ESW #317 – Brian Kenyon, Rhett Dillingham, Antonio Sanchez, Deepen Desai
Full Audio
View Show IndexSegments
1. 2023 Cybersecurity Trends and Post-RSA Observations – Antonio Sanchez – ESW #317
We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations.
Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utmsource=cyberrisk-alliance&utmmedium=contsynd&utm_campaign=ft-brand-awareness
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Announcements
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape. We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register. Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Guest
Antonio Sanchez is Principal Evangelist at Fortra. As a subject matter expert for Fortra’s security portfolio, Antonio helps drive market recognition for the Fortra brand. He joined Fortra from Alert Logic in 2023, where he developed the messaging, positioning, and technical content for the managed detection and response (MDR) business. Alert Logic was acquired by Fortra in 2022.
Antonio has over 20 years in the IT industry focusing on cybersecurity, information management, and disaster recovery solutions to help organizations of all sizes manage threats and improve their security posture. He is a Certified Information Systems Security Professional (CISSP).
Antonio has held various product management, technical sales, and strategic marketing roles with Dell, Forcepoint, and Symantec. At the latter, he was responsible for developing and leading the Competitive Intelligence Program for the core security unit.
Antonio is a life-long learner and skilled at translating complex topics into simple terms. He is also a big supporter of education for underprivileged communities and an active mentor for people from minority groups who are interested in a career in cybersecurity.
Hosts
2. CISO Avoids Jail, Shares Rise, Steganography, & DEF CON On Large Language Models – ESW #317
In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won’t go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security’s eternal prioritization problem!
Announcements
Our teams from Security Weekly and SC Media were onsite at RSA Conference 2023 delivering in-depth reporting, analysis and interviews from the conference. If you were unable to join us in person, or didn't manage to catch our video livestream from Broadcast Alley, you can access all of our RSAC 2023 coverage at https://securityweekly.com/rsac.
Hosts
- 1. FUNDING: Sourcepass Announces $135 MM in Total Funding and Their 7th Acquisition, Proxios
Misleading title - $65M of funding raised, but they shared the total instead. Previous round was $70M, so we're not calling this a Series B or a down round - they're both just "venture rounds".
- 2. FUNDING: BioCatch, the Leading Online Fraud Detection Platform, Welcomes Permira Growth Opportunities as a Significant Shareholder
$40M in secondary market funding for a minority stake
- 3. FUNDING: Token raises $30M to fuel growth and development of biometric authentication wearable
They make a wearable authentication device called a "Token Ring".
Yes, they're very clever. Funny name. Do physical auth tokens really make sense when we all carry a phone, a face, and a fingerprint though? How many 2nd, 3rd, 4th, and 5th factors do we really need?
- 4. FUNDING: HUB Security Raises Up to $16 Million in Growth Investment from The Lind Partners
- 5. ACQUISITIONS: Databricks acquires AI-centric data governance platform Okera
- 6. MARKET TRENDS: CrowdStrike, Fortinet shares rise in broad security tech rally
- 7. NEW FEATURES: Google rolls out passkey support across accounts on all major platforms
Shortly after Apple announces support for passkeys, Google announces it as well. Everyone seems to be beating Google to the punch these days, huh?
- 8. LEGAL: Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says
Does this set a precedent? It took a while, but it looks like the whole "act of war" interpretation has been finally decided. For Merck, at least.
- 9. LEGAL: Ex-Uber security executive gets probation, no jail time for concealing 2016 data breach
A few years probation and 200 hours community service. A lot of CISOs will be relieved, but was it the right result? Were prosecutors overzealous or out-of-line?
- 10. TRENDS: Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
TL;DR - maybe we're hiring from the wrong labor pools, or need to realize that all of security's labor needs need not match a single stereotype. It's almost like diversity is a good thing, huh?
- 11. TRENDS: Cybersecurity goes undercover to protect electric grid data
Is it just me, or is it weird they never use the term steganography when describing this? That's what this is, no?
- 12. AI TRENDS: DEF CON to set thousands of hackers loose on LLMs
LLMs are already so accessible, I'm curious if we'll see anything notable coming out of this. It makes more sense to set up these events for things that are more difficult to get access to, like voting machines.
- 13. AI TRENDS: No Business Plan? No Problem. ChatGPT Spawns an Investor Gold Rush in AI
AI Gold Rush. HUGE if true ;)
"No business plan required" <-- it's almost like we didn't learn from the cryptocurrency/blockchain rush...
- 14. AI TOOLS: EVA AI-Relational Database System
The complexity sidestepped here is breathtaking. The AI model simply makes a determination on the video data it's seeing and a simple SQL statement selects from it. Super powerful, and scary, given that we know the ML models reviewing video data are far from perfect.
- 15. ESSAYS: Security’s eternal prioritisation problem
- 16. SCIENCE: VulnU #010: Loneliness Epidemic: When Your Only Friend is Over Your VPN
Matt Johansen's latest edition of his Vulnerable U newsletter focuses on the importance of socialization to overall health.
Adrian's Take: don't be lonely, join us at BlackHat in a few months!!
3. Resilient Security: Tackling AI-Powered Phishing and Consumer Trends – Brian Kenyon, Deepen Desai, Rhett Dillingham – ESW #317
The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world.
This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them!
Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more.
This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!
The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable.
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!
Guests
As Chief Security Officer at Zscaler, Deepen Desai is responsible for running the global security research operations as well as working with the product group to ensure that the Zscaler platform and services are secure. Deepen has been actively involved in the field of cybersecurity for the past 19 years. Prior to joining Zscaler, he held security leadership roles at Dell SonicWALL.
Brian Kenyon drives corporate strategy at Island as its Chief Strategy Officer and one of the company’s founding members. Brian has also held the role of CSO at Symantec and Blue Coat Systems. He built his early career in technical roles for more than a decade at McAfee where he was Chief Technical Strategist, as well as CTO, and served as chief architect at start-up Foundstone.
Brian is the author of Security Battleground: An Executive Field Manual; Security Sage: Guide to Hardening the Network Infrastructure; and Special Ops: Host and Network Security. He holds a B.A. degree in Finance from Loyola Marymount University.
Rhett leads product management and user experience for Sumo Logic security solutions. With over 20 years of experience building cybersecurity, cloud, and collaboration platforms, he guides the build-out of Sumo Logic’s SaaS analytics platform to delight customers securing and protecting their enterprise against modern threats. Prior to joining Sumo Logic, Rhett held product development leadership roles at Amazon, AMD, JASK, Microsoft, and Rackspace.