DrZeroTrust

Can ChatGPT make me a less crappy programmer? That isn't hard to be honest, but there are implications to consider. Can you use AI (I really hate using that term but you can't beat the market I guess) to be an artist? Does that impact other talented people's future earning potential? How hard is it to use StableDiffusion to create bogus images? How bad was FTX's cybersecurity? Hint: It rhymes with pepto-bismol. What else should we know about cyber insurance and who do insurers actually "take care of?" What about the leaks from the DoD? How does this keep happening? Those points and more on this episode!

How many vulnerable systems out there are connected to the internet with a ten year old vulnerability, with RCE, and have no authentication? Surely the answer is 0? Operation Cookie Monster took down a dark marketplace, so what? Should there be a victory lap? KnowBe4 published some research on state and local security and BEC statistics, what should we learn from that document? Fake ransomware attacks are taking place, what the hell is that? Crowdstrike and others are publishing on threat groups, but the nomenclature is all over the place. How do we know what attackers are doing what if we can't align on the naming conventions? More insights on the Silicon Valley Bank fiasco (the executives did some "questionable" things). What does that mean for the cybersecurity market at large? Those questions and more on this episode.

Did the Pope wear a puffy jacket? So what? How might applied deepfakes be used to manipulate the collective narrative? What about our political system? Cofense published their annual report on the state of email security. What can we learn from that? Cymulate also published their analysis of more than 1 million security assessments. What's in there for us to learn? Lloyds CEO said they might take a hit on their cyber insurance offering due to their policies around the "war clause. Ok, what's the big deal? Ivanti published a report on government cyber security status. Surely all is well if the government is involved (and this is a global analysis, not just the US y'all.) Those points and more on this episode!

Not Blockchain...Or, kinda...But not really?  Anyway listen to smarter folks than me (lots of those) talk about how we can innovate around the use of distributed ledgers as part of a security strategy.  And how is this approach being accepted internationally, especially in Australia?  Cool new methods of enabling security with the folks from Tide (not the soap, the security guys).  Some solid conversation on this one y'all!

Did I spread misinformation about the SVB fiasco? Uh oh.  Did Ring get hit with ransomware, and are they secure?  What weird ports do Ring cameras use?  Rubrik has some issues going on, but did they handle it well?  Is it smart to market your organization or brand as Zero Trust?  Oh crap I am in trouble.  SpaceX may have been hit via a third party, ouch.  Why does third party risk continue to lead to compromise?  A recent report states that you can make up to 250k as a developer for the dark web.  Might be time for a career change.  Those points and more on this episode!

30% of dark web operators are women, according to TrendMicro.  That means more women are operating in the criminal side of cyber than on the defender side, wow.  The TSA is pushing new requirements for airports and airlines, but how secure are they and the FAA?  Layoffs are showing up in cyber, even though companies are doubling or even tripling their profits in the only market that has negative unemployment.  Why?  What does that tell us about those companies and their strategic execution?  Some tips on what to do if you are a business user of Lastpass.  And more on this episode!

US SOCOM had emails exposed to the internet for weeks thanks to a cloud misconfiguration.  Surely it's not still messed up?  Is the US Treasury as secure as it should be in regards to cyber?  What about using ChatGPT to send emails to students when a mass casualty event occurs?  Good or bad idea?  Does the Supreme Court understand the technology they are enforcing and drafting laws about?  What about section 230 and the big tech providers?  50% of CISO's say they are burnt out and it's only February, how can we help one another?  Those questions, my dog goes bonkers, and more on this episode!

Should we worry about the spy balloon?  Why not?  Gartner published some "research" on Zero Trust and how they don't see the strategy as a silver bullet.  Awesome.  Let's analyze that game changing paper.  Venturebeat also published a report on how to get wins from your Zero Trust endeavors this year, what should we pay attention to there?  Why wasn't cyber a topic during the State of the Union?  PWC published a good report on the executive sponsorship for security in large organizations, what can we learn there?  Those topics and more on this episode!

Can we have a national and international strategy that addresses ransomware?  How would that work?  Is it better to address the "how" of those attacks or the "why"?  What should we do to remove the incentive for these attacks?  Would a US first approach make us a bigger target?  What about kinetic attacks on those hacker groups?  Those questions and more on this super episode!

What happens when marketing attacks and goes "bold" without really understanding their position?  Is it smart to also not pay attention to your social profiles (lol)?  Why is the DoD Red Teaming their ZT providers?  Should you do the same as part of your strategy?  Why not?  Organizations aren't taking cyber warfare seriously according to Armis research, but why?  Is that wise?  Blackberry says malware is basically published at a rate of about one new sample per minute, wow!  And Akamai has published some research on the Windows CryptoAPI, what does that mean?  Those points and more on this episode!