PrOTect It All Aaron Crow

Summary
The conversation covers various topics related to cybersecurity, including offensive security, IoT devices, hidden threats in cables, advanced hacking devices, privacy concerns with smart devices, cyber hygiene, securing personal data, risks of social media platforms, importance of cybersecurity education, government regulations, and trends in cybersecurity for 2024. The conversation explores the prevalence of social engineering attacks and the effectiveness of generative AI in social engineering. It discusses the challenges of detecting phishing emails generated by AI and the difficulty of defending against AI-powered attacks. The role of password managers and firewalls in defense is highlighted, as well as the importance of recognizing the limitations of human perception. The conversation emphasizes the need for cyber defense measures in organizations and the vulnerability of the weakest link in the chain. It also addresses the risks associated with third-party vendors and the impact of cyber attacks on critical infrastructure. The importance of cyber-informed engineering and designing with security in mind is discussed, along with the challenges of securing outdated OT systems. This conversation covers various topics related to securing OT networks, including the challenges of upgrading OT systems, the complexity of OT networks, and the use of OT firewalls. The discussion also explores the importance of understanding OT protocols and the security risks of unencrypted OT protocols. Additionally, the conversation delves into the impact of Active Directory issues and the role of AI in cybersecurity. The future of AI and quantum computing in cybersecurity is also discussed.
 
More About The Episode
Hosted by: Aaron Crow
Guest: Duane Laflotte
 
Connect with Duane Laflotte:

Website: www.pulsarsecurity.com/
LinkedIn: https://www.linkedin.com/in/duanelaflotte/

Connect with Aaron Crow:

Website: www.corvosec.com 
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: info@protectitall.co 
Website: https://protectitall.co/ 
X: https://twitter.com/protectitall 
YouTube: https://www.youtube.com/@PrOTectITAll 
FaceBook:  h

Summary
The conversation covers the challenges and risks associated with aging infrastructure, particularly in critical sectors such as power generation and water treatment. The lack of maintenance and neglect of infrastructure pose significant threats to public safety and national security. The integration of IT and OT systems in these sectors creates vulnerabilities that can be exploited by cyber attackers. The conversation emphasizes the need for a comprehensive strategy and funding to address these issues. Additionally, the importance of vocational education and job creation in the infrastructure sector is highlighted. The conversation covers various aspects of infrastructure, including the government bidding process, the slow process of infrastructure projects, the need for streamlining government processes, the importance of continuous maintenance and upgrades, the need for oversight and compliance, the importance of a proactive approach to infrastructure, the consequences of neglecting infrastructure, the impact of cyber attacks on infrastructure, personal journeys into cybersecurity, opportunities in OT cybersecurity, and a call to action to get involved in OT cybersecurity.
 
Takeaways


Aging infrastructure in critical sectors poses significant risks to public safety and national security.
The integration of IT and OT systems in critical infrastructure creates vulnerabilities that can be exploited by cyber attackers.
Comprehensive strategies and funding are needed to address the challenges and risks associated with aging infrastructure.
Vocational education and job creation in the infrastructure sector are crucial for addressing the maintenance and upgrade needs. Infrastructure projects involve a slow and complex government bidding process.
Infrastructure projects can take several years to complete and require continuous maintenance and upgrades.
Streamlining government processes and consolidating oversight can help expedite infrastructure projects.
Continuous maintenance and upgrades are essential to ensure the reliability and security of infrastructure systems.
Proactive measures are necessary to prevent infrastructure failures and mitigate the impact of cyber attacks.
There are job opportunities in the field of OT cybersecurity, and vocational education and training are available.
Engaging with experts and organizations in the field can provide valuable insights and guidance.


 
More About The Episode

In this conversation, Bryson Bort discusses his background and the creation of Scythe, an offensive security platform. He also talks about the ICS Village and the Vulnerability Management Pavilion, as well as his collaboration with the Department of Energy on a vulnerability management research project. Bryson emphasizes the importance of prioritizing vulnerabilities in operational technology (OT) and understanding the risks in power plants. He also highlights the need to build trust with asset owners and gain leadership buy-in for cybersecurity initiatives. Finally, he discusses the importance of connecting technical expertise to business priorities. The conversation explores the importance of building trust and collaboration in the field of cybersecurity, particularly in the context of power utilities. It emphasizes the need for security professionals to be partners rather than adversaries, and highlights the role of organizations like the ICS Village in fostering collaboration and education. The conversation also delves into the concept of purple team exercises and the importance of starting small and growing in cybersecurity initiatives. Additionally, it discusses the significance of conversations with policymakers and the need for more cybersecurity professionals in the industry.
 
