From Basics to Quantum: A Comprehensive Dive into Cybersecurity Trends
04/19/24 • 69 min
Summary
The conversation covers various topics related to cybersecurity, including offensive security, IoT devices, hidden threats in cables, advanced hacking devices, privacy concerns with smart devices, cyber hygiene, securing personal data, risks of social media platforms, importance of cybersecurity education, government regulations, and trends in cybersecurity for 2024. The conversation explores the prevalence of social engineering attacks and the effectiveness of generative AI in social engineering. It discusses the challenges of detecting phishing emails generated by AI and the difficulty of defending against AI-powered attacks. The role of password managers and firewalls in defense is highlighted, as well as the importance of recognizing the limitations of human perception. The conversation emphasizes the need for cyber defense measures in organizations and the vulnerability of the weakest link in the chain. It also addresses the risks associated with third-party vendors and the impact of cyber attacks on critical infrastructure. The importance of cyber-informed engineering and designing with security in mind is discussed, along with the challenges of securing outdated OT systems. This conversation covers various topics related to securing OT networks, including the challenges of upgrading OT systems, the complexity of OT networks, and the use of OT firewalls. The discussion also explores the importance of understanding OT protocols and the security risks of unencrypted OT protocols. Additionally, the conversation delves into the impact of Active Directory issues and the role of AI in cybersecurity. The future of AI and quantum computing in cybersecurity is also discussed.
More About The Episode
Hosted by: Aaron Crow
Guest: Duane Laflotte
Connect with Duane Laflotte:
- Website: www.pulsarsecurity.com/
- LinkedIn: https://www.linkedin.com/in/duanelaflotte/
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: https://protectitall.co/
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Audio production by NMP. We hear you loud and clear.
Summary
The conversation covers various topics related to cybersecurity, including offensive security, IoT devices, hidden threats in cables, advanced hacking devices, privacy concerns with smart devices, cyber hygiene, securing personal data, risks of social media platforms, importance of cybersecurity education, government regulations, and trends in cybersecurity for 2024. The conversation explores the prevalence of social engineering attacks and the effectiveness of generative AI in social engineering. It discusses the challenges of detecting phishing emails generated by AI and the difficulty of defending against AI-powered attacks. The role of password managers and firewalls in defense is highlighted, as well as the importance of recognizing the limitations of human perception. The conversation emphasizes the need for cyber defense measures in organizations and the vulnerability of the weakest link in the chain. It also addresses the risks associated with third-party vendors and the impact of cyber attacks on critical infrastructure. The importance of cyber-informed engineering and designing with security in mind is discussed, along with the challenges of securing outdated OT systems. This conversation covers various topics related to securing OT networks, including the challenges of upgrading OT systems, the complexity of OT networks, and the use of OT firewalls. The discussion also explores the importance of understanding OT protocols and the security risks of unencrypted OT protocols. Additionally, the conversation delves into the impact of Active Directory issues and the role of AI in cybersecurity. The future of AI and quantum computing in cybersecurity is also discussed.
More About The Episode
Hosted by: Aaron Crow
Guest: Duane Laflotte
Connect with Duane Laflotte:
- Website: www.pulsarsecurity.com/
- LinkedIn: https://www.linkedin.com/in/duanelaflotte/
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: https://protectitall.co/
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Audio production by NMP. We hear you loud and clear.
Previous Episode
Securing Our Future: The Cyber Challenge in Aging Infrastructure
Summary
The conversation covers the challenges and risks associated with aging infrastructure, particularly in critical sectors such as power generation and water treatment. The lack of maintenance and neglect of infrastructure pose significant threats to public safety and national security. The integration of IT and OT systems in these sectors creates vulnerabilities that can be exploited by cyber attackers. The conversation emphasizes the need for a comprehensive strategy and funding to address these issues. Additionally, the importance of vocational education and job creation in the infrastructure sector is highlighted. The conversation covers various aspects of infrastructure, including the government bidding process, the slow process of infrastructure projects, the need for streamlining government processes, the importance of continuous maintenance and upgrades, the need for oversight and compliance, the importance of a proactive approach to infrastructure, the consequences of neglecting infrastructure, the impact of cyber attacks on infrastructure, personal journeys into cybersecurity, opportunities in OT cybersecurity, and a call to action to get involved in OT cybersecurity.Takeaways
- Aging infrastructure in critical sectors poses significant risks to public safety and national security.
