#250 - Understanding Vulnerabilities, Exploits, and Cybersecurity
Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management.
Chapters
00:00 Introduction and Guest Welcome
00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast
02:12 Meet Todd Beardsley: From Hacker to Security Research VP
03:58 The Evolution of Vulnerabilities and Patching
07:06 Understanding CVE Numbering and Exploitation
14:01 The Role of Attribution in Cybersecurity
16:48 Cyber Warfare and Global Threat Landscape
20:18 The Rise of International Hacking
22:01 Delegation of Duties in Offensive Warfare
22:25 The Role of Companies in Cyber Defense
23:00 Attack Vectors and Exploits
24:25 Real-World Scenarios and Threats
28:46 The Importance of Communication Skills for CISOs
31:42 Ransomware: A Divisive Topic
38:39 Actionable Steps for Security Executives
45:58 Conclusion and Final Thoughts
--------
46:48
--------
46:48
#250 - Understanding Vulnerabilities, Exploits, and Cybersecurity
Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management.
Chapters
00:00 Introduction and Guest Welcome
00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast
02:12 Meet Todd Beardsley: From Hacker to Security Research VP
03:58 The Evolution of Vulnerabilities and Patching
07:06 Understanding CVE Numbering and Exploitation
14:01 The Role of Attribution in Cybersecurity
16:48 Cyber Warfare and Global Threat Landscape
20:18 The Rise of International Hacking
22:01 Delegation of Duties in Offensive Warfare
22:25 The Role of Companies in Cyber Defense
23:00 Attack Vectors and Exploits
24:25 Real-World Scenarios and Threats
28:46 The Importance of Communication Skills for CISOs
31:42 Ransomware: A Divisive Topic
38:39 Actionable Steps for Security Executives
45:58 Conclusion and Final Thoughts
--------
46:48
--------
46:48
#249 - Unveiling AI and Crypto Threats with Microsoft's Tomas Roccia
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.
Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf
GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response
Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc
Chapters
00:00 Introduction to AI and Cryptocurrencies
00:27 Welcome to CISO Tradecraft
00:55 Guest Introduction: Tomas Roccia
01:06 Tomas Roccia's Background and Career
02:51 AI in Cybersecurity: Defensive Approaches
03:19 The Democratization of AI: Risks and Opportunities
06:09 AI Tools for Cyber Defense
08:09 Challenges and Limitations of AI in Cybersecurity
09:20 Microsoft's AI Tools for Defenders
12:13 Open Source AI Security: Project Nova
18:37 Community Contributions and Open Source Projects
19:30 Case Study: Babit Crypto Hack
22:12 Money Laundering Techniques in Cryptocurrency
23:01 AI in Tracking Cryptocurrency Transactions
26:09 Sophisticated Attacks and Money Laundering
33:50 Future of AI and Cryptocurrency
38:17 Final Thoughts and Advice for Security Executives
41:28 Conclusion and Farewell
--------
43:08
--------
43:08
#249 - Unveiling AI and Crypto Threats with Microsoft's Tomas Roccia
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.
Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf
GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response
Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc
Chapters
00:00 Introduction to AI and Cryptocurrencies
00:27 Welcome to CISO Tradecraft
00:55 Guest Introduction: Tomas Roccia
01:06 Tomas Roccia's Background and Career
02:51 AI in Cybersecurity: Defensive Approaches
03:19 The Democratization of AI: Risks and Opportunities
06:09 AI Tools for Cyber Defense
08:09 Challenges and Limitations of AI in Cybersecurity
09:20 Microsoft's AI Tools for Defenders
12:13 Open Source AI Security: Project Nova
18:37 Community Contributions and Open Source Projects
19:30 Case Study: Babit Crypto Hack
22:12 Money Laundering Techniques in Cryptocurrency
23:01 AI in Tracking Cryptocurrency Transactions
26:09 Sophisticated Attacks and Money Laundering
33:50 Future of AI and Cryptocurrency
38:17 Final Thoughts and Advice for Security Executives
41:28 Conclusion and Farewell
--------
43:08
--------
43:08
#248 - A Black Hat Chat with ThreatLocker CEO Danny Jenkins
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve.
Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/
ThreatLocker - https://www.threatlocker.com/
Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b
Chapters
00:00 Introduction and Welcome
00:27 Meet Danny Jenkins, CEO of Threat Locker
01:12 The Philosophy Behind Threat Locker
02:52 Customer-Centric Culture at Threat Locker
04:32 Technical Leadership and Personal Insights
08:55 Leadership Advice for Aspiring CISOs
11:22 Conclusion and Farewell
Österreich