Trust Issues CyberArk

In the 50th episode of the Trust Issues podcast, host David Puner interviews Justin Hutchens, an innovation principal at Trace3 and co-host of the Cyber Cognition podcast (along with CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe). They discuss the emergence and potential misuse of generative AI, especially natural language processing, for social engineering and adversarial hacking. Hutchens shares his insights on how AI can learn, reason – and even infer human emotions – and how it can be used to manipulate people into disclosing information or performing actions that compromise their security. They also talk about the role of identity in threat monitoring and detection, and the challenges and opportunities AI presents organizations in defending against evolving threats and how we can harness its power for the greater good. Tune in to learn more about the fascinating and ever-changing landscape of adversarial AI and identity security.

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them. He also discusses how browsers have been designed for consumers, not for the enterprise, and how this creates a fundamental problem in the way we treat and design identities around the usage of browsers... until now. Shay introduces CyberArk Secure Browser, which eliminates cookies from the disk completely and provides an end-to-end control of the flow of identity. The conversation also touches on the expanding attack surface, new identities, and how organizations can protect themselves from session-based attacks. Shay emphasizes the importance of least privilege, monitoring, and an assume breach mindset. 

In this episode of the Trust Issues podcast, Kaivan Karimi, Global Partner Strategy and OT Cybersecurity Lead – Automotive Mobility and Transportation at Microsoft, discusses with host David Puner the complexities of the automotive cybersecurity ecosystem, and they explore the challenges and considerations facing the industry. Karimi shares his insights on the role of identity security in automotive cybersecurity and how it helps ensure that only authenticated entities have the privilege to engage in the high-speed exchange of information. He also talks about the importance of data sovereignty, data privacy and compliance in the automotive industry. This episode provides a fascinating look into the present and future world of automotive cybersecurity and the measures being taken to protect against cyber threats. 
Take the audio ride!  

In this episode of Trust Issues, Jan Vanhaecht, the Global Digital Identity Leader at Deloitte Belgium, delves into the intricate realms of digital trust and risk management with host David Puner. The discussion covers topics ranging from the impact of regulations on cybersecurity practices to the pivotal role of identity in building a robust security culture. Unpacking the nuances of digital trust maturity, the episode explores how organizations can navigate the delicate balance between risk and reward. From the emergence of passwordless authentication to the practical applications of Zero Trust principles, the conversation provides valuable perspectives on safeguarding digital landscapes. Join us as we unravel the complexities of cybersecurity and discover how it intertwines with innovation, compliance and the pursuit of trust in the digital age. 

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.