Data Security Decoded

Rubrik

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

  1. hace 1 día

    Shifting Security and Protecting the Pharma Supply Chain with Andy Hillis

    This episode provides a technical exploration of security engineering within highly scrutinized life sciences environments, drawing on Andy Hillis' decades of operational history at The Almac Group. The discussion centers on the practical realities of shifting security left. Andy explains how his organization integrated rigorous info security reviews directly into the initial request for information and request for proposal stages, effectively establishing an unyielding baseline of evidence for third party vendors. Listeners will gain access to battlefield stories regarding the navigation of sudden structural oversight from global regulatory bodies, including the FDA, EMA, and the post Brexit MHRA. The narrative moves past high level compliance abstractions to focus on the technical enforcement of GXP principles, least privilege role based access control, and centralized configuration change management across distributed international networks. Andy challenges conventional industry perspectives on cloud adoption and rapid automation, outlining a calculated, use case driven approach to infrastructure management. The conversation covers critical recovery metrics, defining the architecture required to build a provable, immutable backup position capable of supporting a minimum viable company operational state during an incident. Finally, the dialogue addresses the integration of automated security operations centers and the governance frameworks needed to control decentralized citizen development. What You'll Learn Core methodologies for integrating security teams into early procurement and RFI cycles. Operational frameworks required to support over 200 diverse compliance audits annually. Tactical application of GXP guidelines to digital data retention workflows. Engineering immutable backup states to secure a minimum viable company position. Governance mechanisms for regulating generative AI and managing rogue asset development. Automated SOC implementation techniques designed to suppress alert noise effectively. Value of network discovery tools in mapping complex assets internationally.

    Shifting Security and Protecting the Pharma Supply Chain with Andy Hillis
  2. 30 jun

    Defending the Authentication Flow: Device Code Phishing with Selena Larson

    This episode delivers critical battlefield stories regarding the operational reality of modern identity based threats. Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast and the Only Malware in the Building podcast, joins host ⁠Caleb Tolin⁠ to detail the specific mechanics of device code phishing campaigns, revealing how adversaries exploit legitimate communication structures to capture administrative and enterprise access. The discussion centers on the rapid commercialization of cybercrime, highlighting the leak of specialized kits in late 2025 that catalyzed the democratization of sophisticated technical exploits. The conversation unpacks the behavioral patterns of specific threat groups, analyzing the intersection of business email compromise, credential harvesting, and account takeover jumping. Selena explains how opportunistic targeting allows threats to pivot horizontally through trusted external supplier networks and specific industry verticals. Rather than focusing solely on defensive theory, the dialogue transitions into hard technical controls, challenging the long-term viability of traditional security awareness programs. Defenders are provided with direct architectural recommendations, including the precise deployment of conditional access policies and rigid device compliance frameworks designed to stop unauthorized authentication attempts before execution. What You'll Learn Core operational mechanics behind the exploitation of Microsoft OAuth authentication workflows. Historical transition from early red team utility testing to commercialized phishing platforms. Impact of leaked cyber criminal source code on the current volume of identity attacks. Analytical methods to distinguish between intentional industry targeting and opportunistic account jumping. Strategic deployment of conditional access policies to terminate unauthorized authentication capabilities. Technical constraints of legacy security awareness training against modern behavioral engineering. Structural integration of strict device compliance validation within identity perimeters.

    Defending the Authentication Flow: Device Code Phishing with Selena Larson
  3. 23 jun

    Beyond the Doomsday: Operational Resilience, Identity Sprawl, and Back-to-Basics Cyber Defense

    In this comprehensive roundtable episode, a powerhouse panel of seasoned security professionals—Cynthia Kaiser, Matt Castriotta, Allison Wikoff, John Fokker, Amit Malik, and Joe Hladik—joins host Caleb Tolin to confront the uncomfortable realities facing modern organizations. As digital infrastructure becomes more interconnected, traditional defense playbooks are being constantly challenged by sophisticated automated tactics, complex cloud migrations, and a massive explosion of non-human identities. Across both public and private sectors, the consensus among these experts is clear: maintaining foundational security hygiene is more critical than ever. The episode begins with a deep dive into active threat mitigation, exploring why layered defense strategies and robust identity controls are mandatory components of a resilient architecture. The conversation then seamlessly transitions into cloud environment realities, breaking down the often-misunderstood boundaries of the shared responsibility model. The panel challenges teams to look past surface-level configuration patching and focus intensely on data survivability, business continuity, and systemic recovery planning. Finally, the dialogue shifts to the rapidly evolving frontier of artificial intelligence integration. The guests examine the critical operational differences between simple environmental visibility and context-rich observability. Rejecting sensationalist doomsday narratives, they offer a grounded, realistic blueprint for the future of technological growth. This discussion provides essential high-level insights and tactical takeaways for both technical learners and strategic leaders looking to safeguard their organizations against modern operational risks. What You’ll Learn The Reality of Modern Ransomware: Why today’s cybercriminals act exactly like elite red teams, utilizing native tools to move surreptitiously across networks. Phishing-Resistant Identity Controls: How to implement hard tokens and application-based authentication to eliminate man-in-the-middle vector attacks. The Cloud Backup Blueprint: Practical methods for translating traditional concepts like air-gapping and data immutability directly into hyperscaler environments. Demystifying Shared Responsibility: Why cloud providers guarantee service uptime but leave data security and data care entirely in your hands. Visibility vs. Observability: A clear framework for understanding not just what assets exist on your network, but the active context of what they are executing. Overcoming the "Cyber Red Cross" Syndrome: Why healthcare and critical infrastructure must abandon the assumption that threat actors consider them off-limits. The Human-in-the-Loop Mandate: How to strategically design checkpoint systems that maintain human oversight over rapid AI agent execution.

