Cyber Security Weekly Podcast MySecurity Media

Mark Orsi is the Chief Executive Officer of Global Resilience Federation (http://w.grf.org/), (GRF) a non-profit with the mission to develop and support threat intelligence and information sharing communities including education, operations technology, financial services, retail and hospitality, legal and professional services, energy, health, and oil and natural gas. Launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, GFR is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure. Mr. Orsi led strategic efforts for several prominent Fortune 100 companies, working directly with CIOs and CISOs to develop, deploy, and improve security controls protecting the confidentiality, integrity, and availability of sensitive information. Mark joined the company from JPMorgan Chase where he served as executive director and product owner for cybersecurity and technology controls. Prior to JPMorgan, Mr. Orsi served KPMG as director of cybersecurity, and Goldman Sachs as vice president of technology risk. Mark holds an MBA from Columbia Business School, an MS in computer science from Johns Hopkins University, and a BS in Aerospace Engineering from the University of Maryland In this interview, Mark shared the latest in artificial intelligence, and operational resiliency. Artificial intelligence Mark highlights how the latest AI innovations powered by large language model differ from the previous iterations of AI technologies such as democratising the cyberattacks tools used by nation state actors and leveraging dynamic datasets in training AI models.He also notes how cyber defenders are adopting the technology to “multiply” the efforts of resources, for example, in code development and testing. He also foresees that such technology would empower cyber defenders to deliver more targeted threat intelligence. Through a personal story, Mark illustrates how the technology lowers the barriers of entry for hacktivists and other threat actors, and the importance of exercising extra vigilance – including understanding how the third parties in the supply chain are using AI. He also notes that an “AI” SBOM (akin to the software SBOM) could help to address the AI model and data supply chain concerns. Operational resiliency Mark introduces the Operational Resilience Framework (ORF) launched by Global Resilience Federation’s Business Resilience Council (BRC (https://www.grf.org/brc)) to solve the challenge of providing services in an impaired state. For example, while businesses may have robust processes in place for backing up business or customer data for regulatory reasons, less attention may be paid to backup data such as system images or active directory, network configurations –which would minimize service disruptions in the face of destructive attacks and events. He also explains that ORF was developed to be broadly applicable and is aligned with existing controls like those from NIST and ISO. Some useful links and contacts:* BRC: https://www.grf.org/brc (https://www.grf.org/brc)* Operational Resilience Framework: https://www.grf.org/orf (https://www.grf.org/orf)* Leadership Guide to AI Security - https://www.grf.org/the-leadership-guide-to-securing-ai (https://www.grf.org/the-leadership-guide-to-securing-ai)* Practitioners’ Guide to AI Security -

Mike Silverman has a unique blend of a business and technology background, with 20 years of experience in strategic, technological, financial, and change management leadership across many industries, primarily in Financial Services and Software. He enables firms to innovate, scale, and transform through increasing productivity, reducing costs, and streamlining processes and operations. Mr. Silverman was previously the Global Head of Enterprise Technology Strategy at FIS, the world’s largest Financial Technology Company. Prior to that, he was a management consultant focusing on Corporate & IT Strategy, CxO Advisory, Merger & Acquisition Integration, Business Process Re-engineering, and more, and has held other roles in innovation and development.Mike has an MBA with specializations in Strategy, Finance, and Leadership & Change Management; and a BSE in Computer Engineering, C*m Laude with Departmental Honors.In this interview, Mike shares with the audience highlights of the FS-ISAC (financial services information sharing and analysis centre) APAC Summit 2023 – in particular, on two themes: Artificial Intelligence and Quantum Technology.Recorded 3rd August 2023, U.S. PST 6.am. SGT 9pm.

