The Future of Cyber Regulation in the New Administration - Ilona Cohen, Jenn Gile - ESW #395

Feb 24, 2025

Ilona Cohen, Chief Legal and Policy Officer at HackerOne and former senior lawyer to President Obama, shares her unique insights on evolving cybersecurity regulations under the new U.S. administration. She discusses the historical context behind administrative changes and the potential fallout from recent cybersecurity events. Jenn Gile, Director of Product Marketing at Endor Labs, dives into current application security trends, emphasizing the importance of 'shift left' practices and the intersection of open-source software with modern security needs.

Ask episode

Chapters

Books

Transcript

Episode notes

Intro

00:00 • 2min

Reflections on Active Directory and Upcoming Security Conferences

01:34 • 2min

Navigating White House Realities

03:07 • 10min

Navigating AI Regulations and Cybersecurity

12:52 • 14min

Evolving Cybersecurity Policies and Practices

26:29 • 5min

Transitioning to AppSec Insights and Trends

31:36 • 2min

Navigating Product Marketing and Cybersecurity Trends

33:31 • 18min

Navigating Security in Modern Development

51:04 • 11min

Redefining Security in Development

01:01:36 • 4min

The Flawed Economics of Cybersecurity Fines

01:06:02 • 12min

Understanding Data Privacy Misconceptions

01:18:15 • 6min

Navigating AI Costs and Security Risks

01:24:29 • 14min

Exploring the Benefits of a Paid Search Engine

01:38:54 • 3min

Search Engine Frustrations and Data Privacy Concerns

01:41:42 • 6min

Balancing Security and Productivity

01:48:10 • 11min

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB).

In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation.

How the Change Healthcare breach can prompt real cybersecurity change

'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends.

Segment Resources:

In the enterprise security news,

Change Healthcare’s HIPAA fine is vanishingly small
How worried should we be about the threat of AI models?
What about the threat of DeepSeek?
And the threat of employees entering sensitive data into GenAI prompts?
The myth of trillion-dollar cybercrime losses are alive and well!
Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity
Thanks to the UK for letting everyone know about end-to-end encryption for iCloud!
What is the most UNHINGED thing you've ever seen a security team push on employees?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-395