Crucial Tech
About
Available on
Community
172 episodes
We have written several articles at Cyber Protection Magazine under the title of Defense Against the AI arts and this interview today falls into that category. The company’s name is Enkrypt /www.enkrypt.ai and the CEO is a nice guy named Sahil Agarwal. What the company does, among other things is it provides a red-team service for companies integrating a new AI, either homegrown or third party, and tells the company if the AI has any security holes or other common flaws. Also check out the book review https://cyberprotection-magazine.com/book-review-ai-doctor-take-the-money-and-run?swcfpc=1, mentioned in the intro --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
A very, special episode providing some perspective, without offering an opinion on the legislation, about the TikTok controversy, The debate over the appropriateness of the Congressional action against TikTok can be debated for a long time and probably will until the Senate takes action—which could be weeks. What is less debatable is TikTok’s, and pretty much all of the social media industry’s contribution to the situation. In essence, social media has been hoist on its own petard. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
With the exception of people in insurance, nobody like to talk about insurance. That's why, three years ago, few people felt sorry for the insurance industry as it reeled from claims due to multiple natural disasters, rising costs of automobile repairs and, more specifically, data breaches. Last year, however, was a banner year for cyber insurance while cyber criminals took the financial hit. The size of the global cyber insurance market is predicted to see rapid growth the total market size increasing $20 billion (U.S.) by 2025. That turnaround is largely due to insurance companies requiring heavy prerequisites for cyber awareness, basic cyber hygiene an mandatory, ongoing audits. One of those companies is Upfort, providing a variety of services to the insurance industry to vet potential clients and make sure they stay secure through training, unique firewalls, and red teaming services. We talked to their CEO XingXin about how companies like his are turning the tables on criminals and making insurance affordable. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
It has been a bad month for cybercrime. Yes, attacks are on the way up. Yes, they are still extorting money and causing infrastructure chaos. But there is a massive, shadow-busting spotlight on them right where they live and defense technology is advanced enough that they are hearing footfalls of law enforcement behind them. Recently a faked call from "President Joe Biden" to New Hampshire Democrats urged them not to vote in the state’s primary. It only took a few weeks using AI-detection tools to not only identify what company provided the technology but also the user himself. For today’s episode, we followed this theme and called one of our favorite technologists, Vijay Balasubramaniyan, CEO of Pindrop /Pindrop.com, whose technology can reliably identify AI-generated video and audio tech. Vijay would not confirm whether his product was used in this investigation. You will hear him demur that “we can’t comment on an active investigation.” But he said it in such a way that I’m pretty sure it was. Also, he was interviewed for articles in Wired where he said his tool identified the call as a fake with a factor “north of 99 percent.” Independent researchers at first claimed that number was hard to believe, but after running their own tests grudgingly admitted, “Yeah, that's pretty close.” BTW, this episode is sponsored by Safety National Insurance /safetynational.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Biometric multi-factor authentication is all the rage in security. And yet it is also the cause of terror for security-minded folk. For every breakthrough we get a news story about how it has caused harm. Some systems can’t identify people of color as well as it can caucasian people, which has been a problem of photographic technology for decades. Police using the systems have ended up surveilling if not arresting the wrong people. Using DNA to get an AI to develop a suspect’s face has similar weaknesses. Most recently in Southeast Asia, thieves set up a video call employing deep fake videos to pose as a CFO and financial team and get an employee to transfer $25 million to the thief’s account. In Thailand and Vietnam, hackers stole biometric data to drain accounts in local banks. The last example demonstrates the need for industrywide cooperation in establishing safeguards. The theft was facilitated by the banks using their facial ID recognition software, not that has been developed to industry standards or even state-of-the-art software from companies like Apple. Two organizations have taken the lead in securing the use of biometrics in payment cards (credit, debit, and gift): The PCI (Payment Card Industry) Security Standards Council and the Fast Identification Online (FIDO) group. Both are separate but have worked together for about a decade. We talked with Dennis Gamiello, executive VP for identity products and innovation at Mastercard, about their involvement with FIDO and what it means for all of us. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Generally speaking, 70-90 percent of digital breaches in the world result from human error; someone just not taking proper precautions like not clicking on a link in an email from someone you don't know. But in the healthcare industry, human error is the least of their problems. A whopping 84 percent of breaches are the result of vulnerabilities in the network, both hardware and software. One of those vulnerabilities is in how a clinic or other provider collects and stores that data, so we talked with Hari Prasad, CEO of Yosi Health https://yosi.health/, about that particular problem and how we can protect that important information. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Sam Altman, CEO of OpenAI has infamously said the goal of AI companies is to build AI without concern for application or safety. The safety stuff can be figured out later, he thinks. Luckily there are multiple industries popping up to take care of the application and safety issues concurrently with AI development. Companies like Centific are prt of that effort making sure the data used in training AIs is "clean." In other words, it is both accurate and safe. That's a tough job, according to CEO Venkat Rangapuram, but doable. This interview was conducted in October and my apologies for the delay. If it is true that we have a certain number of things to finish before we die, then I am so far behind I may live forever. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Every year, Wired Magazine publishes an article https://www.wired.com/story/most-dangerous-people-2023/ naming the most dangerous people on the internet and, quite frankly, who gets chosen is fairly obvious, but not altogether accurate. At least that is what we think at Cyber Protection Magazine. So this year, we took our shot at naming the most dangerous people. Give a listen and tell us what you think. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Harri Hursti is an internationally recognized expert on election security and was a focal point in two HBO specials on the subject: Hacking Democracy (2006) and Kill Chain: The Cyber Wars Against America's Elections. So when we decided to do a special issue on election security at Cyber Protection Magazine https://www.cyberprotection-magazine.com this year, getting an interview with him was high on our priority list. We didn't expect it to happen so early, but it's a great start. Hursti runs the Voting Village program at DefCon every year in Las Vegas, under the sponsorship of the Election Integrity Foundation /www.votingvilaage.org In this longer-than-normal interview we got deep into whether the world's elections are secure (they aren't but it is getting better), what companies are producing secure technology for voting (they aren't), and how good intentions make voting insecure. Forget the coffee, get an adult drink and listen. This is also the first episode of many this year to be sponsored by Safety National Insurance, providing protection for large organizations. Visit www.safetynational.com /https//www.safetynatiional.com for more details. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
In a world awash in AI-generated, intentional misinformation and urban myths, would you bet your job on the reliability of the information you want to share? You might be betting someone's life on it. Disinformation (intentional misinformation) has become a major support for both sides of all conflicts in the world. Once called propaganda, technology, mostly social media, has turned state-controlled information into a virtually immortal beast that can end up turning on its creator. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Two years ago we interviewed Jen Caltrider, head of Mozilla foundation's Privacy Not Included group https://www.privacynotincluded.org and got an earful about how bad Meta's privacy was in its products. This year we caught up to Jen and she said they are still bad, but in two years they've been surpassed by Amazon and Google. Before you head out to buy those IoT gifts for Christmas, you might want to listen to this podcast and then check out the site. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Synthedia, a data research company focused on generative AI and synthetic media markets, dropped a study recently on awareness of deep fake and voice cloning technology that raised some interesting numbers. We are doing a deeper dive on the subject at Cyber Protection Magazine next week, but we sat down with Vijay Subramaniyan, the CEO of PinDrop /www.pindrop.com, a study sponsor, to talk more generally about the findings and what the dangers of the technology are. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
The bulk of this episode is about the importance of updating your software no matter how painful it is, and we learn some valuable information about the FREE services of Trackd /www.trackd.com from its CEO Mike Starr that will help you do that with minimum fuss. But the REAL reason I did this interview is that in their pitch to me and in Mike's interview, they used some statistics about the problem of cybercrime and its effects that are not based on truth. They've just been repeated over and over again. That is an inherent problem in technology companies in particular: nobody checks their "facts" and, eventually, the customers learn that the vendors don't know what they are talking about, which kills sales. That is at the heart of the SEC lawsuit against SolarWinds https://www.msn.com/en-us/money/news/sec-sues-solarwinds-over-massive-cyberattack-alleging-fraud-and-weak-controls/ar-AA1j9FPd. What the company thought their services and tools could do was not accurate. They weren't trying to fool the customers, but they did fool themselves. For the next few months, I'll be digging into the theme of "Lies, damn lies, and statistics" in this podcast and on Cyber Protection Magazine /www.cyberprotection-magazine.com. This is the first shot. That's why people like me exist...and there aren't many of us left, which explains why mis/disinformation is so widespread. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Instances of LinkedIn users having their accounts hijacked are a familiar occurrence on social media. Reddit has multiple discussions about the nightmare of trying to restore access to this crucial business tool. So when a friend called me in a panic about having it happen to him, I knew it would be a great opportunity to test out the advice I give to others who have been hit. It isn't easy. It requires patience. And you need all the help you can get from friends. But it can be done. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
