Security Matters

Today’s guest is Charles Chu, CyberArk's General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments. Chu sheds light on the complexities of cloud security, emphasizing the need for tailored solutions to protect against evolving cyber threats. Don't miss this insightful conversation that demystifies cloud security and redefines safeguarding digital assets – and answers the pivotal question: Why doesn’t cloud security taste like chicken?  

Arati Chavan, Staff Vice President, Global Head of Identity and Access Management (IAM) at Elevance Health joins host David Puner for a conversation that sheds light on how federated identity solutions are pivotal in achieving efficient and secure access control across diverse entities. Chavan also explores the challenges and opportunities in cloud transformation, the evolving role of AI in healthcare and the delicate balance between customer simplicity and robust security measures. Listen in for a deep dive into the heart of identity security and its impact on the healthcare industry.

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling.  Considering a cybersecurity career? You won’t want to miss this episode – Wylie’s passion for cybersecurity education and mentorship is contagious. Plus, you’ll discover many unexpected parallels between pro wrestling and red teaming – and how they can help strengthen your organization’s digital defenses.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.  

Today’s episode of Trust Issues focuses on spycatching! Eric O'Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history. O'Neill details his “cover job” of working beside Hanssen in the FBI’s new information assurance (cybersecurity) division, while secretly uncovering his espionage activities. O'Neill’s made-for-the-big-screen experiences emphasize the challenges posed by malicious insiders – some of the most difficult and expensive cybersecurity threats of our time. His gripping account draws intriguing parallels between spies and cyber criminals, shedding light on identity security’s significant role in thwarting insider espionage and defenders’ continuous push to outpace attacker innovation. 

Crystal Trawny, Optiv’s Practice Director, delves into the evolution of Privileged Access Management (PAM) with insightful discussions on overcoming change resistance, deployment timelines, and critical program elements. She emphasizes the correlation between endpoint privilege management and PAM maturity, offering valuable insights to assess and enhance organizational security strategies.

Matt Cohen, CEO of CyberArk and a proponent of leading without fanfare, dives into transformative leadership in the cybersecurity realm. He shares insights on navigating the CEO role and the importance of company culture. The conversation highlights the critical nature of identity security in our increasingly digital world and the innovative approaches required to tackle modern threats. Cohen also discusses the value of authenticity, humility, and customer-centricity in building trust within business relationships.

While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we’re still just in the early days of the technology. In this episode, CyberArk Labs’ Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders. 

Diana Kelley, Chief Information Security Officer (CISO) at Protect AI joins host David Puner for a dive into the world of artificial intelligence (AI) and machine learning (ML), exploring the importance of privacy and security controls amid the AI Gold Rush. As the world seeks to capitalize on generative AI’s potential, risks are escalating. From protecting data from nefarious actors to addressing privacy implications and cyber threats, Kelley highlights the need for responsible AI development and usage. The conversation explores the principle of least privilege (PoLP) in AI, the privacy implications of using AI and ML platforms and the need for proper protection and controls in the development and deployment of AI and ML systems.

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker. Noe joins host David Puner to shed light on the concept of synthetic identity, which involves gathering publicly available, unprotected data and then using AI chatbots and platforms like ChatGPT along with predictive analytics to correlate the data and generate deep digital portraits of individuals. Then, thinking like an attacker, Noe dives into how this new digital clairvoyance has the potential to up threat actors’ games and what organizations and individuals should be doing to combat it. Noe also shares his POV on the implications for cybersecurity and his concerns about sharing personal and proprietary information with AI chatbots and platforms.