Jane Lo, Singapore Correspondent speaks with Miao Song, Global Chief Information Officer, GLP Singapore.Miao Song has over 23 years of global experience in various industries, with broad exposure to the Oil/ Energy/Natural Resources as well as Consumer Goods and Health Care business. Over the course of her past tenure, she received many awards such as the CIO of the Year by IDG, Leadership Excellent, Women Leader, CIO of the Year Silicon Valley, Global CIO 100, and more.In this interview, Miao shares the highlights of her presentation, “The emergence of GenAI technology”, at the World AI Show 2023.She notes that latest AI innovation based on LLM (large language model) is significantly different from previous “traditional” AI or machine learning. In particular, the AI LLM models, enable the generation of new content with cognitive search and text summarisation.Noting how the new capabilities could help drive efficiency or help humans “do jobs better” (for instance, in medical diagnosis), Miao stresses such benefits need to be balanced with concerns. Some of these considerations including the impacts on jobs, the need for regulation, and security risks implications. For companies looking to adopt the latest AI innovation, Miao points out that it is “not a simple matter of having a conversation with ChatGPT and the problem will be solved”. Rather, there is a need to understand the space and the technology (data structure and overall technology architecture), and the business pain points, to “translate the business opportunity into technology adoption”.She elaborates that implementing AI is different from a traditional large IT project that typically runs linearly requiring a team of consultants. Instead, the adoption requires hands-on approach to re-iterate “test and learn” cycles - in other words, education – which requires a secure environment to learn the capabilities and limitations of AI. From her firm’s adoption journey, Miao offers a few tips:• the technology team be immersed in the business to build practical use cases. • the need for data architects and engineers to design data structures and identify the data types to be fed into AI • security professionals to implement necessary measures to mitigate potential security breaches and AI specific risks (such as model risks that could lead to fraud)• guidelines for the organisation (for examples, restricted use of confidential company information or personal information to experiment with AI; privacy regulations that are applicable)Wrapping up, Miao offers the view that to remain competitive, companies will have to embrace and adopt the latest AI innovations. She also offers an optimistic view that with generative AI, we can move away from “memorising” knowledge to focus on generating creative ideas.Recorded 2nd August 1.30pm, World AI Show 2023, Singapore Marina Bay Sands.

We speak with Asjad Athick, Cyber Security Lead, APAC for Elastic who gave a presentation at CISO Melbourne earlier this week. Asjad’s presentation encompassed the concepts around ‘unleashing the full potential of AI in security operations’. In today's rapidly evolving threat landscape, security analysts play a crucial role in protecting organizations from cyberattacks. However, the overwhelming volume of security alerts and the complexity of identifying and responding to advanced threats pose significant challenges. Enter Artificial Intelligence (AI), the game-changer in security operations.Asjad discusses the transformative potential of AI in Security Operations Centers (SOCs) and explores how it can empower security analysts to tackle the ever-growing complexities of cybersecurity. By harnessing the power of AI, SOC teams can enhance their capabilities, augment human expertise, and gain the upper hand against adversaries. For further information visit https://www.elastic.co/security#mysecuritytv #elastic #elasticsecurity #generativeai #aicybersecurity

Mr. Dean Gefen is a Director and Founder of Red Alpha Cybersecurity, and the CEO of DART Consulting and Training. Mr. Gefen is an Israeli cybersecurity expert, with more than 15 years of operational experience. He is highly proficient in cybersecurity training and consultancy, including in establishment of cybersecurity operational units, development of extensive training and qualification processes for governments, security organisations and the private sector.Since 2017, Mr. Gefen has been advising and working with several governments in Asia, Europe and the Middle East, training hundreds of cybersecurity professionals annually.In this interview, Dean shares his insights on up-skilling and re-skilling in cybersecurity.He gives his perspectives of how cybersecurity skills are built on technical foundations, and the importance of the ability to understand how the adversary think and could compromise the network. He explains this means the need for cybersecurity professional to demonstrate the non-technical aptitude for the field – including ability to learn and think creatively.He also introduces how Red Alpha’s “Alpha Specialist Training Programme (ASTP)” – a bootcamp and industry attachment cybersecurity training program - contributes to the overall capabilities and capability building in the industry.Wrapping up, Dean also provides his views on lessons we can take from Israel - widely viewed to be one of the best in the world with a proven track record on training skilled cybersecurity professionals - to grow the talent pipeline.To apply to the ASTP programme, https://www.redalphacyber.com/programme-astp (for Singapore)https://www.redalphacyber.com/programme-astp-us (for USA)Recorded at Red Alpha Singapore, 17th July 2023, 10am.

Roanne Monte is the CEO and Chief Product Officer of Armatec Global, a Sydney-based impact technology company serving the defence, critical infrastructure, and public and private sectors. With a steadfast commitment to a human-centred approach to product builds, Roanne leads the company in delivering innovative cyber and physical threat intelligence solutions that prioritizes user needs and drive measurable business value. As the creator and co-architect of the company’s flagship platform CapchrTM, Roanne harnesses the power of deep learning (DL), machine learning (ML), and artificial intelligence (AI) technologies to provide cutting-edge solutions that enhance security, protect critical assets, and ensure the safety of individuals and organizations.An Australian-American raised in Sydney, Roanne holds a bachelor’s degree in computer science and psychology graduating c*m laude from Harvard University and a juris doctor candidacy under an academic scholarship at Macquarie University Law School.Roanne Monte, is set to address the Australian Security Conference about Australia’s Critical Infrastructure security. The panel will be discussing implications arising from the Security of Critical Infrastructure (SoCI) white paper, published by the Australian Security Research Centre in partnership with the Department of Home Affairs, which outlines the need for effective risk management and security planning.For more information visit https://securityexpo.com.au/#mysecuritytv #securityexpo