ESW #312 – Tom Kellermann, Donald Fischer
Kellermann will discuss the recently published report “Cyber Bank Heist” that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Podcast listeners will learn what financial sector security leaders from around the world revealed in a series of interviews about specific trends when it comes to notable cyberattacks, e-fraud and cyber defense.
Segment Resources:
Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism?
Segment Resources: https://tidelift.com/government-open-source-cybersecurity-resources
In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.
- but no one was hurt!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Segments
1. Financial Institutions Under Siege in Cyberspace – Tom Kellermann – ESW #312
Kellermann will discuss the recently published report “Cyber Bank Heist” that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Podcast listeners will learn what financial sector security leaders from around the world revealed in a series of interviews about specific trends when it comes to notable cyberattacks, e-fraud and cyber defense.
Segment Resources:
Announcements
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape. We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register. Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Guest
Tom Kellermann is the Senior Vice President of Cyber Strategy at Contrast Security. Previously Tom held the positions of Head of Cybersecurity Strategy for VMware and Chief Cybersecurity Officer for Carbon Black Inc. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service. On January 19, 2017, Tom was appointed the Wilson Center’s Global Fellow for Cyber Policy. Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro; Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Tom was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States. In 2003 he co-authored the Book “Electronic Safety and Soundness: Securing Finance in a New Age.”
Hosts
2. Impact of New US National Cybersecurity Strategy on Organizations Building With OSS – Donald Fischer – ESW #312
Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism?
Segment Resources: https://tidelift.com/government-open-source-cybersecurity-resources
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Donald Fischer is co-founder and CEO of Tidelift. Previously he was a venture partner at General Catalyst, a member of the investment team at Greylock Partners, and an executive at Typesafe (now Lightbend) and Red Hat. He holds a BS in economics and computer science from Yale University, an MS in computer science from Stanford University, and an MBA from Columbia Business School.
Hosts
3. Deception, SaaS Security, and the 10 Plagues of Cloud Security – ESW #312
In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.
- but no one was hurt!
Announcements
As a member of the Security Weekly community, we are pleased to offer you 20% off your InfoSec World 2023 tickets! Join a community of over 2,000 security professionals and innovators at InfoSec World on September 25th through 27th at Disney’s Coronado Springs Resort. Experience world-class learning and networking through enlightening keynotes, informative panel discussions, interactive breakout sessions, hands-on workshops, and more.
Register today at securityweekly.com/infosecworld2023 using code ISW23-SECWEEK20!
Hosts
- 1. FUNDING: CrowdStrike Combines Powers With Abnormal Security to Stop Breaches
A "venture round" from Crowdstrike Ventures follows the company's $210M Series C in May 2022.
- 2. FUNDING: DataDome Closes $42 Million in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud
- 3. FUNDING: Hypori Completes $23M Series B Financing
- 4. FUNDING: Strivacity Announces $20 Million in New Funding To Modernize Customer Sign-in Experiences and Security
- 5. FUNDING: Push Security raises $15M to help SaaS users lower their online vulnerability
- 6. FUNDING: Entitle Launches With $15M in Seed Funding to Bake Security Into Permissions Management
- 7. FUNDING: SCADAfence raises $16 million, adds Fujitsu and Mitsubishi Electric as new investors
- 8. FUNDING: Votiro Raises $11.5 Million in Series A Funding
- 9. FUNDING: Spera raises $10M for its identity security posture management platform
- 10. FUNDING: Trustle Raises $6M Seed Round to Revolutionize Access Management
- 11. NEW COMPANIES: Seedata.IO – Making cybersecurity unknowns, known
- 12. LESSONS: 10 Plagues of Cloud Security
- 13. LESSONS: 69 Ways to F*** Up Your Deploy
- 14. LESSONS: List of experiences rolling out Yubikeys and WebauthN – Clint Gibler on Twitter
- 15. NEWSLETTERS: Jason Haddix’s Executive Offense Issue #2
- 16. REPORTS: FS-ISAC Navigating Cyber in 2023
- 17. AI TRENDS: Chat GPT & AI a growing concern for cyber insurance: Corvus’ Hedberg – Reinsurance News
- 18. AI TRENDS: Samsung workers made a major error by using ChatGPT
There's a lot of confusion and FUD going around on what is and isn't trained on when you use ChatGPT.
TL;DR: If you use ChatGPT's consumer interface (chat.openai.com), you are opted IN for your prompts being used to train/improve the service. There's a form you can fill out to opt OUT. (it's literally a Google form, which seems kinda janky, but it's pretty easy to opt out).
If you use OpenAI's API interface (api.openai.com), you are opted OUT for your input OR output data being used for training/improvement. There's a form you can use to opt IN.
- 19. TRENDS: Burgum, Baesler applaud landmark North Dakota computer science, cybersecurity measure
- 20. ESSAY: AI Revolutionizes Infosec
- 21. ESSAY: Cybersecurity vs. Everyone: From Conflict to Collaboration
- 22. SQUIRREL: When tires attack: Marques Brownlee on Twitter
