Data Security Decoded

Rubrik
  • 5,0 (14)
  • TIN TỨC CÔNG NGHỆ
  • HAI TUẦN MỘT LẦN

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

  1. Secure by Design, Secure by Default, Secure by Demand

    2 NGÀY TRƯỚC

    Secure by Design, Secure by Default, Secure by Demand

    Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain. What You'll Learn: Why security must be a business decision led by executives rather than a technical afterthought How Secure by Design principles inspired more than 300 companies to eliminate entire classes of vulnerabilities The economic incentives that drive insecure software and what must change to realign the market How customers can evaluate vendors and ask the right questions to ensure secure authentication and transparent practices The role of Secure by Demand in helping buyers assess software safety before and after adoption Why initiatives like #ShareTheMicInCyber are essential for expanding diversity and innovation across cybersecurity policy The conversation offers a practical roadmap for executives, CISOs, and technology leaders to integrate secure development practices into business strategy, turning software security from a compliance checkbox into a competitive advantage. Episode Highlights: [08:46] Inside CISA’s Secure by Design Pledge [09:41] The Three Pillars: Secure by Design, Default, and Demand [11:59] Why Security Is an Economic Issue, Not Just Technical [15:41] How Customers Can Drive Change Through Secure by Demand [18:23] The Story and Impact of #ShareTheMicInCyber Quotes: "Security has to be a business decision led by business leaders in the company. It should not be an afterthought. It shouldn't just be left to the security team to sort of try to convince the rest of the company that they should do this. It's the company leadership that should say, this is a priority and therefore orient the different resources and priorities around that particular topic." "Having more secure software is not a technical impossibility. The companies right now are acting rationally in a misaligned market. Secure by Design, at its core, is about shifting those incentives in order to drive a change in behavior." "Software is what economists would refer to as a credence good. It's very hard to assess the quality of a product or a service both before you consume it and after you consume it. We don't have the criteria or benchmarks to fully assess that, and that’s a problem." "We looked at really how to provide guidance, and then we also created the Secure by Design pledge. And at the time when we launched it in 2024 at RSA, we had 68 software companies sign on… And then by the time we left, we had over 300 companies sign on. Now this pledge, you know, it addressed certain things like eliminating entire classes of vulnerability. It talked about enabling multifactor authentication by default across product lines. It talked about a vulnerability disclosure policy. Those are just a few things, but you can see that they're very concrete, measurable actions that lead to better outcomes." Episode Resources Caleb Tolin on LinkedIn Lauren Zabierek on LinkedIn Institute for Security and Technology (IST) Secure by Demand Guide from CISA

    26 phút
  2. Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

    14 THG 10

    Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

    Cyber resilience in financial services is often treated as a checklist of tools and controls, rather than what it truly is: a system of people, intelligence, and collaboration working together. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Troy Wells⁠, Intelligence Officer at FS-ISAC and former U.S. Army intelligence officer, to explore how principles like teamwork, trust, and preparation, forged in national security, translate directly into protecting the global financial system. From using fire-safety lessons to explain prevention, detection, and response, to breaking down the difference between AI models and AI agents, Troy shares practical guidance for banks and financial institutions building resilience in the face of evolving threats. What You’ll Learn: Why prevention, detection, and response are strongest when treated as a cycle, not silos How AI models act as “calculators” while AI agents act as “interns,” and what oversight each requires The guardrails that financial institutions should set before deploying AI tools at scale How cloud misconfigurations in even major enterprises reveal the need for security-first design The three threat trends that will shape financial services in the next 12–24 months: identity attacks, supply chain compromises, and AI-enabled adversaries Episode Highlights: [00:22] Troy’s path from Army intelligence officer to FS-ISAC[03:20] Fire-safety lessons: framing prevention, detection, and response in cybersecurity[08:15] The difference between AI models and AI agents, and how to guide each[12:22] Four principles for adopting AI securely in financial institutions[17:00] Cloud misconfigurations and why resilience must be built into architecture[21:39] The top three threats to watch in the next 12–24 months: identity, supply chain, and AI-driven attacks[27:35] Why speed and sophistication make resilience and collaboration essential Episode Resources: Caleb Tolin on LinkedIn Troy Wells on LinkedIn

    27 phút
  3. Scattered Spider: the Evolution of Identity-Based Ransomware

    23 THG 9

    Scattered Spider: the Evolution of Identity-Based Ransomware

    Identity-based ransomware is no longer a fringe tactic; it’s becoming the playbook of today’s most dangerous adversaries. Scattered Spider, a financially motivated e-crime group, has shifted the model from smash-and-grab encryption to a far more devastating combination of double extortion, social engineering, and hypervisor encryption attacks. In this episode of Data Security Decoded, host Caleb Tolin welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack how Scattered Spider is evolving the ransomware playbook. From double extortion and identity compromise to hypervisor encryption and legacy system exploitation, Joe explains why these tactics succeed where traditional defenses fail and why building cyber resilience, not just detection and response, is the critical next step for security leaders. What You’ll Learn: How Scattered Spider leverages ransomware-as-a-service and double extortion to maximize payouts Why identity compromise and social engineering make traditional defenses ineffective How “living off the land” techniques and vulnerable drivers bypass signature-based tools Why legacy infrastructure and outdated backup systems are prime targets for exploitation What cyber resilience really means and how to build recovery into your security posture Episode Highlights: [00:30] Joe on Scattered Spider’s financial motivations and shift to double extortion  [06:53] Why identity compromise and social engineering bypass traditional defenses  [08:49] Disabling EDR with “living off the land” techniques and vulnerable drivers  [13:06] Hypervisor encryption: how attackers can take entire backup systems offline  [16:21] Cyber resilience as the future: assuming breach and restoring trusted systems Episode Resources: Caleb Tolin on LinkedIn Joe Hladik on LinkedIn

