, Chief Product and Security Officer from Cybereason.Sam is a well recognized thought leader with experience from successful start-ups to industry giants. In the episode we will hear Sam talk about these experiences but also why the absence of a silver bullet will drive co-operation and creation of ecosystems in our industry.We will also hear Sam talk about the need for inclusiveness and diversified teams in order to win. Finally we will hear about which role the cyber industry and its practitioners can play to help secure the 2020 US presidential election. See acast.com/privacy for privacy and opt-out information.

Sam Curry, Chief Security Officer of Cybereason, shares his views on the future of cybersecurity after the impact of the coronavirus crisis: How are the pandemic and the accompanying economic situation affecting cybersecurity? Who is benefitting from these developments? Is COVID-19 changing the threat landscape, and how can we prepare for it? Sam also share the two most important aspects that companies should consider about their own cybersecurity.

Episode No.2 is finally upon us and in the shape of one of the most recognised faces in all of Cybersecurity, Sam Curry!Sam explains how it all happened, where everything started and where the market is going since the lockdown. We also discuss what makes Sam exceptional, which for anyone listening from a SaaS vendor, is amazing! The way Sam breaks down the Cybereason solutions give an insight into Endpoint and Mobile Security for anyone to understand!! You NEED to listen to this!

Maintaining Secure Business Continuity With A Remote Workforce - With Sam CurryAdvertising Inquiries: https://redcircle.com/brands

The COVID19 pandemic forced organizations to transition to a work-from-home model - and many of them were unprepared for such a radical departure from the ‘normal’ security perimeter. Sam Curry, Cybereason's CSO, talks to Ran about the lessons learned from COVID19, and what steps should Cyber Security professionals take in order to be ready for a future outbreak. The post Cybersecurity during a crisis: how remote work has impacted security – With Sam Curry appeared first on Malicious Life.

Sam Curry: The 2020 Crystal BallAdvertising Inquiries: https://redcircle.com/brands

Sam Curry is Cybereason's Chief Security Officer and an award-winning cyber security visionary. Sam & Ran discuss Sam's upcoming webinar, in which he will present his insights into what 2020 will bring for the security industry: the rise of 5G cellular networks, The US Presidential Elections, the 2020 Tokyo Olympics and more. The post Sam Curry: The 2020 Crystal Ball appeared first on Malicious Life.

Nate Nelson speaks with Amit Serper & Sam Curry, notable veteran in Cyber Security, about Malware-As-A-Service, bullet-proof hosting, avoiding the lure of the 'dark side' and more.Advertising Inquiries: https://redcircle.com/brands

Nate Nelson speaks with Amit Serper & Sam Curry, notable veteran in Cyber Security, about Malware-As-A-Service, bullet-proof hosting, avoiding the lure of the 'dark side' and more. The post Gozi B-Side: Amit Serper & Sam Curry appeared first on Malicious Life.

Direct link for episode on blog (https://cisoseries.com/do-you-know-the-secret-cybersecurity-handshake/) We get the feeling that as we're adding more solutions and requiring more certificates, we're just making the problem of security harder and harder. Has the problem of not enough talent become an issue that we created? We discuss that and more on this week's episode of CISO/Security Vendor Relationship Podcast. This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our guest this week is Taylor Lehmann (@BostonCyberGuy), CISO, Wellforce. Thanks to this week's sponsor, Chronicle, makers of Backstory Chronicle’s Backstory is a global security telemetry platform for investigation and threat hunting within your enterprise network. Backstory makes security analytics instant, easy, and cost-effective. Backstory is a specialized, cloud-native security analytics system, built on the core infrastructure that powers Google itself. On this week's episode How CISOs are digesting the latest security news The Hill reports, "A Democrat on the House Intelligence Committee introduced a bill on Wednesday that would require publicly traded companies to disclose to investors whether any members of their board of directors have cybersecurity expertise." The Cybersecurity Disclosure Act of 2019, would require the SEC to issue a new set of rules requiring U.S. companies to tell their investors whether they have someone who has cyber expertise on their board. If they don't, they must explain to their investors why this is the case." Will such a measure pass and if not, what is the best action here to insure some level of cybersecurity confidence? Why is everybody talking about this now? On a recent episode of the podcast we talked about swapping out the word "security" for "safety." Chris Roberts of Attivo Networks brought this topic up and he says if we change the conversation more people will care. How does the viewpoint of security change when you're talking about safety? How does behavior change? What's Worse?! I can't believe it's taken me this long to ask this question. Hey, you're a CISO, what's your take on this? Once you connect a device to the Internet and trade information, you're now a potential attack vector. And if your device is critical for maintaining life, like automobiles and medical devices, vulnerabilities no longer become a case of losing data, but of losing lives. Medical device manufacturers are rarely experts at software development, let alone cybersecurity. Vulnerabilities happen all the time. What is and isn't working with the reporting, alerting, and fixing of device vulnerabilities? Ask a CISO Could the talent gap be a self-fulfilling prophecy or at the very least an avoidable consequence of security’s red hot growth," asked Sam Curry, CSO at Cybereason, on Forbes. "What started as an esoteric field is becoming even more arcane as we grow." Curry offered some suggestions on where to improve situations to improve the complexity of security. Are fixing these issues harder than fixing security?  

