EP 47 - Digital Trust and the Identity Cornerstone

In this episode of Trust Issues, Jan Vanhaecht, the Global Digital Identity Leader at Deloitte Belgium, delves into the intricate realms of digital trust and risk management with host David Puner. The discussion covers topics ranging from the impact of regulations on cybersecurity practices to the pivotal role of identity in building a robust security culture. Unpacking the nuances of digital trust maturity, the episode explores how organizations can navigate the delicate balance between risk and reward. From the emergence of passwordless authentication to the practical applications of Zero Trust principles, the conversation provides valuable perspectives on safeguarding digital landscapes. Join us as we unravel the complexities of cybersecurity and discover how it intertwines with innovation, compliance and the pursuit of trust in the digital age. 

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.

In this episode of Trust Issues, CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills. Noe explains how these AI kiddies use prompt engineering to circumvent the built-in protections of LLMs like ChatGPT and get them to generate malicious code, commands and information. He also shares his insights on how organizations can protect themselves from these AI-enabled attacks by applying the principles of Zero Trust, identity security and multi-layered defense. All this and a dollop of transhumanism … Don’t be a bot – check it out! 

Guest Dr. Magda Chelly, Managing Director and CISO of Responsible Cyber, joins Trust Issues host David Puner for a conversation about third-party risk management and cyber resilience. Dr. Chelly underscores the imperative of prioritizing identity management, particularly as decentralized work environments are becoming the norm in today’s evolving digital landscape. She also explains how breaking things played a critical role in propelling her into a career in cybersecurity – and then in fostering and advancing it. The interview unfolds against the backdrop of Dr. Chelly’s extensive experience and recently authored book, "Building a Cyber Resilient Business," which serves as a handbook for executives and boards navigating the complexities of cybersecurity. If you’re seeking insights on how to gain stronger visibility and control over your organization’s digital identities, this episode is for you.

Join us to learn how build resiliency against today’s ever-growing array of cyber threats – and what’s to come in 2024 and beyond.

In this year-end Trust Issues podcast episode, host David Puner takes listeners on a retrospective jaunt through some of the show’s 2023 highlights. The episode features insightful snippets from various cybersecurity experts and thought leaders, each discussing crucial aspects of the ever-evolving cyber landscape. From discussions on the dynamic nature of threat actors and the need for agile security approaches to insights on identity security challenges in the cloud and the intricacies of safeguarding data, the episode encapsulates a wealth of knowledge shared by industry professionals. With diverse perspectives on generative AI, risk management, cloud security, DevSecOps – and even a personal bear wrestling story – Trust Issues’ 2023 cannon delivers an engaging compilation for both cybersecurity enthusiasts and industry practitioners.

As the podcast looks back on the year's diverse lineup of guests, it serves as a valuable resource for anyone seeking to stay informed about the latest cybersecurity trends, strategies and challenges. The episode emphasizes the importance of adapting to the rapidly changing threat landscape, adopting innovative security practices and fostering collaboration to address the multifaceted nature of cyber risks in the modern digital era.

Clips featured in this episode from the following guests:

Eran Shimony, Principal Security Researcher, CyberArk Labs

Andy Thompson, Offensive Security Research Evangelist, CyberArk Labs

Eric O’Neill, Former FBI Counterintelligence Operative & Current National Security Strategist 

Shay Nahari, VP of Red Team Services, CyberArk

Diana Kelley, CISO, Protect AI 

Len Noe, Technical Evangelist, White Hat Hacker & Biohacker, CyberArk

Theresa Payton, Former White House CIO, Founder & CEO of Fortalice Solutions

Larry Lidz, VP & CISO, Cisco CX Cloud

Matt Cohen, CEO, CyberArk

Charles Chu, GM of Cloud Security, CyberArk

Brad Jones, CISO & VP of Information Security, Seagate Technology

Dusty Anderson, Managing Director, Global Digital Identity, Protiviti

Philip Wylie, Offensive Security Professional, Evangelist & Ethical Hacker

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today's cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies. The discussion extends to the impact of cloud and hybrid environments, the nuances of cyber insurance trends – and the challenges presented by mergers and acquisitions in relation to identity hygiene. Gurevich highlights the growing importance of considering both cloud and on-prem systems with equal rigor, emphasizing the need for comprehensive cybersecurity measures to combat threats and risks. 

Today’s Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets. Contos delves into the pressing issues surrounding IoT, Extended IoT (xIoT) and OT devices' security vulnerabilities – and explores how these vulnerabilities pose threats to consumer privacy, sensitive data and public safety. The conversation also touches on the intersections of identity security with asset intelligence and the importance of understanding the complete asset landscape in cybersecurity. We’re calling this one “The Identity of Things” … Check it out!

In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs' Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta's support unit. The conversation delves into the details of the attacks – who’s behind them, how identity plays a pivotal role in both – and the larger implications of this new breed of supply chain attack amid the evolving threat landscape. Thompson also shares insights into how organizations can better protect themselves and their customers.

Check out the CyberArk blog for further insights into the MGM and Okta breaches. And, watch Andy Thompson in the CyberArk Labs' webinar, "Anatomy of the MGM Hack."

Today’s guest is Charles Chu, CyberArk's General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments. Chu sheds light on the complexities of cloud security, emphasizing the need for tailored solutions to protect against evolving cyber threats. Don't miss this insightful conversation that demystifies cloud security and redefines safeguarding digital assets – and answers the pivotal question: Why doesn’t cloud security taste like chicken?