More About The Episode
Hosted by: Aaron Crow
Guest: Sevak Avakians
 
Connect with Bryson Bort:

Website: scythe.io
LinkedIn: https://www.linkedin.com/in/brysonbort/

Connect with Aaron Crow:

Website: www.corvosec.com 
LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: info@protectitall.co 
Website: https://www.protectitall.co
X: https://twitter.com/protectitall
YouTube: https://www.youtube.com/@PrOTectITAll
FaceBook:  https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at info@protectitall.co
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
 

Sevak Avakians, CEO of Intelligent Artifacts, discusses the limitations of neural networks and the need for a new approach to artificial intelligence. He introduces Gaius, a platform that replaces underlying neural networks with a transparent and explainable technology. Avakians highlights the challenges of regulating AI and emphasizes the importance of deterministic systems in critical industries. He also discusses the potential applications of AI in cybersecurity and the need for human involvement in AI decision-making. Looking ahead, Avakians is excited about the possibilities of AI but also acknowledges the concerns and risks associated with its implementation. The conversation explores the concerns and potential risks associated with autonomous aircraft and the use of AI and ML in safety-critical systems. Adversarial attacks are discussed as a potential threat, highlighting the need for robust safety regulations. The application of safety standards, such as the DO178C standard, to AI and ML technologies is proposed as a solution. On the positive side, AI is seen as a tool to enhance human capabilities and improve efficiency. The importance of training and wargaming exercises using AI is emphasized. The conversation concludes by discussing the balance between the risks and benefits of AI and providing information on how to learn more about AI.
About Sevak Avakians
As the founder and CEO of Intelligent Artifacts, Inc., Sevak Avakians has been leadingthe development and commercialization of a groundbreaking information processing andAI/ML/R framework, GAIuS, since 2008. GAIuS is a deterministic, fully explainable, anduse-case agnostic symbolic connectionist AI solution that can be applied to mission andsafety-critical domains, such as defense, aerospace, healthcare, and law enforcement.
With a background in physics, telecommunications, information theory, cybersecurity,and artificial intelligence, Sevak has a unique and comprehensive understanding of thechallenges and opportunities in the field of cognitive computing. He is passionate aboutcreating AI solutions that can act, interact, and adapt as information, goals, andrequirements evolve while providing full transparency and accountability for theirdecisions and actions. Sevak's vision is to empower developers, customers, and end-users with the ability to create, deploy, and maintain machine intelligence with ease,efficiency, and confidence.
In 2010, Sevak founded Intelligent Artifacts initially as an R&D and consulting service forcognitive computing. Over the years, he built the GAIuS Cognitive Computing Platformas a commercial product launched in 2016. GAIuS Cognitive Computing Platform, allowsdevelopers to rapidly create, test, deploy, and maintain machine intelligence, learning,classification, predictions, analytics, etc. into their products.
In 2020, the team at Intelligent Artifacts built a reasoning engine into GAIuS, creating thevery first modular, repeatable, use-case agnostic, complete, Artificial Intelligence /Machine Learning / Reasoning (AI/ML/R) platform that adheres to ExCITE AI principles.
GAIuS handles all the complexity of machine intelligence in 4 API calls. GAIuS agentscan be made and deployed in less than 3 minutes. Developers copy-and-paste a GAIuSagent’s API URL into their application. GAIuS agents have DNA and evolve within theirenvironment, eliminating many of the hurdles to achieving true machine intelligence.
 
