Share The Cybersecurity Readiness Podcast Series
Share to email
Share to Facebook
Share to X
By Dr. Dave Chatterjee
5
33 ratings
The podcast currently has 74 episodes available.
In this episode, Laurie Salvail, Ph.D., Executive Director of CYBER.ORG, joins me to discuss the importance of cybersecurity education for K-12 students. Primarily funded by the Cybersecurity and Infrastructure Security Agency (CISA), CYBER.ORG is a powerful and free resource available to K-12 students and educators in the United States. CYBER.ORG’s Range, a cloud-based virtual environment, empowers K-12 students with real-world cybersecurity skills in a secure platform.
Action Items and Discussion Highlights
Time Stamps
00:02 -- Introduction
00:49 -- Guest's Professional Highlights
02:41 -- About Cyber.Org
06:08 -- Vulnerability of youth to different forms of cyber attacks
07:22 -- Gaining access to Cyber.Org resources
08:34 -- Gaps in cyber education from K-12
13:36 -- How early should kids be exposed to cybersecurity awareness programs?
15:21 -- Cybersecurity is everyone's business
17:13 -- Should cybersecurity education be part of the K-12 core curriculum as early as possible?
22:35 -- Many schools have their own cybersecurity curriculum and cybersecurity program. So, where do cyber.org resources fit in for these schools?
28:26 -- How can listeners, as well as their organizations, help the cause of K-12 cybersecurity education?
Memorable Laurie Salvail Quotes/Statements
"A big part of who we are, though, is that we do grant writing to make our resources available completely free of charge for any school district teacher; we will never charge the user for anything at all."
"We are very thankful to receive funding from the Cybersecurity and Infrastructure Security Agency (CISA). They're one of our main funders right now, allowing us to create these resources for students across the US.
"We are able to offer no-cost professional development for our teachers and caregivers across the US."
"If you want to teach a student about cybersecurity, come to cyber.org, and we've got free resources for you to dive into and learn how to have those conversations where we're exciting our children."
"We have over 35,000 teachers right now that have access to our content."
"Cybersecurity is an important topic for all students at all grade levels. There's an age-appropriate way to do it at those levels, and we're here to help, so spreading that message is really important."
"Resources at Cyber.Org are available to all schools, public, private, and homeschool families."
"Every school is unique, and every school is different, and we hop on a call with each school to say, what will work in your building, what do your students need? What do they already know? So we can develop a tailored plan for each school based on what courses will be useful and how we can roll that out based on their long-term goal."
"If a child is old enough to receive some type of technology, then they are old enough to learn how to use it."
"We have done everything we possibly can to make our resources teacher-friendly and something that really will help you be the cool teacher on campus and just be fun to talk about with your students."
"School has to be fun. Learning should be fun. It should be a part of our life, and it should make sense, and it shouldn't be something I'm just doing because I was told to do it, and the Cyber.Org Range helps with that."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Cybersecurity Readiness: Essential Actions For CXOs, August 12, 2024
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
As machine learning algorithms continue to evolve, Large Language Models (LLMs) like GPT-4 are gaining popularity. While these models hold great promise in revolutionizing various functions and industries—ranging from content generation and customer service to research and development—they also come with their own set of risks and ethical concerns. In this episode, Rohan Sathe, Co-founder & CTO/Head of R&D at Nightfall.ai, and I review the LLM-related risks and how best to mitigate them.
Action Items and Discussion Highlights
Time Stamps
00:02 -- Introduction
01:54 -- Guest's Professional Highlights
02:50 -- Overview of Large Language Models (LLMs)
07:33 -- Common LLM Applications
08:53 -- AI-Safe Jobs and Skill Sets
11:41 -- LLM Related Risks
15:30 -- Protective Measures
19:09 -- Retrieval Augmented Generation (RAG)
20:57 -- Securing Sensitive Data
23:07 -- Selecting Appropriate Data Loss Protection Platforms
25:00 -- Human Involvement in Processing Alerts
26:56 -- Closing Thoughts
Memorable Rohan Sathe Quotes/Statements
"Large Language Models (LLMs) are built on specialized machine learning models and architectures called transformer-based architectures, and they are leveraged in Natural Language Processing (NLP) contexts. It is really just a computer program that has been fed enough examples to be able to recognize and interpret human language or other complex types of data. And this data comes from the internet."
