Redefining CyberSecurity

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nabil Hannan, the field CISO at NetSPI, to discuss Attack Surface Management (ASM) and how it has evolved in recent years to become the minimum cybersecurity benchmark that organizations need. ASM provides a more targeted approach to vulnerability  management, allowing testers to focus on building a platform with automation that identifies areas that need attention and validates them.Sean and Nabil also cover API security, the challenges of authentication and authorization, and the need for organizations to prioritize building secure-by-design frameworks. Nabil stresses the importance of understanding an organization's external perimeter and what exposures might exist, as well as the need for good cybersecurity hygiene that starts with good cybersecurity basics before bringing others in to help with the problem.ASM is an important element in modern cybersecurity with its role as the first line of defense reinforces the critical need to have a continuous view of an organization's external-facing perimeter.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Nabil Hannan, Field Chief Information Security Officer (CISO) at NetSPI [@NetSPI]On Linkedin | https://www.linkedin.com/in/nhannan/ResourcesLearn more about NetSPI: https://itspm.ag/netspi-hcjvBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Chris Thorpe from Quest Software to discuss operational and AD resilience and how organizations can manage permissions to prevent cybersecurity threats.The conversation covers how AD is a vital system and a single point of failure for the organization and therefore is a prime target for bad actors. Given the continued rise in cybersecurity threats, organizations should assume that accounts have already been compromised and should aim to work towards blocking access at choke points before their tier zero assets can be reached.Sean and Chris also discuss the importance of audit trails to track changes and to find the origin of a compromise, emphasizing that AD, as a specialist product, requires a specialist solution.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Chris Thorpe, UK&I Technical Channel Manager at Quest Software [@Quest]On Linkedin | https://www.linkedin.com/in/chris-thorpe-52488b25/ResourcesLearn more about Quest: https://itspm.ag/quest-adp23Recommended Podcast | Cyber Resilience with Defense in Depth: Maximizing Security in Hybrid Active Directory Environments | A Their Story Conversation from RSA Conference 2023 | A Quest Story with Sergey Medved and Matthew Vinton: https://itsprad.io/redefining-cybersecurity-168Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nir Loya from Cymulate to discuss the launch of their new solution for organizations to run an informed continuous threat exposure management (CTEM) program.When you have the insights presented through the lens of the attacker and mapped to a CTEM program, you have an opportunity to drive better IT decisions to securely enable the business. The Cymulate Exposure Analytics solution has a quantifiable impact across all five of the CTEM program pillars and on a business’s ability to reduce risk by understanding, tracking, and improving its security posture with the following CTEM Alignment:Scoping: Understand by organizational segment, the risk posture of business systems and security tools and its risk to immediate and emergent threats to define the highest impact programs needed to reduce or manage risk scores and toleranceDiscovery: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impactPrioritization: Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibilityValidation: Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data. Immediate threat and security control efficacy data can be used to answer questions such as “Are we at risk to this emergent threat?”, “Do we have the necessary capabilities to protect us when under attack?”.Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profilesNote: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Nir Loya, VP of Product at Cymulate [@Cymulateltd]On LinkedIn | https://www.linkedin.com/in/nir-loya-dahan/ResourcesLearn more about Cymulate: https://itspm.ag/cymulate-ltd--s2k4Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Simon Hodgkinson, former CISO for BP, to discuss a range of cybersecurity topics surrounding the concept of operational resilience. Simon shares his thoughts on the relationship between IT operations and cybersecurity operations, the similarities and differences between OT and IT security, and Semperis' approach to resilience and identity. Simon also discussed the importance of identity in enabling the business and the company's pre-, during- and post-breach capability, expressing his admiration for the company's culture and inclusion policies.