The breach of the Las Vegas casinos in August has been the subject of a lot of news and commentary, but one thing that hasn't been discussed is what went on in the 15-minute call to the help desk. This interview with Ryan Healy-Ogden of Click Armor, and Bojan Simic of HYPR takes two completely different takes on that conversation and what can be done to prevent similar breaches. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
The rise of generative AI products for commercial use is probably the fastest and most controversial of any technological advance in history. Governments are scrambling to understand and regulate its use. Billions are being invested in development. At the same time, the general public’s interest in the technology has waned and industry pioneer OpenAI announced a potential bankruptcy in 2024 unless significant new investment is forthcoming. But there is apparently no putting the genie back in the bottle and it is left to all of us to figure out what we can do with it without causing outright disaster. So, for this episode, we have brought this panel of experts to talk about how we can defend against the malicious use of the technology while we mine the benefits. Hyrum Anderson, co-Not With a Bug But a Sticker and an accomplished data scientist with a historical understanding of the tech going back decades; Haseeb Khan, Generative AI Ambassador and at Google; and representing the user base, Milan Lazich, a senior marketing executive, who will discuss concerns and best practices of generative AI. The transcript of this discussion will be available in the AI special issue of Cyber Protection Magazine and will be distributed to attendees at the it-sa exhibition and conference https://www.itsa365.de/en/it-sa-expo-congressOctober 10, and then available to the magazine subscribers in an electronic version after the conference --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
An August report from the Canadian Centre for Cyber Security https://globalnews.ca/news/9923433/cybercrime-canada-report/ said over the next two years, Canada is going to face significant threats from state-supported cyberattacks from Russia, China and North Korea. Canada? What the heck did Canada do to earn the ire of those folks. Canadians are arguably the nicest people in the world. So we called up our favorite Canadian “cybersleuth”, Ian Thornton-Trump, Cyjax /www.cyjax.com’s CISO. to get the skinny. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Most people don't think about accessibility when it comes to the internet. We think of ramps and braille signs and audiobooks. But physical and developmental issues are much more complex than being able to get into a restaurant, especially when it comes to security. I talked with Justin Merhoff, chief of security for Deque (pronounced Dee-cue) Systems in Virginia about the need to make software and digital systems usable for all people, not just most people. And there is an action item for all you in the audience. The National Institute for Science and Technology is working on the first draft of NIST SP 800-50, a standard for cybersecurity and privacy learning, but this draft contains virtually nothing related to people with physical and learning disabilities. If you or people you care about fit that category, now is your chance to give feedback for that standard≥ Go to the site and download the form for comments. Make your voice heard now. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Most people don't think about accessibility when it comes to the internet. We think of ramps and braille signs and audiobooks. But physical and developmental issues are much more complex than being able to get into a restaurant, especially when it comes to security. I talked with Justin Merhoff, chief of security for Deque https://www.deque.com (pronounced Dee-cue) Systems in Virginia about the need to make software and digital systems usable for all people, not just most people. And there is an action item for all you in the audience. The National Institute for Science and Technology is working on the first draft of NIST SP 800-50, a standard for cybersecurity and privacy learning, but this draft contains virtually nothing related to people with physical and learning disabilities. If you or people you care about fit that category, now is your chance to give feedback for that standard≥ Go to the site and download the form for comments. Make your voice heard now. https://csrc.nist.gov/pubs/sp/800/50/r1/ipd --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
There are several reports indicating that the gravy train is about to come to a screeching halt in the cybersecurity industry. Fortune 1000 companies are freezing or cutting back on purchasing budgets for tools and services, which will hit the majority of private and start-up companies that have focused on that segment for 10 years. It's not all bad news. 80 percent of the potential market is all blue water, but it comprises small to medium businesses (SMB) that are not cyber-savvy, and are ready to buy... as long as you can explain what you do in their terms, and demonstrate it works. We talked with Richard Stiennon, founder and chief analyst for IT-Harvest /it-harvest.com, and Grant Wernick, CEO of Fletch that is enjoying remarkable success and growth by serving the smaller customers. While you are listening, drop us a line https://cyberprotection-magazine.com/contact-us and we will send you information about how you can sponsor our special edition to be distributed at it-sa365 https://www.itsa365.de/en/it-sa-expo-congress in Germany this year. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
