Redefining CyberSecurity

Guest: Damien Desfontaines, Staff Scientist at Tumult LabsOn Linkedin | https://www.linkedin.com/in/desfontaines/On Twitter | https://twitter.com/TedOnPrivacyOn Mastodon  | https://hachyderm.io/@tedted____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesThis episode of Redefining CyberSecurity features a deep discussion between host, Sean Martin and guest, Damien Desfontaines on the topic of Differential Privacy (DP) and its implications in the field of cybersecurity. Damien, who currently works in a startup, Tumult Labs, primarily focuses on DP concepts and has rich prior experience from working in the anonymization team at Google. He shares key insights on how differential privacy — a tool to anonymize sensitive data can be effectively used by organizations to share or publish data safely, thus opening doors for new business opportunities.They discuss how differential privacy is gradually becoming a standard practice for companies wanting to share more data without incurring additional privacy risk. Damien also sheds light on the forthcoming guidelines from NIST regarding DP, which will equip organizations with a concrete framework to evaluate DP claims. Despite the positive dimension, Damien also discusses the potential pitfalls in the differential privacy implementation and the need for solid data protection strategies.The episode concludes with an interesting conversation about how technology and risk mitigation controls can pave way for more business opportunities in a secure manner.Key insights:Differential Privacy (DP) offers a mathematically proven methodology to anonymize sensitive data. It enables organizations to safely share or publish data, opening new business opportunities while adhering to privacy norms and standards.The forthcoming guidelines from NIST will equip organizations with a concrete framework to evaluate DP claims, fine-tune their privacy governance, and promote data governance within their operations.Implementing DP is complex and necessitates solid data protection strategies. Even with a strong mathematical foundation, the practical implementation of DP requires careful monitoring of potential vulnerabilities, illustrating the need for a holistic approach to data privacy.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring post: https://www.linkedin.com/feed/update/urn:li:activity:7140071119859957762/Guidelines for Evaluating Differential Privacy Guarantees: https://csrc.nist.gov/pubs/sp/800/226/ipd___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: D. Greg Scott, Principal Technical Account Manager at Red Hat [@RedHat]On Linkedin | https://www.linkedin.com/in/dgregscott/On Twitter | https://twitter.com/DGregScottWebsite | https://www.dgregscott.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesOn this episode of 'Redefining CyberSecurity,' our host, Sean Martin, engages in an enlightening conversation with IT veteran and author, D. Greg Scott. Greg provides valuable insights from his journey in technology and cybersecurity, revealing how the seemingly innocuous act of not updating systems can lead to substantial financial damage. Using engaging stories that mirror real-world incidents, Greg delves into his novels 'Bullseye Breach' and 'Virus Bomb,' underlining the educational potential of the fiction genre in cybersecurity.Together, they explore how these narratives can play a pivotal role in transforming perspectives about IT and cyber preparedness, emphasizing the urgent transition of viewing IT not only as an expense but a crucial business asset. The profound human and financial costs of failing to prioritize cybersecurity are brought to the fore, serving as a wake-up call for awareness and action. Greg also gives a sneak peek into his upcoming novel 'Trafficking You', yet another compelling narrative marrying the realms of technology and reader-engaging fiction.Tune in for a unique blend of thrilling storytelling and critical cybersecurity learnings.Key Insights:The importance of updating and patching systems in cybersecurityThe role of storytelling in effectively conveying cybersecurity concepts and threatsThe real-world consequences of cybersecurity breaches, including the potential for loss of life___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesBullseye Breach: Anatomy of an Electronic Break-In: https://www.dgregscott.com/bullseye-breach/Trafficking U: https://www.dgregscott.com/trafficking-u/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Sandy Dunn, Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State university [@BoiseState]On Linkedin | https://www.linkedin.com/in/sandydunnciso/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin and cybersecurity expert, Sandy Dunn, navigate the intricate landscape of AI applications and large language models (LLMs). They explore the potential benefits and pitfalls, emphasizing the need for strategic balance and caution in implementation.Sandy shares insights from her extensive experience, including her role in creating a comprehensive checklist to help organizations effectively integrate AI without expanding their attack surface. This checklist, a product of her involvement with the OWASP TOP 10 LLM project, serves as a valuable resource for cybersecurity teams and developers alike.The conversation also explores the legal implications of AI, underscoring the recent surge in privacy