The Security Table

Chris Romeo, Izar Tarandach, and Matt Coles discuss the national cybersecurity strategy, focusing on pillar three, which aims to shape market forces to drive security and resilience. They explore the idea of liability and the goal of shifting the consequences of poor cybersecurity away from the most vulnerable. The trio also considers the influence of GDPR and its impact on the US, comparing it to the European Union's experience.The podcast hosts discuss the need for better security in IoT devices and the potential impact of the policy on the rest of the world, including China. In addition, they express concern about the potential for a tedious and complex liability process similar to the medical industry, which may not ultimately benefit users.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

Izar, Matt, and Chris scour the Interwebs for an article to discuss, only to find that each person has chosen an article related to the convergence of AI and cybersecurity. We discuss whether ChatGPT can replace humans with threat modeling, Microsoft's Security Copilot, and the open letter to freeze AI development for six months. AI is the future, and it will significantly impact the security professional's role.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The Security Table gang continues our discussion about the United States National Cybersecurity Strategy, released in 2023. We cover pillars one and two, defend critical infrastructure, and disrupt and dismantle threat actors.We talk about the importance of defining critical infrastructure and the responsibility of both the private and public sectors in protecting it. We also mention cybersecurity requirements to support national security and public safety and the challenge of getting various agencies and organizations to work together. Finally, the hosts ponder whether social media platforms could be considered critical infrastructure, and they conclude that critical infrastructure comes down to safety, security, and public welfare.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The United States released a new National Cybersecurity Strategy. The gang gathers to discuss the new strategy and look at it from a practitioner's perspective. We discuss the impact and depth of the malicious actor section, with an increased emphasis on the nation-state and the details shared about nation-state adversaries.  We also get into a debate about a statement made regarding the dependence and need to be placed on the system instead of the end user to make security decisions. Is this strategy a call for big brother disguised as security improvements?Is the US Government truly responsible for securing the Internet? Discussion and debate ensue.We vowed to discuss the whole thing, and with this first episode, we got through the introduction. We will continue with additional episodes until we unpack the entire strategy.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The gang is back to debate and discuss the definition of application security. We start by figuring out what an application is and then layer security on top of it. We branched into how product security fits against application security and eventually concluded that system security is all-encompassing, but it's an old term. We also learn that Izar is uncomfortable speaking about cybersecurity at cocktail parties. Enjoy!FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

Matt, Izar, and Chris started the conversation by discussing all the acronyms and abbreviations we use in security and then morphed into a discussion of what application security is. While they only scratched the surface of what application security is, this episode will make you think about all the acronyms we use in our industry and how they are received by those that are new and outsiders.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The gang continues our discussion and debate around the security talent shortage. We consider the issue from the candidate's viewpoint this time, thinking about all the different things candidates have to deal with in being hired, from years of experience, certification, and depth of the interview process. We try to draw some actionable conclusions for hiring managers because, without action, we are just part of the problem.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The gang considers whether the security talent shortage is fact or fiction. We've all hired people for security roles at different places and have heard about this "shortage" for years. We discuss the role of the business in building strong apprenticeship programs and the efforts of academia to prepare people for these roles. We don't resolve everything that needs resolution, so we'll be back with part two next week on this same topic.Show notes:https://www.prnewswire.com/news-releases/despite-slowing-economy-demand-for-cybersecurity-workers-remains-strong-301730414.htmlhttps://accesscyber.co/blog/10000-cybersecurity-jobsFOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The gang discusses the Lastpass breach and the need for the security of utility-style security providers. We discuss Lastpass from a different angle - the responsibility of "hard security" providers. As security practitioners, we have been telling users to "just use a password manager." So what do we do now? How do password managers impact the way we give advice?Lastpass is as "hard security" service as it can be - are security people taking things as seriously as they should? Are we too "here's your two months of credit policing, thank you very much" accommodated? We explore and reach some conclusions.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!

The gang considers the software bill of materials (SBOM) approach and asks hard questions about what SBOM is for and whether it improves security. Note the gang believes in SBOM. We ask the hard questions to help us all expand our minds and truly understand the value propositions.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!