Enterprise Software Defenders Enterprise Software Defenders

On the 12th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Lynton Oelofsen, Chief Information Security Officer at Associated British Foods. ABF is a multinational food processing and retail conglomerate with 132,000 employees and over 21 billion dollars in annual revenue. The company plays a significant role in shaping the global consumer food and beverage landscape through its impressive portfolio of subsidiaries and associated brands. In this conversation, Lynton shares his thoughts on the evolving security needs of large enterprises, understanding the double-edged sword of generative AI adoption, and how AI tools can enhance the effectiveness of modern cybersecurity teams.

Quick hits from Lynton:

On preparing for AI-powered threats: "The reality is there is a skill augmentation in terms of the attack vector. The ability to leverage generative AI capability to write things at pace or to automate social engineering, and you're looking at things like that, your ability to be able to write crafted, well-positioned emails that are specific to what someone's doing...starts to become a real concern."

On cybersecurity as a continuous battle: "It's like the Golden Gate Bridge analogy of you paint from one side and you get to the end and you pretty much have to start again. That's what vulnerability chasing around felt like."

On collaborative security efforts: "No single entity can tackle the cybersecurity challenge alone. It's about collaboration, sharing knowledge, and leveraging collective strengths."

Recent Book Recommendation: The Unicorn Project by Gene Kim, Kevin Behr, George Spafford

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise Software Defenders is produced by Josh Meer.

On the 11th episode of Enterprise Software Defenders, host Evan Reiser (Abnormal Security) and special guest host Steve Ward (Former CISO at The Home Depot and TIAA) talk with Betsy Wille, former CISO at Abbott. Abbott is a Fortune 100 global healthcare company that manufactures various healthcare products, including diagnostics, pharmaceuticals, and medical devices. In this conversation, Betsy shares her thoughts on the unique challenges of defending enterprise businesses, AI’s impact on the evolving threat landscape, and how cybersecurity teams can harness AI more effectively.

Quick hits from Betsy:

On the possibility of AI on access management: “I love the possibility of AI in the access management space, role based access, RBAC, and zero trust. I've seen so many programs and none of them really deliver at scale because we don't really know what people need to do their job, particularly in this digital world and proliferation of systems…There is a lot of opportunity for that to become true, we do have the ability to enable only what's needed.”

On the emerging threats posed by AI attacks: “I do think we'll see fewer attacks of opportunity and many more specialized attacks. It takes a lot of work for the criminals to put together targeted attacks; it's a lot of resources, labor, and focus. That had been saved for the high financial gain targets. The rest of the attacks were more around a kind of soft target, a common attack to see where it lands. AI changes that so drastically. It becomes so much easier to create very individualized, customized attacks at organizations. Maybe with a very similar arc and approach, but customized on the front end of how you get in and make it very real to that organization.”

On the potential for AI to transform how enterprises understand themselves: “There is potential for LLMs to translate cyber and technical complexity into something businesses understand. If you talk about something we haven't gotten materially better at over the last 10 or so years, it's talking to the business and translating it. The hardest thing when you come into an organization, especially at a leadership level, is just figuring out how the company makes money. We have to understand the business to protect it…We haven't developed those capabilities over time, but there's potential in the translation through the LLM.”

Book Recommendation: The Art of Gathering by Priya Parker

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise Software Defenders is produced by Josh Meer.

On the 10th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Jason Stead, Chief Information Security Officer at Choice Hotels International. Choice Hotels is a global hospitality company with over 7,400 hotels worldwide and over $1.4 billion in annual revenue. In this conversation, Jason shares his thoughts on AI’s impact in the hospitality industry, the importance of AI skill development in the workforce, and how AI will shape the future of cybersecurity.

Quick hits from Jason:

On evolving threats in the hospitality industry: “There is not enough emphasis on these loyalty account compromises. We see that challenge in hospitality and other spaces today. And so we put in all these automated controls to identify non humans. Yes, there are click farms and you can outsource to people and brute force some of these things and look like a human coming in. But wait until you're able to scale that human behavior exponentially through AI. That is a problem that I think we all know is coming, but the tools are going to have to adjust quickly.”

On AI’s impact for security teams: “It is not going to eliminate people. That is the big fallacy. People are worried that ‘I'm gonna lose my job.’ No, what happens is your SOC analyst one is now a SOC analyst two all of a sudden, and it creates a huge uplift for them, and it allows them to focus on the things that are really interesting. That is the real value in the immediate term for us.”

On AI optimism for enterprises: “I think the power of AI is positive ultimately. There is a lot of doom and gloom about the threat actors using AI. And they are, they're using it today. It is going to evolve. It is going to be much harder. But there are really great entrepreneurs out there that have visions that we haven't even talked to.”

Recent Book Recommendation: Quiet by Susan Cain

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise Software Defenders is produced by Josh Meer.

On the 9th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Patti Titus, chief privacy and information security officer at Markel. Markel is the insurance wing of Markel Group, a global insurance and investment company with over 17,000 employees and $12 billion in annual revenue. In this conversation, Patti shares her thoughts on the opportunities and challenges of AI’s growing popularity, the balance of AI regulation and innovation, and considerations for the next generation of AI threat response.

Quick hits from Patti:
On improving enterprise security training: “ChatGPT has given us a whole new landscape to think about how we are providing the right training and guidelines to our employees. Our adversaries are becoming more sophisticated at figuring out how to socially engineer people. It's becoming more pervasive.“

On security and AI model governance: “Model governance is going to be a necessity. And inside that model, governance is a function of incident response. We are going to have to teach our people to be faster to report than the, ‘Oh, it's just phishing, I'm going to delete it.’ mentality. Don't do that. I want you to report everything. Because all the data that you provide to us enriches our threat perspective so that we can see what's really happening.”

On the duality of AI’s potential: “Can AI become pervasive enough to recognize itself as a threat? And then can it, in turn, think about how that AI is being developed and predict the next step before its counterpart predicts the next step? You are getting into a game of cat and mouse, only much more sophisticated, like the cat and the mouse are playing chess.”

Book Recommendation: The Six Types of Working Geniuses - Patrick M. Lencioni

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise Software Defenders is produced by Josh Meer.

On the 8th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with John Hoyt, Chief Information Security Officer at Clemson University. As a college and premier research institution founded in 1889, Clemson has over 28,000 students, nearly 6,000 faculty and staff, and operates a small city - leading to complex security and technology challenges. In this conversation, John discusses unique security requirements at Clemson, the evolving role of AI in cybersecurity, and the transformative potential of AI in academia.

Quick hits from John:
On the unique security requirements at Clemson: “It's a small city. We do have everything going on. You have researchers and students that live on your network. You have a power plant, you have water treatment, you have a police department, you've got everything. And you are trying to secure all of that and keep tabs on it.“

On AI’s potential to help with threat detection on larger networks: “So how do you keep up with all those pieces to look for unusual patterns? You have to understand what normal is. And it helps you to be like a human intrusion detection engine. When you know, you have looked at these logs a thousand times and so “this” log stands out. And having AI help you with that for your organization is a bit scary, but I do think it is possible already. It is just something connecting those dots to help you.”

On AI’s ability to give defenders an upper hand: “I think that we can get into setting traps for adversaries, like honeypots. It gets me excited the more we can do that. I've done a bit of that with some of these folks that are trying to scam our students. I sent them some documents with canary tokens, those are really interesting. AI could help us enhance that because it's a pain to manage and troubleshoot those things. But I like the proactive defense, where you're not just waiting for the bad thing to happen.”

Book Recommendation: Storyworthy by Matthew Dicks

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise Software Defenders is produced by Josh Meer.

On the 7th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Viswa Vinnakota, Chief Information Security Officer at Xerox. Xerox is a foundational computing and technology company with over 20,000 employees and multiple spinoff companies operating at the frontier of modern technology. In this conversation, Viswa shares his thoughts on enterprise adoption of AI, the growing implications of AI’s accessibility, and AI’s impact on the future of cybersecurity.

Quick hits from Viswa:

On enterprise companies and AI adoption strategy: “When your employees and businesses start adopting generative AI or any kind of AI technologies,, we should always start with the policy. Security is just one part of AI’s risk, but there are a lot of things beyond security. Privacy issues, data security issues, and the ethical use of AI. So as an organization, it's not one person's job to decide how you need to use generative AI.”

On AI’s rapid accessibility: “AI has been there for many years. The biggest change [in the last year] is it's available to everybody. It used to be more of a privileged thing in the past where only certain products had that capability to even build AI into their capabilities, and it's open and accessible to everybody. That shift is bringing new security challenges, and how do we mitigate the risks of adoption of AI within the organization.”

On AI’s potential impact on cybersecurity: “The speed at which you respond to your cyber attacks is definitely important, what we call defensive AI. You can use AI to defend  your organizations, especially around how you analyze the incidents, threat intelligence, and collecting the threat intelligence. You can leverage AI in order to generate some patterns that can help you quickly do your analysis and respond back to the threats that you're actively facing in the organization. It definitely brings efficiency.”

Podcast Recommendation: CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise Software Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/ 
Enterprise Software Defenders is produced by Josh Meer.