EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography
Anton Chuvakin & Timothy Peacock talk to guest Jennifer Fernick, Senor Staff Security Engineer and UTL, Google
Phil Venables: AI in Cybersecurity - Threats, Toil, and Talent
With over 20 years of experience as a CISO, Phil Venables, Chief Information Security Officer at Google Cloud, talks about creating an AI framework, key use cases for AI in cyber, Google Cloud joining FS-ISAC's Critical Providers Program, how he approaches operational resilience, and gives advice on how CISOs can maintain work-life balance.
Notes from our Discussion with Phil
Google Cloud’s Security AI Framework AI has presented new risks and very specific types of threats. The objective is to create a foundational framework on a basic set of control principles that can be replicated in other processes. It’s important to extend detection and response capabilities to include AI systems. This is particularly important when deploying large language models (LLMs). AI is the best defense against AI. There’s a need to embed AI in tooling, so that everyone doesn’t need to be an AI expert.
Expectations from the Framework Google Cloud is looking to partner with organizations to develop the framework. This may not become “the” framework, as there are others like the NIST AI Risk Management Framework. The aim is to build on the framework to include other, more detailed recommendations and tooling. It should have a broader use, beyond Google and the customer’s use of Google’s AI.
Key Use Cases of AI in Cybersecurity There are 3 areas – Threats, Toil and Talent.
Threats: Google is using LLMs, AI and GenAI to analyze, monitor and manage threats, like analyzing new malware discovered via Google’s VirusTotal service and using Sec-PaLM 2 LLM to decode and provide threat advice. LLMs need to be trained using a large corpus of security and threat data.
Toil: Security operational jobs have a lot of overhead and ineffective tools. Google Cloud is focusing on using Sec-PaLM 2 to help organizations automate security operations.
Talent: AI will be the great democratizer of talent. Giving people AI assistance to develop, expand and extend their skills can increase security talent.
AI Risks for Financial Services Organizations AI as a democratizer of talent and a tool for enhancing people’s skills can also extend the capabilities of threat actors. Organizations will need to bolster their current defenses. For example, deepfakes across voice video and images are being used to confound authentication systems and organizations are strengthening their traditional authentication systems, like using hardware tokens.
Impact of AI and Strategies to Secure the Cloud Environment AI is driving an accelerated cloud adoption. Even the largest companies will need to migrate to the cloud for the processing capability to deploy the new LLMs. There will not only be a drive to the cloud to get access to AI, but also the use of AI tools to securely manage cloud configurations.
Google Cloud Joins FS-ISAC's Critical Providers Program As a cloud provider, Google provides support for many critical infrastructures and the financial services sector is among the most critical infrastructures in the world. With more banks moving to the cloud, it makes sense for Google to stay in touch with the community and make sure we’re meeting customers where they are. By joining FS-ISAC, Google Cloud wanted to be part of an organization that is promulgating best practices and sharing information and intelligence.
Learn valuable insights from industry leader keynotes and go even deeper on implementing zero trust through focused technical breakout tracks.
https://teiss.buzzsprout.com/180185/14651497-teisstalk-is-your-organisation-cyber-resilient
Selecting metrics that best convey the impacts and risks of your strategy to the board
How the changing threat landscape will affect your cyber resilience
The role cyber insurance plays as a component of your resilience strategy
This episode is hosted by Thom Langford https://www.linkedin.com/in/thomlangford/
Daniel G. Dresner, Professor of Cybersecurity, University of Manchester https://www.linkedin.com/in/danny-dresner-fciis-6382381
Mike Yeomans, Manager, Cyber Risk Quantification Service Delivery Lead, KPMG https://www.linkedin.com/in/mike-y-46129467/
Sam Woodcock, Senior Director - Cloud Strategy, 11:11 Systems https://www.linkedin.com/in/samuel-woodcock-9745b831/
BSides Calgary 2023 Presentations
Many of the recordings have bad sound quality, and the video recording is not too great either.
BSides Calgary is a not-for-profit foundation that aims to promote cybersecurity and the networking of cybersecurity professionals in Calgary and across Alberta. BSides Calgary is a high caliber gathering for information security professionals, hackers, coders, students and the greater tech community. Attendees of BSides Calgary conferences will share, discuss and learn about information security, privacy and technology.
Security BSides Athens 2023 Speakers
Security BSides Athens 2023 Playlist
"Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Athens, Greece."
Dave Aitel - Information Security Is an Ecology of Horrors and You Are the Solution
Dave Aitel is a former NSA computer scientist, one of the early innovators with fuzzing, the Founder of Immunity, Inc, and currently a Partner at Cordyceps Systems, where he focuses on leading a team doing machine learning and data science in the information security space. He continues to have many unpopular opinions.
Prata säkerhet med oss Ransomware
Ransomware - vanligaste sätten att drabbas
Vi går igenom de vanligaste orsakerna till att organisationer drabbas av ransomware och intrång.
Vi tar dessutom en titt på 80/20 regeln för vad man bör göra för att radikalt minska risken att drabbas av ransomware.
Ransomware är ett hett ämne, inte minst med tanke på att flera organisationer drabbats. Inte minst TietoEvry och därmed en rad offentliga verksamheter.
Dagens talare: Mikael Nyström, Truesec; Per-Erik Eriksson, Dataföreningen (HiQ)
Getting Started with Industrial (ICS/OT) Cyber Security Playlist
Industrial Control Systems (ICS) and Operational Technology (OT) run the world around us. Power plants, offshore oil rigs, trains and other transportation systems, manufacturing plants – these are just a few examples of the critical infrastructure that society depends on. Each ICS/OT environment is unique and has specialized security requirements.
Protecting critical infrastructure becomes more important each day as the frequency of cyber attacks and the number of attackers continues to grow. Nation state adversaries are no longer the only ones targeting these specialized environments. Today’s attackers include ransomware groups, hacktivists, cyber mercenaries, and more.
ICS/OT cyber security can seem complicated and even daunting at first, but it does not have to be. This course will help participants understand the fundamentals of how these environments operate and how to secure such specialized networks.
DarkNet Diaries Ep 143: Jim Hates Scams
Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers.
Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning
CISO Tradecraft #171 - Navigating Software Supply Chain Security (with Cassie Crossley)
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity.
A family friend sacrificed part of her finger as a child. This was as a Hindu, and happened in the Indus river.
Israel has about 7000 hostages (inlcuding kids, poets, grandmothers etc) and also re-imprisoned some of those released under the last deal. Most of those still held by Hamas are actually military so prisoners of war.
Who is doing all this killing? All these people just die and we just don’t know. So mysterious.
The regulations that require financial institutions to verify ID, also have data security requirements.
Wise is fairly reputable so you should be OK
That was quick. All is forgiven and forgotten?
and strike pay 130% of normal pay.
This is a continuation of the ethnic cleansing that Israel has carried out for the past 70 years. No big surprise.
The Palestinian Authority signed up to a peace agreement, recognised Israel, renounced violence but the Israelis continued expanding settlements and their ethnic cleansing.
This is a proposal for ethnic cleansing by Israel of the population of Gaza.
Gaza is under Israeli control even though Israel does not have any soldiers there. Under the Geneva Conventions, Israel is the occupying power. This is recognised by most governments in the world, the UN and all human rights organisations.
One does not declare war on a military occupation. You are already at war. Israel has been the occupying power for the past 50 years.
Time for the Sverige Democrats to say something stupid, bigoted and offensive to Türkiye