ESW #319 – Amitai Ratzon, Steve Ragan, Deepika Chauhan, Thomas Kinsella, Jon Check
Full Audio
View Show IndexSegments
1. Uber breaches, security awareness saturation, cybercrime P&L, sad acquisitions and AI – ESW #319
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos. What's even real anymore? We might not be able to tell for long...
Announcements
Our teams from Security Weekly and SC Media were onsite at RSA Conference 2023 delivering in-depth reporting, analysis and interviews from the conference. If you were unable to join us in person, or didn't manage to catch our video livestream from Broadcast Alley, you can access all of our RSAC 2023 coverage at https://securityweekly.com/rsac.
Hosts
- 1. FUNDING: Kubernetes and sigstore founders raise $17.5M to launch software supply chain startup Stacklok
- 2. FUNDING: Exclusive: Manifest Cyber raises $6M, unveils new government contracts
- 3. FUNDING: SpiderOak Secures Investment from Accenture, Raytheon Technologies & Stellar Ventures
- 4. FUNDING: Visibility-First Zero Trust Networking Platform Lumeus.ai Launches With $6M Seed
Really not seeing how they're working AI/ML into this...
- 5. FUNDING: Entro raises $6M for its end-to-end secrets security solution
- 6. FUNDING: Cork Raises $6M in Seed Funding
- 7. FUNDING: Lakeland cyber startup closes $5.5M in oversubscribed round
An oversubscribed round for security awareness training? Either there's something unique here, or I'm missing something. Kinda late to be bringing security awareness to the market now.
- 8. FUNDING: CISO Global Inc. Announces Pricing of $4.0 Million Registered Direct Offering
- 9. ACQUISITIONS: Data443 Expands Its Global Customer, Technology Base with Transformative Acquisition of Select Israel-based Cyren Ltd. Assets
Threat intel assets only - we talked about Cyren going under earlier this year. Good news is that they were able to sell off some of their assets. Bad news is that the assets were only worth $3.5M.
- 10. ACQUISITIONS: Curity Secures Investment to Scale Growth in API-Driven Identity Management
Article describes it as an "investment" from a PE firm, but Mike Privette describes it as an acquisition.
- 11. ACQUISITIONS: Amsterdam’s EclecticIQ sells its agent software and engineering assets to US-based ReliaQuest
Talent and assets acquisition
- 12. TRENDS: Ransomware resurgence after ‘strange year’ in 2022, insurance data shows
- 13. TRENDS: Concerns around the new .zip gTLD, from @_sn0ww
I’ve seen a lot of concern around the new .zip gTLD.
Let’s look a little deeper into what this means, from my (attacker) perspective.
- 14. AI TRENDS: Drag Your GAN: Interactive Point-based Manipulation on the Generative Image Manifold
- 15. STANDARDS: Equifax Controls Framework
Did we really need another standards framework?
- 16. STANDARDS: OWASP Top 10 for Large Language Model Applications
- 17. ESSAY: Understanding the RSA Conference iceberg: revealing the unknown truths and explaining the well-known concepts
- 18. ESSAY: The AI Attack Surface Map v1.0
- 19. CYBERCRIME: Suspicion stalks Genesis Market’s competitors following FBI takedown
Is VAPEMASTER3000 really a fellow cybercriminal, or is he an FBI mole? #BadGuyProblems
- 20. BREACHES: Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
- 21. BREACHES: Uber Data Breaches: Full Timeline Through 2023
- 22. SQUIRREL: Montana governor bans TikTok
- 23. SQUIRREL: AN ACT BANNING TIKTOK IN MONTANA
I'm quoting directly from the law here: WHEREAS, TikTok fails to remove, and may even promote, dangerous content that directs minors to engage in dangerous activities, including but not limited to:
- throwing objects at moving automobiles
- taking excessive amounts of medication
- lighting a mirror on fire and then attempting to extinguish it using only one's body parts
- inducing unconsciousness through oxygen deprivation
- cooking chicken in NyQuil
- pouring hot wax on a user's face
- attempting to break an unsuspecting passerby's skull by tripping him or her into landing face first into a hard surface
- placing metal objects in electrical outlets
- swerving cars at high rates of speed
- smearing human feces on toddlers
- licking doorknobs and toilet seats to place oneself at risk of contracting coronavirus
- attempting to climb stacks of milk crates
- shooting passersby with air rifles
- loosening lug nuts on vehicles
- stealing utilities from public places
2. Prepping for Security Incidents, Automated Validation & No-Code Automation Revolution – Amitai Ratzon, Jon Check, Thomas Kinsella – ESW #319
The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach.
