Breakpoint Security Podcast

MITRE ATT&CK has been the go-to framework for both offensive & defensive security teams. It’s sophistication and vast coverage makes it quite comprehensive, often not easy to fathom, let alone implement to the fullest. In this episode of br3akp0int, we demystify this through practical scenarios & Shweta’s experience of implementing it in day-to-day activities of Cyber Defenders.
Guest: Shweta Kshirsagar, General Manager - Security Assurance, Airtel Africa

Shweta is an accomplished information security professional with 18 years of industry experience in various domains of Cyber Security such as Cyber Incident Response, Data Protection and Privacy, Information Security Audit and Compliance. Possess strong leadership skills with a collaborative approach towards driving cross-functional programs. Holds multiple professional certifications and has won awards and recognition in the industry.
Recommended reading/viewing for practitioners:

• Mitre Att&ck Framework & website: https://attack.mitre.org/matrices/enterprise/
• https://github.com/mitre-attack
• https://center-for-threat-informed-defense.github.io/attack-sync/
• https://redcanary.com/blog/avoiding-common-attack-pitfalls/
• https://www.inforisktoday.in/insights-from-dual-vendor-saas-based-siem-implementation-a-22207

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy

TOPIC: Proactive Threat Prevention with Threat Intelligence

In this episode, we discuss the challenges of Threat Intelligence in the modern Threat landscape and how security teams can conduct Threat Intelligence to Proactively Stop Advanced Attacks.

Guest: Avkash Kathiriya, Sr. VP - Research and Innovation at Cyware Labs

Avkash is the VP of Research at a US-based Cyber security product startup. Avkash is an astute cybersecurity professional with more than 13 years of experience in core security technology domains including Cyber Defense, Security Orchestration and Automation, Cyber Resiliency, Threat Hunting, and Threat Intelligence. Apart from leading the research and innovation at Cyware, Avkash is also a globally well-known speaker at various security conferences in India and abroad. He is also a visiting faculty member at IIIT, Sri City, and a Cyber Threat Intelligence Committee member at OASIS, a global non-profit consortium that works on the development, convergence, and adoption of open standards for cybersecurity.
Glossary
We might be frequently using some common terminologies in our conversation, the way they're used in the industry, so those new to this can refer to the quick glossary given below before you start

• CTI: Cyber Threat Intel
• TTPs: tactics, techniques, and procedures
• APT: advanced persistent threats- in which an attacker gains access and stays without being detected for long time.
• SIEM: Security Info Event Management
• SOC: Security Operations Center
• IoC: Indicators of Compromise
• IoA: Indicators of Attack

Recommended reading/viewing, Paper(in this topic) for practitioners

1. https://github.com/hslatman/awesome-threat-intelligence
2. https://oasis-open.github.io/cti-documentation/stix/intro.html
3. https://cyware.com/educational-guides/cyber-threat-intelligence
4. https://cyware.com/blog/4-steps-to-expand-threat-intelligence-sharing-in-2023-f786
5. https://www.youtube.com/watch?v=I9pjBrN1dUA

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy

TOPIC: DevSecOps for teams building on Steroids
Developers have already adopted public cloud in all tech enabled companies and industry verticals. Security teams are mostly for after the fact testing, signaling that compliance is in place or even as a sales aid when selling to large enterprises.
If Continuous Delivery is the goal (as that gets the business money) then the integration and deployment pipelines (CI/CD) are the assembly lines. Far too often under the misguided notions of shift left, security teams come and slow things down by adding security steps to such pipelines and are surprised when no one likes this.

This is what he was able to solve for Byjus enterprise business team and they presented this at DevOps Enterprise Summit 2021 Europe as well.
Guest: Akash Mahajan, Founder & CEO Kloudle,Appsecco
Before founding Kloudle, Akash started Appsecco in 2015. At Appsecco, they did security testing of products hosted in the public cloud. They tested 100s of applications. But instead of app bugs, they found most of the time cloud infra was misconfigured.

Humans make mistakes. So far most developers are human too. Project after project they hacked into customer's apps due to cloud misconfigurations. Therefore, they built Kloudle.
Kloudle automates cloud security to eliminate human errors in setting up and using cloud infrastructure. It answers 3 things. What's running, what's wrong, how to fix it. Automatically in a loop. A CSPM built for devs.

Recommended reading/viewing, for practitioners:

1. The Phoenix Project [https://www.amazon.in/Phoenix-Project-Devops-Helping-Business/dp/1942788290]
2. The Goal [https://amzn.eu/d/ebKsrd6]
3. Accelerate [https://amzn.eu/d/41jhgu6]
4. DORA Metrics [https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance]
5. Turtles All The Way Down
6. Scaling Enterprise BizOps by Automating DevOps Practices
7. https://github.com/devopsenterprise/2021-virtual-europe/blob/main/PPT%20revamp%20-%20DevOps%20Enterprise%20Summit%20v6%20(2).pdf

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy

Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe at enterprise level.

SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how your services talk to other SaaS apps.

A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.

Guest: Abhishek Anand, Co-Founder Koala Lab

Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.

Recommended reading/viewing for practitioners:

1. SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
   1. 38% of companies run almost entirely on SaaS
   2. As of 2021, an average of 110 SaaS apps are used per organization.
   3. Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
2. Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
3. Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
4. Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
5. TL;DR: https://tldrsec.com/- Good newsletter covering a lot of security research
6. SSP Coverage Reference: https://www.koalalab.com/saas-security

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy

In this episode, we delve into the intricate world of AI security, tackling the dual challenge of safeguarding artificial intelligence systems and utilizing AI to enhance cybersecurity.
Guest: Tamaghna Basu, Founder & CEO, DeTaSECURE
Join us as we unravel the complexities of AI security and provide valuable insights that can help you stay ahead in the ever-evolving cybersecurity landscape. Whether you're a security professional, an AI enthusiast, or simply curious about the intersection of these fields, this episode offers critical knowledge and practical tips to enhance your understanding and approach to AI security.
Glossary for Listeners

Artificial Intelligence (AI) is the creation of computer systems that can perform tasks normally requiring human intelligence. This includes recognizing speech, making decisions, and learning from data. Imagine a smart assistant like Siri or Alexa—they use AI to understand and respond to your requests.

Machine Learning (ML)

• A subset of AI focused on developing algorithms that allow computers to learn from and make predictions or decisions based on data.

Neural Networks

• Computational models inspired by the human brain, consisting of interconnected nodes (neurons) that process information in layers to recognize patterns and make decisions.

Natural Language Processing (NLP)

• A branch of AI that enables machines to understand, interpret, and respond to human language in a natural way, including tasks like translation, sentiment analysis, and chatbots.

Deep Learning

• A type of machine learning involving neural networks with many layers (deep neural networks), which excel at analyzing large datasets and performing complex tasks such as image and speech recognition.

Adversarial Attacks

• Techniques used to deceive AI models by introducing malicious input, causing the model to make incorrect predictions or classifications, highlighting vulnerabilities in AI systems.

Recommended reading/viewing for practitioners:

• Tamaghna’s BackHat Talk- Clone with AI : https://www.youtube.com/watch?v=XafJT7I71yo
• Adversarial Attacks: https://youtu.be/t5-vMJDFr8E
• T-Mobile Breach: https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers
• Samsung bans ChatGPT: https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/
• OpenAI Data Breach: https://openai.com/index/march-20-chatgpt-outage/

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy