#250 - Understanding Vulnerabilities, Exploits, and Cybersecurity
Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management.
Chapters
00:00 Introduction and Guest Welcome
00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast
02:12 Meet Todd Beardsley: From Hacker to Security Research VP
03:58 The Evolution of Vulnerabilities and Patching
07:06 Understanding CVE Numbering and Exploitation
14:01 The Role of Attribution in Cybersecurity
16:48 Cyber Warfare and Global Threat Landscape
20:18 The Rise of International Hacking
22:01 Delegation of Duties in Offensive Warfare
22:25 The Role of Companies in Cyber Defense
23:00 Attack Vectors and Exploits
24:25 Real-World Scenarios and Threats
28:46 The Importance of Communication Skills for CISOs
31:42 Ransomware: A Divisive Topic
38:39 Actionable Steps for Security Executives
45:58 Conclusion and Final Thoughts
--------
46:48
--------
46:48
#249 - Unveiling AI and Crypto Threats with Microsoft's Tomas Roccia
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.
Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf
GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response
Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc
Chapters
00:00 Introduction to AI and Cryptocurrencies
00:27 Welcome to CISO Tradecraft
00:55 Guest Introduction: Tomas Roccia
01:06 Tomas Roccia's Background and Career
02:51 AI in Cybersecurity: Defensive Approaches
03:19 The Democratization of AI: Risks and Opportunities
06:09 AI Tools for Cyber Defense
08:09 Challenges and Limitations of AI in Cybersecurity
09:20 Microsoft's AI Tools for Defenders
12:13 Open Source AI Security: Project Nova
18:37 Community Contributions and Open Source Projects
19:30 Case Study: Babit Crypto Hack
22:12 Money Laundering Techniques in Cryptocurrency
23:01 AI in Tracking Cryptocurrency Transactions
26:09 Sophisticated Attacks and Money Laundering
33:50 Future of AI and Cryptocurrency
38:17 Final Thoughts and Advice for Security Executives
41:28 Conclusion and Farewell
--------
43:08
--------
43:08
#248 - A Black Hat Chat with ThreatLocker CEO Danny Jenkins
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve.
Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/
ThreatLocker - https://www.threatlocker.com/
Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b
Chapters
00:00 Introduction and Welcome
00:27 Meet Danny Jenkins, CEO of Threat Locker
01:12 The Philosophy Behind Threat Locker
02:52 Customer-Centric Culture at Threat Locker
04:32 Technical Leadership and Personal Insights
08:55 Leadership Advice for Aspiring CISOs
11:22 Conclusion and Farewell
--------
11:40
--------
11:40
#247 - What most leaders don't understand about AI (with Dave Lewis)
In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance.
Chapters
00:00 Introduction to AI Governance
00:30 Guest Introduction: Dave Lewis
00:49 The Importance of AI Governance
01:42 Challenges in AI Implementation
03:20 AI in the Modern Enterprise
03:49 Shadow AI and Security Concerns
04:49 AI's Impact on Jobs and Industry
05:27 The Gartner Hype Cycle and AI
05:43 AI's Influence on the Stock Market
06:14 Historical Context of AI
06:32 AI and Credential Security
08:29 The Role of Governance in AI
12:47 The Future of AI and Security
18:36 Governance and Policy Recommendations
19:26 AI Governance and Ethical Concerns
20:01 AI Self-Preservation and Human Safety
20:18 Uncontrollable AI Applications
21:17 Vectors of AI Trouble
21:58 AI Hallucinations and Data Security
22:53 AI Vulnerabilities and Exploits
26:29 Deepfakes and AI Misuse
27:33 Historical Cybersecurity Incidents
29:04 Future of AI and Job Security
33:47 Managing AI Identities and Credentials
34:21 Conclusion and Final Thoughts
--------
35:09
--------
35:09
#246 - Tim Brown on SolarWinds: What Every CISO Should Know
In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders.
Chapters
00:00 Introduction and Welcome
00:59 The SolarWinds Incident Unfolds
03:13 Understanding the Attack and Response
04:04 The Role of SVR and Supply Chain Security
10:43 Technical Details of the Attack
14:56 Compliance and Reporting Challenges
19:24 Rebuilding Trust and Personal Impact
22:06 CISO Concerns and Company Support
22:14 Legal Challenges and Company Expenses
23:40 SEC Charges and Legal Proceedings
29:35 Supply Chain Security and Vendor Assurance
35:47 CISO Accountability and Industry Standards
39:41 Final Thoughts and Advice for CISOs
![Podcast Finding Peak [Formerly The Ryan Hanley Show]](https://www.radio.net/podcast-images/175/finding-peak-podcast.jpeg?version=82b124b0ff069964372f0fb64b11dde9)
USA