Security Matters

Since the earliest digital days, cyberattackers have targeted identities in their quests for riches, chaos and even revenge. So, what if we could hop into a flux capacitor-equipped DeLorean, hammer-down to 88 mph, and go back in time to better understand how yesterday’s threats influence today’s landscape – and what history can teach us about outpacing adversaries? Today, we do that – and a whole lot more – with a fantastic guest: Theresa Payton.  Payton is the first woman to have served as White House Chief Information Officer, a best-selling author and the founder and CEO of Fortalice Solutions. In part one of our talk, host David Puner and Payton cover a lot of ground: Payton highlights some of the major cybersecurity trends and threats during her time in the George W. Bush White House – from SQL injection attacks to emerging ransomware. She also reflects on technology’s role in expanding – and complicating – the attack surface, and offers innovative insights for defenders, drawing from her experience as a veteran cybercrime fighter.  As you’ll hear, it’s a great talk – so good that we’re releasing it in two installments. Be sure to check out part two of our conversation with Theresa Payton, which will release on March 1. You can make sure not to miss it by following Trust Issues – available on all major podcast platforms.  Great Scott! 

Even if you've been living under a super-sized rock for the last few months, you've probably heard of ChatGPT. It's an AI-powered chatbot and it's impressive. It's performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental. That's where today's guest Eran Shimony, Principal Security Researcher for CyberArk Labs, comes into the picture. In fact, in an effort to stay ahead of the bad guys, Eran recently had ChatGPT create polymorphic malware. In conversation with host David Puner, he helps us understand if we are collectively prepared to deal with ChatGPT and the implications it may have for cyber threats.  How'd did he get ChatGPT to do this and what are the implications? Listen in to find out. If you find this episode interesting, be sure to check out Eran's recent blog post on the CyberArk Threat Research blog: https://www.cyberark.com/chatgpt-blog 

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company's nearly 40,000 employees cyber-trained and secure. And, as you'll hear, Nigel highlights the similarities between football and cybersecurity and that understanding one's opponent and environment is crucial to success in both. 

We're starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we're seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries. On today’s episode, host David Puner talks with David Higgins, who’s a Senior Director in CyberArk‘s Field Technology Office, about how the critical infrastructure landscape has changed, its global implications and how cyber protectors have had to adapt.

Too often when we think of the human element in cybersecurity it's the insider threats. But more often it's the hardworking protectors inside the organization who, while passionate about their jobs, would rather work to live rather than live to work. Although that reality can easily flip due to the nature of the cyber world. That's where today's guest Omar Khawaja, who’s been the CISO at Highmark Health for nine years, comes into the picture. As you'll hear, Khawaja’s been on the cutting edge of cultivating talent and creating a cyber culture that empowers the human element of an organization with more than 37,000 employees. What you'll learn: How the power of language, relationships and story can be used to effectively communicate cybersecurity strategies and best practices with partners outside of the space. And how the benefits of this can lead to better culture, retention of talent and business growth.  

Today's episode is a bit of a year-end cybersecurity fortune cookie. Its focus is an attack trend that's surged in 2022: Cookie hijacking (aka stolen cookies). Session cookies, that is. And it’s an attack trend CyberArk Labs researchers predict will continue to flourish in 2023. To dig into the stolen cookies trend and what's coming next, host David Puner talks with VP of CyberArk Red Team Shay Nahari, and Research Evangelist of CyberArk Labs, Andy Thompson, both of whom have spent a considerable amount of time popping the hood on the trend. And it's something you should be thinking about too in preparing for 2023 cybersecurity challenges.

In the spring of 2022, Costa Rica was hit with a series of large-scale, long-lasting ransomware attacks, which wreaked havoc on the government and healthcare system – and paralyzed imports and exports. The ripple effects were far-reaching and the economy was crippled. President Rodrigo Chaves declared a national state of emergency. Trust was shaken. On today’s episode, Vinicio Chaves Alvarado, acting CISO at BAC Credomatic, the Costa Rica-based international bank, talks with host David Puner about being on the frontlines of stabilizing and building back trust. As he puts it, "We are not only cybersecurity professionals – we not only create cybersecurity controls or detect or react to threats. We create trust."

Being a Chief Information Security Officer is a tough job. CISOs are on the front lines, protecting against the unknown day after day, week after week. It's no wonder mental health issues such as depression and anxiety are surging in our industry. There are a lot of things that need to change, but on a positive note, this once-taboo subject is starting to get the attention it so desperately deserves. This is in part thanks to security leaders like Kirsten Davies, CISO at Unilever, stepping forward. On today’s episode, host David Puner talks with Davies about some of her passions, including the humanization of the teams in our cybersecurity community. She's equally passionate about being an innovative cyber protector and finding solutions to the multitude of challenges high-level CISOs face on a daily basis. The timing of the episode is apropos because October is both Cybersecurity Awareness Month and Depression and Mental Health Awareness and Screening Month. Time to elevate this critical conversation, advocate against stigma, and bring awareness to the various resources available to those who need them.

Even when looking at layered enterprise solutions designed to thwart attacks and contain them, we must always go back to cybersecurity basics at the individual level. And that’s what, on today's episode, guest Bryan Murphy, CyberArk’s Senior Director of Architecture Services and Incident Response stops by to talk with host David Puner about. Murphy also dives into the importance of cyber hygiene as an essential preventive measure for protecting identities, as part of a defense-in-depth strategy. It’s a perfect fit for October, which happens to be Cybersecurity Awareness Month (CSAM). Raise your awareness and give it a listen!   

U.S. government agencies are warning that ransomware actors are "disproportionately targeting the education sector," especially K-12. That’s because sensitive student data, overworked staff and competing priorities make investing in cybersecurity talent and tools a major challenge. On today's episode, host David Puner checks in with Matt Kenslea, CyberArk's Director of State, Local and Education (SLED), for a discussion about these targeted cyberattacks, the challenges they pose – and what schools can do.