    Beyond the Doomsday: Operational Resilience, Identity Sprawl, and Back-to-Basics Cyber Defense
  4. 9 jun

    The Anatomy of Cloud Ransomware with Matt Castriotta

    Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host Caleb Tolin, Matt Castriotta, Field CTO for Cloud at Rubrik, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops. The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines. Resources ⁠Rubrik Cloud Cyber Resilience Solutions Microsoft Threat Intelligence Report on Storm-0501 Scattered Spider Threat Profile What You’ll Learn How to separate low-probability disaster recovery protocols from high-probability cyber attacks. The architectural threat mechanisms behind malwareless, privilege-driven data destruction. A blueprint for prioritizing operations based on your minimum viable business components. Solutions to tackle non-human credential sprawl and enforce just-in-time domain separation. The hard realities of cloud platform pricing mechanics during major recovery events.

    The Anatomy of Cloud Ransomware with Matt Castriotta
  5. 26 may

    Running the Inverted Offensive Campaign with Adam Karcher

    What happens when the adversary’s dwell time is measured in years, but your defense is measured in tickets? Adam Karcher, FBI Supervisory Special Agent, Cyber Division, and a member of the Bureau’s AI Working Group, joins host Caleb Tolin to break down the "convergent evolution" of modern cyber threats. Karcher explains why defenders are often stuck in a cleanup cycle, while threat actors operate in a sophisticated, compartmentalized ecosystem that requires a fundamental shift in defensive strategy. The conversation provides a rare look at how the FBI evaluates agentic AI technology. Karcher warns of the transition from AI that simply answers questions to agents that take independent actions, emphasizing why these systems must remain well-bounded and auditable. He also debunks the "glamorous" myth of cyber investigations, revealing why law enforcement breakthroughs almost always stem from human OPSEC mistakes rather than complex code analysis. Whether you are managing legacy mainframes or securing a modern identity stack, this episode provides a tactical roadmap for treating your security posture as an "inverted offensive campaign." Resources Information Sharing and Analysis Centers (ISACs)⁠ ⁠Local FBI Field Offices What You’ll Learn Match your defensive cadence to the adversary's multi-year campaign dwell time. Prioritize auditable AI use cases to prevent autonomous agents from acting on hallucinations. Focus on "people mistakes" like infrastructure reuse rather than just analyzing malicious code. Secure identity stacks to defend against AI-driven deep fakes and precision phishing. Engage with ISACs and local field offices before a crisis occurs.

    Running the Inverted Offensive Campaign with Adam Karcher
  6. 19 may

    Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

    Dr. Ido Sivan Sevilla joins host Caleb Tolin⁠⁠⁠ to break down battlefield stories from a massive analysis of over 3,000 local government entities. Dr. Sivan Sevilla, who serves as an Assistant Professor at the UMD College of Information and holds joint positions at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, brings a multidisciplinary lens to the alarming reality of risk clusters. Their discussion moves past theory to explore how hundreds of counties share identical IP addresses and third-party service providers, creating centralized points of failure that attackers can identify using data. The dialogue highlights the dual-use nature of modern AI models. While these tools allow adversaries to automate exploit generation for open-source software, Dr. Sivan Sevilla, leveraging his expertise as founder of UMD's Tech Policy Hub, explains how defenders can use AI operations to map their own attack surfaces for free. By utilizing honeypots and large language models, limited-resource organizations can transition from reactive patching to a proactive posture. The episode concludes with a strategic look at identity resilience, advocating for adaptive regulations that learn from compliance data rather than static, outdated legislative mandates. Resources CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog This research was conducted by Dr. Ido Sivan Sevilla, Dr. Charles Harry, and Mr. Mark McDermot, with additional support from student researcher Mr. Parthav Poudel What You’ll Learn How to prioritize the 3% of vulnerabilities that actually result in real-world exploitation. The definition of attack surface diversity versus severity in measuring county level risk. The impact of LLMs on identifying flaws in open source software for attackers and defenders. Why risk clusters create a single point of failure for hundreds of independent county governments. Methods for conducting ethical passive reconnaissance to map organizational security postures from the outside. How adaptive regulations can improve compliance by learning from real-time security data and metrics. The strategic benefit of using honeypots to monitor targeted threats against limited-resource digital infrastructure.

    Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla
  7. 5 may

    The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser

    In this episode, host⁠ ⁠Caleb Tolin⁠⁠ explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest⁠ ⁠Cynthia Kaiser⁠⁠ shares Battlefield Stories from her time at the FBI and her current work as SVP of the Ransomware Research Center at⁠ ⁠Halcyon⁠⁠, illustrating how the industrialization of cybercrime has reached a tipping point. They dive into the alarming reality of modern dwell times, specifically looking at how groups like Akira move from initial access to full encryption in as little as one hour. The conversation challenges the industry to face the inconvenient truths of cybercrime and ransomware. Kaiser shares case studies of how modern cybercriminals are adopting multilateral techniques to gain access to and exploit your network. By adopting an Assume Breach mindset, elite defenders can build the defense in depth required to combat malicious threat actors who follow their own rules to cause disruption and destruction. Resources House Homeland Security Committee Testimony: ⁠Online Scams, Crypto Fraud, and Digital Extortion⁠ Halcyon Analysis: ⁠Akira Ransomware Attacks in Under an Hour⁠ Halcyon: ⁠Sicarii Ransomware Encryption Key Handling Defect⁠ Previous Episode Referenced: ⁠Downtime in Healthcare is Fatal: Achieving Resilience in Health & Life Sciences What You’ll Learn Why designating ransomware as terrorism helps influence adversary target selection. The impact of Akira's accelerated dwell time on traditional incident response. How AI enables clumsy amateur "wannabes" to conduct messy attacks. The critical role of phishing resistant MFA in securing the identity perimeter. Why Assume Breach necessitates deep defense in depth strategies. The overestimation of readiness among CISOs compared to actual red team performance Episode Highlights [00:00] - The Case for Designating Ransomware as Terrorism [04:20] - Modern Extortion and the Shortening of Dwell Time [08:30] - Ransomware Recovery in Interconnected Cloud Environments [11:45] - The Impact of AI on the "Wannabe" Attacker [17:45] - Three Actionable Steps for Modern Defenders [21:30] - Inconvenient Truths for Government and Private Sector

    The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser
  8. 21 abr

    The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik

    The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik, Head of Rubrik Zero Labs, and Staff Security Researcher Amit Malik to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies. A primary focus is implementing a three-layer framework for AI Operations. This model targets the Tool Layer, where agents interact with databases; the Cognitive Layer, which serves as the LLM brain; and the critical Identity Layer. The conversation explores stories in which agents, without malicious intent, have caused catastrophic data loss simply by following an optimized logic path. These instances prove that agents need not be sentient to be destructive when they lack proper human-in-the-loop checkpoints. Technical hurdles of Identity Resilience are also addressed, specifically the explosion of non-human identities that spin up and down like elastic cloud infrastructure. The episode examines the fear index regarding job security, noting that 92% of leaders fear for their roles post-breach. Joe and Amit join Caleb to explore the evolution of personal liability for CISOs and the urgent need to move from basic visibility to deep observability. This is a forward-looking briefing for leaders who recognize that, in an era of autonomous routines, the human must remain the ultimate command-and-control center. What You’ll Learn Define the agentic paradox to understand why AI efficiency naturally compromises traditional security guardrails. Implement a three-layer framework to secure the tool, cognitive, and identity components of AI. Transition from basic visibility to deep observability to track autonomous decision-making in real time. Mitigate prompt injection risks by auditing the input and output flows of the cognitive layer. Utilize ephemeral containers to sandbox agentic tools and prevent unauthorized database alterations. Manage the elasticity of non-human identities to maintain control over rapidly spinning AI agents. Anchor AI operations with human-in-the-loop checkpoints to ensure integrity during high-stakes executions. Episode Highlights Defining the Agentic Identity and Autonomous Routines Revenue vs. Resilience: The Drivers of AI Urgency The Three-Layer Framework for Agentic Defense Shadow AI and the Rise of Invisible Insider Threats The Context Gap: Why Rolling Back AI Actions is Hard The CISO Fear Index and Personal Liability Post-Breach Visibility vs. Observability in Elastic Identity Environments

    The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik

Acerca de

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

También te podría interesar