54 episodes

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't.
Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

Great Security Debate Great Security Debate Productions LLC

    • Technology
    • 5.0 • 17 Ratings

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't.
Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

    Potpourri of Debate... Now with AI

    Potpourri of Debate... Now with AI

    It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three.
    A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more.
    Links to everything we talked about are available in the show notes.
    Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!
    Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

    • 1 hr 4 min
    The Downfall of All Security (Sales)

    The Downfall of All Security (Sales)

    It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the software providers to the VAR (resellers) in the middle to the people and techniques used to market and sell the solutions. Some of the key topics of the discussion include:
    The challenges of security tool consolidation by non-security vendorsSecurity is not a lock-in tool, and security is not an upsell toolPushing changes to products without telling the customers before they happen or letting those customers have control over the change (and if they take it or not)Security Selling with VARs & Deal Registration What are the motivators when a product is recommended to youYou can still buy direct (and why you might want to)The challenge of selling into the SMBThe power of the “vouch” that flies in the face of some sales methodsThe importance of being genuine in sales communications (aka knock off the programmatic drip campaigns that pretend to be personal)
    Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.
    Thanks for listening!

    • 55 min
    Less LLM, More Piano

    Less LLM, More Piano

    This week we are debating modern AI systems, especially the commercial ones on just about everyone's lips when talking about CVs, high school term papers, and interview answers.
    Large Language Models (LLMs), of which ChatGPT and Bard are two examples, are growing in prominence, but will they disrupt the technology world, or are they nothing more than just another blockchain fizzle?
    In this episode:
    Are these even actually "AI" models, or really just very fast processing of large data sets?What should I (and should I not) be putting into LLMs? How does the re-teaching based on data entered impact what you should put into public LLMs?What are some valid use cases for LLMs?Does depending on tools like LLMs (or calculators) bring us further from core understanding of how things work? Or should we be OK with the efficiency it brings?How does copyright fit into the LLM expectation and model, and does the legal licensing of training data dull the shine of LLMs?Are the analyses from LLMs skewed not only by the data they chose to use for training, but also by the userbase that uses that LLM?How are any of the "good practise" security and privacy requirements for LLM different from any other systems? Spoiler alert: not at all.
    Unrelated to AI, we also talk about what happens to all the "smart" things in your house when the internet goes out? What stops working? Way more than you might think...
    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.
    Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.
    Thanks for listening!
    Links:
    Is OpenAI almost bankrupt?: https://www.windowscentral.com/software-apps/chatgpts-fate-hangs-in-the-balance-as-openai-reportedly-edges-closer-to-bankruptcy
    Maybe not bankrupt, but has business problem: https://www.forbes.com/sites/lutzfinger/2023/08/18/is-openai-going-bankrupt-no-but-ai-models-dont-create-moats/?sh=3c8922845e22
    Gartner declares LLMs at the peak of inflated expectations: https://www.gartner.com/en/newsroom/press-releases/2023-08-16-gartner-places-generative-ai-on-the-peak-of-inflated-expectations-on-the-2023-hype-cycle-for-emerging-technologies
    When ChatGPT goes Bad: https://sloanreview.mit.edu/article/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai/
    https://venturebeat.com/security/how-fraudgpt-presages-the-future-of-weaponized-ai/
    The Circle (Movie): https://www.imdb.com/title/tt4287320/
    Amazon Sidewalk, and it's privacy issues: https://www.popsci.com/technology/amazon-sidewalks-privacy-concerns/
    Idiocracy (Movie): https://www.imdb.com/title/tt0387808/
    Moores law is dead:...

    • 51 min
    Security *is* Business!

    Security *is* Business!

    It's been a minute, but we are back with another Great Security Debate!
    Whether it is compliance, trust, questionnaires, we all sell something to someone and security is core to that process.
    In this episode, the focus is on how security integrates into the core of each of our businesses or organisations. From being part of strategic planning, the reminder that perfect being the enemy of progress, to the power in being a first mover on security and privacy topics:
    Compliance vs security: Is it pro forma? Do you check the SOC2 (and other) reports you get from your suppliers?You're not a special snowflake: Why won't more orgs use standard questionnaires on supplier assessments?There are multiple ways to solve a problem, and context is key. The process and environment may mean you don't need a technology control or a specific (prescribed) technology control."The business" is a term that should never be uttered again by security or technology practitioners and leaders.There is power and business value in governance and transparency in security and privacy; build trust in your brand.We need to move our programs a layer above the specific people. Risk is reduced by living at the process layer. Heroics are not scalable.How can preparing for a triathlon be used to describe adherence to targets that lead to good security (and the brand value that comes with it)
    Remember that you can't be "SOC2 Certified." And PFMEA is not always the answer to every question. Or is it?
    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.
    Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.
    Thanks for listening!