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Simon Hodgkinson, Advisory Board Member at Semperis [@SemperisTech]On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623/ResourcesLearn more about Semperis and their offering: https://itspm.ag/semperis-1rooPodcast | Securing the Modern Business Riddled with Legacy Technology | Protecting Active Directory On-Premises and Azure AD in the Cloud | A Semperis Story with Guido Grillenmeier and Daniel Lattimer: https://itsprad.io/event-coverage-1498Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Guest: Bridget Kenyon, CISO at Shared Services Connected Ltd [@SSCL_UK]On Linkedin | https://www.linkedin.com/in/bridgetkenyon/On Twitter | https://twitter.com/bridgetkenyon____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesBridget Kenyon, Chief Information Security Officer, joins host Sean Martin to discuss supply chain security. Using a ball of wool metaphor, they discuss the complexity of the supply chain and how independent organizations can provide impartial oversight.Have a listen for some practical steps organizations can take to improve their supply chain security and highlight the importance of meaningful conversation and relationships in building a more secure supply chain.____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Bridget's session: ‘Instead of Thinking out of the Box, Get Rid of the Box’ — Supply Chain and Third-Party RisksBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Guest: Rob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]On Linkedin | https://www.linkedin.com/in/rob-black-30440819/____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesLive on-location from Infosecurity Europe 2023, Sean Martin connects with , a lecturer of information activities at the Defence Academy in the UK, to discuss the legal aspect of cybercrime and how legal definitions of harm and damage must be reexamined to protect against cyberattacks. They also explore the need to instill culture and passion in cybersecurity teams, the importance of innovation and collaboration to stay ahead of attackers, and the challenges of cyber defense.Black argues that the fight against cybercrime must be approached with a warfighting mindset rather than a regulatory one, and they discuss the role of insurance companies in determining coverage for cybersecurity incidents and how deception technology can help build a more robust defense against attackers. The conversation covers everything from burnout in the industry to the need for a global cybersecurity culture and the challenges of balancing aggressive cyber defense posture with international relations. ____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Rob's session: Cyber Crime Woes - Modernising our Legal Framework for the Information AgeUK Cyber 9/12 Strategy Challenge: http://www.ukcyber912.co.ukDesign Thinking for Cyber Deception (academic paper from the HICCS 2021 Conference): https://scholarspace.manoa.hawaii.edu/handle/10125/70853Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Ravi Pather from Ericom Software to discuss the importance of security architecture and isolation to prevent zero-day exploits from reaching networks and applications.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Ravi Pather, VP EME, Ericom Software [@Ericom_Software], Cybersecurity Business Unit at Cradlepoint [@cradlepoint]On Linkedin | https://www.linkedin.com/in/ravi-pather-21b20710/ResourcesLearn more about Ericom and their offering: https://itspm.ag/ericom-software-gtzfBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Steve Smith from Pentera to discuss the challenges and opportunities to help organizations protect against the broader scope of security risk.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Steve Smith, VP, UKI & CEE at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/stevesmithesq/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Join us as we connect with CEO and co-founder of Brinqa, Amad Fida, to discuss the importance of visualizing and prioritizing risk management in the cybersecurity space. Hosts Sean Martin and Marco Ciappelli chat with Fida where he stresses the importance of taking a data-driven approach to risk management and combining vulnerability data with threat intelligence and business context in order to help organizations prioritize their security efforts effectively.The conversation examines the challenges of bringing together disparate sources of information in an environment where the security landscape is constantly changing and emphasizes the value of tools like Brinqa in helping organizations stay ahead of evolving threats. The trio also discuss the changing landscape of cybersecurity, the types of assets that are being targeted, and how Brinqa's platform can be used for everything from traditional servers and workstations to code, applications, and cloud environments.Fida also shares insights into Brinqa's journey and the value of bootstrapping from day one, focusing on building a product that solves a real problem, and staying true to what works best when it comes to entrepreneurship. Overall, listeners can expect to gain valuable insights into the world of risk management and cybersecurity and how data-driven approaches can help organizations stay ahead of their security challenges.