"The quality of the LLM responses depends upon the data it's trained on."
"LLM is a type of deep learning model, and the goal is to understand how characters, words, and sentences function together and do that probabilistically."
"There's been a lot of ongoing work in using LLMs to automate customer support activities."
"The LLM usage has dramatically shifted to include creative capabilities such as image generation, copywriting, creating designs, and writing code."
"There are three kinds of core LLM attack vectors. One is just to attack the LLM model directly. The second is to attack the surrounding infrastructure and the integrations that the LLM has. The third is to attack the application that may use an LLM under the hood."
"I have seen a lot of infrastructure attacks and attacking the integrations around the LLMs. And then, of course, just the standard attack: attacking the software application that might be using an LLM under the hood."
"I think we're seeing this explosion of red teaming for AI. So folks are trying to see if these theoretical attacks are real attacks that will happen in the industry."
"There's the product security element, but there's also the corporate security. How are my employees using AI? What types of data are they sharing with AI? And so those are the types of things we see most commonly. So, I encourage your listeners to think about their product security and internal security programs for AI."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Cybersecurity Readiness: Essential Actions For CXOs, August 12, 2024
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
The importance of maintaining uninterrupted services cannot be overemphasized, especially in light of the recent global IT outage fiasco. With the increasing dependence on cloud-based services, uninterrupted connectivity is essential to maintaining business continuity. Since identity providers control access to an organization's application and data, any downtime can shut down mission-critical operations. It was great to have Eric Olden, Co-Founder, Chairman, and Chief Executive Officer of Strata Identity, share his thoughts and perspectives on this critical topic.
Action Items and Discussion Highlights
Inventory applications and dependencies to understand risk exposure.
Conduct risk assessment to quantify risk and start with highest priority applications.
Identify single points of failure.
Trust but verify. You want to test things repeatedly so that when that inevitable outage happens, you're confident that the incident will not have drastic consequences.
Balance investment in identity continuity solutions against the cost of potential downtime.
Consider using existing on-premise identity systems like Active Directory as a low-cost redundancy option.
Consider implementing identity orchestration and continuity solutions to introduce redundancy after evaluating cost vs risk.
Create a culture of resilience that is not surprised when an outage happens but can handle it with grace and confidence.
Time Stamps
00:02 -- Introduction
02:33 -- Guest's Professional Highlights
04:32 -- Eric Olden's Perspective on the Global IT Outage Fiasco
09:16 -- Practicality of Maintaining Redundancy
13:21 -- Identity as Mission-Critical Systems
14:03 -- Identifying Single Points of Failure
20:00 -- Developing Always-On Identity Continuity Solution
21:59 -- Interruption Factors
23:12 -- Continuous and Meticulous Risk Assessment
25:11 -- Incident highlighting a proactive approach to identity risk management
29:42 -- Lessons from the Incident
36:35 -- Final Thoughts
Memorable Eric Olden Quotes/Statements
"I think a lot of people are realizing that there's more single points of failure in their environments, which creates a significant amount of risk."
"Identity system is like the front door of the house; without identity security, you cannot access those applications. So identity has become a mission critical system because it has a primacy in terms of how people access the applications and the data to run today's modern enterprise."
"Understand where you have single points of failure because until you do that analysis, you may be assuming that you aren't in a dependent situation because you've got rid of single points of failure in your data infrastructure, but what about the other parts that are not necessarily under your control."
"Trust but verify. You want to test things repeatedly so that when that inevitable outage happens, you're confident that things will not take your business down with you."
"It's not a question of whether something bad will happen in the future. It was a question of when it will happen and how bad it will hurt."
"If you think about the cost of an investment for continuity, you want to ensure that you're not spending more for continuity than it would cost you for downtime."
"Create a culture of resilience that is not surprised when an outage happens, but can handle it with grace and confidence."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Cybersecurity Readiness: Essential Actions For CXOs, August 12, 2024
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
In this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in supporting the Advanced Defense Systems that protect our nation from domestic and international threats. So, it is imperative to review what it takes to keep these SMBs safe from cyber-attacks.
