Data Security Decoded

Rubrik
  • 0.0(0則評分)
  • 科技新聞
  • 隔週更新

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

  1. Ransomware, Remote Access, and the OT Reality Check

    5 小時前

    Ransomware, Remote Access, and the OT Reality Check

    In this episode of Data Security Decoded, Cybersecurity veteran Dawn Cappelli joins host Caleb Tolin to unpack the rapidly evolving threat landscape facing operational technology environments. With decades of experience spanning CERT, Rockwell Automation, and now Dragos, Dawn breaks down how geopolitical conflicts, empowered hacktivists, and ransomware are reshaping OT risk. She shares the five critical ICS controls every organization should prioritize and discusses why community-driven defense models are now essential for resilience. A must-listen for leaders responsible for critical infrastructure, manufacturing, and industrial cybersecurity. What you'll learn: How global conflicts have dissolved previous norms that protected critical infrastructure from cyber retaliation. Why hacktivist groups are becoming more dangerous — and how state actors quietly support them. The five highest-impact ICS security controls and where most organizations fail. Why OT environments remain decades behind IT security — and what leaders must immediately address. How ransomware operators target manufacturing and critical infrastructure for maximum leverage. The risks of insecure remote access and unmanaged third-party connections. How OT-CERT and community defense can uplift organizations with limited resources. Episode Highlights: 00:00 – Opening + Guest Introduction Caleb introduces Dawn and frames her decades of OT and insider threat leadership. 02:00 – Dawn’s Early Journey into OT and Security How nuclear engineering, the CDC bioterrorism portal, and 9/11 sparked her cybersecurity mission. 05:00 – Founding the CERT Insider Threat Center Inside the origin story and its impact on insider risk theory. 07:00 – Moving to Rockwell: The Hidden OT Backdoor Risk Why insider sabotage in OT environments was a turning point in her career. 08:00 – The Geopolitical Shift in OT Threats How Russia–Ukraine changed everything about attacking critical infrastructure. 10:00 – The Rise of State-Aligned Hacktivists Why groups like Cyber Avengers now have real disruption capability. 13:00 – The SANS Five ICS Controls Dawn breaks down the controls that prevent and detect most attacks. 17:00 – Ransomware Trends in OT Why manufacturing is a prime target and how attacks are evolving. 19:00 – The Promise and Peril of Agentic AI in OT Why autonomous agents could cause catastrophic outcomes. 21:00 – OT-CERT: Free Global Resources How Dragos is empowering organizations worldwide with practical support. Episode Resources: Information on OT-CERT: OT-CERT Register for OT-CERT: Register for Dragos OT-CERT | Dragos Information on Community Defense Program: Community Defense Program | Dragos Register for Community Defense Program: Register for Dragos Community Defense Program | Dragos SANS Five ICS Cybersecurity Critical Controls: The Five ICS Cybersecurity Critical Controls

    28 分鐘
  2. The Hidden Risk in Your Stack

    2025/12/16

    The Hidden Risk in Your Stack

    In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk. What You’ll Learn  How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions. Why dependency chains dramatically amplify both exposure and attacker leverage. How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption. Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns. Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture. Episode Highlights 00:00 — Welcome + Why Software Supply Chain Risk Matters 02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic 03:00 — Why Open Source Powers Everything—and Why That Creates Exposure 06:00 — The Real Attack Vector: Contribution as Initial Access 08:00 — Inside the Indonesian “Fake Package” Campaign 10:30 — How to Evaluate Code + Contributor Identity Together 12:00 — Threat Hunting and AI-Enabled Code Interrogation 15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components 16:30 — How Recovery Works When Malware Is Already in Your Stack 19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security 22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices 24:00 — Where to Learn More About Hunted Labs Episode Resources Hunted Labs — https://huntedlabs.com Hunted Labs Entercept Hunted Labs “Hunting Ground” research blog Open Source Malware (Paul McCarty)

    27 分鐘
  3. Top CISO Priorities and Global Digital Trust with Morgan Adamski

    2025/12/02

    Top CISO Priorities and Global Digital Trust with Morgan Adamski

    Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Morgan Adamski who leads Cyber, Data, and Tech Risk at PwC and is a former US national security leader who spent 16 years tracking nation-state threats inside the US government. Coming out of a career spent inside secure facilities without windows or phones and working to address China’s prepositioning in US critical infrastructure, Morgan shares a direct view of how geopolitics is now shaping cyber risk decisions in boardrooms. What You'll Learn: Why only 24% invest in proactive defense, even while 60% call cyber a top priority How AI agents are cutting breach timelines to under 80 days Why cyber insurance is now a hygiene scorecard, not just financial protection The real reason leaders lack confidence in resilience Where legacy systems and supply chain dependencies expose blind spots How public–private collaboration changed the response to China’s infrastructure campaign What CISOs must confront now to avoid being blindsided by the next crisis The conversation gives security leaders and decision-makers a clear view of where current strategies fall short and the choices required to build real resilience before the next crisis forces it. Episode Highlights: [03:43] Why China prepositions inside US critical infrastructure to trigger disruption and panic in a crisis [04:20] Collective defense in action: how victims and industry exposed the campaign [09:27] The truth behind cyber budgets: only 24% invest in proactive defense [11:57] How AI agents are shortening breach lifecycles to under 80 days [13:07] Why cyber insurance is now a security scorecard, not a safety net Episode Resources Caleb Tolin on LinkedIn Morgan Adamski on LinkedIn PwC’s 2026 Global Digital Trust Insights report

