WE'RE IN!

Cybersecurity has a complexity problem. A tangled web of technical, psychological, economic and geopolitical factors enable and motivate malicious actors. Michael Daniel, CEO and president of the Cyber Threat Alliance, is helping public and private organizations decode these complex motivations with information sharing, including the Ransomware Task Force.

In this episode of WE’RE IN!, Michael elaborates on his "immune system" approach for the internet, a strategy where threats are quickly identified and neutralized. But this requires robust – and highly trusted – information sharing between groups.

Listen to hear more about:

• The threat assessment for the 2024 Paris Olympics, highlighting potential threats from Russia and Azerbaijan
• The need for more resilient software systems that can degrade gracefully rather than catastrophically fail
• Michael’s thoughts on industry diversification and the value of different viewpoints in tackling cybersecurity challenges

Anand Prakash on cloud security startups and next-gen hacking

Anand Prakash, founder of startup PingSafe, shares his insights on building a successful cybersecurity business and his experience as a top bug bounty hunter. He emphasizes the importance of fast execution, accountability and learning from mistakes when growing the company acquired by SentinelOne, where he’s now a senior director of product management.

In the latest episode of WE’RE IN!, Anand touches on India's prominence in global tech – particularly in security research and bug bounty programs – and he shares his personal journey into cybersecurity, which began with a curiosity about hacking at a young age in cyber cafes.

Listen to hear more about:

• How bug bounty programs have evolved, with companies now more open to ethical hacking due to increased awareness of data breaches
• The viability of government efforts to reduce entire classes of vulnerabilities like SQLi
• If AI is effective in improving red teaming and bug bounty hunting

Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.

In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks.

Listen to hear more about:

• The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
• Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
• Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats

Dennis Fisher, editor-in-chief at Decipher, reflects on his journalism career covering cybersecurity for more than two decades in the latest episode of the WE’RE IN! cybersecurity podcast. He began in 2000, covering email before transitioning to security. Soon his focus shifted to vulnerability reporting, including blockbuster bugs in Windows and Internet Explorer. This led to Microsoft's trustworthy computing memo and significant changes in the software industry.

Dennis also discusses the challenges of cybersecurity journalism and the importance of democratizing information.

Listen to hear more about:

• The overlap between cybercrime and traditional organized crime and the impact of cryptocurrency
• Dennis’s interest in crime novels and the challenges of incorporating his background into his own books
• The surprising topic Dennis would cover if he wasn’t focused on security

Sara Mosley, technical director for the Bureau of Diplomatic Security's Cybersecurity and Technology Services, works with the U.S. State Department to help identify threats and potential compromises. In her role, she advocates for a Zero Trust approach that focuses on protecting critical data rather than trying to secure everything equally. She recommends balancing security measures with mission needs to prevent users from circumventing security protocols.

In this episode of WE’RE IN!, Sara underlines the importance of collaboration between IT and security teams to adequately protect data and address relevant threats in anticipation of the September deadline for federal Zero Trust compliance.

Listen to hear more about:

• The role of the private sector in adopting Zero Trust frameworks and providing security tools
• Preparing for emerging technologies like quantum computing and their accelerated development due to AI advancements
• Why Sara believes hackers will initially benefit more from AI advancements than defenders