Security Matters

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.  

Today’s episode of Trust Issues focuses on spycatching! Eric O'Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history. O'Neill details his “cover job” of working beside Hanssen in the FBI’s new information assurance (cybersecurity) division, while secretly uncovering his espionage activities. O'Neill’s made-for-the-big-screen experiences emphasize the challenges posed by malicious insiders – some of the most difficult and expensive cybersecurity threats of our time. His gripping account draws intriguing parallels between spies and cyber criminals, shedding light on identity security’s significant role in thwarting insider espionage and defenders’ continuous push to outpace attacker innovation. 

Crystal Trawny, Optiv’s Practice Director, delves into the evolution of Privileged Access Management (PAM) with insightful discussions on overcoming change resistance, deployment timelines, and critical program elements. She emphasizes the correlation between endpoint privilege management and PAM maturity, offering valuable insights to assess and enhance organizational security strategies.

Matt Cohen, CEO of CyberArk and a proponent of leading without fanfare, dives into transformative leadership in the cybersecurity realm. He shares insights on navigating the CEO role and the importance of company culture. The conversation highlights the critical nature of identity security in our increasingly digital world and the innovative approaches required to tackle modern threats. Cohen also discusses the value of authenticity, humility, and customer-centricity in building trust within business relationships.

While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we’re still just in the early days of the technology. In this episode, CyberArk Labs’ Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders. 

Diana Kelley, Chief Information Security Officer (CISO) at Protect AI joins host David Puner for a dive into the world of artificial intelligence (AI) and machine learning (ML), exploring the importance of privacy and security controls amid the AI Gold Rush. As the world seeks to capitalize on generative AI’s potential, risks are escalating. From protecting data from nefarious actors to addressing privacy implications and cyber threats, Kelley highlights the need for responsible AI development and usage. The conversation explores the principle of least privilege (PoLP) in AI, the privacy implications of using AI and ML platforms and the need for proper protection and controls in the development and deployment of AI and ML systems.

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker. Noe joins host David Puner to shed light on the concept of synthetic identity, which involves gathering publicly available, unprotected data and then using AI chatbots and platforms like ChatGPT along with predictive analytics to correlate the data and generate deep digital portraits of individuals. Then, thinking like an attacker, Noe dives into how this new digital clairvoyance has the potential to up threat actors’ games and what organizations and individuals should be doing to combat it. Noe also shares his POV on the implications for cybersecurity and his concerns about sharing personal and proprietary information with AI chatbots and platforms. 

In this episode of the Trust Issues podcast, host David Puner interviews Brad Jones, CISO and VP of Information Security at Seagate Technology. They delve into cloud security challenges, including protecting data in a constantly shifting technological landscape. Jones discusses the importance of establishing trust as a data company and implementing rigorous controls to safeguard sensitive information. Then, they take a deep dive into the evolving external threat landscape, the role of AI in security and Seagate's cloud migration journey. Tune in to learn how to bridge security gaps, set your organization up for cloud security success and stay ahead of threat actors in the digital age.

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time. And she sheds light on how the intricate web of identities – both human and non-human – shape the modern development pipeline to underscore the importance of visibility, governance and Zero Trust-based thinking. Tune in for insights to help fortify your cybersecurity practices and unlock the full potential of effective DevSecOps strategies.

Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what's causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks. As more organizations adopt cloud and DevOps technologies, the number of digital identities has skyrocketed, providing attackers with more accounts to exploit. However, Thompson emphasizes that staying vigilant about properly configured identities and analyzing their behavior can go a long way in mitigating the risk of ransomware attacks. Tune in to stay ahead of the curve in the ever-evolving landscape of cybersecurity threats.