Action Items and Discussion Highlights
• Treat cybersecurity as a strategic opportunity and invest adequate resources to build and sustain this competency.
• Establishing fail-safe software development practices.
• Software testing and rollout models must be continuously and rigorously tested.
• Proactively determine disaster scenarios and stress test organizational resilience in dealing with those situations.
• Consider establishing key metrics to measure the effectiveness and maturity of cybersecurity operations.
• Demand visibility and transparency into the specific activities a managed service provider is conducting to protect the organization, such as vulnerabilities remediated, security incidents handled, and training completed. Regular reporting should be provided.
• Conduct thorough due diligence when selecting a cybersecurity service provider, including validating the qualifications and expertise of the individuals responsible for security, the technologies used, and references from other customers.
Time Stamps
00:02 -- Introduction
02:09 -- Guest's Professional Highlights
04:32 -- Chris Petersen's Perspective on the Global IT Outage Fiasco
08:01 -- What could Delta have done differently? Could they have proactively predicted such a disaster scenario and prepared for it?
11:45 -- Key Findings from RADICL's 2024 DIB Cybersecurity Maturity Report
13:29 -- Chris Petersen's take on the survey findings
19:49 -- Recommendations on how SMBs serving the defense industrial base and critical infrastructure can meet and exceed compliance requirements.
24:21 -- Cybersecurity as a strategic opportunity
28:43 -- Guidance on selecting service providers and managing outsourced relationships
34:27 -- Advice for SMB CEOs
37:18 -- Closing Thoughts
Memorable Chris Petersen Quotes/Statements
"When we build software, our quality practices need to be fail-safe, especially when you have a footprint like CrowdStrike does that can be so impactful if there is an issue."
"CrowdStrike needs to look at their testing model and perhaps their rollout model of how they roll out content updates."
"Microsoft also shouldn't be so susceptible to a program operating in the kernel that can repeatedly cause a blue screen of death. There should be some resiliency built into the operating system itself."
"I think the technology providers need to build more resiliency into their technologies, especially when they're foundational and are platform-level technologies. For security, folks need to make sure we are doing a really thorough job on the quality side."
"I'm especially concerned because most of these companies typically don't have sophisticated incident response operations in place."
"I'm concerned that these companies have accounts that have been compromised, have endpoints that have been compromised, but the vast majority of them don't have that class of forensic capability to detect and remove the malicious files."
"The thing with compliance, though, is it comes down to how well you achieve compliance."
"Fundamentally, business operations are going to trump security, because you have to do business."
"The advice I'd give to a CEO is start thinking about establishing some operational metrics around security and the metrics that indicate you have some resiliency and defense-in-depth measures in place."
"By understanding and inventorying the applications and the dependencies, you have a much more clear picture of risk."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Cybersecurity Readiness: Essential Actions For CXOs, August 12, 2024
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
In this episode, John Funge, Managing Director at DataTribe, and I discuss the Global IT Outage caused by a flawed update to CrowdStrike's cloud-based security software. We also review DataTribe's recently published report on cybersecurity trends and predictions for 2024. In closing, John shares some tips and recommendations for those seeking cybersecurity funding.
Action Items and Discussion Highlights
Time Stamps
00:02 -- Introduction
01:44 -- Guest's Professional Highlights
06:33 -- Global IT Outage Fiasco -- Lessons
08:11 -- Hardening QA Cycles
10:41 -- Software Malfunction in an AI-Driven World -- Corrective Action
15:50 -- Reviewing Cyber Trends -- Quantum Computing, AI-Enabled Autonomous Defenses, AI SOC Analyst, AppSec Scans, etc.
25:30 -- Cybersecurity Governance Process Improvements and Innovations
31:18 -- What does DataTribe, a cyber foundry, look for when evaluating potential investment opportunities?
34:35 -- Cyber Predictions
36:44 -- Closing Thoughts
Memorable John Funge Quotes/Statements
"Software is just really brittle and creaky. Over time, there's been a combination of incentives toward speed of delivery and time to market rather than spending more effort hardening QA cycles."