Another special guest on the podcast this week, as Keith and John welcome back Cybereason CSO - Sam Curry. In this episode, discussions around Canadians and RSA take over. Also, Keith addresses a change in his career. The boys rarely disappoint, and Sam Curry never disappoints - making this a can't miss episode of [In]secure.Links and Info:Checkout Sam's Podcast - Security All In | CISO PodcastRead Sam's latest Forbes articles hereClosing Music:"Calling it Quits" - The Animal In MeGet The Latest Episode On: Apple: https://apple.co/2MvqaM6Stitcher: http://bit.ly/insecurestitcherGoogle Play: http://bit.ly/insecuregpSpotify: http://bit.ly/insecurepodYouTube: http://bit.ly/InsecureTubeWeb: http://www.totallyinsecure.comOpinions of the hosts and its guests are their own. This podcast in no way represents the views of the host's or guest's respective companies or their affiliates.

John's out on vacation on this episode, but now worries. Best friend of the show, Erich Mueller guest hosts along with Keith. Discussions focus mainly on career success, with an emphasis on cyber security career success, but tend to wander off as Keith and Erich find themselves fawning over Cybereason CSO Sam Curry. All this and more on this week's episode of the [In]secure Cyber Security Podcast.Closing Music:"Zombie" - Cover by Bad Wolves, original by The CranberriesGet The Latest Episode On: Apple: https://apple.co/2MvqaM6Stitcher: http://bit.ly/insecurestitcherGoogle Play: http://bit.ly/insecuregpSpotify: http://bit.ly/insecurepodYouTube: http://bit.ly/InsecureTubeWeb: http://www.totallyinsecure.comOpinions of the hosts and its guests are their own. This podcast in no way represents the views of the host's or guest's respective companies or their affiliates.

Security threats continue to mature and become harder to spot. We'll listen as Cybereason's chief security officer, Sam Curry, suggests what we'll see on the security horizon in 2019. In Short Circuits: The Windows 10 October update has been released, again, this time without a propensity to occasionally delete files and folders. If you don't yet have version 1809, you can force the issue or just wait for Microsoft to deliver it. If you feel a certain sense of deja vu when considering the ways communication techniques are changing, perhaps you recall what was called "ransom-note publishing" that cropped up when inexperienced users gained access to design tools in the 1980s. In Spare Parts (only on the website): This year's Darwin Awards (as they relate to passwords) have been released and the White House is no longer the top winner, but a visitor to the Oval Office did take the #1 slot. • Renting a car in China is difficult: Foreigners also need to hire a driver and National Car Rental sees an opportunity there.

Sam Curry joins us for the first time while Erich fills in for Morton. Conversations range from Sam's broken ankle, hoaxes and scams, Emojis in domain names, IoT, Assisted Intelligence, GDPR, and more.... all on this weeks episode of [In]secure.Episode Links:Sam Curry's "Security All In" Podcast Innocent Lives FoundationClosing Music:"Rent" - Big FreediaGet The Latest Episode On: Apple: https://apple.co/2MvqaM6Stitcher: http://bit.ly/insecurestitcherGoogle Play: http://bit.ly/insecuregpSpotify: http://bit.ly/insecurepodOpinions of the hosts and its guests are their own. This podcast in no way represents the views of the host's or guest's respective companies or their affiliates.

Cybereason chief security officer Sam Curry, while acknowledging the many security disasters of 2017 is hopeful that 2018 might be the year when defense gets the upper hand. We'll talk with him about how to make that happen. In Short Circuits: This week we learned that every Intel CPU manufactured in the past 10 years has a serious security flaw and that fixing it will require operating system changes that will make your computer run slower. Light bulbs seem decidedly low-tech, but recent advances are producing bulbs that can save money by using far less electricity than old technology bulbs. In Spare Parts (only on the website): The music streaming service Spotify plans to go public in the first half of 2018 and will use an unusual method for its IPO. • If you have a teenager, how many social media accounts does he or she have? There's a good chance you don't know about all of them. • We'll reveal the second half of Dashlane's top 10 worst password offenders for 2017 and explore the 3 things we can do to avoid being password bunglers.

Sam Curry - Chief Product and Security Officer of Cybereason discusses the importance of immutability or having an airgap solution for your backups in case ransomware affects your data.

Cybersecurity threats seem to remain stubbornly a step ahead of organizations trying to protect themselves. That includes federal agencies. What will it take to close the gap? For one view, we turn to Ari Schwartz, former senior director for cybersecurity at the White House, now with Venable. Sam Curry is a longtime cybersecurity industry technologist now with Cyber-reason. Both are part of the Coalition for Cybersecurity Policy and Law.

Podcast host Dave Hendon has written a play! The D-List is a comedy which will be performed at the Edinburgh festival fringe in August. It stars Sam Curry, actor and a candidate on the BBC Apprentice last year. Dave and Sam talk here about the play, the craft of acting, the excitement of the Edinburgh festival, what Sam learned from The Apprentice and there is even some snooker discussed, sort of. Tickets are on sale here: https://tickets.edfringe.com/whats-on/d-list

Nate Nelson speaks with Amit Serper & Sam Curry, notable veteran in Cyber Security, about Malware-As-A-Service, bullet-proof hosting, avoiding the lure of the 'dark side' and more.Advertising Inquiries: https://redcircle.com/brands

Sam Curry: The 2020 Crystal BallAdvertising Inquiries: https://redcircle.com/brands

Maintaining Secure Business Continuity With A Remote Workforce - With Sam CurryAdvertising Inquiries: https://redcircle.com/brands