SECNORA Podcast

Secure By Design

SECNORA Cyber security talks

Episodes

  1. Jun 4

    Zero Trust: Strategy, Hype, or Both?

    In this episode, cybersecurity expert Adeel Shaikh Muhammad discusses the realities, myths, and marketing hype surrounding Zero Trust security. He explains its importance in modern cybersecurity, how to implement it effectively, and the role of AI and leadership in the Zero Trust journey.

    36 min

  2. May 15

    Are We Still Defending Sytems, or Are We Now Defending Reality?

    In this insightful interview, cybersecurity pioneer Winn Schwartau shares his decades of experience, discussing the persistent issues in cybersecurity such as apathy, arrogance, and ignorance. He emphasizes the importance of time-based security, trust, decision-making, and the evolving landscape of cyber threats including AI and deepfakes.ResourcesInformation Warfare by Wynn SchwartauThe OODA Loop by John BoydAnalog Network Security by Wynn Schwartau

    1h 12m

  3. Mar 19

    When AI can Fake you and Technology can Upgrade You

    Summary In this groundbreaking episode, cybersecurity expert Len Noe discusses the fusion of human and machine, the future of cyber defense, and the ethical implications of transhumanism. Discover how AI, biohacking, and cognitive security are shaping our digital and biological identities. Key topics The definition and philosophy of transhumanismBiohacking and human augmentation with implantsThe impact of AI on trust and identityCognitive security and the human mind as an attack surfaceNeural interfaces and brain-computer communicationThe ethical and legal considerations of biohackingFuture technological advancements in cybersecurity and medicineThe societal implications of merging biology with technology Resources Cognitive Security Institute - https://cognitivsecurityinstitute.org/2045 Project - https://2045.com/Neuralink - https://neuralink.com/Synchron (Brain-Computer Interface) - https://synchron.com/The Art and Science of Meta War (Book) - https://www.amazon.com/dp/B09XYZ1234

    1h 6m

  4. Feb 26

    Cybersecurity and AI professional, Founder & CTO of Think Techmode

    summary In this episode of Secure by Design, Daniel Kulig and Aylin Orial discuss the rapid evolution of AI in the FinTech sector, emphasizing the shift from experimentation to accountability. They explore high-impact AI use cases, the importance of security in AI implementation, and the need for effective governance and compliance. Aylin shares insights on the shared responsibility of cybersecurity and the necessity of clarity in decision-making processes. The conversation concludes with practical lessons for leaders in the industry and a forward-looking perspective on the future of AI in FinTech. Takeaways AI has transitioned from experimentation to production accountability.Fraud detection and risk management yield the fastest ROI in FinTech.Security must be integrated into the development process, not treated as an afterthought.Governance frameworks should scale with the risk associated with AI use cases.The role of the CTO is evolving to include shared cybersecurity responsibilities.Clarity in decision-making processes is crucial for successful AI implementation.Organizations must prioritize human oversight in AI systems to mitigate risks.Effective collaboration between CTOs and CISOs is essential for managing AI-related risks.AI can enhance security but also introduces new vulnerabilities.A hybrid approach of buying and building AI solutions is often the most effective strategy. Chapters 00:00 The Rapid Evolution of AI in FinTech11:48 High Impact AI Use Cases in FinTech24:08 The Role of Security in AI Implementation36:00 Governance and Compliance in AI43:01 Lessons Learned and Future Outlook

    45 min

  5. Jan 29

    Best-of-Breed vs Platform: The Security Vendor Tradeoff Nobody Gets Right

    Summary In this episode of Secure by Design, host Daniel Kulig and guest Eric Boemanns discuss the complexities of vendor management in IT security. They explore the pros and cons of multi-vendor strategies versus consolidation, emphasizing the importance of independence in building and validating security programs. The conversation highlights the challenges organizations face with vendor sprawl, the triggers for vendor conversations, and the need for clarity in decision-making. Practical steps for managing vendors and ensuring effective security outcomes are also shared, culminating in actionable takeaways for listeners. Takeaways Leaders face pressure to consolidate or use multiple vendors.Independent validation is crucial for effective security programs.Vendor sprawl complicates security management.Consolidation can lead to vendor lock-in risks.Multi-vendor strategies can enhance resilience.Clarity in vendor choices is essential for decision-making.Audits can lead to optimizing for compliance over resilience.Continuous testing is necessary for security effectiveness.Building and validating should be separate processes.An inventory of security tools is the first step in management.

    49 min

  6. 11/27/2025

    Unlocking Executive Buy-In Through Tabletop Exercises

    Summary: In this episode, Daniel Kulig and cybersecurity expert Philip Lee discuss the importance of tabletop exercises in securing executive buy-in for cybersecurity initiatives. They explore how these exercises can transform abstract cyber risks into tangible business impacts, the common misconceptions executives have about cybersecurity, and the key ingredients for designing effective tabletop exercises. Philip shares insights on how to engage executives, the importance of cross-functional communication, and how to measure the success of these exercises. The conversation emphasizes the need for tailored scenarios, the role of lessons learned, and the frequency of tabletop exercises to build organizational resilience. Takeaways: Tabletop exercises can bridge the gap between cybersecurity and executive leadership.Engaging executives in realistic scenarios helps them understand the impact of cyber risks.Avoid fear-based tabletops; focus on proactive engagement and learning.The right attendees are crucial for effective tabletop exercises.Informal communication channels often develop as a result of tabletop exercises.Tailor scenarios to the specific business context and threat landscape.Lessons learned discussions are critical for translating insights into action.Frequency of tabletop exercises should balance engagement and effectiveness.Cross-functional communication improves after tabletop exercises.Success is measured by engagement and actionable insights, not just attendance.