"Within the security industry, there's this sort of patch advice: Just keep your systems patched, etc. There isn't much discussion in that conversation about how we can engineer the software so it's more secure with fewer bugs."
"It's unclear whether we are increasing the hardness of many software tools and systems at the same time that their responsibility is increasing."
"At the end of the day, AI is really a tool for consolidating training data and creating a decision mechanism based on that."
"Security is just so rich with data. So, if you follow the data, you really do start to see interesting opportunities to potentially create predictive models that allow you to increase your security performance and efficacy."
"There is this opportunity to create a set of tooling that can monitor what goes on in CICD (Continuous Integration and Continuous Deployment) pipelines and create all the necessary evidence that can help enforce process and give confidence to auditors risk management compliance, and essentially take what's going on inside the software development process, and making it much, much more transparent."
"AI models and the data science teams that work on them represent a bit of a black box, and it can be challenging to collaborate and understand the risks that the organization is taking without having some tooling to help capture and communicate that. So that's another interesting area."
"When we look at an opportunity, it's not just the opportunity itself, but is there a fit between the founder and the opportunity? The really exciting ones tend to have what we would describe as domain masters, people who are maybe top ten in the world in that particular subject area."
"At the really early stage, the team is really, really critical because there is very little actual product existing at the time we enter the investment."
"Video is one thing, but audio deep fakes are a really big deal."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
The recent breach of the Change Healthcare platform serves as a strong reminder that the healthcare sector remains extremely vulnerable to different types of attacks. In late February, a ransomware gang known as Black Cat claimed responsibility for hacking Change Healthcare, a subsidiary of UnitedHealth Group. The intruders disrupted operations and stole up to four terabytes of data, including personal information, payment details, insurance records, and other sensitive information. It is also reported that a ransom payment of $22 million was made. What is even more concerning is that Change Healthcare is being extorted again by another ransomware group. Incidents such as this jeopardize the survival of countless healthcare providers nationwide due to delays in patient care and delays in making reimbursements. This hack generated massive economic and legal shockwaves across the US healthcare industry, from major industry players to small-town, rural physician practices. In this episode, Amer Deeba, CEO and Co-founder at Normalyze joins me to review the state of cyber security and maturity of the healthcare industry and talk about proactive defense strategies to fortify sensitive healthcare data.
Action Items
Time Stamps
00:02 -- Introduction
03:18 -- Guest's Professional Highlights
04:19 -- State of Cybersecurity Maturity in the Healthcare Industry
9:01 -- Consequences of healthcare data leak
10:54 -- Challenges of securing healthcare data
12:03 -- Practical strategies for securing healthcare data
18:07 -- A proactive approach to securing healthcare data
21:55 -- Best practices
29:21 -- Making the business case
32:46 -- Closing Thoughts
Memorable Amer Deeba Quotes/Statements
"We're expecting that by 2026, about 175 zettabytes of data will be available across multiple types of cloud environments."
"It all starts by understanding where are your most important and critical assets, where are your crown jewels, and whether you are able to understand at any point in time where this information is, who has access to that information, how can they access that information? Do you have the right controls and mechanisms in place in order to secure it, to understand the value of it for your organization and make sure that it's fortified from such attacks."
"With data exploding and moving everywhere, between environments and between cloud and SaaS applications and on-prem, this is the new frontier for attackers."
"You're not boiling the ocean; you are prioritizing based on where your most sensitive information is, and you are making sure there are no attack paths to this data."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
The fast-evolving quantum computing phenomenon represents a paradigm shift in how computers process data. Due to its ability to process vast amounts of data and solve complex problems at an unprecedented speed, quantum computing holds great promise for new material discovery through the simulation of physical systems, portfolio optimization in finance, and more. It also poses a significant threat to cybersecurity, requiring a change in how we encrypt our data. Even though quantum computers don’t technically have the power to break most of the current forms of encryption yet, we need to stay ahead of the threat and come up with quantum-proof solutions now. If we wait until those powerful quantum computers start breaking our encryption, it will be too late. I had the pleasure of discussing the quantum computing phenomenon and its cybersecurity implications with Duncan Jones, Head of Cybersecurity, at Quantinuum. We discussed the potential threats and opportunities of quantum computing for cybersecurity, as well as its potential to revolutionize various industries. We recognized the need for new algorithms resistant to quantum computing, staying ahead of technological innovations, investing in cybersecurity measures, and prioritizing the migration of sensitive data to quantum-resistant algorithms.