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Amad Fida, CEO, and Co-Founder of at Brinqa [@brinqa]On Linkedin | https://www.linkedin.com/in/amad-fida-80b7534/ResourcesLearn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdpAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Jason Haddix, CISO and Hacker in Charge at BuddoBot Inc [@BuddoBot]On LinkedIn | https://www.linkedin.com/in/jhaddix/On Twitter | https://twitter.com/Jhaddix____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this Redefining CyberSecurity Podcast, we provide an in-depth exploration of the potential implications of large language models (LLMs) and artificial intelligence in the cybersecurity landscape. Jason Haddix, a renowned expert in offensive security, shares his perspective on the evolving risks and opportunities that these new technologies bring to businesses and individuals alike. Sean and Jason explore the potential risks of using LLMs:🚀 Prompt Injections💧 Data Leakage🏖️ Inadequate Sandboxing📜 Unauthorized Code Execution🌐 SSRF Vulnerabilities⚖️ Overreliance on LLM-generated Content🧭 Inadequate AI Alignment🚫 Insufficient Access Controls⚠️ Improper Error Handling💀 Training Data PoisoningFrom the standpoint of offensive security, Haddix emphasizes the potential for LLMs to create an entirely new world of capabilities, even for non-expert users. He envisages a near future where AI, trained on diverse datasets like OCR and image recognition data, can answer private queries about individuals based on their public social media activity. This potential, however, isn't limited to individuals - businesses are equally at risk.According to Haddix, businesses worldwide are rushing to leverage proprietary data they've collected in order to generate profits. They envision using LLMs, such as GPT, to ask intelligent questions of their data that could inform decisions and fuel growth. This has given rise to the development of numerous APIs, many of which are integrated with LLMs to produce their output.However, Haddix warns of the vulnerabilities this widespread use of LLMs might present. With each integration and layer of connectivity, opportunities for prompt injection attacks increase, with attackers aiming to exploit these interfaces to steal data. He also points out that the very data a company uses to train its LLM might be subject to theft, with hackers potentially able to smuggle out sensitive data through natural language interactions.Another concern Haddix raises is the interconnected nature of these systems, as companies link their LLMs to applications like Slack and Salesforce. The connections intended for data ingestion or query could also be exploited for nefarious ends. Data leakage, a potential issue when implementing LLMs, opens multiple avenues for attacks.Sean Martin, the podcast's host, echoes Haddix's concerns, imagining scenarios where private data could be leveraged and manipulated. He notes that even benign-seeming interactions, such as conversing with a bot on a site like Etsy about jacket preferences, could potentially expose a wealth of private data.Haddix also warns of the potential to game these systems, using the Etsy example to illustrate potential data extraction, including earnings of sellers or even their private location information. He likens the data leakage possibilities in the world of LLMs to the potential dangers of SQL injection in the web world. In conclusion, Haddix emphasizes the need to understand and safeguard against these risks, lest organizations inadvertently expose themselves to attack via their own LLMs.All OWASP Top 10 items are reviewed, along with a few other valuable resources (listed below).We hope you enjoy this conversation!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesThe inspiring Tweet: https://twitter.com/Jhaddix/status/1661477215194816513Announcing the OWASP Top 10 for Large Language Models (AI) Project (Steve Wilson): https://www.linkedin.com/pulse/announcing-owasp-top-10-large-language-models-ai-project-steve-wilson/OWASP Top 10 List for Large Language Models Descriptions: https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/Daniel Miessler Blog: The AI attack Surface Map 1.0: https://danielmiessler.com/p/the-ai-attack-surface-map-v1-0/PODCAST: Navigating the AI Security Frontier: Balancing Innovation and Cybersecurity | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation about AI security and MITRE Atlas with Dr. Christina Liaghati: https://itsprad.io/redefining-cybersecurity-163Learn more about MITRE Atlas: https://atlas.mitre.org/MITRE Atlas on Slack (invitation): https://join.slack.com/t/mitreatlas/shared_invite/zt-10i6ka9xw-~dc70mXWrlbN9dfFNKyyzQGandalf AI Playground: https://gandalf.lakera.ai/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network