- The integration of IT and OT systems in critical infrastructure creates vulnerabilities that can be exploited by cyber attackers.
- Comprehensive strategies and funding are needed to address the challenges and risks associated with aging infrastructure.
- Vocational education and job creation in the infrastructure sector are crucial for addressing the maintenance and upgrade needs. Infrastructure projects involve a slow and complex government bidding process.
- Infrastructure projects can take several years to complete and require continuous maintenance and upgrades.
- Streamlining government processes and consolidating oversight can help expedite infrastructure projects.
- Continuous maintenance and upgrades are essential to ensure the reliability and security of infrastructure systems.
- Proactive measures are necessary to prevent infrastructure failures and mitigate the impact of cyber attacks.
- There are job opportunities in the field of OT cybersecurity, and vocational education and training are available.
- Engaging with experts and organizations in the field can provide valuable insights and guidance.
More About The Episode
Hosted by: Aaron Crow
Guest: Luther 'Chip' Harris
Connect with Luther 'Chip' Harris:
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: https://protectitall.co/
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Audio production by NMP. We hear you loud and clear.
Next Episode
Tools and Techniques for Better Network Visibility and Vulnerability Management with Kylie McClanahan
In Episode 10 of Protect It All, titled "Tools and Techniques for Better Network Visibility and Vulnerability Management with Kylie McClanahan," host Aaron Crow and guest Kylie McClanahan dive into the critical elements of enhancing cybersecurity through advanced tools and strategies. Kylie, CTO of a company specializing in this field, shares her insights on overcoming the challenges of consistent naming conventions, accurate vendor data, and breaking down silos for effective communication across teams.
They explore the utility of tools like Spartan and Network Perception in visualizing network vulnerabilities, mapping asset inventories, and planning effective patch management. They emphasize the importance of correlating vulnerabilities with business priorities rather than just CVSS scores and the need for a layered security approach.
The episode also discusses cybersecurity risks to non-technical stakeholders, highlighting the business implications. The duo discusses the evolving landscape in the power utility sector, the dual nature of physical and cyber threats, and the ever-present need for continuous adaptation.
Kylie shares her excitement about machine learning and graph neural networks for grid state estimation while expressing caution about AI tools' accuracy. Aaron and Kylie stress the importance of reliable data, automated processes, and vendor security advisories in maintaining effective asset management.
Key Moments:
03:47 Discussion focused on improving cybersecurity classifications and communication.
08:48 Compliance sometimes leads to minimum effort for benefit.
11:17 Vendor security advisories prioritize patch tracking.
14:46 Testing for security vulnerabilities and potential exploits.
17:20 Understanding and communicating cybersecurity risk to non-professionals.
20:50 Disagreement on consistent product naming causes confusion.
25:46 NVD website publishes overwhelming recent vulnerabilities.
27:07 Understanding the importance of asset management.
32:13 Challenges of tracking change management in organizations.
33:33 People, process, and technology are crucial investments.
37:34 Spartan takes any scan, offers change management.
39:55 Vision of the future: a dynamic ecosystem.
43:19 Vendors acknowledge changes in control systems effectiveness.
48:09 Equations useful, AI for optimization, caution with models.
49:28 Questioning truthfulness of AI in HR replacement.
53:01 Toyota and Lexus prioritize reliable, tested technology.
About the guest :
Kylie McClanahan is the Chief Technology Officer of Bastazo, Inc and a doctoral candidate in Computer Science at the University of Arkansas. She has nearly a decade of experience with cybersecurity in the electric industry, including both professional experience and frequent collaborations with industry as a graduate researcher. Her research explores the automation of vulnerability analysis and remediation using natural language processing and machine learning. She holds a GCIP certification from GIAC and speaks frequently about cybersecurity in industrial control systems.
How to connect Kylie:
https://www.linkedin.com/in/kyliemcclanahan/
https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc
Connect With Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: https://protectitall.co/
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest or suggest a guest/episode, please email us at [email protected]
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/protect-it-all-304111/from-basics-to-quantum-a-comprehensive-dive-into-cybersecurity-trends-49324349"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to from basics to quantum: a comprehensive dive into cybersecurity trends on goodpods" style="width: 225px" /> </a>
Copy