Redefining CyberSecurity

Guest: Steve Wylie, Vice President, Cybersecurity PortfolioOn LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards.This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies.The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area.Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements.In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesLearn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast

Guests:Dan Nutkis, Founder and Chief Executive Officer of HITRUSTOn LinkedIn | https://www.linkedin.com/in/daniel-nutkis-339b93b/Robert Booker, Chief Strategy Officer at HITRUSTOn LinkedIn | https://www.linkedin.com/in/robertbooker/Omar Khawaja, CISO, Client at DatabricksOn LinkedIn | https://www.linkedin.com/in/smallersecurity/Cliff Baker, CEO at CORL TechnologiesOn LinkedIn | https://www.linkedin.com/in/cliffbaker/Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & DeeterOn LinkedIn | https://www.linkedin.com/in/aehicks2000/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesThis episode of the On Location series takes place during HITRUST Collaborate 2024 brought together leading figures in cybersecurity to share their experiences and insights. Moderated by Sean Martin, host of the Redefining CyberSecurity Podcast, the panel included Dan Nutkis, Founder and Chief Executive Officer of HITRUST; Robert Booker, Chief Strategy Officer at HITRUST and former Chief Information Security Officer at UnitedHealth Group; Omar Khawaja, CISO, Client at Databricks and former Chief Information Security Officer at Highmark Health; Cliff Baker, CEO at CORL Technologies and Managing Partner at Meditology Services; and Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter.The session kicked off with Sean Martin highlighting the importance of collaboration and conversation within the cybersecurity community. Dan Nutkis reflected on the early beginnings of HITRUST in 2007 and discussed the initial goal of establishing a comprehensive and effective framework for security. Nutkis highlighted the organization's ongoing commitment to continuous improvement and adaptability in addressing security needs.Omar Khawaja emphasized the need for setting high-security bars and how HITRUST has been instrumental in providing robust frameworks that simplify complex compliance requirements. He shared how Highmark Health leveraged the HITRUST certification to streamline their third-party risk management, ensuring better outcomes with fewer resources. According to Khawaja, HITRUST’s efforts in adapting to market needs and developing new assurance levels like the i1 and e1 have been vital in meeting evolving security demands.Cliff Baker discussed the innovation driven by HITRUST in the compliance space. Baker stressed the importance of the HITRUST ecosystem, which is designed not only to meet today’s security challenges but to anticipate future needs. The assurance framework and transparency provided by HITRUST have proven essential in building and maintaining trust within the healthcare industry.Andrew Hicks praised the rigorous QA process that HITRUST employs, which ensures that certified organizations maintain high standards of security. He emphasized how this rigorous process not only helps organizations achieve certification but also transforms their overall approach to cybersecurity.Robert Booker spoke about the continuous curiosity and commitment required to stay ahead in cybersecurity. He highlighted how HITRUST’s data-driven approach and innovations in areas like AI and continuous monitoring are crucial in maintaining relevance and enhancing security outcomes.Throughout the discussion, the panelists collectively underscored the importance of a robust, adaptable, and comprehensive security framework. HITRUST's continuous innovation and commitment to addressing real-world security challenges position it as a leader in the industry. The collaborative efforts of HITRUST and its community not only improve organizational security but also strengthen the overall reliability of the healthcare system.As HITRUST continues to evolve and introduce new initiatives, it remains a pivotal player in setting high security and compliance standards. The insights shared during this episode of On Location provide a glimpse into the future of cybersecurity and the ongoing efforts to safeguard sensitive data in the healthcare sector.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasBe sure to share and subscribe!____________________________ResourcesLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxayLearn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf

HITRUST, leader in information security and third-party risk management (TPRM), has announced significant enhancements to its HITRUST Assessment XChange. This comprehensive solution addresses longstanding challenges in TPRM by integrating with leading TPRM platforms to streamline vendor risk management processes. These integrations solve the "last mile" challenge by enabling organizations to efficiently capture, consume, and analyze detailed assurance data.The HITRUST Assessment XChange operationalizes third-party risk management through end-to-end workflows that cover the entire vendor lifecycle—from initial evaluation to results analysis. This approach significantly improves information security risk capabilities, reducing time, costs, and complexity. It also allows organizations to manage risk with updated threat-adaptive controls, broad assessment options, and real-time updates on risk mitigation.Legacy approaches to TPRM have proven inefficient, with many organizations relying on outdated methods like spreadsheets or self-assessment questionnaires. In contrast, HITRUST’s solution offers a practical, effective, and comprehensive approach, making TPRM more manageable and secure across industries.HITRUST’s first planned integration with ServiceNow’s TPRM solution is set for release by the end of 2024, allowing users to leverage HITRUST's capabilities within the ServiceNow platform. This integration marks a new era in operationalizing information security TPRM, providing organizations with unprecedented visibility into vendor risk.Learn more about and stay up to date by visiting hitrustalliance.net/news.Note: This story contains promotional content. Learn more.ResourcesLearn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity.Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately.Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants.A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures.Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives.In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc

HITRUST has announced the launch of HITRUST Continuous Assurance, a new strategic evolution aimed at enhancing security sustainability and outcomes through continuous control monitoring. This initiative builds upon the proven HITRUST ecosystem, providing organizations with an efficient way to manage security and compliance risks in the face of evolving cyber threats. Traditional approaches that prioritize compliance over security are increasingly inadequate, especially in the era of generative AI and sophisticated cyber-attacks.Continuous Assurance minimizes the risk of evidence decay by enabling organizations to monitor security controls continuously, ensuring that security requirements remain relevant and reliable. Key features of this initiative include automated evidence collection, a continuous monitoring taxonomy integrated with the HITRUST CSF, and enhanced workflows in HITRUST’s MyCSF platform. The system also supports integration with Governance, Risk, and Compliance (GRC) systems, ensuring streamlined risk management.HITRUST's Continuous Assurance will leverage its extensive certification framework, which has shown significant success. Notably, the 2024 HITRUST Trust Report highlighted that 99.4% of HITRUST-certified organizations did not report a breach over the past two years. Continuous Assurance offers new capabilities that further solidify HITRUST’s role as a leader in information security risk management.Learn more about and stay up to date by visiting hitrustalliance.net/news.Note: This story contains promotional content. Learn more.ResourcesRead the Press Release: https://hitrustalliance.net/press-releases/hitrust-announces-continuous-assurance-through-the-proven-hitrust-ecosystemLearn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Guest: Sagar Bhure, Senior Security Researcher, F5 [@F5]On LinkedIn | https://www.linkedin.com/in/sagarbhure/At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#sagar-bhure-45119____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe authenticity of audio and visual media has become an increasingly significant concern. This episode explores this critical issue, featuring insights from Sean Martin, Marco Ciappelli, and guest Sagar Bhure, a security researcher from F5 Networks.Sean Martin and Marco Ciappelli engage with Bhure to discuss the challenges and potential solutions related to deepfake technology. Bhure reveals intricate details about the creation and detection of deepfake images and videos. He emphasizes the constant battle between creators of deepfakes and those developing detection tools.The conversation highlights several alarming instances where deepfakes have been used maliciously. Bhure recounts the case in 2020 where a 17-year-old student successfully fooled Twitter’s verification system with an AI-generated image of a non-existent political candidate. Another incident involved a Hong Kong firm losing $20 million due to a deepfake video impersonating the CFO during a Zoom call. These examples underline the serious implications of deepfake technology for misinformation and financial fraud.One core discussion point centers on the challenge of distinguishing between real and artificial content. Bhure explains that the advancement in AI and hardware capabilities makes it increasingly difficult for the naked eye to differentiate between genuine and fake images. Despite this, he mentions that algorithms focusing on minute details such as skin textures, mouth movements, and audio sync can still identify deepfakes with varying degrees of success.Marco Ciappelli raises the pertinent issue of how effective detection mechanisms can be integrated into social media platforms like Twitter, Facebook, and Instagram. Bhure suggests a 'secure by design' approach, advocating for pre-upload verification of media content. He suggests that generative AI should be regulated to prevent misuse while recognizing that artificially generated content also has beneficial applications.The discussion shifts towards audio deepfakes, highlighting the complexity of their detection. According to Bhure, combining visual and audio detection can improve accuracy. He describes a potential method for audio verification, which involves profiling an individual’s voice over an extended period to identify any anomalies in future interactions.Businesses are not immune to the threat of deepfakes. Bhure notes that corporate sectors, especially media outlets, financial institutions, and any industry relying on digital communication, must stay vigilant. He warns that deepfake technology can be weaponized to bypass security measures, perpetuate misinformation, and carry out sophisticated phishing attacks.As technology forges ahead, Bhure calls for continuous improvement in detection techniques and the development of robust systems to mitigate risks associated with deepfakes. He points to his upcoming session at Sector in Toronto, where he will delve deeper into 'Hacking Deepfake Image Detection Systems with White and Black Box Attacks,' offering more comprehensive insights into combating this pressing issue.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesHacking Deepfake Image Detection System with White and Black Box Attacks: https://www.blackhat.com/sector/2024/briefings/schedule/#hacking-deepfake-image-detection-system-with-white-and-black-box-attacks-40909Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast

Jeremy Huval, a key player at HITRUST, discusses the upcoming launch of an AI Security Certification slated for December 2024. This certification aims to tackle the unique security challenges posed by AI systems, marking a first in cybersecurity. Huval highlights how existing controls fall short and emphasizes the new, prescriptive measures designed specifically for AI and machine learning. This initiative enhances third-party risk management, fostering greater trust and security in AI deployments while simplifying workflows and reducing costs.

In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/lebin/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Ashley Jess, Senior Intelligence Analyst, Intel 471 [@Intel471Inc]At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#ashley-jess-48633____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs part of their Chats on the Road for the On Location series during SecTor in Toronto, Sean Martin and Marco Ciappelli had an engaging conversation with Ashley Jess, a Senior Threat Intelligence Analyst from Intel471.The discussion centered on the intricacies of artificial intelligence (AI), its uses, and its abuses in the realm of cybersecurity. Ashley's upcoming presentation titled "Hello from the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation, and Scam Campaigns" sets the stage for an in-depth exploration into the dark side of AI. Ashley gives a glimpse into how AI is being utilized for nefarious purposes, highlighting the connection between generative AI and disinformation campaigns. She explains how AI has been used to create politically motivated fake graffiti, deepfake videos with celebrities, and even entirely fabricated news websites.She emphasizes that the lowest barrier to entry for generating such content is lower than ever, making it easy for bad actors to create and spread false information swiftly. She mentions a particularly interesting case during the Olympics, where an entire propaganda movie starring a deepfake Tom Cruise was produced for political purposes. This example underscores the potential of AI to convincingly spread disinformation on a massive scale. She also points out how scam campaigns are increasingly leveraging AI, making them more believable and harder to detect.One crucial topic Ashley touches on is the matter of responsibility in combating these threats. She discusses the need for more robust government regulations and the role of various technology vendors in detecting and preventing the misuse of AI. She highlights the importance of technologies like Web3 and blockchain for content provenance.According to Ashley, integrating such measures into platforms used by everyday people can help mitigate the risks posed by AI-generated disinformation. Marco Ciappelli adds to this by reflecting on how easy it is to create misleading content and target vulnerable populations. He points out that ordinary citizens, who are not as vigilant or technologically savvy, are at greater risk. On this note, Sean Martin questions who should be responsible for protecting individuals and organizations from AI-based threats.The discussion also touches on the ethical aspects of AI and its dual-use nature—where technological advancements can be both beneficial and harmful. Ashley emphasizes the need for a balanced approach that considers both the legitimate applications of AI technology and its potential for abuse. Ashley Jess is enthusiastic about her upcoming talk at SecTor where she promises to delve further into these critical issues.The session aims to provide a realistic, frontline view of how AI is being used maliciously and to encourage more proactive measures to combat these emerging threats. For those attending SecTor, her insights promise to be both enlightening and essential.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesHello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns (Session): https://www.blackhat.com/sector/2024/briefings/schedule/#hello-from-the-dumpster-fire-real-examples-of-artificially-generated-malware-disinformation-and-scam-campaigns-41161Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast

In this engaging discussion, Steve Wilson, Chief Product Officer at Exabeam and Project Lead for the OWASP Top 10 for Large Language Model Applications, shares his expertise on secure AI development. He delves into the evolution of AI, distinguishing between chatbots, co-pilots, and autonomous agents. Wilson emphasizes the importance of integrating security practices early in the development lifecycle and offers insights from his new book, guiding developers on responsible AI usage. The conversation highlights the need for innovative testing and specialized security frameworks to manage evolving risks.