D2DO268: Solving Big Problems By Solving Small Problems
Apr 2, 2025
auto_awesome
Merritt Baer, CISO at Reco and seasoned expert in security across government and private sectors, shares her insights on tackling today’s cybersecurity challenges. She emphasizes the importance of addressing small problems to find effective solutions to larger issues. The conversation touches on AI’s security implications, the complexities of IoT and SaaS, and the need for innovative strategies amidst socioeconomic disparities. Baer also advocates for integrating security within development teams to foster a culture of compliance and awareness.
Improving organizational security requires understanding current vulnerabilities, particularly around AI tools and their informal adoption among employees.
A culture of security can be fostered through collaboration, proactive discussions on potential issues, and training to elevate security awareness across teams.
Deep dives
The Importance of Security Awareness
Recognizing the real risks associated with artificial intelligence (AI) is crucial for organizations, as vulnerabilities can arise not only from the SaaS services utilized but also from the AI models themselves. Those involved in security don't need to be experts; rather, they must be motivated to enhance security and aware of the potential threats. Merit Baer's journey emphasizes that individuals often inherit less security, particularly in their digital and economic lives, making a case for prioritizing security awareness across all organizational levels. The significance of understanding what your organization relies on and remains exposed to is underscored, as knowledge is the foundation for any effective security strategy.
Navigating the Intersection of AI and Security
Organizations face the challenge of managing a growing number of applications, especially with the rise of modular building and cloud services, which complicates the visibility into what tools are being used. The introduction of AI tools adds a layer of complexity, with some being open source and not formally tracked by IT departments, leading to potential security risks. In particular, AI applications may not be on CIOs’ lists due to their informal adoption, making it necessary for companies to implement proactive discovery methods to monitor app usage and permissions. This proactive approach is essential to mitigate password misuse and over-permissioning—a common entry point for many cyberattacks.
The Evolving Role of InfoSec Professionals
As the demand for security expertise grows, there is an expectation for InfoSec professionals to possess a new set of skills encompassing programming, legal knowledge, and an understanding of AI functionalities. The necessity for technical developers to be aware of security implications while also being capable of leveraging AI models is becoming increasingly important for modern organizations. Companies are encouraged to invest in training to equip their teams with adequate security knowledge, ensuring they can navigate the intricacies of integrating AI in their operations. Good security practices not only protect assets but also align with core business objectives, emphasizing the need for collaboration between various departments.
Creating a Culture of Security
Establishing a culture of security requires more than just prohibitions; it involves creating awareness and enabling behaviors that support security best practices. Security personnel embedded within development teams can cultivate this awareness by transforming potential security issues into discussions that lead to proactive measures rather than reactive fixes. Seeking input from employees and acknowledging their informal use of various applications help in forming practical guidelines that can prevent vulnerabilities. Developing a responsive and adaptable security framework ensures that practices evolve alongside technological advancements and misuse patterns, fostering a resilient organization.
“You build a shop that solves big problems by solving small problems” is advice given by today’s guest, Merritt Baer. Merritt is currently a CISO at Reco, and has deep security experience in both government and private sectors. She chats with Day Two DevOps podcast hosts Ned Bellavance and Kyler Middleton to discuss the current... Read more »
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode