This podcast episode delves into the intricate nexus of artificial intelligence and security, featuring an enlightening conversation with Harriet, the author of a newly released book Practical AI Security. We explore her compelling journey from a background in physics and anthropology to becoming a pivotal figure in the realm of cybersecurity, particularly focusing on the challenges posed by adversarial machine learning. Harriet elucidates the pressing necessity for organizations to comprehend and mitigate the security vulnerabilities inherent in AI systems, as well as the broader implications for national security. Our discourse also addresses the critical need for collaboration between cybersecurity professionals and AI developers to ensure that security considerations are embedded within AI design from the outset. Ultimately, we aim to provide our audience with a profound understanding of the evolving landscape of AI security and the imperative of safeguarding these transformative technologies.

Artificial Intelligence is transforming the way we build technology, automate decisions, analyze data, and solve some of the world’s biggest challenges.

But as AI becomes more powerful and more deeply embedded into our lives, one critical question becomes increasingly important:

How do we secure AI itself?

In this episode of Security by Default, host Joseph Carson is joined by Harriet Farlow, AI security researcher, founder of Mileva Security Labs, and author of “Practical AI Security: A Hands-On Guide to Attacking, Defending, and Securing Modern AI Systems.”

Together they explore the rapidly evolving world of AI security, adversarial machine learning, and why understanding how AI works is essential before we can protect it.

AI is often described as the next technological revolution, but securing AI requires us to rethink many traditional cybersecurity approaches.

Unlike conventional software, AI systems are built on data, probability, optimization, and learning models. They do not always fail in predictable ways, and vulnerabilities are not always solved with a simple patch.

Harriet shares her fascinating journey from studying physics and anthropology to working in data science, national security, and artificial intelligence, eventually discovering the world of adversarial machine learning — where attackers attempt to manipulate and disrupt AI systems themselves.

This conversation goes beyond the hype and explores what defenders, developers, and organizations need to understand as AI becomes a critical part of modern technology.

🤖 Why AI Security Matters More Than Ever

AI is becoming part of software development, business operations, healthcare, finance, critical infrastructure, and cybersecurity itself.

As adoption accelerates, organizations must move beyond simply asking:

“How can we use AI?”

and start asking:

“How do we secure AI?”

🧠 Understanding How AI Really Works

Harriet explains why machine learning systems are fundamentally different from traditional software.

AI systems are:

• Probabilistic rather than deterministic
• Dependent on training data quality
• Designed around optimization
• Continuously influenced by changing environments

Understanding these foundations is essential for anyone responsible for protecting AI.

🔓 The World of Adversarial Machine Learning

What happens when attackers stop targeting only applications and infrastructure…

…and start targeting the AI model itself?

The episode explores:

• Model manipulation
• Data poisoning
• AI weaknesses
• Training challenges
• Unexpected behaviors
• The difficulty of understanding model decisions

🛠️ How Do You Patch AI?

One of the biggest questions facing cybersecurity professionals today:

If AI learns something wrong, how do we fix it?

Traditional security follows a familiar process:

Find vulnerability → Apply patch → Reduce risk

AI changes that.

Sometimes protecting AI is not about fixing code.

It is about understanding and correcting behavior.

⚔️ AI for Security vs Security for AI

For years, organizations have focused on using AI to improve cybersecurity.

But now the challenge has expanded.

Cybersecurity needs AI.

But AI also needs cybersecurity.

As AI becomes part of everyday systems, security teams must understand how to protect the models, data, and decisions that organizations rely on.

🌍 Why AI Security Requires Different Skills

The future of AI security requires collaboration between:

• Cybersecurity professionals
• AI engineers
• Data scientists
• Researchers
• Risk leaders
• Policy experts

Building trustworthy AI means bringing these worlds together.

Security must be part of AI from the beginning.

🔹 Harriet’s journey from physics and anthropology into AI security

🔹 Working in data science and national security environments

🔹 Discovering adversarial machine learning

🔹 Founding Mileva Security Labs

🔹 Writing Practical AI Security with No Starch Press

🔹 Why AI vulnerabilities are different from software vulnerabilities

🔹 The importance of data quality and model training

🔹 Understanding probability and machine learning foundations

🔹 How attackers target AI systems

🔹 Why securing AI requires a new mindset

🔹 The future of AI safety and cybersecurity

🔹 Staying updated in a fast-moving industry

🔹 Building responsible and secure AI systems

💬 “Before we can secure AI, we first need to understand how it works.”

💬 “AI security is not always about fixing a bug. Sometimes it is about correcting a behavior.”

💬 “Cybersecurity needs AI, but AI also needs cybersecurity.”

💬 “The future is not just about building smarter AI — it is about building safer AI.”

00:00 – Introduction to Security by Default

01:03 – Harriet Farlow’s origin story

04:28 – From data science to cybersecurity

08:48 – Creating Mileva Security Labs

10:51 – Conferences, community, and writing Practical AI Security

17:28 – How AI has evolved

19:43 – Understanding machine learning models

21:43 – The challenge of patching AI systems

23:37 – Training data, quality, and user impact

25:23 – Why AI models can be difficult to understand

27:36 – AI and cybersecurity coming together

30:18 – Why AI fundamentals matter

32:04 – Practical examples and real-world AI security

33:38 – Staying updated in AI security

36:27 – Learning from the AI security community

38:08 – Ethics and responsible AI development

Harriet Farlow

Founder — Malevra Security Labs

Author — Practical AI Security

🔗 LinkedIn:

https://www.linkedin.com/in/harriet-farlow-654963b7/

📘 Practical AI Security — No Starch Press

https://nostarch.com

🎓 AI Fundamentals Course

https://harriethacks.com/course/

🎧 Security by Default Podcast

Exploring the people, stories, and ideas helping make technology safer.

Because security should not be an afterthought.

Security should be by default.

#SecurityByDefault #AISecurity #Cybersecurity #ArtificialIntelligence #MachineLearning #AdversarialML #AI #ResponsibleAI #SecurityResearch

Takeaways:

• The podcast episode discusses the importance of understanding AI security in the context of national security and its implications.
• Harriet's journey from a background in physics and anthropology to her current role in AI security demonstrates the interdisciplinary nature of the field.
• The conversation highlights the necessity for collaboration between AI developers and cybersecurity professionals to ensure secure AI systems.
• Listeners are encouraged to engage with various resources to stay informed about the rapidly evolving landscape of AI and cybersecurity.
• The significance of addressing the ethical considerations in AI development is emphasized throughout the discussion, focusing on empowering rather than replacing human effort.
• The episode underscores the idea that AI security is not merely about using AI for cybersecurity but also about securing AI systems from external threats.

In this episode of the Security by Default podcast, host Joe Carson welcomes Diana Kelley, a prominent figure in the tech industry, to discuss her journey in technology, the evolution of AI, and its implications for cybersecurity and the job market. They explore the historical context of AI, from early systems like ELIZA to modern advancements like Watson and ChatGPT, and address common misconceptions about AI's capabilities. The conversation also delves into the future of jobs in an AI-driven world, emphasizing the need for training and understanding of AI technologies. In this conversation, Joseph Carson and Diana Kelley discuss the evolution of jobs in the context of technological advancements, particularly focusing on AI and its implications for the workforce. They explore the necessity of continuous retraining and the emergence of new roles, the importance of contextual understanding in AI, and the behavior of AI agents. Additionally, they emphasize the need for control mechanisms in AI development and the importance of empowering women in cybersecurity to address the growing challenges in the field.

Takeaways

• The podcast aims to bring clarity and transparency to the chaos in the tech world.
• Diana Kelley has a rich history in technology, starting from the DARPAnet in the 1970s.
• ELIZA was one of the first AI systems, designed to emulate a therapist.
• Watson's success in Jeopardy was due to its speed, not intelligence.
• AI's interaction with humans can lead to misconceptions about its capabilities.
• Chain of thought prompting has improved AI's problem-solving abilities.
• AI is a probability machine, not a sentient being.
• Training is essential for effective AI usage.
• The evolution of AI has implications for job security and creation.
• Legacy systems still require human oversight and expertise. The jobs we have today are constantly evolving due to technology.
• Retraining is essential to stay relevant in the workforce.
• AI will create new job opportunities in various fields.
• Understanding context is crucial for effective AI interaction.
• Prompt engineering is a vital skill in working with AI models.
• Control mechanisms are necessary for managing AI behavior.
• Empowering women in cybersecurity is critical for the industry's future.
• Community support is essential for fostering diversity in tech.
• Continuous learning is key to adapting to technological changes.
• Networking and mentorship play a significant role in career development.

Chapters

00:00 Introduction to the Podcast and Guest

01:01 Diana Kelley's Journey in Tech

04:56 The Evolution of AI: From ELIZA to Watson

10:14 AI in Cybersecurity: Training Watson for Cyber

14:03 Understanding AI: Human-like Interaction and Misconceptions

16:33 Advancements in AI: Chain of Thought Prompting

20:11 The Future of Jobs in the Age of AI

21:20 The Evolution of Jobs and Skills

23:51 AI and Human Interaction

27:06 Contextual Understanding in AI

29:56 Agent Behavior and Control

32:58 Staying Informed in a Rapidly Changing Field

36:07 Empowering Women in Cybersecurity

Resources & Links:

• ELIZA - Joseph Weizenbaum's AI Program
• Diana Kelley - LinkedIn
• OWASP GenAI Project
• Women in Cybersecurity (WiCyS)
• IBM Watson
• OpenAI GPT Models
• Anthropic's Claude

Connect with Diana Kelley:

• LinkedIn

Enjoy this insightful conversation on the past, present, and future of AI and cybersecurity, highlighting the balance between innovation and responsible deployment.

In this episode, cybersecurity expert JC Vega shares insights on effective communication, leadership, and risk management in cybersecurity. He emphasizes the importance of translating technical concepts for business leaders, building trust, and fostering community to enhance organizational resilience.

keywords

cybersecurity, leadership, risk management, communication, trust, community, organizational resilience, cybersecurity education

keytopics

• Translating cybersecurity for non-technical audiences
• Building champions within organizations
• The importance of trust and verification in security
• Cybersecurity as an enterprise survival issue
• Leveraging AI and technology responsibly

sound bites

"Validate and verify, don't just trust."

"Train like it's a Super Bowl."

"Leave a link, build a community."

Chapters

00:00 Introduction to Cybersecurity Leadership

02:34 Translating Cybersecurity for Non-Technical Audiences

05:13 Building a Team of Champions

08:02 Understanding Business Impact and Risk

10:39 The Role of AI in Cybersecurity

12:58 Cybersecurity as an Enterprise Survival Problem

15:21 The Importance of Ecosystem Relationships

18:00 Trust and Zero Trust in Cybersecurity

20:28 Continuous Learning and Community Engagement

resources

Cyber Cannon Project - https://cybercannonproject.org/

B-Sides Conferences - https://www.bsidescon.org/

LinkedIn Profile of JC Vega - https://www.linkedin.com/in/jcvega/

In this special edition recorded live at RSA Conference, Joseph Carson is joined by Gerasimos Marketos (gmar), Chief Product Officer at Hack The Box.

They explore how AI is reshaping cybersecurity skills, why traditional education is struggling to keep up, and how hands-on platforms are redefining how defenders and ethical hackers are trained. From real-world fraud detection to AI-powered CTF competitions, this episode dives into the evolving relationship between humans and machines in cybersecurity.

🔑 Key Themes & Topics

• AI vs Humans in cybersecurity competitions
• Why AI is an accelerator, not a replacement
• The evolution from traditional training → hands-on gamified learning
• Closing the cybersecurity skills gap
• Red, Blue, and Purple team upskilling
• AI governance, risk, and agentic threats
• The future of cybersecurity careers and hiring

⏱️ Chapters

• 00:00 – Introduction & RSA Conference insights
• 02:00 – GMar’s journey: Data → Fraud → Cybersecurity
• 06:30 – Who and What is Hack The Box?
• 10:30 – AI vs Humans: CTF research findings
• 13:00 – AI as a productivity multiplier
• 15:30 – Real-world example: AI winning competitions
• 16:00 – RSAC trends: AI everywhere
• 17:00 – AI governance & emerging risks
• 18:00 – AI for security vs security for AI
• 19:00 – Staying relevant in cybersecurity

🚀 Hack The Box Explained

Hack The Box is a cybersecurity upskilling platform offering:

• 🎓 Academy – Structured learning paths
• 🧩 Challenges & Labs – Hands-on environments
• 🏁 CTFs (Capture The Flag) – Competitive exercises
• 🏢 Pro Labs – Enterprise-scale simulations
• 🔎 Talent Search – Connecting skilled professionals with employers

It supports:

• Red Teams (Offense)
• Blue Teams (Defense)
• Purple Teams (Collaboration)

Resources:

https://www.hackthebox.com/

https://www.linkedin.com/in/gmarketos/

https://www.hackthebox.com/ai-augmented-cyber-workforce-report

In this episode, Fernando Montenegro shares his journey into the cybersecurity industry, insights on industry analysis, and the evolving trends shaping cybersecurity today. Discover how analysts bridge the gap between vendors, buyers, investors, and academia, and learn practical tips for engaging effectively with industry experts.

key Takeaways

• Role of industry analysts in cybersecurity
• Emerging trends in cybersecurity including AI and attack surface expansion
• Effective engagement with analysts for decision support
• Strategic cybersecurity budgeting and investment
• Influence of economics and incentives on security decisions

sound bites

"Understanding what's going on in the world"

"Good enough security can be effective"

"Workload AI versus workforce AI"

Chapters

00:00 Introduction to Security by Default Podcast

00:53 Fernando Montenegro's Origin Story

05:16 The Role of an Industry Analyst

08:55 Maximizing Value from Analyst Interactions

13:16 Understanding AI in Conversations

15:44 Choosing the Right Solutions

16:40 Decision-Making in Technology and Business

17:13 Trends in Cybersecurity and AI

18:26 Understanding Workload vs. Workforce AI

19:40 The Evolving Role of Security Professionals

21:43 The Strategic Importance of Cybersecurity

23:58 Incentives and Decision-Making in Security

25:53 The Shift Left Approach in Development

27:16 Budgeting for Cybersecurity Investments

30:47 Navigating Cybersecurity Budgets

32:26 Engaging with Analysts and Staying Informed

34:33 Curating Information in a Data-Driven World

36:55 Balancing Operational and Strategic Insights

37:51 Connecting with Analysts and Final Thoughts

Resources

LinkedIn Profile of Fernando Montenegro - https://www.linkedin.com/in/fsmontenegro/

Futurum Group - https://futurumgroup.com/

Obsidian Knowledge Management System - https://obsidian.md/

Book: Why Most Security Budgets Go to Waste by Ross Young - https://a.co/d/02BZPwdO

Join cybersecurity expert Joseph Carson and guest Gary as they explore innovative ways to make cybersecurity engaging, fun, and accessible. Discover how humor, storytelling, and community involvement can transform the industry and attract new talent.

Chapters

00:00 Welcome to the Cybersecurity Chaos

02:32 From Fear to Fun in Cybersecurity

05:27 The Journey of a Cyber Advocate

08:09 The Importance of Community and Collaboration

10:45 Bringing Laughter Back to Cybersecurity

13:13 Rebranding Cybersecurity for New Talent

16:00 The Power of Words in Cybersecurity

18:43 Innovative Approaches to Cyber Awareness

21:29 Lessons from Kids: Simplifying Cybersecurity

24:39 The Inner Child and Cognitive Dissonance

26:40 Gamification and Learning Innovations

28:19 Storytelling in Cybersecurity

29:15 Cybersecurity Starts at Home

30:36 Community Engagement and Employee Connection

32:14 The Importance of Acknowledgment

34:13 Finding Joy in Everyday Life

35:11 Humor as a Coping Mechanism

40:04 The Power of Positive Thinking

45:02 Mission Accomplished: Fun and Safety

Resources

Cyber Heroes Comics - https://cyberheroescomics.com/

Gary's LinkedIn Profile - https://www.linkedin.com/in/gary-berman/

Join Joseph Carson in this insightful episode as he interviews cybersecurity expert Chris Kubecka. They discuss critical infrastructure security, cyber warfare, geopolitical risks, and the evolving landscape of digital threats, providing valuable lessons for cybersecurity professionals and policymakers.

Key Topics

Cybersecurity in critical infrastructure

Geopolitical cyber threats and hybrid warfare

Evolving landscape of digital threats and resilience

Sound bites

"GPS jamming has been a massive challenge."

"Digital Empires: China, Europe, and the US."

"Radio communications are a vital fallback."

Chapters

1. 00:00 Introduction and Background of Chris Kubecka
2. 01:37 Cybersecurity Challenges in Critical Infrastructure
3. 03:37 Evolving Nature of Cyber Threats
4. 05:45 The Role of Drones in Modern Warfare
5. 07:25 Hybrid Warfare and Global Diplomacy
6. 10:10 The Shift in Global Cybersecurity Dynamics
7. 12:18 The Importance of International Cooperation
8. 14:33 Privacy and Ethics in Cybersecurity
9. 16:50 Historical Context and Regional Cooperation
10. 18:55 Cyber Attacks on Civilian Infrastructure
11. 22:04 Personal Experiences in Estonia
12. 24:10 Geopolitical Tensions and Cybersecurity
13. 25:52 Challenges in Maritime Connectivity
14. 28:16 Critical Infrastructure Vulnerabilities
15. 30:22 The Role of Radio in Authoritarian Regimes
16. 33:43 International Maritime Law and Cybersecurity
17. 37:46 Recent Projects and Activism in Cybersecurity
18. 39:51 Staying Informed in a Rapidly Changing Landscape

Resources

Chris Kubecka's LinkedIn - https://www.linkedin.com/in/chriskubecka/

Field Tested: How to Hack a Modern Dictatorship with AI - https://www.amazon.com/dp/B0C7F4XYZ

In this episode of the Security by Default podcast, host Joe Carson speaks with Ian Austin, co-founder of Pwned Labs, about his journey in cybersecurity, the evolution of learning in the field, and the challenges of Cloud and AI security. Ian shares insights on transitioning into cybersecurity roles, the importance of community engagement, and the need for continuous learning in an ever-evolving industry. They discuss the significance of gamification in training and the current trends in cloud security, emphasizing the importance of hands-on experience and collaboration.

Key Takeaways

1. Ian Austin is a co-founder of Pwned Labs, specializing in cloud and AI security training.
2. His journey in cybersecurity began with help desk roles and evolved into penetration testing.
3. Creating content is a great way to learn and contribute to the community.
4. Cloud security presents unique challenges that require ongoing education and adaptation.
5. Gamification in training enhances engagement but should not overshadow practical learning.
6. Community involvement is crucial for personal and professional growth in cybersecurity.
7. Transitioning into security roles can be done from various backgrounds, including sysadmin and help desk.
8. Continuous learning is essential in the fast-paced cybersecurity landscape.
9. Mentorship can significantly impact career development and confidence.
10. Cloud security is a growing field with increasing demand for skilled professionals.

sound bites

"Learning is a great way to learn."

"Community is a powerful thing."

"Cloud is hard to secure."

Chapters

00:00 Introduction to the Podcast and Guest

00:40 Ian Austin's Journey in Cybersecurity

06:40 Transitioning into Security Roles

10:54 Evolution of Learning in Cybersecurity

16:19 The Importance of Community in Learning

22:58 Challenges in Cloud Security

28:46 Staying Updated in the Cybersecurity Field

Resources:

https://pwnedlabs.io/

https://www.linkedin.com/in/ian-austin/

In this episode of the Security by Default podcast, host Joe Carson welcomes Evil Mog, an expert in password cracking and cybersecurity. They discuss the importance of Hacker Jeopardy in making cybersecurity fun, the ongoing challenges with passwords, and the evolving role of AI in password cracking. The conversation also touches on incident response, the significance of documentation, and the future trends in cybersecurity, including the shift towards passwordless authentication and the impact of AI on both attackers and defenders.

Takeaways

1. Hacker Jeopardy is a fun way to engage with cybersecurity.
2. Teaching others helps reinforce your own knowledge.
3. Passwords will remain a necessary evil in security.
4. AI is enhancing password cracking methodologies.
5. Documentation is crucial in incident response.
6. The cost of hacking is increasing due to advanced techniques.
7. Collaboration between red and blue teams is essential.
8. Insider threats are on the rise in cybersecurity.
9. Password management is fundamentally an asset management issue.
10. Future trends indicate a shift towards passwordless authentication.

Sound bites

"Teaching helps you learn better."

"Security is about enabling the business."

"The cost of hacking is rising."

Chapters

1. 00:00 Introduction to Evil Mog and Hacker Jeopardy
2. 02:37 The Importance of Community and Teaching in Cybersecurity
3. 05:22 Password Security: The Louvre Incident
4. 07:59 The Evolution of Authentication Methods
5. 10:35 Challenges in Asset Management and Password Management
6. 13:15 Operational Technology (OT) Security Challenges
7. 15:53 The Role of Documentation in Cybersecurity
8. 18:42 AI in Cybersecurity: Automation and Password Recovery
9. 21:52 AI in Password Cracking
10. 24:56 Enhancing Human Capabilities with AI
11. 27:18 The Evolution of Cybercrime
12. 30:02 Trends and Predictions for Cybersecurity
13. 34:41 Collaboration in Cybersecurity
14. 37:24 The Future of Cybercrime and AI
15. 40:59 Connecting with Evil Mog

In this episode of the Security by Default podcast, host Joe Carson speaks with Charles Chase about his journey into the cybersecurity field, focusing on identity security and privilege access management. They discuss the evolving trends in identity security, the importance of maintaining identity hygiene, and the impact of regulations like NIST 2 and DORA on organizational practices. The conversation also covers the shift towards passwordless security, the role of AI in identity management, and resources for those looking to enter the field. The episode concludes with reflections on the importance of identities in business and society.

Takeaways

1. Charles Chase fell into cybersecurity from a military background.
2. The importance of understanding what you don't know in identity security.
3. Organizations often have dormant accounts that pose security risks.
4. Regulatory bodies are pushing organizations to improve their identity security practices.
5. The shift towards passwordless security is gaining momentum.
6. AI is becoming a valuable tool in identity management.
7. Identity hygiene is crucial for reducing risks in organizations.
8. The commoditization of identity solutions allows smaller businesses to implement security measures.
9. Engaging with customers is key to understanding their unique identity security needs.
10. The future of identity management is focused on user experience and automation.

Sound bites

"What do I not know?"

"It's a learning tool."

"It's a fun industry."

Chapters

1. 00:00 Introduction to the Podcast and Guest
2. 00:47 Charles Chase's Journey into Cybersecurity
3. 02:22 Trends in Identity Security and Best Practices
4. 05:54 Understanding Dormant Accounts and Their Risks
5. 09:54 The Shift Towards Passwordless Security
6. 12:45 The Role of AI in Identity Management
7. 18:35 The Importance of Digital Identity in Society
8. 26:45 Resources for Entering the Identity Space
9. 30:49 Conclusion and Final Thoughts

Keywords

cybersecurity, identity security, privilege access management, trends, best practices, passwordless security, AI in identity management, regulatory impact, identity hygiene, resources for cybersecurity