Secure Talk Podcast

In this episode of Secure Talk we discuss the evolution of identity management with Eric Olden, co-founder and CEO of Strata Identity. Identity Management is at the heart of secure computing practices. And the requirements placed on it are ever-growing. Get it wrong, and you will expose the ‘crown jewels’ of your business. Today, many solutions rely on cloud-based Identity Management solutions for further security. How was Identity Management born, and where is it heading?

In this episode, we discuss the early days of networked computing. How Eric recognized in 1995, while at Berkley, the opportunity of the Internet to break out of academic communities and become a space for business. In a moment of inspiration, he realized that the missing feature was security. To be successful a ‘web powered’ business needed to manage its users and their identities. Eric founded Securant Technologies in 1995 and developed some of the first Web Access Management products.  Securant Technologies was acquired by RSA in 2001. Eric continued to stay at the forefront of Identity Management by working on SAML, the gold standard of shared authentication.  Today, Eric is developing Strata and exploring how enterprise organizations are harmonizing multiple Identity Providers from Okta to Microsoft. Tune in to learn about the critical advancements shaping the trusted identity landscape from a leading expert and present innovator.

00:00 Introduction to SecureTalk

01:51 Challenges in Identity Management

03:16 Introduction to Eric Olden

04:33 Eric Olden's Early Experiences with Computing

08:39 The Birth of Identity Management Solutions

17:11 The Origin of SAML

23:13 Reflections on SAML Evolution

23:56 Introduction to OAuth and Identity Standards

26:22 The Vision Behind Strata

30:15 Challenges in Identity Management

33:12 Exploring Self-Hosted Identity Solutions

40:07 The Importance of Authentication and Authorization

46:39 Concluding Thoughts on Identity Standards

Cybersecurity is complicated; weird acronyms, massive risks and arcane skills. How do we teach or learn about cybersecurity in human ways?

In this episode of SecureTalk, host Justin Beals is joined by cybersecurity researcher Luca Viganò to discuss his innovative approach to demystifying cybersecurity concepts using fairy tales. Luca shares his passion for making cybersecurity accessible to both experts and the general public by employing storytelling techniques. Key topics include multifactor authentication, explained through 'Cinderella' and password security inspired by 'Alibaba and the 40 Thieves.' Luca's insights are based on his acclaimed article 'Cyber Security of Fairy Tales.' This episode provides a fresh perspective on engaging non-expert stakeholders and underlines the importance of a social-technical approach to cybersecurity.

00:00 Introduction to SecureTalk
00:34 Host's Background and Passion for Storytelling
03:07 Introducing Luca Vigano
04:49 Luca's Journey in Cybersecurity
06:47 The Power of Storytelling in Teaching Security
08:10 Fairy Tales and Cybersecurity
18:43 Cinderella and Multi-Factor Authentication
34:06 Alibaba and the 40 Thieves: Lessons in Security
40:30 Show vs. Tell in Security Education
44:39 Future Work and Conclusion

Article: Luca Viganò, The cybersecurity of fairy tales, Journal of Cybersecurity, Volume 10, Issue 1, 2024, tyae005, https://doi.org/10.1093/cybsec/tyae005

In this episode of SecureTalk, host Justin Beals speaks with Idan Plotnik, co-founder and CEO of Apiiro, about the complexities of application security and innovation. They discuss Idan's career, which began with his early interest in secure computing as an engineer for the Israeli Defence Force. Later, while at Microsoft, Idan was frustrated by the inefficiencies in current application security reviews that slowed down software delivery. Idan explains opportunities to improve the application security posture throughout the software development lifecycle, emphasizing their methods for deep code analysis and extended Software Bill of Materials (SBOMs). The conversation also covers the role of AI in security, the significance of automation, and the integration of graph data models for effectively visualizing and managing security threats.

00:00 Welcome to SecureTalk

00:32 Introduction to Application Security

01:44 Meet Idan Plotnik

02:52 Idan’s Journey in Cybersecurity

04:31 Early Encounters with Computers and Security

08:44 Military Service and Professional Growth

12:19 Founding Apiiro and Innovations in Security

14:06 Challenges in Modern Software Development

15:33 Comprehensive Security Measures

19:47 Understanding the Risk Landscape

24:35 Understanding Risk in Software Architecture

25:30 The Role of AI in Software Security

26:29 Translating Code into Components

27:50 The Importance of Software Inventory

31:47 The Limitations of SBOMs

40:02 Automation in Security Design

46:00 The Power of Graph Data Models

48:35 Conclusion and Final Thoughts

It’s easy to consider privacy as a technology issue, or a legal challenge. But our concepts of privacy have a lot to do with what type of community we would all like to live in. What happens when we consider privacy a right as opposed to a commodity?

Join us on Secure Talk for an in-depth exploration of the complex world of privacy with esteemed sociologist and author James B. Rule. In this episode, he draws parallels between past and present institutional power. He discusses his latest book, “Taking Privacy Seriously:  How to Create the Rights We Need While We Still Have Something to Protect “where he delves into the intricacies of privacy laws, the implications of personal data commercialization, and the notion of "personal decision systems." 

