Without the ability to keep secrets our internet would fail. Without effective cryptography the internet would never have graduated from the hobbyist interest. And we have great examples of networks without effective encryption like the world wide HAM radio operators.

I’ve been utilizing cryptography in the development of web applications since my first professional web application development work. Although I’ve rarely understood the underlying technology and mathematics of cryptography.

In this episode of SecureTalk, host Justin Beals interviews Dr. Bill Anderson, an expert in cryptography. Bill shares his journey into the field, starting as a student in electrical and computer engineering who inadvertently ventured into cryptography during his postgraduate studies. He discusses the evolution of cryptography, its historical context, and the impact of quantum computing on current cryptographic methods. 

They explore various topics, including public key cryptography, digital signatures, and the ongoing need for crypto agility. Bill also provides insights into his current role as Principal Product Lead at Mattermost, a secure collaboration platform focused on data sovereignty and security. This episode offers a comprehensive look at modern cryptographic techniques and the challenges posed by future advancements in computing, making it a must-listen for anyone interested in cybersecurity and cryptography.

00:00 Welcome to SecureTalk: Introduction and Host Introduction

00:33 The Role of Security in Business Growth

01:55 Introducing Dr. Bill Anderson: A Security Expert

03:57 Dr. Anderson's Journey into Cryptography

05:35 The Evolution of Security and Cryptography

08:11 Understanding Business and Technology Landscapes

13:56 Mattermost: A Secure Collaboration Platform

22:01 The History and Methods of Cryptography

25:01 Understanding Public and Private Keys

25:58 Digital Signatures and Authentication

27:12 The Open Research Model in Cryptography

28:31 Challenges in Cryptographic Security

31:02 Quantum Computing and Cryptography

35:38 The Future of Cryptographic Systems

42:04 NIST's Role in Quantum-Safe Cryptography

49:41 Conclusion and Final Thoughts

Eldon Spickerhoff founded eSentire in 2001. He had been a Senior Information Security Engineer for ING Prime after completing his academic work at Waterloo University. At the time the cybersecurity solutions marketplace was primarily a services offering, focusing on vulnerability scanning. The team at eSentire realized that the tools deployed in vulnerability scanning to internal systems could be left running post a services engagement. And in the process they invented an ‘always on’ threat intelligence solution. In 2022 eSentire added storied private equity firm Warburg-Pincus to their cap table and achieved unicorn status with a valuation of one billion dollars.

In this engaging episode of SecureTalk, host Justin Beals invites Eldon Sprickerhoff, a seasoned cybersecurity expert and founder of eSentire, to share his journey. Eldon graduated with a computer science degree from Waterloo University in 1991 and went on to establish a leading managed security services provider.

During the conversation, Eldon reflects on his early career concerns and the macroeconomic challenges he faced during a recession. He also shares insights from his book, *Committed*, which explores the realities of startup life. The discussion highlights essential strategies for navigating the cybersecurity marketplace, the importance of founder-led sales, and the significant challenges and opportunities within the cybersecurity field.

Tune in to gain valuable perspectives on entrepreneurship, real-time vulnerability scans, and the impact of AI and quantum computing on cybersecurity.

Link to the Book: Commited: Startup Survival Tips and Uncommon Sense for First-Time Tech Founders https://sutherlandhousebooks.com/product/committed/

In this episode of Secure Talk, Justin welcomes Stephen Ferrell, a cybersecurity expert and Chief Strategy Officer of Strike Graph, to discuss the significant changes in the compliance landscape brought about by the Cybersecurity Maturity Model Certification (CMMC). They explore the recent finalization of the CMMC rule, its implications for the defense industrial base, and the phased compliance requirements for various certification levels. 

The conversation emphasizes the necessity of CMMC for federal contractors, including those in non-traditional sectors like medical equipment manufacturing, along with the associated costs and procedures. Stephen also shares insights from his experience conducting a self-assessment for CMMC compliance, offering practical advice for organizations aiming to achieve certification. 