    1h 18m

  7. 10/22/2025

    How Big Data & Privacy Is Governed Across AI & Cybersecurity

    In this episode of the Secure by Design podcast, host Daniel Kulig engages with Horatio Morgan, a digital innovation expert, to explore the intricate relationship between big data, AI, and cybersecurity. They discuss the importance of data governance, the challenges organizations face in balancing data scale with security and privacy, and the emerging threats in AI. Horatio shares insights on the key stakeholders in AI governance, influential regulatory frameworks, and practical tools for ensuring privacy. The conversation also covers case studies of successes and failures in data governance, predictions for the future of AI, and advice for organizations and professionals navigating this complex landscape. Takeaways Data is the foundation of everything.Big data can give you power, but if you can't use it, that equals zero.Treat data as a governed asset.Privacy gives us permission to do stuff.Governance isn't a department, it's a coordinated teamwork.You must promote a culture of responsible curiosity.Explainable AI is a compliance tool.The future belongs to tech philosophers.If the customers are not on board, that equals no trust.The smarter the system gets, the smarter the attackers become.

    1h 11m

  8. 09/10/2025

    The Human Element in Cybersecurity

    In this episode of Secure by Design, host Daniel Kulig and guest Christopher Buch from Nimblr Security discuss the often-overlooked human aspect of cybersecurity. They explore how human behavior plays a critical role in cybersecurity, the psychological triggers that lead to phishing attacks, and the importance of effective cybersecurity awareness training. The conversation emphasizes the need for ongoing training, fostering a security culture within organizations, and the role of leadership in promoting cybersecurity awareness. They also touch on future challenges, including the impact of AI on phishing attacks and the necessity for organizations to adapt their approaches to different cultures and age groups. takeaways Human behavior is a critical factor in cybersecurity.85% of successful breaches are due to human error.Urgency and confusion are common tactics used by scammers.Effective training requires ongoing engagement and updates.Management must actively participate in cybersecurity training.Cybersecurity awareness should be part of the organizational culture.Different age groups may respond differently to training.Behavior change in cybersecurity is a gradual process.AI will enhance the sophistication of phishing attacks.Organizations must view cybersecurity as an ongoing journey.

    48 min

  9. 08/08/2025

    How CISOs Are Governing AI in the Wild

    In this episode of Secure by Design, host Daniel sits down with Sandamali to explore the rapidly evolving intersection of AI, cybersecurity, and governance. From AI's role in risk amplification to the evolving responsibilities of the CISO, they dive into the challenges and opportunities of governing AI in today's digital landscape. Sandamali shares insights into how Governance, Risk, and Compliance (GRC) is adapting to handle AI, along with real-world use cases and pitfalls that companies should watch out for. Plus, learn how organizations can build an AI-ready, security-first culture and prepare for the future of AI governance. Don’t miss this engaging conversation on navigating AI’s sharp edges while securing the digital future.

    57 min

  10. 07/18/2025

    Vulnerability Hunters: How Security Flaws Are Found and Weaponized (Understanding Vulnerability Discovery and Exploitation)

    In this episode of Secure by Design, we dive deep into the shadowy world of vulnerability discovery and exploitation. From zero-days to n-days, bug bounty programs to advanced persistent threats, we unpack how security researchers, red teamers, and adversaries find flaws in software—and how those flaws are weaponized. You’ll learn: The lifecycle of a vulnerability—from discovery to public disclosure or underground sale. Techniques used to uncover bugs (fuzzing, reverse engineering, source code review, etc. Real-world stories of critical CVEs and how they were exploited The difference between ethical disclosure and weaponization How organizations can detect, respond to, and stay ahead of exploitation attempts Whether you're a security professional, developer, or tech enthusiast, this episode offers a front-row seat to the high-stakes hunt for vulnerabilities that shape our digital security landscape.

    38 min

  11. 06/12/2025

    “Your Code, Their Target:Defending the Software SupplyChain with SLSA”

    Software supply chain attacks are on the rise — from dependency hijacking to CI/CD compromise. In this session, we dive into how the SLSA (Supply-chain Levels for Software Artifacts) framework helps you secure the integrity of your builds, detect tampering, and implement end-to-end trust in your development pipeline.What you'll learn:The anatomy of modern software supply chain attacksAn overview of the SLSA framework and its levels (1–4)How to integrate SLSA into your CI/CD workflowsReal-world breaches and how they could’ve been preventedPractical steps for developers, DevOps, and security teamsWhether you're an engineer, CISO, or DevSecOps practitioner, this session will give you a clear roadmap for hardening your software delivery process.📌 Subscribe for more content on secure development, DevSecOps, and emerging threats in the software ecosystem.

    46 min
  • 11 Episodes

About

SECNORA Cyber security talks

Information

  • Creator
    Secure By Design
  • Years Active
    2025 - 2026
  • Episodes
    11
  • Rating
    Clean
  • Copyright
    © Secure By Design
  • Show Website
    SECNORA Podcast