Secure Talk Podcast

"If you torture the data long enough, it will confess to anything" said Ronald Coase. Certainly the advent of AI has created some spectacular progress and failures. In the realm of patient care AI tools can have a powerful impact and there is little room for error. How do professionals in the Medical Device and Medical Software space prepare their solutions for the market?In the latest episode of SecureTalk, Justin is joined by Dr. Paul Campbell, who serves as the Head of Software and AI at the UK's Medicines and Healthcare products Regulatory Agency (MHRA). Dr. Campbell discusses his journey from pharmacy to becoming a prominent figure in healthcare IT and regulated software. The conversation covers the development of AI in healthcare, the global standardization of regulations, and the MHRA’s innovative initiatives such as AI Airlock, which are driving progress in medical technology. The discussion also delves into the vital role of data representation, ethical considerations in AI, and the complexities of implementing advanced technologies in real-world medical settings.

Much of the United States' progress since World War II on the global stage is due to a powerful partnership between private industry and the US government. The internet itself was a DARPA research project now turned into an economic juggernaut. How do we feed and support this powerful partnership?In this episode of SecureTalk, host Justin Beals welcomes Jason Healey, a senior research scholar at Columbia's School for International and Public Affairs. Jason, a pioneer in the field of cyber threat intelligence and former intelligence officer, discusses his extensive career and the evolution of cyber defense from the late 1990s to today. Topics include the origins of cybersecurity, the challenges of cyber warfare and policy, and the balance between defense and innovation. Jason elaborates on the critical role of metrics such as mean time to detect in measuring cybersecurity effectiveness and emphasizes the importance of harmonizing regulations and frameworks in the U.S. A detailed analysis of recent cyber incidents and the necessity for more robust cyber policies underlines the insightful conversation, making it essential listening for cybersecurity professionals.

I’ve participated or led technology product teams for 25 years. And engaging in effective security practices was three simple activities: least privileges, change management and network/server configurations. But in an ever-changing security environment, how do security leaders engage product teams in effective practices? Join us on Secure Talk with Naomi Buckwalter, the Senior Director of Product Security at Contrast Security.Throughout our conversation, Naomi shares her intriguing journey into the field of cybersecurity, from her early interest in tech and her educational background to landing a significant role at Vanguard Financial and eventually becoming a thought leader in cybersecurity. She explains the critical distinction between secure architecture reviews and secure code reviews and delves into the importance of trust and collaboration between developers and security engineers. Naomi also emphasizes the importance of inclusive hiring and discusses how she has successfully integrated individuals from non-traditional backgrounds into cybersecurity roles. As the founder of Cybersecurity Gatebreakers she helps technology teams find “young-in-career” talent ready to make an effective contribution. A poignant part of the discussion revolves around the concept of 'sec-splaining,' the need for excellent communication, and why security should be seen as a service to the business. This conversation is a must-listen for cybersecurity experts looking to enhance their understanding of team building and effective security management for software development.-----Additional Resources: Books:"The Smartest Person in The Room" by Christian Espinosahttps://christianespinosa.com/books/the-smartest-person-in-the-room/"Five Disfunctions of a Team" by  Patrick Lencionihttps://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756

The state of networked computing systems today relies heavily on a networking architecture designed and implemented by people like David Hotlzman, our guest on Secure Talk. But what if our current “world wide web” was just the progenitor of an n-dimension “internet stack”? Does Web 3 offer the opportunity to evolve a seemingly monolithic internet?In this episode of SecureTalk, host Justin Beals interviews David Holtzman, the brains behind the global domain name registration system and a former NSA analyst. They delve into the history and evolution of the DNS, discussing how it transformed from a single 'host.txt' file to a robust global system impacting millions of domain names. David shares his thoughts on decentralization, the potential of blockchain technology, and the future of cybersecurity in the wake of quantum computing. They also touch on the implications of AI, the cyclical nature of tech fads, and the importance of innovative yet secure solutions in today's rapidly evolving cyber environment. This episode is a must-listen for cybersecurity experts interested in the complex interplay between technology, governance, and security.

It is election season in the United States and there continues to be a lot of FUD around the security of our elections. We decided to sit down with an expert to discuss election security and how citizens here in the United States should consider this civic event.Join host Justin Beals and guest Mark Listes as they delve into the critical topic of election security. Mark, CEO of Pendulum and former Head of Policy at the U.S. Election Assistance Commission, shares his extensive expertise on managing election security and the intricate relationship between technology and trust in the electoral process. They explore the complexities of pre-vote misinformation, the robustness of various voting systems, and how the integrity of election results is maintained amidst emerging cybersecurity threats. Mark also highlights Pendulum's new tool, ElectionIQ, which aids businesses in navigating election-related risks. The discussion sheds light on the vital role of trust and participation in sustaining democracy, making it a must-listen for cybersecurity professionals seeking to understand the current landscape of election integrity.