Action Items
Time Stamps
00:02 -- Introduction
01:59 -- Guest's Professional Highlights
06:19 -- Overview of Quantum Computing
08:19 -- Commercially Leveraging Quantum Computing
10:51 -- Evolution of Quantum Computing and Cyber Attacks
12:55 -- Recommendations on Leveraging Quantum Computing Benefits and Securing Data from Quantum Computing Enabled Cyber Attacks
17:49 -- Roadmap for Proactive Safeguards
23:34 -- Can quantum computing enabled encryption ensure that even if a human is a victim of a phishing attack, it will be hard to get into systems? Is that a fair aspiration?
26:38 -- What recommendations would you make for organizations who are trying to explore and adopt quantum computing?
29:19 -- Cybersecurity Challenges and Hurdles
32:52 -- Challenges of Quantum-Safe Migration
34:09 -- Cryptographic debt
37:32 -- Final Thoughts
Memorable Duncan Jones Quotes/Statements
"I think of my career as a series of very fortunate accidents, rather than some very carefully planned out thing."
"Quantum computing as a different form of computation, as opposed to necessarily always a better form of computation."
"Leading companies are now starting to engage with quantum computing because they know they have to build the skill sets, they have to develop the intellectual property that will begin to deliver value in the not too distant future."
"Quantum computers are becoming more and more powerful every year."
"We'll actually see Quantum as a as a big benefit for cybersecurity, but we've got some headaches to get through first."
"Every cryptographic system is going to need to change to move to these new algorithms that are believed to be quantum resistant."
"Store-now-decrypt-later approach represents the idea that you have some persistent threat actors, people who really, really genuinely want to get some of the data that you have, and they're willing to patiently wait more than 10 years, potentially, to crack into something that they've stolen from you."
"I think it's all about focusing on a defense in depth approach. And making sure every layer in your system is as secure as possible. And where quantum can actually provide some really strong benefits is in those lower layers."
"It basically boils down to generating unpredictable random data."
"With quantum technology, you can take some risks off the table, but just not all risks."
"What I'm discovering is that organizations don't always know what they have."
"Quantum is a really good thing for cybersecurity, it's a wonderful excuse to make our systems better. It's a wonderful excuse to get rid of the cryptographic debt that has been piling up for a few years. And then by embracing the technology itself and weaving it into our everyday systems, we're actually going to make them stronger than they were before. So I would say quantum is a gift for cybersecurity."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar
In this podcast, I enjoyed talking with Chirag Shah, Model N's Global Information Security Officer and Data Privacy Officer, about creating a security-minded culture. Infusing a security culture within organizations starts with leadership buy-in and support. Chirag highlighted the need for interactive and engaging training programs tailored to specific departments, involving real-world examples and practical scenarios. He stressed the significance of fostering a security mindset among employees through daily reminders and reinforcement and leveraging free or low-cost resources to implement effective security awareness programs. Chirag also emphasized the need for a strategic approach to security and a security-minded culture where employees are empowered and responsible for maintaining a strong security posture.
Action Items
Develop an interactive that delivers bite-sized security awareness content, quizzes, and scores performance.
Organize escape room and security hackathon events as hands-on learning initiatives.
Contextualize training for specific employee roles and responsibilities.
Incorporate security into employees' goals and recognize adherence to policies.
Lead by example and make security part of a company's vision and operations
Time Stamps
00:02 -- Introduction
02:38 -- Guest's Professional Highlights
04:14 -- Why do you emphasize the importance of infusing a culture of security?
06:35 -- How do you create a security-minded culture?
09:42 -- How do organizations create engaging and effective cybersecurity awareness training to develop security-minded cultures and cyber hygiene habits among employees?
15:49 -- Personalizing security
19:49 -- Dealing with common challenges and hurdles associated with creating security-minded cultures.
27:53 -- How do you get top management buy-in?