laws across several states and countries. Sandy and Sean highlight the importance of understanding these laws and the potential repercussions of non-compliance.Ethics also play a central role in their discussion, with both agreeing on the necessity of ethical considerations when implementing AI. They caution against the hasty integration of large language models without adequate preparation and understanding of the business case.The duo also examine the potential for AI to be manipulated and the importance of maintaining good cybersecurity hygiene. They encourage listeners to use AI as an opportunity to improve their entire environment, while also being mindful of the potential risks.While the use of AI and large language models presents a host of benefits to organizations, it is crucial to consider the potential security risks. By understanding the business case, recognizing legal implications, considering ethical aspects, utilizing comprehensive checklists, and maintaining robust cybersecurity, organizations can safely navigate the complex landscape of AI.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesAnnouncing the OWASP LLM AI Security & Governance Checklist v.05: https://www.linkedin.com/pulse/announcing-owasp-llm-ai-security-governance-checklist-sandy-dunn-jeksc/OWASP Top 10 for Large Language Model Applications: https://owasp.org/www-project-top-10-for-large-language-model-applications/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In this article, we explore how CISOs can dramatically enhance their cybersecurity strategies by adopting best practices from various corporate roles, from CEOs to General Counsel to HR Directors. Discover how this collaborative approach not only fortifies security measures but also aligns them seamlessly with broader business objectives, driving organizational success in a safe and secure manner.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

In this engaging podcast, cyber-security leaders Roland Cloutier and Chris Pierson discuss with Marco and Sean the rising digital threats that executives face. With recent advancements in AI, phishing attacks and cyber crime have become sophisticated and harder to spot. The podcast underlines the importance of protecting the "executive digital space" —not just at the individual executive's level, but also their families, considering the potentially detrimental impacts they can have on organizations at large.The two experts point out that being aware of cyber threats and diligently safeguarding precious data isn't enough. They propose a holistic approach to security, noting that the minimal knowledge most executives have about cyber threats plays to the advantage of cyber criminals. The alarming yet enlightening discussion encompasses physical security, AI-assisted scamming, artificially-created voice calls, and more.A practical solution offered in the conversation is to outsource security measures to a reliable third-party for monitoring and immediate response to threats, thereby safeguarding everyone linked to the executive. The unique aspect here is the emphasis on a personalized, bespoke defense strategy that takes into consideration the differing security requirements of individuals. Ultimately, the mission here is to provide a safer cyber environment for executives and their families without impacting their personal lives.Join this intriguing podcast and learn how to fortify not just your organization's, but your executive's life from cyber attacks.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRoland Cloutier, Advisor at BlackCloak [@BlackCloakCyber]On Linkedin: https://www.linkedin.com/in/rolandcloutier/On Twitter: https://twitter.com/CSORolandResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliEpisode NotesThe ITSPmagazine Weekly Catch-Up | 11-January-2024 | With Marco Ciappelli and Sean MartinITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesCatch all of our CES 2024 event coverage: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverageSubscribe to the Newsletter: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7109347022809309184  Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upCatch the weekly catch-up videos here: https://youtube.com/playlist?list=PLnYu0psdcllQGJIyWHoPPDigW-B0ANjhnRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqRedefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Explore the cutting-edge concepts of Software Bill of Materials (SBOM) and the newly coined Workflow Bill of Materials (WBOM) in our latest newsletter article, where we unravel how these strategies can revolutionize operational transparency and business security.