In this episode of Secure Talk, host Justin Beals sits down with Danny Goodwin and Ed Schwarzschild, the authors of the book 'Job / Security: A Composite Portrait of the Expanding American Security Industry'. They delve into the multifaceted world of security work, bridging personal experiences and professional insights. Goodwin, a professor and chair of the Department of Art and Art History, and Schwarzschild, director of creative writing at SUNY Albany both had family members who worked in the security field that required secrecy. The shared formative experiences blossomed into a discussion about families and the impact of jobs on security. Realizing that the security field has been rapidly growing, they used expertise in the humanities to explore security jobs and their impact on individuals, families and our community at large. The podcast covers their methods of capturing authentic experiences through interviews and photography, bringing a human touch to a field often viewed through a critical or technical lens. Danny and Ed recount their past roles in security and detail compelling stories from their book, including experiences of border patrol agents, military security and cybersecurity professionals. The discussion also touches on the companion exhibition for “Jobs / Security”  and their plans for expanding the project globally. This episode is a must-listen for those interested in the intersection of security and humanity.Book: 'Job / Security: A Composite Portrait of the Expanding American Security Industry'. (2024) https://mitpress.mit.edu/9780262048699/jobsecurity/Exhibition: Job Security: Voices and Views from the American Security Industry.  August 12- December 9, 2024 - University at Albany SUNYhttps://www.albany.edu/museum/exhibitions/job-security-voices-and-views-american-security-industry

How do we predict the future? In our respective technology and security fields we are often asked to prognosticate on “what’s next?”. Understanding current trends is certainly helpful but what if you could reach far into the future and describe humanity and our relative progress?In this week's episode of SecureTalk we host an Associate Professor of Digital Media at Brock University, to discuss the intersection of cybersecurity and the humanities. Our guest's recent works include, 'Hacking the Humanities' and 'The Language of Cyberattacks,' delve into how digital culture, app development, and natural language processing intersect with cybersecurity. Listen in as we discuss William Gibson predicting the future of the internet and our examination of the cultural consequences of cybersecurity, emphasizing the need for broader digital literacy, the evolving landscape of internet privacy, and how speculative fiction can inform ethical questions and possible futures. They also touch on real-world incidents like the 'Parlor tricks' hack, demonstrating how programming literacy can empower individuals to navigate and influence the digital ecosystem. The conversation underscores the vital role of humanistic perspectives in understanding and shaping the cybersecurity landscape.

In this episode of Secure Talk, Justin Beals, founder and CEO of Strike Graph, hosts Bruce Schneier, a renowned security technologist, author, and lecturer at the Harvard Kennedy School. Schneier discusses his book 'A Hacker's Mind,' sharing insights into the psychology of security, societal impacts of cybersecurity, and how businesses can better align security practices with human psychology. He emphasizes the economic incentives behind security design, the concept of decoupling for enhanced security, and addresses the role of public awareness and policy in cybersecurity. Schneier also touches on the pervasive nature of hacking, the importance of building resilient systems, and the integration of computers into every aspect of our lives, highlighting the increasing importance of security by design.

Have you ever wondered how secure your browser extensions really are? On our latest Secure Talk episode join us for a discussion with Sheryl Hsu, a researcher from Stanford Empirical Security Research Group. We discuss their recent paper “What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions.” Sheryl and the team at the Stanford Empirical Security Research Group show that Security-Noteworthy Extensions (SNE) are a significant issue as they have a pervasive presence in the Chrome Web Store for years and affect almost 350 million users. In this great discussion we talk about the threat capabilities of nefarious code executed by plugins in the Chrome Browser. We also talk about the perverse incentives at Alphabet in managing the Chrome Web Store. They need to make plugins that have powerful capabilities, easy to deliver and sticky. But this creates the opportunity for powerful cybercrime tools, easily installed that are rarely inspected. Fundamentally we ask 'who is responsible for security in the “app” economy'? Research: https://arxiv.org/abs/2406.12710

In this episode of SecureTalk, host Justin Beals, CEO of StrikeGraph, discusses the complexities of HIPAA, data privacy, and healthcare security with expert Ileana Peters, a shareholder at Polsinelli. Once a leader in regulatory enforcement for US Health and Human Services she talks with Justin on how to manage compliance. Peters shares insights from her extensive experience at the Department of Health and Human Services, and addresses the nature of HIPAA regulations, the importance of risk analysis and workforce training, as well as the intricacies of regulatory compliance. The conversation dives deep into the intersection of innovation, healthcare privacy, and security, offering valuable advice for businesses and stakeholders in the rapidly evolving landscape of cybersecurity and healthcare regulations.