More About The Episode
Hosted by: Aaron Crow
Guest: Sevak Avakians
 

In this conversation, Ted Gutierrez, the leader of Security Gate, discusses the challenges and strategies in implementing cybersecurity solutions in the critical infrastructure sector. He emphasizes the importance of common language and frameworks to bridge the gap between IT and OT. Ted also highlights the need for asset owners to start slow and focus on key controls, rather than aiming for maturity level 5 in all control frameworks. He discusses the challenges of scaling OT compared to IT and the need for consolidation in the market. Ted concludes by emphasizing the power of saying no and focusing on specific goals. In this conversation, Ted Gutierrez discusses his concerns and excitement for the future of cybersecurity. He expresses concern about the global state of conflict and its impact on cybersecurity. He also discusses the balance between order and freedom in the cyber industry. On the positive side, Gutierrez is excited about the increasing focus on the business side of cybersecurity and the growing understanding of cyber as a business problem. He emphasizes the importance of non-technical leaders understanding cybersecurity. Overall, Gutierrez is confident in the people working to protect the globe.
About Ted Gutierrez
Ted Gutierrez is the CEO and Co-Founder of SecurityGate, the provider of the leading SaaS Platform for OT cyber improvement. He is dedicated to protecting what matters across operational sectors and aligning industrial cyber teams on their cyber improvement journey. With an extensive background as a compliance and risk auditor for critical infrastructure, he understands the pain associated with effectively maturing organizational resilience in a decentralized ecosystem. A United States Military Academy graduate at West Point and a veteran of the US Army as a reconnaissance and surveillance expert. 
Takeaways

Common language and frameworks are crucial for bridging the gap between IT and OT in implementing cybersecurity solutions.
Asset owners should start slow and focus on key controls rather than aiming for maturity level 5 in all control frameworks.
The challenges of scaling OT compared to IT require a shift in perspective and planning.
Consolidation in the market is needed to address the challenges and inflated expectations in the cybersecurity industry.
The power of saying no and focusing on specific goals is essential for success in implementing cybersecurity solutions. Global conflict can have an impact on cybersecurity, but it is important to consider the balance between order and freedom in the industry.
The focus on the business side of cybersecurity is increasing, and non-technical leaders are starting to understand its importance.
Cybersecurity is now seen as a business problem and is being discussed in boardrooms.
The cybersecurity community is filled with dedicated and passionate individuals who are working to protect the globe.

 
Hosted by: Aaron Crow
Guest: Ted Gutierrez
 
Connect with Ted Gutierrez:

Website: https://securitygate.io
LinkedIn: https://www.linkedin.com/in/tedgutierrez/

Connect with Aaron Crow:

Website: www.corvosec.com 

Hosted by: Aaron Crow
Guest: Clint Bodungen
Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 25+ years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the co-founder and CEO of a cybersecurity training startup, ThreatGEN. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training, creating his flagship product, “ThreatGEN® Red vs. Blue”, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolution IR tabletop exercises. As AI technology continues to evolve, so too does his pursuit to help revolutionize the cybersecurity industry using generative AI and large language models (LLM).
Summary
In this conversation, Clint and Aaron discuss the value of tabletop exercises in cybersecurity and the development of auto tabletop, an AI-based tool for facilitating incident response tabletop exercises. They highlight the limitations of traditional tabletops and the benefits of using AI to enhance engagement and flexibility. They address concerns about AI in cybersecurity, such as data privacy and security, and emphasize the use of local language models to mitigate risks. They also discuss the future of AI in the industry and the workforce, emphasizing the importance of learning generative AI and prompt engineering for future job prospects. In this conversation, Clint discusses the automation of tasks using AI and the benefits of using AI as a tool to enhance human creativity. He also explores the future of AI and its potential for accelerating technological advancement. Clint acknowledges the concerns about the potential misuse of AI but emphasizes the importance of using it for good. He highlights the role of AI in reducing barriers to innovation and its significance in cybersecurity. Overall, the conversation highlights the transformative power of AI and its impact on various industries.
Takeaways

Tabletop exercises are important for testing incident response plans and should be conducted regularly for maximum effectiveness.
AI-based tabletop exercises, such as auto tabletop, offer increased engagement and flexibility compared to traditional tabletops.
Concerns about data privacy and security can be addressed by using local language models and fine-tuning models for specific tasks.
AI has the potential to enhance productivity and efficiency in the industry, but proper understanding and implementation are crucial.
Learning generative AI and prompt engineering can increase job prospects in the future. AI can automate menial tasks, allowing humans to focus on more valuable work.