Security Matters

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time. And she sheds light on how the intricate web of identities – both human and non-human – shape the modern development pipeline to underscore the importance of visibility, governance and Zero Trust-based thinking. Tune in for insights to help fortify your cybersecurity practices and unlock the full potential of effective DevSecOps strategies.

Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what's causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks. As more organizations adopt cloud and DevOps technologies, the number of digital identities has skyrocketed, providing attackers with more accounts to exploit. However, Thompson emphasizes that staying vigilant about properly configured identities and analyzing their behavior can go a long way in mitigating the risk of ransomware attacks. Tune in to stay ahead of the curve in the ever-evolving landscape of cybersecurity threats.

We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most.  In short, we buckle up for safety.  And risk is something that today’s guest Larry Lidz, who’s Vice President and Chief Information Security Officer (CISO) for Cisco CX Cloud, thinks about a lot. On today’s episode, host David Puner talks with Lidz about cyber risk, the shifting tolerance levels for it and how it influences security decision-making. 

Quantum computing is coming and it has the potential to be both exciting and terrifying... On today's episode of Trust Issues, host David Puner speaks with cryptographer Dr. Erez Waisbard, CyberArk’s Technology and Research Lead, about quantum computing innovation and its cybersecurity implications – from data encryption to surveillance and privacy. Dr. Waisbard breaks down how encryption works, why it’s so important for safeguarding our data, and how quantum computers will break the methods used today. This may sound ominous, but designs for quantum-resistant encryption algorithms are already well underway. Check out the episode to learn more about them and how your organization can start preparing now. And, if you like this episode, be sure to check out Erez Waisbard’s blog post, "Quantum Computing Is Coming… Here are 4 Ways to Get Ready," on the CyberArk Blog. 

Today's guest is Den Jones, who's Chief Security Officer (CSO) at Banyan Security, a startup Zero Trust network access solution (and a CyberArk technology partner). Jones spent almost 19 years at Adobe, followed by a stop at Cisco, before landing at Banyan in 2021. As his Twitter bio tells it, he's a “Large Scale Zero Trust Deliverer,” which is part of his multifaceted CSO charge. In this episode, host David Puner talks with Jones about his singular cybersecurity career path – beginning with a formative stint as a Royal Mail postman in Scotland – and how he worked his way up the ladder to become a Zero Trust-delivering CSO. Jones explains how his role at Banyan encompasses all aspects of security, including product (putting the security around the security, as it were), enterprise and physical security. He also discusses the challenges he faces in his current role, including evangelizing the company's security strategy. 

Today's episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you're already here, so maybe just stick around?  In this episode, host David Puner and Payton continue their discussion, diving into the implications of AI and tools like ChatGPT for the cyber threat landscape – and the potential threats posed by deep fakes backed by synthetic identities. Also, could AI tech make it easier for bad actors to spread disinformation on a large scale? 

Since the earliest digital days, cyberattackers have targeted identities in their quests for riches, chaos and even revenge. So, what if we could hop into a flux capacitor-equipped DeLorean, hammer-down to 88 mph, and go back in time to better understand how yesterday’s threats influence today’s landscape – and what history can teach us about outpacing adversaries? Today, we do that – and a whole lot more – with a fantastic guest: Theresa Payton.  Payton is the first woman to have served as White House Chief Information Officer, a best-selling author and the founder and CEO of Fortalice Solutions. In part one of our talk, host David Puner and Payton cover a lot of ground: Payton highlights some of the major cybersecurity trends and threats during her time in the George W. Bush White House – from SQL injection attacks to emerging ransomware. She also reflects on technology’s role in expanding – and complicating – the attack surface, and offers innovative insights for defenders, drawing from her experience as a veteran cybercrime fighter.  As you’ll hear, it’s a great talk – so good that we’re releasing it in two installments. Be sure to check out part two of our conversation with Theresa Payton, which will release on March 1. You can make sure not to miss it by following Trust Issues – available on all major podcast platforms.  Great Scott! 

Even if you've been living under a super-sized rock for the last few months, you've probably heard of ChatGPT. It's an AI-powered chatbot and it's impressive. It's performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental. That's where today's guest Eran Shimony, Principal Security Researcher for CyberArk Labs, comes into the picture. In fact, in an effort to stay ahead of the bad guys, Eran recently had ChatGPT create polymorphic malware. In conversation with host David Puner, he helps us understand if we are collectively prepared to deal with ChatGPT and the implications it may have for cyber threats.  How'd did he get ChatGPT to do this and what are the implications? Listen in to find out. If you find this episode interesting, be sure to check out Eran's recent blog post on the CyberArk Threat Research blog: https://www.cyberark.com/chatgpt-blog 

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company's nearly 40,000 employees cyber-trained and secure. And, as you'll hear, Nigel highlights the similarities between football and cybersecurity and that understanding one's opponent and environment is crucial to success in both. 

We're starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we're seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries. On today’s episode, host David Puner talks with David Higgins, who’s a Senior Director in CyberArk‘s Field Technology Office, about how the critical infrastructure landscape has changed, its global implications and how cyber protectors have had to adapt.