This episode is essential for cybersecurity professionals who want to understand the latest federal compliance standards and prepare their organizations accordingly.

Privacy laws in our modern computing era have been around for well over twenty years. The conversation around appropriate privacy measures and effective governance of data has matured quite nicely since the early days of the Internet. While breaches do continue to happen, laws like GDPR, HIPAA and CCPA have helped set expectations for ethical and effective privacy practices.

But we are in the midst of a massive proliferation of generative AI models. Since the technology is so nascent our expectations of privacy are being reshaped. An AI model is fundamentally a mathematical representation of a large data set. Its probabilistic function will create information depending on the prompts it can be given. Deep in the model the data used to ‘train’ it still leaves a fingerprint of the source information. What are the expectations for privacy, copyright and safety to those of us that have shared information on the internet?

In this episode of Secure Talk, host Justin Beals engages in a comprehensive discussion with Dan Clarke,  about the significant impact of AI. The conversation begins with Dan’s early days in computing and follows his journey into developing AI governance. They explore the transformative effects of AI in comparison to historical technological innovations, as well as the risks and biases that are inherent in AI systems. Additionally, they discuss current and future legal compliance issues.

Dan shares personal anecdotes related to privacy challenges and the applicability of AI, emphasizing the importance of transparency, thorough risk assessment, and bias testing in AI implementations. This episode provides valuable insights for anyone interested in the ethical and responsible use of AI technology in today's applications.

00:00 Welcome to SecureTalk: Exploring Information Security

00:32 The Evolving Landscape of Privacy and AI

01:47 Introducing Dan Clark: AI Privacy Leader

03:10 Dan Clark's Journey: From Intel to Privacy Advocacy

04:14 The Impact of AI: Paradigm Shifts and Privacy Concerns

06:08 Personal Data and Privacy: A Real-Life Story

08:45 The Importance of Data Control and Fairness

13:10 AI Governance and Legal Responsibilities

21:02 Current Laws Impacting AI and Privacy

26:47 Legal Basis for Data Usage

27:01 Introduction to Truio and InnerEdge

27:29 The Birth of Truio: Addressing GDPR

28:39 AI Governance and Federal Privacy Law

30:48 Transparent AI Practices

31:58 Understanding AI Risks and Transparency

36:52 AI Use Cases and Risk Assessment

44:57 Bias Testing and AI Governance

50:39 Concluding Thoughts on AI and Governance

Link: https://get.truyo.com/ai-governance-training

In this episode of Secure Talk, host Justin Beals, CEO and founder of Strike Graph, discusses cybersecurity awareness training with Craig Taylor, CEO and co-founder of CyberHoot. They explore the evolution and significance of security training, particularly in light of the rising number of phishing attacks. Taylor shares insights from his extensive background, including being a senior risk analyst for Computer Sciences Corporation in the development of one of the first cloud hosting platforms. He also shares his experience as a virtual Chief Information Security Officer (vCISO) and the growth and success of CyberHoot. 

The conversation highlights CyberHoot's innovative use of positive reinforcement methods in their approach to automated training and examines the role of artificial intelligence (AI) in both creating and combating cybersecurity threats. They also discuss the future of AI in security training and provide practical steps that companies can take to enhance their cyber resilience.

00:00 Introduction to SecureTalk

00:34 The Importance of Security Awareness Training

03:18 Craig Taylor's Journey into Cybersecurity

05:25 The Evolution of Technology and AI

15:30 The Role of Virtual CISOs

21:48 Building CyberHoot: From Services to Product

25:17 The Ineffectiveness of Shock Collars and Negative Reinforcement

26:21 The Power of Positive Reinforcement in Training

27:21 Challenges with Fake Email Phishing

27:51 Cyberhoots' Approach to Phishing Simulations

28:50 Gamification and Positive Outcomes

30:26 The Anxiety Around Cybersecurity Training

31:39 The Problem with Traditional Phishing Tests

33:13 Emerging Best Practices in Cybersecurity

38:53 The Role of AI in Phishing and Cybersecurity

45:16 Future Perspectives and Rapid Content Creation

48:46 Conclusion and Final Thoughts

In this episode of Secure Talk we discuss the evolution of identity management with Eric Olden, co-founder and CEO of Strata Identity. Identity Management is at the heart of secure computing practices. And the requirements placed on it are ever-growing. Get it wrong, and you will expose the ‘crown jewels’ of your business. Today, many solutions rely on cloud-based Identity Management solutions for further security. How was Identity Management born, and where is it heading?