This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!
While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them.
This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!
Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization’s security posture.
This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!
Guests
Jon Check is the Vice President of Cyber Protection Solutions at Nightwing. He
leads the team that delivers proactive cybersecurity and next-generation technology to protect customers from persistent cybersecurity threats. Prior to this role, Jon held executive positions at Raytheon, CSRA Inc, and IBM Global Business Services. Jon is also a board member and former chairman of the National Cybersecurity Alliance, a board member of the U.S. Cyber Games, and an AFCEA DC board member. He holds a Bachelor of Arts in environmental science from the University of Virginia.
Thomas Kinsella is the co-founder and CCO of Tines, a no-code automation platform for security teams. Before Tines, Thomas led security teams in companies like Deloitte, eBay, and DocuSign. As CCO, Thomas is responsible for customer success, professional services, and more. Thomas has a degree in Management Science and Information Systems Studies from Trinity College in Dublin.
Amitai Ratzon has been Pentera’s CEO since January 2018. He transitioned Pentera from a stealth mode startup into a unicorn and the global category leader, through 3 funding rounds, led by AWZ Ventures & The Blackstone Group (Round A), Insight Partners (Round B) and K1 Investment Management and Evolution Equity Partners (Round C). Amitai is a cybersecurity speaker, moderator and influencer working closely with CISOs of fortune 500 companies to shape their cybersecurity strategies and technology stacks.
Prior to joining Pentera, Amitai held executive positions leading enterprise sales teams at global companies such as SuperDerivatives (NASDAQ:ICE), Earnix and CallVU. Amitai holds a B.A in Business Administration and an LL.B, both from the interdisciplinary Center, Herzliya and an International Executive MBA from Kellogg-Recanati, granted jointly by Tel Aviv University, Israel and Northwestern University, Chicago, IL.
Host
3. Digital Trust as a Strategic Imperative & Insights from RSA Conference 2023 – Deepika Chauhan, Steve Ragan – ESW #319
In today’s hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work.
This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!
Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: - Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) - What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) - Challenges of identity and access management (zero trust, MFA, hybrid work environments) - Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware)
This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!
Guests
Before joining the journalism world in 2005, Steve spent 15 years doing consulting and freelance contracting within the IT space, with a focus was on infrastructure management and security.
His award-winning journalism career covering the security industry lasted for more than a decade. After leaving journalism in 2018, he went back into the security field doing threat research and editorial work, where he remains to this day.
He’s a father of two, grandfather of two, and spends his free time gaming.
Deepika Chauhan is the Chief Product Officer at DigiCert. She leads a global team of customer-obsessed product managers and engineers, responsible for continued innovation on DigiCert ONE, the platform for digital trust. Chauhan oversees the overall product strategy to ensure that organizations from the largest enterprises to SMBs can provide comprehensive trust and security across all of their devices, users, servers, software and content.
Chauhan has a wealth of experience in product development, business strategy, marketing, sales and organizational transformation. Prior to DigiCert, Chauhan led Strategy and Business Operations for the Website Security Business Unit at Symantec. Before Symantec, she was at McKinsey & Company, working with a number of different area tech companies on some of their most strategic initiatives. Prior to McKinsey, she led product development as part of the mobile browser team at Nokia for several years.