    24 分鐘
  4. Agentic AI and Identity Sprawl

    2025/11/18

    Agentic AI and Identity Sprawl

    In this episode of Data Security Decoded, join host Caleb Tolin as he welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack the findings from their new report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, Joe breaks down how the explosion of non-human identities, from API keys to AI agents, is rewriting the threat landscape and forcing security leaders to rethink the perimeter itself. He explains why identity resilience is the new foundation of cyber defense, how to prioritize recovery when every system matters, and what steps teams can take now to stay ahead of emerging agentic AI-driven attacks. What You'll Learn: Why identity has replaced the network as the modern security perimeter How non-human identities outnumber humans 82 to 1, and what that means for control and monitoring Practical steps to build recovery plans around dependency mapping and minimal viable operations Why ransom payments remain high and how better resilience planning can reverse that trend How threat actors exploit backup systems to gain total business leverage What agentic AI really means for cyber defense and how to prepare for its impact The episode offers a clear framework for leaders to transform identity resilience from a reactive measure into a proactive pillar of enterprise security. Episode Highlights: [05:13] The 82:1 Ratio: Why Non-Human Identities Now Define Risk [07:03] Prioritizing Recovery: Building for Minimal Viable Operations [10:53] Declining Recovery Confidence and the Rise of Ransom Payments [15:46] Backups Under Attack: How Threat Actors Seize Business Control [16:32] Agentic AI and the Shifting Nature of Cyber Threats [25:32] What Defenders Can Do Now to Build Identity Resilience Episode Resources Caleb Tolin on LinkedIn Joe Hladik on LinkedIn Rubrik Zero Labs report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats

    25 分鐘
  5. Secure by Design, Secure by Default, Secure by Demand

    2025/11/04

    Secure by Design, Secure by Default, Secure by Demand

    Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain. What You'll Learn: Why security must be a business decision led by executives rather than a technical afterthought How Secure by Design principles inspired more than 300 companies to eliminate entire classes of vulnerabilities The economic incentives that drive insecure software and what must change to realign the market How customers can evaluate vendors and ask the right questions to ensure secure authentication and transparent practices The role of Secure by Demand in helping buyers assess software safety before and after adoption Why initiatives like #ShareTheMicInCyber are essential for expanding diversity and innovation across cybersecurity policy The conversation offers a practical roadmap for executives, CISOs, and technology leaders to integrate secure development practices into business strategy, turning software security from a compliance checkbox into a competitive advantage. Episode Highlights: [08:46] Inside CISA’s Secure by Design Pledge [09:41] The Three Pillars: Secure by Design, Default, and Demand [11:59] Why Security Is an Economic Issue, Not Just Technical [15:41] How Customers Can Drive Change Through Secure by Demand [18:23] The Story and Impact of #ShareTheMicInCyber Quotes: "Security has to be a business decision led by business leaders in the company. It should not be an afterthought. It shouldn't just be left to the security team to sort of try to convince the rest of the company that they should do this. It's the company leadership that should say, this is a priority and therefore orient the different resources and priorities around that particular topic." "Having more secure software is not a technical impossibility. The companies right now are acting rationally in a misaligned market. Secure by Design, at its core, is about shifting those incentives in order to drive a change in behavior." "Software is what economists would refer to as a credence good. It's very hard to assess the quality of a product or a service both before you consume it and after you consume it. We don't have the criteria or benchmarks to fully assess that, and that’s a problem." "We looked at really how to provide guidance, and then we also created the Secure by Design pledge. And at the time when we launched it in 2024 at RSA, we had 68 software companies sign on… And then by the time we left, we had over 300 companies sign on. Now this pledge, you know, it addressed certain things like eliminating entire classes of vulnerability. It talked about enabling multifactor authentication by default across product lines. It talked about a vulnerability disclosure policy. Those are just a few things, but you can see that they're very concrete, measurable actions that lead to better outcomes." Episode Resources Caleb Tolin on LinkedIn Lauren Zabierek on LinkedIn Institute for Security and Technology (IST) Secure by Demand Guide from CISA

    26 分鐘
  6. Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

    2025/10/14

    Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

    Cyber resilience in financial services is often treated as a checklist of tools and controls, rather than what it truly is: a system of people, intelligence, and collaboration working together. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Troy Wells⁠, Intelligence Officer at FS-ISAC and former U.S. Army intelligence officer, to explore how principles like teamwork, trust, and preparation, forged in national security, translate directly into protecting the global financial system. From using fire-safety lessons to explain prevention, detection, and response, to breaking down the difference between AI models and AI agents, Troy shares practical guidance for banks and financial institutions building resilience in the face of evolving threats. What You’ll Learn: Why prevention, detection, and response are strongest when treated as a cycle, not silos How AI models act as “calculators” while AI agents act as “interns,” and what oversight each requires The guardrails that financial institutions should set before deploying AI tools at scale How cloud misconfigurations in even major enterprises reveal the need for security-first design The three threat trends that will shape financial services in the next 12–24 months: identity attacks, supply chain compromises, and AI-enabled adversaries Episode Highlights: [00:22] Troy’s path from Army intelligence officer to FS-ISAC[03:20] Fire-safety lessons: framing prevention, detection, and response in cybersecurity[08:15] The difference between AI models and AI agents, and how to guide each[12:22] Four principles for adopting AI securely in financial institutions[17:00] Cloud misconfigurations and why resilience must be built into architecture[21:39] The top three threats to watch in the next 12–24 months: identity, supply chain, and AI-driven attacks[27:35] Why speed and sophistication make resilience and collaboration essential Episode Resources: Caleb Tolin on LinkedIn Troy Wells on LinkedIn

    27 分鐘
  7. Scattered Spider: the Evolution of Identity-Based Ransomware

    2025/09/23

    Scattered Spider: the Evolution of Identity-Based Ransomware

    Identity-based ransomware is no longer a fringe tactic; it’s becoming the playbook of today’s most dangerous adversaries. Scattered Spider, a financially motivated e-crime group, has shifted the model from smash-and-grab encryption to a far more devastating combination of double extortion, social engineering, and hypervisor encryption attacks. In this episode of Data Security Decoded, host Caleb Tolin welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack how Scattered Spider is evolving the ransomware playbook. From double extortion and identity compromise to hypervisor encryption and legacy system exploitation, Joe explains why these tactics succeed where traditional defenses fail and why building cyber resilience, not just detection and response, is the critical next step for security leaders. What You’ll Learn: How Scattered Spider leverages ransomware-as-a-service and double extortion to maximize payouts Why identity compromise and social engineering make traditional defenses ineffective How “living off the land” techniques and vulnerable drivers bypass signature-based tools Why legacy infrastructure and outdated backup systems are prime targets for exploitation What cyber resilience really means and how to build recovery into your security posture Episode Highlights: [00:30] Joe on Scattered Spider’s financial motivations and shift to double extortion  [06:53] Why identity compromise and social engineering bypass traditional defenses  [08:49] Disabling EDR with “living off the land” techniques and vulnerable drivers  [13:06] Hypervisor encryption: how attackers can take entire backup systems offline  [16:21] Cyber resilience as the future: assuming breach and restoring trusted systems Episode Resources: Caleb Tolin on LinkedIn Joe Hladik on LinkedIn

    14 分鐘
  8. Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

    2025/08/26

    Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

    Chinese state-backed cyber operations are often misunderstood as a single, centrally controlled machine. In reality, they are fragmented, diverse, and strategically aligned with China’s national objectives, from economic development to critical infrastructure positioning. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Mei Danowski⁠, Co-Founder of Natto Thoughts and expert in geopolitical intelligence, to explore how China’s cyber ecosystem operates and how it is shaped by cultural, political, and economic structures. What You’ll Learn: Why Chinese cyber operations are fragmented and decentralized, and why that matters for defenders How private companies in China are tied to the Communist Party and mobilized for cyber objectives The strategic difference between China, Russia, North Korea, and Iran in their cyber operations How China’s targeting priorities have shifted toward telecom, energy, water, and transport infrastructure Three intelligence-driven approaches defenders can use to counter Chinese operations What the 14th Five-Year Plan achieved in cyberspace, and what to expect in the 15th Highlights: [01:50] The fragmented reality of Chinese state-backed cyber operations [05:28] How cultural and political structures shape threat actor behavior [08:47] Comparing China’s cyber strategy to Russia, North Korea, and Iran [12:45] Why telecom, energy, and water systems are top targets [21:24] China’s 14th Five-Year Plan successes and projections for the 15th Episode Resources: Caleb Tolin on LinkedIn Mei Danowski on LinkedIn Natto Thoughts website

    30 分鐘
顯示全部 (42)

簡介

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

資訊

  • 創作者
    Rubrik
  • 活躍年代
    2025年 - 2026年
  • 集數
    42
  • 年齡分級
    兒少適宜
  • 版權
    Copyrights © 2024 All Rights Reserved by Rubrik
  • 節目網站
    Data Security Decoded