We discuss the early days of networked computing. How Eric recognized in 1995, while at Berkley, the opportunity of the Internet to break out of academic communities and become a space for business. In a moment of inspiration, he realized that the missing feature was security. To be successful a ‘web powered’ business needed to manage its users and their identities. Eric founded Securant Technologies in 1995 and developed some of the first Web Access Management products.  Securant Technologies was acquired by RSA in 2001. Eric continued to stay at the forefront of Identity Management by working on SAML, the gold standard of shared authentication.  Today, Eric is developing Strata and exploring how enterprise organizations are harmonizing multiple Identity Providers from Okta to Microsoft. Tune in to learn about the critical advancements shaping the trusted identity landscape from a leading expert and present innovator.

00:00 Introduction to SecureTalk

01:51 Challenges in Identity Management

03:16 Introduction to Eric Olden

04:33 Eric Olden's Early Experiences with Computing

08:39 The Birth of Identity Management Solutions

17:11 The Origin of SAML

23:13 Reflections on SAML Evolution

23:56 Introduction to OAuth and Identity Standards

26:22 The Vision Behind Strata

30:15 Challenges in Identity Management

33:12 Exploring Self-Hosted Identity Solutions

40:07 The Importance of Authentication and Authorization

46:39 Concluding Thoughts on Identity Standards

Cybersecurity is complicated; weird acronyms, massive risks and arcane skills. How do we teach or learn about cybersecurity in human ways?

In this episode of SecureTalk, host Justin Beals is joined by cybersecurity researcher Luca Viganò to discuss his innovative approach to demystifying cybersecurity concepts using fairy tales. Luca shares his passion for making cybersecurity accessible to both experts and the general public by employing storytelling techniques. Key topics include multifactor authentication, explained through 'Cinderella' and password security inspired by 'Alibaba and the 40 Thieves.' Luca's insights are based on his acclaimed article 'Cyber Security of Fairy Tales.' This episode provides a fresh perspective on engaging non-expert stakeholders and underlines the importance of a social-technical approach to cybersecurity.

00:00 Introduction to SecureTalk
00:34 Host's Background and Passion for Storytelling
03:07 Introducing Luca Vigano
04:49 Luca's Journey in Cybersecurity
06:47 The Power of Storytelling in Teaching Security
08:10 Fairy Tales and Cybersecurity
18:43 Cinderella and Multi-Factor Authentication
34:06 Alibaba and the 40 Thieves: Lessons in Security
40:30 Show vs. Tell in Security Education
44:39 Future Work and Conclusion

Article: Luca Viganò, The cybersecurity of fairy tales, Journal of Cybersecurity, Volume 10, Issue 1, 2024, tyae005, https://doi.org/10.1093/cybsec/tyae005

In this episode of SecureTalk, host Justin Beals speaks with Idan Plotnik, co-founder and CEO of Apiiro, about the complexities of application security and innovation. They discuss Idan's career, which began with his early interest in secure computing as an engineer for the Israeli Defence Force. Later, while at Microsoft, Idan was frustrated by the inefficiencies in current application security reviews that slowed down software delivery. Idan explains opportunities to improve the application security posture throughout the software development lifecycle, emphasizing their methods for deep code analysis and extended Software Bill of Materials (SBOMs). The conversation also covers the role of AI in security, the significance of automation, and the integration of graph data models for effectively visualizing and managing security threats.

00:00 Welcome to SecureTalk

00:32 Introduction to Application Security

01:44 Meet Idan Plotnik

02:52 Idan’s Journey in Cybersecurity

04:31 Early Encounters with Computers and Security

08:44 Military Service and Professional Growth

12:19 Founding Apiiro and Innovations in Security

14:06 Challenges in Modern Software Development

15:33 Comprehensive Security Measures

19:47 Understanding the Risk Landscape

24:35 Understanding Risk in Software Architecture

25:30 The Role of AI in Software Security

26:29 Translating Code into Components

27:50 The Importance of Software Inventory

31:47 The Limitations of SBOMs

40:02 Automation in Security Design

46:00 The Power of Graph Data Models

48:35 Conclusion and Final Thoughts

It’s easy to consider privacy as a technology issue, or a legal challenge. But our concepts of privacy have a lot to do with what type of community we would all like to live in. What happens when we consider privacy a right as opposed to a commodity?

Join us on Secure Talk for an in-depth exploration of the complex world of privacy with esteemed sociologist and author James B. Rule. In this episode, he draws parallels between past and present institutional power. He discusses his latest book, “Taking Privacy Seriously:  How to Create the Rights We Need While We Still Have Something to Protect “where he delves into the intricacies of privacy laws, the implications of personal data commercialization, and the notion of "personal decision systems." 

James presents 11 practical privacy reforms, highlighting the importance of informed consent and strong data protection measures. This episode offers cybersecurity experts valuable historical context, actionable insights, and thought-provoking discussions on how to balance privacy with technological advancement. Join the conversation on how we can protect what truly matters.

Join us as we examine the challenges and potential reforms related to privacy in the digital age, highlighting recent legislative successes such as California's new privacy laws. James advocates for the establishment of national institutions dedicated to promoting privacy. He also discusses the ethical dilemmas faced by technology and policy leaders in striving to find the right balance between the utility of personal data and the protection of individual privacy.

This episode is essential for cybersecurity experts interested in privacy reform and the history of personal data usage.

Book: “Taking Privacy Seriously: How to Create the Rights We Need While We Still Have Something to Protect” 

https://www.ucpress.edu/books/taking-privacy-seriously/paper

00:00 Introduction to SecureTalk

00:32 Exploring the Complexities of Privacy

01:21 Introducing James B. Ruhle

02:56 James B. Ruhle's Journey into Privacy

06:55 Historical Perspectives on Privacy

09:10 Modern Privacy Challenges and Solutions

15:48 The Concept of Lawful Basis

23:59 Personal Decision Systems

26:26 Proposed Privacy Reforms

36:56 Public Events and Privacy Issues

42:55 Conclusion and Final Thoughts

Have you ever felt like tech fandom was turning into a cult? A tech founder ‘preached’ that they heralded a new paradigm for humanity? AI will change everything, Cryptocurrency will make you rich, the ‘Singularity’ is coming! Elon Musk, Sam Altman, Steve Jobs, Bill Gates, etc are raised up as the new messiah by thousands of worshipers. Is it really so difficult to see the tendency of the billionaire technology founders to prey on our hopes and fears?

In a thought-provoking episode of Secure Talk, host Justin Beals  interviews Greg Epstein, the Humanist Chaplain at Harvard and MIT, and a New York Times bestselling author about his upcoming book, "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why It Desperately Needs a Reformation." They discuss the intricate relationship between technology, ethics, security, and human experience, challenging traditional perspectives on cybersecurity. Through engaging conversations about societal equity, community connections, and the ethical implications of technology-induced isolation, Greg and Justin shed light on the profound cultural and existential impact of technology on modern life. The discussion delves into the psychological and emotional aspects of the tech world, drawing parallels with religious structures and highlighting the need for a balance between technological engagement and ethical responsibility.

Book: "Tech Agnostic: How Technology Became the World's Most Powerful Religion and Why it Desperately Needs a Reformation"
https://mitpress.mit.edu/9780262049207/tech-agnostic/