mnemonic security podcast

Have you ever worked alongside a machine learning engineer? Or wondered how their world will overlap with ours in the "AI" era?

In this episode of the podcast, Robby is joined by seasoned expert Kyle Gallatin from Handshake to enlighten us on his perspective on how collaboration between security professionals and ML practitioners should look in the future. They discuss the typical workflow of an ML engineer, the risks associated with open-source models and machine learning experimentation, and the potential role of "security champions" within ML teams. Kyle provides insight into what has worked best for him and his teams over the years, and provides practical advice for companies aiming to enhance their AI security practices.

Looking back at our experience with "DevSecOps" - what can we learn from and improve for the next iteration of development in the AI era?

Operationalising threat intelligence is back on topic for the mnemonic security podcast!

Making a return to the podcast is Joe Slowik from MITRE Corporation, where he is the CTI Lead for MITRE ATT&CK and also Principal Engineer for Critical Infrastructure Threat Intelligence. Also joining is Jeff Schiemann, an industry veteran and CISO at one of the world's first crypto banks.

The conversation ventures across how security teams are currently using threat intelligence, the importance of frameworks and standardisation, and the role AI and automation may play for defenders and adversaries. The trio also share their thoughts on a future where threat intelligence decisions can be automated in real-time, and what might take to get us there.

When we talk about securing an organisation’s assets, we most often mean its data, devices, servers, or accounts, but are we doing enough to secure the group of people leading the company? Or the ones doing high risk work on behalf of the organisation?

To discuss the importance of securing high-risk individuals, like journalists, politicians and executives, Robby is joined by an expert in this field, Runa Sandvik, journalist, security researcher and founder of Granitt. At Granitt, Runa works with digital security for journalists and other at-risk people, building on her experiences working at The New York Times, Freedom of the Press Foundation and The Tor Project.

During the conversation, they talk about how to secure devices when travelling to high-risk countries, what tools to use and at what time, and how threat actors usually target individuals. Runa also shares how she works to secure accounts and devices for her clients.

For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI). 

It is not too long ago since Eoin last visited the podcast, (only 7 months,)  but lots has happened in the world of AI since. During the episode, he talks about some of the most significant changes and developments he’s seen the last months, how models are getting smarter, smaller and more specific, and he revisits his crystal ball predictions last episode.

Robby and Eoin discuss potential security risks posed by using AI tools, how to secure AI powered tools, and what you should think about before using them. Eoin also gives some new crystal ball predictions and recommendations to organisations starting to utilise AI adjacent technologies.

Data Brokers and Data Removal Services

What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies?

To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a service that automates user personal data removal from data brokers.

Darius shares from his research on data brokers and their business models, and explains what a typical data broker looks like, the most commons methods they use to collect our data, and who some of the most popular data brokers are.

This brings the conversation to the growing market for data removal services, and the two also talk about new legislative measures that might be changing the landscape these organisations operate in.

For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security.

Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set of security topics ranging from telling the risk story and categorising risk, to darknet monitoring and infiltration, and using chatbots for security analysis and risk management.

Ethical social engineering

Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed?

Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and hands-on experience working as an ethical hacker specialising in social engineering.

In her conversation with Robby, she shares what goes through her head during social engineering  assignments, and discusses the importance of company culture and management expectations when doing these kinds of assessments.

Ragnhild is particularity interested in the other side social engineering and how we should meet the humans that are involved in these assignments. During this episode she explores what ethical responsibilities we have, what a pentester should demand from a company before accepting an assignment, and what a company should demand back from a pentester.

How will AI impact the next generation of people working with computer science?

This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos. 

Athena was recently visiting colleges, together with her father Brian Contos, a long-time veteran of the mnemonic security podcast. They both noticed a lot of excitement and concern regarding AI amongst those about to embark on their higher education, and questions about how AI will impact their choices of schools, majors, careers, and ultimately their future.

In this episode, Athena and Richard share their perspectives on AI’s potential in education, the ethics of using AI in this context, and how we can go from combating the use of AI in the classroom to making it a useful tool for learning.

How does cybersecurity play a part in ensuring food security?

As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production.

During her conversation with Robby, she shares some of her major research findings, and how data, automation, IoT and AI play an important role in food production these days.

They also discuss the state of cybersecurity in farming technologies and some of the most common cybersecurity threats to the food supply chain.

Conflictual coexistence

Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security. 

He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), including being Chief Security Officer at Altinn, the Norwegian authorities' solution for reporting and dialogue with business and industry.

In his conversation with Robby, Raymond shares from his threat research on predicting APT attack behaviour, including his hypothesis, prediction models and some preliminary findings.

 Raymond and Robby also discuss conflictual coexistence between nation states, especially US-China and US-Russia relationships, and how this has affected the cyber landscape historically, and will continue to affect it in the future.