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Justin "Hutch" Hutchens, Host of Cyber Cognition PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/hutch____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, Sean Martin, the host, engages in a riveting conversation with Justin Hutchins, also known as Hutch. Hutch, a seasoned R&D professional, is the co-host of the Cyber Cognition podcast and the author of The Language of Deception, Weaponizing Next Generation AI.The conversation orbits around the objective of Hutch's book, which is to dispel the fear, uncertainty, and doubt (FUD) that often clouds the understanding of AI, and to illuminate the real and emerging risks that we face in our rapidly evolving technological landscape. Hutch also shares his extensive experience in creating a proof of concept for adaptive command and control malware driven by ChatGPT, demonstrating the potential dangers of AI-powered malware attacks.The discussion extends to the increasing prevalence of bots in our daily online interactions and the need for individuals to be mindful of this when interacting online. Hutch emphasizes the importance of responsible innovation and provides guidance on how organizations and individuals can prepare for these new and emerging threats.The conversation is not just a deep dive into the risks and threats of AI, but also a call to action for responsible and ethical use of technology. It's an essential listen for anyone interested in the intersection of AI and cybersecurity, offering invaluable insights into the current state and future trajectory of these intertwined fields.About The Book: In The Language of Deception: Weaponizing Next Generation AI, artificial intelligence and cybersecurity veteran Justin Hutchens delivers an incisive and penetrating look at how contemporary and future AI can and will be weaponized for malicious and adversarial purposes. In the book, you will explore multiple foundational concepts to include the history of social engineering and social robotics, the psychology of deception, considerations of machine sentience and consciousness, and the history of how technology has been weaponized in the past. From these foundations, the author examines topics related to the emerging risks of advanced AI technologies, to include:The use of Large Language Models (LLMs) for social manipulation, disinformation, psychological operations, deception and fraudThe implementation of LLMs to construct fully autonomous social engineering systems for targeted attacks or for mass manipulation at scaleThe technical use of LLMs and the underlying transformer architecture for use in technical weapons systems to include advanced next-generation malware, physical robotics, and even autonomous munition systemsSpeculative future risks such as the alignment problem, disembodiment attacks, and flash wars.Perfect for tech enthusiasts, cybersecurity specialists, and AI and machine learning professionals, The Language of Deception is an insightful and timely take on an increasingly essential subject.____Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____ResourcesBook | The Language of Deception: Weaponizing Next Generation AI: https://amzn.to/3XAFEQz____To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network 

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42On YouTube | https://www.youtube.com/@phoenixsec____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesFrancesco's LinkedIn Post: https://www.linkedin.com/posts/fracipo_bit-of-a-rant-on-the-security-tax-of-certain-activity-7139650868064202753-LZ21/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: David Adeoye Abodunrin PMP, CSM, CSPO, CSP-SM, MSC, Cybersecurity Project Manager/Enterprise Agile Coach at Cybarik [@CybarikGlobal]On LinkedIn | https://www.linkedin.com/in/abodunrinadeoyedavid/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with David Adeoye Abodunrin about the operationalization of security throughout the organization. They explore the importance of considering cybersecurity from the beginning stages of product development and the challenges that can arise when attempting to retrofit security measures.David emphasizes the need for organizations to think about cybersecurity as a layer throughout the entire value map, from conceptualization to product design and implementation. He highlights the trade-offs and complexities involved in integrating cybersecurity later on in the process and stresses the role of security architects in the early stages of product development. By incorporating risk analysis and cybersecurity considerations from the start, organizations can create more robust and cost-effective security programs.The conversation also delves into the obstacles faced by CIOs, CEOs, and CMOs when it comes to prioritizing cybersecurity in the beginning. Sean and David discuss the potential for finding nimble and efficient solutions by addressing security concerns early on. The challenges of retrofitting security and the financial implications of doing so are explored, along with the issues related to legacy systems and ERPs that lack proper cybersecurity measures.Throughout the episode, Sean and David provide valuable insights and practical advice for building effective cybersecurity programs and integrating security into the fabric of an organization's operations. They stress the importance of thinking about cybersecurity from the conceptualization stage of product design and highlight the role of security architects in this process. They also touch upon the need for trade-offs between speed and customer convenience in implementing security measures like multiple factor authentication.Overall, this episode provides listeners with a deeper understanding of how to operationalize security and navigate the challenges of incorporating cybersecurity from the outset. The conversation is informative and thought-provoking, offering practical insights for organizations looking to build robust and cost-effective security programs.____Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____Resources ____To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network