29:05 -- Creating a culture of accountability
36:35 -- Treating cybersecurity as a strategic enabler
37:57 -- Final Thoughts
Memorable Chirag Shah Quotes/Statements
"Security belongs to everyone, not just the security team. It's about embedding security awareness and responsibilities into the vision, mission, and day-to-day operations of all departments and employees."
"Security should become part of the daily goals for the execution of the business."
"Focus on security awareness training that is engaging, fun, and rewarding for employees, and move beyond annual compliance training to create a continuous security learning culture."
"When anyone asks, how big is your security team, I say about 1300 some people, right, because that's what my company is. All of them are our security team, and they are the security champions, and they helped me manage and drive the security program to the next level."
"What you want to do is implement a phased approach to security awareness training, starting with basic concepts and gradually increasing the complexity of those concepts."
"90% of the employees in US companies use laptops to conduct personal transactions, whether they're paying the credit card bill or they're booking travel tickets, they're all doing it online, and using a company laptop."
"Appoint security champions within different departments to assist in training and awareness."
"The message has to be very simple and to the point, so employees can understand and have an open dialogue."
"Implement pre-and post-training assessments and measure changes in employee knowledge."
"Leaders and managers should lead by example by following the security policies and procedures themselves."
"Inject security into the quarterly goals that individuals have or six monthly goals that they have, and give them an opportunity to work with the security team."
"Promote a culture of accountability, hold employees accountable for their actions."
"Employees are more likely to embrace security measures when they feel they have a voice in the process, they have a voice in creating the appropriate security culture."
"It would be awesome to have an interactive mobile app that delivers bite-sized security awareness content, quizzes, challenges, and scores performance."
"Create an environment where employees or teams feel empowered and responsible for maintaining a strong security posture and driving the business. Make sure that security is not just a roadblock, but they are the enablers."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars:
How can brands rethink data security to maintain customer trust?
Cybersecurity Readiness in the Age of Generative AI and LLM
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee
Student-led cybersecurity clinics are increasingly playing an essential role in strengthening the digital defenses of nonprofits, hospitals, municipalities, small businesses, and other under-resourced organizations in our communities while also developing a talent pipeline for cyber-civil defense. Sarah Powazek, Program Director - Public Interest Cybersecurity at the University of California, Berkeley Center for Long Term Cybersecurity (CLTC), sheds light on this important development. One of the highlights of the discussion was the recognition that the cybersecurity field is such a melting pot of different skill sets. In Sarah's words, "it's actually one of the biggest advantages we have; threats are changing every day. If we don't have folks from different backgrounds and different life experiences, we're really not going to be prepared; we're not going to be able to adapt."
Time Stamps
00:02 -- Introduction
01:46 -- Guest's Professional Highlights
04:35 -- Center for Long-Term Cybersecurity (CLTC) Initiatives
06:13 -- Training students
07:20 -- How do the cybersecurity clinics benefit students?
09:11 -- Resources for Non-Profits and Under-Privileged Organizations
11:01 -- Types of Clients for Student-Run Cybersecurity Clinics
11:42 -- Guidance to universities who want to create student-led cybersecurity clinics
14:29 -- Consortium of Cybersecurity Clinics
17:20 -- Not-technical roles in cybersecurity
18:46 -- Cybersecurity field is a melting pot of different skill sets
21:12 -- Different Cybersecurity Roles
23:32 -- Final Thoughts
Memorable Sarah Powazek Quotes/Statements
"Cybersecurity clinics are modeled after medical and law school clinics."
"We're running programs where students will learn how to provide a cybersecurity maturity assessment. We accept students from all different majors, at least at UC Berkeley, it's very interdisciplinary. They spend the first part of the course learning all about cybersecurity and about the basics, basic cyber hygiene, multi-factor authentication, regular patching schedules, incident response plans, etc."
"There isn't a real clear academic pathway into cybersecurity."
"One of the big student-run clinics is the University of Nevada, Las Vegas. They operate as a student club; the students train each other, create programming, and engage with the clients, and they operate year-round. They've got a really interesting model for clinics where they're working with clients, but the students are really the ones taking on that responsibility. And the faculty advises them."
