Security Matters

We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most.  In short, we buckle up for safety.  And risk is something that today’s guest Larry Lidz, who’s Vice President and Chief Information Security Officer (CISO) for Cisco CX Cloud, thinks about a lot. On today’s episode, host David Puner talks with Lidz about cyber risk, the shifting tolerance levels for it and how it influences security decision-making. 

Quantum computing is coming and it has the potential to be both exciting and terrifying... On today's episode of Trust Issues, host David Puner speaks with cryptographer Dr. Erez Waisbard, CyberArk’s Technology and Research Lead, about quantum computing innovation and its cybersecurity implications – from data encryption to surveillance and privacy. Dr. Waisbard breaks down how encryption works, why it’s so important for safeguarding our data, and how quantum computers will break the methods used today. This may sound ominous, but designs for quantum-resistant encryption algorithms are already well underway. Check out the episode to learn more about them and how your organization can start preparing now. And, if you like this episode, be sure to check out Erez Waisbard’s blog post, "Quantum Computing Is Coming… Here are 4 Ways to Get Ready," on the CyberArk Blog. 

Today's guest is Den Jones, who's Chief Security Officer (CSO) at Banyan Security, a startup Zero Trust network access solution (and a CyberArk technology partner). Jones spent almost 19 years at Adobe, followed by a stop at Cisco, before landing at Banyan in 2021. As his Twitter bio tells it, he's a “Large Scale Zero Trust Deliverer,” which is part of his multifaceted CSO charge. In this episode, host David Puner talks with Jones about his singular cybersecurity career path – beginning with a formative stint as a Royal Mail postman in Scotland – and how he worked his way up the ladder to become a Zero Trust-delivering CSO. Jones explains how his role at Banyan encompasses all aspects of security, including product (putting the security around the security, as it were), enterprise and physical security. He also discusses the challenges he faces in his current role, including evangelizing the company's security strategy. 

Today's episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you're already here, so maybe just stick around?  In this episode, host David Puner and Payton continue their discussion, diving into the implications of AI and tools like ChatGPT for the cyber threat landscape – and the potential threats posed by deep fakes backed by synthetic identities. Also, could AI tech make it easier for bad actors to spread disinformation on a large scale? 

Since the earliest digital days, cyberattackers have targeted identities in their quests for riches, chaos and even revenge. So, what if we could hop into a flux capacitor-equipped DeLorean, hammer-down to 88 mph, and go back in time to better understand how yesterday’s threats influence today’s landscape – and what history can teach us about outpacing adversaries? Today, we do that – and a whole lot more – with a fantastic guest: Theresa Payton.  Payton is the first woman to have served as White House Chief Information Officer, a best-selling author and the founder and CEO of Fortalice Solutions. In part one of our talk, host David Puner and Payton cover a lot of ground: Payton highlights some of the major cybersecurity trends and threats during her time in the George W. Bush White House – from SQL injection attacks to emerging ransomware. She also reflects on technology’s role in expanding – and complicating – the attack surface, and offers innovative insights for defenders, drawing from her experience as a veteran cybercrime fighter.  As you’ll hear, it’s a great talk – so good that we’re releasing it in two installments. Be sure to check out part two of our conversation with Theresa Payton, which will release on March 1. You can make sure not to miss it by following Trust Issues – available on all major podcast platforms.  Great Scott! 

Even if you've been living under a super-sized rock for the last few months, you've probably heard of ChatGPT. It's an AI-powered chatbot and it's impressive. It's performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental. That's where today's guest Eran Shimony, Principal Security Researcher for CyberArk Labs, comes into the picture. In fact, in an effort to stay ahead of the bad guys, Eran recently had ChatGPT create polymorphic malware. In conversation with host David Puner, he helps us understand if we are collectively prepared to deal with ChatGPT and the implications it may have for cyber threats.  How'd did he get ChatGPT to do this and what are the implications? Listen in to find out. If you find this episode interesting, be sure to check out Eran's recent blog post on the CyberArk Threat Research blog: https://www.cyberark.com/chatgpt-blog 

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company's nearly 40,000 employees cyber-trained and secure. And, as you'll hear, Nigel highlights the similarities between football and cybersecurity and that understanding one's opponent and environment is crucial to success in both. 

We're starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we're seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries. On today’s episode, host David Puner talks with David Higgins, who’s a Senior Director in CyberArk‘s Field Technology Office, about how the critical infrastructure landscape has changed, its global implications and how cyber protectors have had to adapt.

Too often when we think of the human element in cybersecurity it's the insider threats. But more often it's the hardworking protectors inside the organization who, while passionate about their jobs, would rather work to live rather than live to work. Although that reality can easily flip due to the nature of the cyber world. That's where today's guest Omar Khawaja, who’s been the CISO at Highmark Health for nine years, comes into the picture. As you'll hear, Khawaja’s been on the cutting edge of cultivating talent and creating a cyber culture that empowers the human element of an organization with more than 37,000 employees. What you'll learn: How the power of language, relationships and story can be used to effectively communicate cybersecurity strategies and best practices with partners outside of the space. And how the benefits of this can lead to better culture, retention of talent and business growth.  

Today's episode is a bit of a year-end cybersecurity fortune cookie. Its focus is an attack trend that's surged in 2022: Cookie hijacking (aka stolen cookies). Session cookies, that is. And it’s an attack trend CyberArk Labs researchers predict will continue to flourish in 2023. To dig into the stolen cookies trend and what's coming next, host David Puner talks with VP of CyberArk Red Team Shay Nahari, and Research Evangelist of CyberArk Labs, Andy Thompson, both of whom have spent a considerable amount of time popping the hood on the trend. And it's something you should be thinking about too in preparing for 2023 cybersecurity challenges.