As generative AI (GAI) platforms become more commonplace, concern over their security issues is growing. As with any digital product, security relies on four arenas. User responsibility, corporate accountability, government regulation and industry standards. The first two are unreliable because users feel put out by having to protect themselves and corporations don’t like to spend money on security upfront. That leads to the third arena, legislation produced by people who don’t know the difference between a thumb drive and a thumbtack. That put a lot of the load on industry standards and one of the most active is the European Telecommunications Standard Institute (ETSI). Cyber Protection Magazine’s (CPM) editors Lou Covey and Patrick Boch sat down with Scott Cadzow, chair of ETSI’s Specification Group for Securing Artificial Intelligence about the progress and problems of standardizing safe GAI. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
One of the major points of contention in the SAG-Aftra/Writers Guild strike is over ownership of the image and voice of performers. Bob Iger said allowing actors to control the use of the image is disruptive to the current paradigm. But my conversation with Anna Bulakh of Repeecher /www.respeecher.com revealed what the studios want is actually the disruption. Anna is the head of ethics for Respeecher. Yes, you heard that right. The HEAD OF ETHICS. Blows my mind. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Most of the discussion about generative AI is either focused on how good or bad it is, without ever discussing that it is JUST a tool. We talked with Anurag Gurtu, chief product officer of StrikeReady, about how the technology can enhance, not replace human involvement. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
It's hard to stay positive about the state of the world as long as you listen to everyone complain about it. One truth overrides that for me: Nothing is as bad as it seems nor as good as some people might tell you. The trick is to focus on the goal. When you see progress... anywhere... take heart. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
The team at Cyber Protection Magazine /www.cyberprotection-magazine,comdoesn't just look at cybersecurity technology. Sometimes we just argue about tech in general. Chief editor Lou Covey and co-founder Patrick Boch have been talking about the Apple Vision Pro headset https://www.apple.com/apple-vision-pro/?afid=p238%7CsUqqBeDSE-dc_mtid_20925qtb42335_pcrid_661093097446_pgrid_152466494080_pexid__&cid=wwa-us-kwgo-watch-slid---Brand-AppleVision-Announce- since it was first announced and still don't agree on it, but we thought the discussion would help others make up their mind on whether to invest $3500 now or wait until the price comes down, So we recorded our last discussion. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Generative AI is BIG business. Maybe too big. In the rush to commercialize and cash in on billions of dollars of investment, Big Tech is letting security slip through the cracks again. Adversaries are weaponizing AI to supercharge phishing attacks, destabilize governments and blackmail innocent people. This episode is the first entry in a months-long series of storeis, podcasts, videos and panels on "Defense Against the AI Arts (with Apologies to Harry Potter". Our first subject Vijay Balasubramaniyan, CEO of Pindrop. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
Telesign /Telesign.com is part of a growing security niche market dedicated to providing the infrastructure companies need to keep customer data safe. We talked with company CMO Kristi Melani about how the industry needs to educated not just corporations but the users in what is available to them. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
This episode is our very first book review. I edited Data for All https://www.manning.com/books/data-for-alllate last year and had my eyes open to both the massive amount of customer data collected by almost every corporation in the world, and the amount of digital waste produced by the effort. There is also a mini-review of Not with a Bug, but with a Sticker https://www.amazon.com/Not-Bug-But-Sticker-Learning/dp/1119883989. These are two books that if you read them (and they are both easy reading) will make you sound like an expert in AI and data science in any gathering of people. That may not be a good thing but I enjoy it. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
#GenerativeAI was front and center at the RSA Conference 2023 in San Francisco. Companies were either promoting it as a means of improving security or warning against it as a security weakness. It was even the keynote on Tuesday by RSA CEO Rohit Ghai, who took a neutral position that leaned positive on its potential. But as he spoke, for the most part, glowingly about the AI age we are entering there were some questions that arose. So we contacted him through his PR agency and he graciously accepted an interview appointment to answer those questions. Our focus was, primarily, on the ethical use of generative AI and the failure of the tech industry to live up to its own stated ethics. The conversation was frank and illuminating. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
You cannot spit without hitting a news story about generative AI (AKA ChatGPT, Bard, etc.). Some of the news is good, some of it bad, and all of it fairly confusing. Cyber Protection Magazine /www.Cyberprotection-magazine.com has been digging through the detritus and find what really is good or bad about it and today we continue that with an interview with a very smart man: Dr. James Norrie, a full-time professor in the Management, Marketing, and Entrepreneurship department at York University and founder of the cybersecurity company CyberconIQ. He holds advanced degrees in cybersecurity and intelligence analysis, copyright law, and project management. And he has a very specific take on generative AI. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support