"We have a toolkit on the Consortium's website that actually has step-by-step instructions on how to design a clinic. How do you pick out the curriculum? "
"There's a couple of things that we really encourage folks to have, if they want to start up a clinic program, the first is a faculty champion."
"So we've really switched the focus and formed the consortium a number of years ago around centralizing resources, making it easier for folks around the country to start up programs, making the programs even better and more effective at both training students and providing real value to clients. And we have a goal of having a clinic in every state by 2030."
"I think that there are many people worldwide who care about the mission and protecting their communities but haven't gotten some of those skills yet. And anyone can learn. Anyone can learn cybersecurity. I truly believe that, I think people from all backgrounds provide something really valuable to the field."
"Cybersecurity is really a trade. It's something that anyone can learn."
"I'm starting to meet a lot of students who have a degree in cybersecurity, but on the whole, it's still a field of mostly transfers, right? Some people with computer science, some people with IT, but some people with policy, with journalism, with law, and with business. I mean, it's such a melting pot of different skill sets. And I think that that it's actually one of the biggest advantages we have, you know, threats are changing every day. If we don't have folks from different backgrounds and different life experiences, we're really not going to be prepared, we're not going to be able to adapt."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars:
How can brands rethink data security to maintain customer trust?
Cybersecurity Readiness in the Age of Generative AI and LLM
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee
Developing and maintaining resilient and secure data centers is a huge part of cybersecurity readiness. Spiros Liolis, Chief Technologist and Managing Consultant, EYP Mission Critical Facilities, Part of Ramboll, joins me to discuss the challenges and best practices of creating and maintaining state-of-the-art data centers. Topics covered include a) elements and attributes of resilient data centers, b) creating and maintaining a resilient and adaptive data center, and c) the different types of risks – geological, meteorological, and human – that must be considered when building and maintaining the data centers.
Time Stamps
00:02 -- Introduction
00:49 -- Setting the Stage and Context for the Discussion
01:54 -- Guest's Professional Highlights
02:56 -- Overview of Data Center Resiliency
05:41 -- Criticality of Data Centers
07:53 -- Key Elements of a Resilient Data Center
12:06 -- Build Your Own or Co-locate
15:00 -- Assessing the Effectiveness of a Data Center
19:32 -- Significance of Simulated Exercises/Tabletop Exercises
21:46 -- Importance of On-Site Visits
23:56 -- Technical, Commercial and Operational Due Diligence
26:17 -- Adaptive Design
28:32 -- Data Center Facility Locations
30:15 -- Best Practices & Final Thoughts
Memorable Spiros Liolis Quotes/Statements
"Everything we do today, as professionals and as consumers, relies heavily on data centers."
"There's a cloud of course, but nothing up there, 35,000 feet above the ground, is hosting servers. The cloud is practically data centers on Earth, right."
"What do we mean by secure and resilient data centers? will refer to the ability of essential data center infrastructure to withstand and recover from disruptions and ensure their continued operations."
"When we talk about potential threats, we need to think of them in terms of geological, meteorological, accidental, or even intentional risks. These are primarily the risk types we talk about when it comes to data center resiliency."
"The moment you power up a data center, you practically cannot shut it down."
"So the resiliency of a data center must consider how to build enough redundancy by design and by implementation into these data centers."
"So our methodology is to look at the different risk factors that may have an impact on the facility itself, whether it is your own, or whether it is being hosted; you need to evaluate, and measure the impact of different risks and these are geological risks, meteorological risks and human risks, whether accidental or unintentional."
"Nothing beats an on-site visit to check a data center's resiliency."
"So the hybrid design is really all about building the necessary critical infrastructure that capitalizes on multiple sources of energy."
"Education awareness is absolutely paramount. And that is probably one of our faults as well, data centers today are considered to be the naughty neighbors. I mean, they say, Oh, they're energy consuming, they take our water, they take our power; we as an industry need to educate our communities, we need to tell them what is it that we do. And of course, we need to make sure that we build them in a sustainable way, we'll use renewables, we will become community friendly. All of that must happen."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars:
How can brands rethink data security to maintain customer trust?
Cybersecurity Readiness in the Age of Generative AI and LLM
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee
The podcast currently has 74 episodes available.