James presents 11 practical privacy reforms, highlighting the importance of informed consent and strong data protection measures. This episode offers cybersecurity experts valuable historical context, actionable insights, and thought-provoking discussions on how to balance privacy with technological advancement. Join the conversation on how we can protect what truly matters.

Join us as we examine the challenges and potential reforms related to privacy in the digital age, highlighting recent legislative successes such as California's new privacy laws. James advocates for the establishment of national institutions dedicated to promoting privacy. He also discusses the ethical dilemmas faced by technology and policy leaders in striving to find the right balance between the utility of personal data and the protection of individual privacy.

This episode is essential for cybersecurity experts interested in privacy reform and the history of personal data usage.

Book: “Taking Privacy Seriously: How to Create the Rights We Need While We Still Have Something to Protect” 

https://www.ucpress.edu/books/taking-privacy-seriously/paper

00:00 Introduction to SecureTalk

00:32 Exploring the Complexities of Privacy

01:21 Introducing James B. Ruhle

02:56 James B. Ruhle's Journey into Privacy

06:55 Historical Perspectives on Privacy

09:10 Modern Privacy Challenges and Solutions

15:48 The Concept of Lawful Basis

23:59 Personal Decision Systems

26:26 Proposed Privacy Reforms

36:56 Public Events and Privacy Issues

42:55 Conclusion and Final Thoughts

Have you ever felt like tech fandom was turning into a cult? A tech founder ‘preached’ that they heralded a new paradigm for humanity? AI will change everything, Cryptocurrency will make you rich, the ‘Singularity’ is coming! Elon Musk, Sam Altman, Steve Jobs, Bill Gates, etc are raised up as the new messiah by thousands of worshipers. Is it really so difficult to see the tendency of the billionaire technology founders to prey on our hopes and fears?

In a thought-provoking episode of Secure Talk, host Justin Beals  interviews Greg Epstein, the Humanist Chaplain at Harvard and MIT, and a New York Times bestselling author about his upcoming book, "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why It Desperately Needs a Reformation." They discuss the intricate relationship between technology, ethics, security, and human experience, challenging traditional perspectives on cybersecurity. Through engaging conversations about societal equity, community connections, and the ethical implications of technology-induced isolation, Greg and Justin shed light on the profound cultural and existential impact of technology on modern life. The discussion delves into the psychological and emotional aspects of the tech world, drawing parallels with religious structures and highlighting the need for a balance between technological engagement and ethical responsibility.

Book: "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why it Desperately Needs a Reformation"
https://mitpress.mit.edu/9780262049207/tech-agnostic/

My first SOC 2 audit as a Chief Technology Officer felt like performance art. Here we were, dancing to the tune of an auditor that had never built a web application, let alone a business. So many of their playbooks were repeated from other businesses and didn’t make us more secure. When we were done I was certainly glad to show off our new ‘certification’ but I wondered how I could implement great security and create value for my company.

In this compelling episode of Secure Talk, host Justin interviews Bob Chaput, a seasoned CISO and cybersecurity leader with a rich background in the healthcare sector. The conversation traverses Bob’s extensive career, from his early days at GE to establishing Johnson & Johnson’s first information security program. Bob shares profound insights from his book, 'Cyber Risk Management as a Value Creator,' illustrating the shift of cybersecurity from a defensive necessity to a strategic business driver. They explore the critical role of governance, regulatory accountability, and the implementation of risk management frameworks like the NIST cybersecurity framework. Using real-world cases like Equifax’s post-breach recovery, Bob elucidates the tangible business value of robust cybersecurity measures. Learn about budgeting for cybersecurity, fostering organizational engagement, and integrating security into business operations for enhanced resilience and customer trust. This episode is a treasure trove for experts looking to transform their cybersecurity approach into a strategic advantage.

Book:  Enterprise Cyber Risk Management as a Value Creator 
https://bobchaput.com/enterprise-cyber-risk-management-as-a-value-creator/

00:00 Welcome to SecureTalk: Introduction and Host Overview

00:41 The Importance of Scope in Cybersecurity

02:58 Introducing Bob Chaput: Cybersecurity Expert

04:45 Bob Chaput's Career Journey

08:17 Enterprise Cyber Risk Management as a Value Creator

12:20 The Role of Regulations and Accountability in Cybersecurity

17:26 Strategic Approach to Enterprise Cyber Risk Management

21:33 Risk and Opportunity Assessment in Cybersecurity

26:47 Leveraging Security Practices for Business Value

27:58 The Impact of Cybersecurity on Business Value

28:56 Clearwater's Role in Enhancing Cybersecurity

31:03 The ECRM Budget Philosophy

32:59 Maxims for Effective Cyber Risk Management

35:59 Building a Team Sport Culture in Cybersecurity

40:47 Foundational Components of ECRM

44:19 Challenges in Third-Party Risk Management

49:25 Clearwater's Journey and Future Prospects

In the never-ending vortex of Silicon Valley's hype cycle, it's easy to get lost in the sea of superficial success stories and forget that true innovation often requires patience, persistence, and a willingness to disrupt the status quo – not just a fancy logo or a tweet from a billionaire CEO. Inside of the froth however, there are investors and venture capitalists that think carefully about who they are investing in, why it is a durable venture and how to create the best impact for everyone.

In this episode of Secure Talk, host Justin Beals welcomes Rey Kirton from Forge Point Capital to discuss venture capital's unique role in the cybersecurity industry. Rey shares his journey from consulting to venture capital, outlining the importance of building meaningful long-term relationships with companies he invests in. He explains how Forge Point Capital develops investment theses and highlights the value of solution-based, data-driven AI applications. The conversation delves into the significance of listening to customer feedback, industry patterns, and emerging themes like edge computing and AI in cybersecurity. The episode is a must-listen for founders and investors navigating the current market landscape, offering insights into building successful business partnerships and understanding evolving technology trends.

00:00 Welcome to SecureTalk

00:36 Introducing Our Guest: Ray Kirton

01:30 Rey Kirton's Career Journey

02:25 Venture Capital Insights

05:14 The Role of ForgePoint Capital

06:55 Investment Strategies and Challenges

17:01 AI in Cybersecurity

21:45 Leveraging Proprietary Data for AI and Data Science

23:19 The Rise and Fall of Blockchain and Crypto Hype

28:10 Understanding Venture Capital Dynamics

34:31 Future Trends in Technology and Investment

37:56 Advice for Aspiring Founders

39:09 The Importance of Customer Feedback

42:47 Building Strong Investor Relationships

"If you torture the data long enough, it will confess to anything" said Ronald Coase. Certainly the advent of AI has created some spectacular progress and failures. In the realm of patient care AI tools can have a powerful impact and there is little room for error. How do professionals in the Medical Device and Medical Software space prepare their solutions for the market?

In the latest episode of SecureTalk, Justin is joined by Dr. Paul Campbell, who serves as the Head of Software and AI at the UK's Medicines and Healthcare products Regulatory Agency (MHRA). Dr. Campbell discusses his journey from pharmacy to becoming a prominent figure in healthcare IT and regulated software. The conversation covers the development of AI in healthcare, the global standardization of regulations, and the MHRA’s innovative initiatives such as AI Airlock, which are driving progress in medical technology. The discussion also delves into the vital role of data representation, ethical considerations in AI, and the complexities of implementing advanced technologies in real-world medical settings.

Much of the United States' progress since World War II on the global stage is due to a powerful partnership between private industry and the US government. The internet itself was a DARPA research project now turned into an economic juggernaut. How do we feed and support this powerful partnership?

In this episode of SecureTalk, host Justin Beals welcomes Jason Healey, a senior research scholar at Columbia's School for International and Public Affairs. Jason, a pioneer in the field of cyber threat intelligence and former intelligence officer, discusses his extensive career and the evolution of cyber defense from the late 1990s to today. Topics include the origins of cybersecurity, the challenges of cyber warfare and policy, and the balance between defense and innovation. Jason elaborates on the critical role of metrics such as mean time to detect in measuring cybersecurity effectiveness and emphasizes the importance of harmonizing regulations and frameworks in the U.S. A detailed analysis of recent cyber incidents and the necessity for more robust cyber policies underlines the insightful conversation, making it essential listening for cybersecurity professionals.

I’ve participated or led technology product teams for 25 years. And engaging in effective security practices was three simple activities: least privileges, change management and network/server configurations. But in an ever-changing security environment, how do security leaders engage product teams in effective practices? Join us on Secure Talk with Naomi Buckwalter, the Senior Director of Product Security at Contrast Security.

Throughout our conversation, Naomi shares her intriguing journey into the field of cybersecurity, from her early interest in tech and her educational background to landing a significant role at Vanguard Financial and eventually becoming a thought leader in cybersecurity. She explains the critical distinction between secure architecture reviews and secure code reviews and delves into the importance of trust and collaboration between developers and security engineers. Naomi also emphasizes the importance of inclusive hiring and discusses how she has successfully integrated individuals from non-traditional backgrounds into cybersecurity roles. As the founder of Cybersecurity Gatebreakers she helps technology teams find “young-in-career” talent ready to make an effective contribution. A poignant part of the discussion revolves around the concept of 'sec-splaining,' the need for excellent communication, and why security should be seen as a service to the business. This conversation is a must-listen for cybersecurity experts looking to enhance their understanding of team building and effective security management for software development.

-----
Additional Resources: 
Books:
"The Smartest Person in The Room" by Christian Espinosa

https://christianespinosa.com/books/the-smartest-person-in-the-room/

"Five Disfunctions of a Team" by  Patrick Lencioni

https://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756