A student/mentor’s perspective on AI

For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security.

Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set of security topics ranging from telling the risk story and categorising risk, to darknet monitoring and infiltration, and using chatbots for security analysis and risk management.

Ethical social engineering

Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed?

Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and hands-on experience working as an ethical hacker specialising in social engineering.

In her conversation with Robby, she shares what goes through her head during social engineering  assignments, and discusses the importance of company culture and management expectations when doing these kinds of assessments.

Ragnhild is particularity interested in the other side social engineering and how we should meet the humans that are involved in these assignments. During this episode she explores what ethical responsibilities we have, what a pentester should demand from a company before accepting an assignment, and what a company should demand back from a pentester.

How will AI impact the next generation of people working with computer science?

This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos. 

Athena was recently visiting colleges, together with her father Brian Contos, a long-time veteran of the mnemonic security podcast. They both noticed a lot of excitement and concern regarding AI amongst those about to embark on their higher education, and questions about how AI will impact their choices of schools, majors, careers, and ultimately their future.

In this episode, Athena and Richard share their perspectives on AI’s potential in education, the ethics of using AI in this context, and how we can go from combating the use of AI in the classroom to making it a useful tool for learning.

How does cybersecurity play a part in ensuring food security?

As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production.

During her conversation with Robby, she shares some of her major research findings, and how data, automation, IoT and AI play an important role in food production these days.

They also discuss the state of cybersecurity in farming technologies and some of the most common cybersecurity threats to the food supply chain.

Conflictual coexistence

Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security. 

He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), including being Chief Security Officer at Altinn, the Norwegian authorities' solution for reporting and dialogue with business and industry.

In his conversation with Robby, Raymond shares from his threat research on predicting APT attack behaviour, including his hypothesis, prediction models and some preliminary findings.

 Raymond and Robby also discuss conflictual coexistence between nation states, especially US-China and US-Russia relationships, and how this has affected the cyber landscape historically, and will continue to affect it in the future.

To join Robby for this episode on Russian cybercrime and ransomware, we’re welcoming Sam Flockhart, Cyber Threat Intelligence Manager at Santander UK.

Sam has a background in military intelligence from the British army, where he has spent a large part of his career looking at Russian influence in Eastern Europe. Including experience from the British army’s support mission to Ukraine.

Sam goes through his presentation “From Russia with ransomware” presented at FS-ISAC EMEA Summit last month. Robby and Sam discuss ransomware groups with direct relationships with Russian intelligence services, their tactics, and how likely it is that ransomware will be used as a weapon in the short – medium term.

To watch Sam’s presentation, visit the video episode on our YouTube channel: youtube.com/mnemonic

Metaverses

Have you been to the metaverse yet? And are you among the 78% that believe the metaverse will provide a significant value to their organisation in the future?

To join Robby for this episode, we’re welcoming Julia Hermann, Senior Technology and Innovation Manager at Giesecke+Devrient, where she works on identifying opportunities in the metaverse.

Julia shares what companies are utilising metaverses well, and where she sees the most opportunities in enterprise, commercial and industrial metaverses. They also talk about ethical dilemmas in, and fair and equal access to metaverses. As well as limitation to the current metaverses, and their technical challenges and cybersecurity risks.

Defending EVE Online

How does combatting botting, hacking, and fraud in a virtual game relate to fighting real cybercrime?

To share his take on this, Maksym Gryshchenko joins us to share how he works as a Security analyst at CCP Games, a leading game developer based in Iceland, and the developers behind the sci-fi role-playing game EVE Online.

EVE Online is known for having an immensely complex market economy system for the game's internal industry and trade between players, and Maks explains to Robby how he and his team works to maintain the integrity of this economy and the game itself. And in the case of EVE, this means more than catching cheaters.

Last year, threat researchers all over the world got a sneak peek into the inner workings of the Russian defence contractor NTC Vulkan. 

The Vulkan files leak provided an interesting behind the scenes look at Russian cyber capabilities and scalability, and the ways state sponsored organisation work. 

Joe Slowik, managing threat intelligence at the cybersecurity company Huntress, joins Robby to talk about how he worked through the hundreds of pages of data from the leak, and what he learned from them.

Cryptology is fundamental for the way the internet works today. But what exactly is modern cryptology, and what are the most common areas in which it’s being used?

To guide us through this complex area, Robby’s joined by Bor de Kock, PhD. in Cryptology and Assistant Professor at NTNU.

They talk about some of the main challenges to cryptology these days, encryption security and its limitations, and how Bor expects quantum computing to affect cryptology.

Bor also shares what makes him both optimistic and pessimistic when it comes to the future of internet security.