    • 46 min
    Jess and Jeff Invade

    Jess and Jeff Invade

    Welcome to a very special Great Security Debate. If it is spring, it means that the annual Forrester “Top Recommendations For Your Security Program” report has come out, and we get to visit with one of the authors, Jess Burn. But this year, we get an added extra voice in that of Jess’ Forrester colleague Jeff Pollard. Both Jess and Jeff share a ton of insight on topics from that report and a few others (see the links below for blog posts about most of them)
    In this episode we cover:
    How (if) CISOs have been able to become “part of the business” and help colleagues understand that in 2023 security is business.Board reporting by CISOs and CIOs and where/how we succeed and fail.Talent shortages in infosec: a self-created nightmare?Consolidation in times of austerity: right or wrong for security?
    Huge thanks to Jess and Jeff for joining (find their LinkedIn and Twitter in the links section). Even though Jess is legacy, we are pretty sure that Jeff will be welcomed back in 2024 with open arms.
    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.
    Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

    Thanks for Listening!
    Special Guest: Jessica Burn.
    Support The Great Security Debate
    Links:
    Cybersecurity's Staffing Shortage Is Self-InflictedLeadership Communication and Speaker Coaching | Speak by Design | United StatesBuild Better Bridges: Introducing Forrester’s BISO Role ProfileAnnouncing Analyst Experience: SOC Analysts Finally Escape The Shackles Of Bad UXThe Pay Gap Isn’t The Only Problem For Women In CISO RolesTop Recommendations For Your Security Program, 2023 | ForresterHow CISOs Can Navigate The 2023 DownturnJess Burn | LinkedInJeff Pollard | LinkedInJess Burn (@Jess_Burn_) / Twittera href="https://twitter.com/jeff_pollard2"...

    • 54 min
    Bankplosion!

    Bankplosion!

    This week, Brian, Erik, and Dan look into the security impacts of last week’s Silicon Valley Bank closure, both from a direct security risk, but also what we can learn about risk from the events leading up to the incident that we can apply to our information security responsibilities.
    Brian kicks it off with a great description of how Silicon Valley Bank got here (based on what we knew on 12 March 2023 - subject to change as more becomes known after). And from that, we go some of the direct and indirect lessons and implications such as:
    Fraud attempts amongst a bevvy of legitimate bank account payment change requests from companies. Check from a known source before changing where you pay.Putting all your eggs into one (infosec or financial) basket can be risky. And risk can bring great rewards, or great resentmentEvaluating vendors for where they bank as part of third party risk management (or not)Clear insight to tough choices that have to be made to keep small business and startups running - sometimes that’s not “doing every thing of security”Business continuity planning requires a more realistic “yeah that could happen” when doing the reviewRemember that there is no such thing as no risk, just determining the right balance of (realistic) risk and downtime for your organisationIf one vendor goes away suddenly, what happens? What about if 6 go away all at once? Diversity of suppliers vs. focusing on basics in the security stack
    Along with some strong recommendations (or maybe they are warnings) for our security vendor listeners on how not to use this incident as a sales tool (tl;dr: DON’T!), there are a few correlations to the automotive industry. And check out the book club recommendations in the show notes on our website www.greatsecuritydebate.net, too.

    Since we recorded another bank, Signature Bank, has also been closed and placed into receivership. On behalf of all of us at Great Security Debate, we wish all those affected either as companies of these banks or their customers good wishes and hope for good news ahead on the recovery of funds.

    Thanks for listening!
    Support The Great Security Debate
    Links:
    The Demise of Silicon Valley Bank - by Marc RubinsteinAll the Devils Are Here: A Novel (Chief Inspector Gamache Novel Book 16) - Kindle edition by Penny, Louise. Mystery, Thriller & Suspense Kindle eBooks @ Amazon.com.Silicon Valley Bank profit squeeze in tech dip attracts short sellers | Financial PostThe Tenth Man Rule - Principle ExplainedThe Innovator's Dilemma: The Revolutionary Book That Will Change the Way You Do Business: Christensen, Clayton M.: 8601300047348: Amazon.com: Books — https://amzn.to/3LcZKvTThe Innovator's...

    • 1 hr 2 min

Customer Reviews

5.0 out of 5
17 Ratings

17 Ratings

Top Podcasts In Technology

Cool Zone Media
Lex Fridman
Jason Calacanis
BBC Radio 4
Boston Consulting Group BCG
BG2Pod