ESW #299 – Joseph Carson, Lisa Plaggemier
Full Audio
View Show IndexSegments
1. Building & Protecting a Digital Society – Joseph Carson – ESW #299
Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia’s journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I’ll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society.
Announcements
Security Weekly listeners, we need to hear your voices! Leave us your feedback on Apple podcasts & submit a screenshot to our giveaway form for a chance to win a $100 gift card from Hacker Warehouse! This giveaway will be open until the end of the year. We appreciate your honest feedback so we can continue to make great content for our audience! Visit securityweekly.com/giveaway to enter!
Guest
Joseph Carson is a cybersecurity professional with 25+ years’ experience in enterprise security, an InfoSec Award winner, author of Privileged Access Management for Dummies and Cybersecurity for Dummies. He is a CISSP and an active member of the cyber-community, speaking at conferences globally. He’s an advisor to several governments, as well as critical infrastructure, financial and maritime industries. Joseph is a host in the award-winning podcast 401 Access Denied where he interviews cybersecurity thought leaders on educational topics.
Hosts
2. A Whole Lotta BS (Behavioral Science) About Cybersecurity – Lisa Plaggemier – ESW #299
Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.
Segment Resources: https://staysafeonline.org https://staysafeonline.org/programs/cybersecurity-awareness-month/teach-others-how-to-stay-safe-online/ https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/ https://staysafeonline.org/programs/events/convene-clearwater-2023/
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
Hosts
3. 4 Day Work Weeks, Threathunter.ai, Microsoft 365 Ban, & Refusing to Be Fun at Work – ESW #299
Announcing Drata’s Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Hosts
- 1. FUNDING: Announcing Drata’s Series C
$200M Series C, co-led by ICONIQ Growth and GGV Capital. $2B valuation
- 2. FUNDING: HYPR, the Leader in Phishing-Resistant MFA, Raises $25M
- 3. FUNDING: CyVers Raises $8M in Funding
- 4. FUNDING: Bain Capital Crypto Co-Leads On-Chain Security Startup Nucleo’s $4M Seed Round – NFTgators
- 5. FUNDING: [Seed] Cybersécurité : Arsen lève 2,5 millions d’euros auprès d’Elaia et de French Founders – FrenchWeb.fr
- 6. REBRANDING: Milton Security announces new name, Threathunter.ai
- 7. REGULATION: Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy
- 8. VULNERABILITIES: Supply Chain Vulnerabilities Put Server Ecosystem At Risk – Eclypsium
- 9. NEW PRODUCTS: New Communication Protocol “Ibex” and Extended Protocol Suite
- 10. TRENDS: Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro
Gepetto is a Python script which uses OpenAI's davinci-003 model to provide meaning to functions decompiled by IDA Pro
- 11. TRENDS: Stack Overflow bans ChatGPT
AI has been kind of a joke for a while. Where it worked pretty well, it was invisible (e.g. smartphone soft keyboards), and where it didn't, people had a field day (look up videos of Scottish people trying to use voice assistants like the Amazon Echo). Then Dall-e 2 was released to the public. And then Midjourney. Suddenly, there are multiple paid services that auto-generate stories for children using AI to generate both the story and corresponding images based on your prompts. It's all happening more quickly than most people anticipated, I think.
In security, anti-virus had a big win with machine learning. So much so, that it unseated the industry's largest pure play vendors (Symantec, McAfee), who didn't respond quickly enough to the trend to survive the massive customer exodus. Beyond next-gen AV, the impact of AI/ML seems like it should be massive, according to the marketing copy, but in reality seems entirely overblown.
I've tested several products claiming to use AI/ML to better detect attacks, and the failure of these models has been complete, even in the most controlled and prepped circumstances. AI-generated images didn't offer much to security teams, but the moment OpenAI made ChatGPL available to the public, security folks started exploring what it could do.
The quality of results I've seen has been astonishing. Ask it "why should I be a CISO" and it gives a response that, as a blog post, no one would ever guess was written by AI. It can effortlessly give remediation guidance to vulnerabilities and help reverse engineer software alongside IDA Pro. I think it might be a stretch to say that it could help with security's alleged talent shortage, but folks are definitely going to explore the limits of what it can do, and I wouldn't be surprised to see it embedded in commercial products before long.
Perhaps AI/ML will revolutionize security products after all, but we just needed better AI/ML tech, from outside our industry to make it happen.
- 12. TRENDS: Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Russia may consider cybersecurity firms helping Ukraine as legitimate targets for retaliation.
- 13. TRENDS: Discovered new BYOF technique to cryptomining with PRoot – Sysdig
- 14. TRENDS: Ireland sees ‘100% success rating’ with 4-day work week trial
- 15. SQUIRREL: French man wins compensation as judge awards him the right to refuse to be fun at work