    14 phút
  4. Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

    26 THG 8

    Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

    Chinese state-backed cyber operations are often misunderstood as a single, centrally controlled machine. In reality, they are fragmented, diverse, and strategically aligned with China’s national objectives, from economic development to critical infrastructure positioning. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Mei Danowski⁠, Co-Founder of Natto Thoughts and expert in geopolitical intelligence, to explore how China’s cyber ecosystem operates and how it is shaped by cultural, political, and economic structures. What You’ll Learn: Why Chinese cyber operations are fragmented and decentralized, and why that matters for defenders How private companies in China are tied to the Communist Party and mobilized for cyber objectives The strategic difference between China, Russia, North Korea, and Iran in their cyber operations How China’s targeting priorities have shifted toward telecom, energy, water, and transport infrastructure Three intelligence-driven approaches defenders can use to counter Chinese operations What the 14th Five-Year Plan achieved in cyberspace, and what to expect in the 15th Highlights: [01:50] The fragmented reality of Chinese state-backed cyber operations [05:28] How cultural and political structures shape threat actor behavior [08:47] Comparing China’s cyber strategy to Russia, North Korea, and Iran [12:45] Why telecom, energy, and water systems are top targets [21:24] China’s 14th Five-Year Plan successes and projections for the 15th Episode Resources: Caleb Tolin on LinkedIn Mei Danowski on LinkedIn Natto Thoughts website

    30 phút
  5. Breaking the Intelligence-Defense Divide with Scott Scher

    13 THG 8

    Breaking the Intelligence-Defense Divide with Scott Scher

    Cyber threat intelligence is often misunderstood, seen as a niche reporting function instead of the connective tissue that links defenders, leaders, and strategy. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Scott Scher⁠, a cyber threat intelligence (CTI) expert with an unconventional backstory, to explore how his off‑grid years shaped his view on resilience, why CTI should be seen as “counter‑threat intelligence,” and how intelligence defenders, and policy teams can work as one to turn raw data into actionable security decisions. What You’ll Learn: The mindset shift from cyber threat intelligence to cyber counter-threat intelligence Why threat intel must not just inform, but recommend actions for defenders How intelligence insights serve as “cover” for defenders, offering justification and prioritization for security decisions Why we should think of intelligence, defenders, and policy teams as part of a formula, not opposing forces How Scott’s off-grid lifestyle shaped his view on resilience, preparedness, and technology dependency Episode Highlights: [00:01] Scott’s unconventional path from off‑grid homesteading to cybersecurity [03:47] Breaking the “versus” mindset: How intelligence, defenders, and policy work as a formula [08:19] What CTI and defenders really need to understand about each other [12:45] CTI as “cover”: Giving defenders justification and prioritization for key decisions [17:45] How CTI helps organizations protect their most sensitive data Episode Resources: Caleb Tolin on LinkedIn Scott Scher on LinkedIn

    26 phút
  6. The Geopolitical Security Playbook: When Nations Clash in Cyberspace

    31 THG 7

    The Geopolitical Security Playbook: When Nations Clash in Cyberspace

    In this episode of ⁠Data Security Decoded⁠, host ⁠Caleb Tolin⁠ sits down with ⁠Dustin Droullard⁠, a cyber threat intelligence expert and former Army intelligence analyst, to discuss how global conflict is increasingly playing out in cyberspace, from digital espionage to civilian-targeted cyber operations. This episode highlights why organizations must rethink their cyber risk strategies in light of modern geopolitical threats and growing digital exposure. What You’ll Learn: How influence operations are used to confuse, divide, and destabilize Understanding your organization’s role in geopolitical conflicts What basic cybersecurity practice still gets overlooked Where small businesses can find free resources to improve security posture and resilience  How anthropology, business, and literature studies can power cyber careers The gap in current cyber education and how to fix it with critical thinking and specialization Episode Highlights: [00:00:33] From Army Intelligence to Cyber Operations [00:02:45] Espionage vs. Effects: Cyber Tactics in Geopolitical Conflict [00:06:38] Influence Operations and Psychological Warfare [00:10:39] Why Every Business is a Target, Whether They Know It or Not [00:13:21] Cybersecurity on a Budget: Resources for Underserved Organizations [00:15:57] Anthropology in Cyber: Understanding the Human Behind the Hack [00:20:33] Non-Tech Majors That Thrive in Cybersecurity [00:23:03] What Cyber Schools Are Missing: Business, Collaboration & Critical Thinking Episode Resources: Caleb Tolin on LinkedIn Dustin Droullard on LinkedIn CISA – Cybersecurity and Infrastructure Security Agency

    25 phút
  7. HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

    15 THG 7

    HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

    Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by ⁠Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.  In this episode, our host, ⁠Caleb Tolin⁠, is joined by ⁠Errol Weiss⁠, Chief Security Officer at ⁠Health-ISAC⁠ and former cybersecurity leader at ⁠Citi⁠ and ⁠Bank of America⁠. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience. Errol Weiss has been a driving force in advancing cybersecurity resilience across critical sectors, beginning with his early work at the National Security Agency and later leading security programs at Citi and Bank of America. As Chief Security Officer at Health-ISAC, he built a threat operations center from the ground up, delivering original threat intelligence to healthcare organizations that often lack the resources to do it alone. With deep experience across consulting, finance, and healthcare, Errol has become a leading voice in shifting the conversation from protection to recovery, promoting a resilience-first mindset, collaborative intelligence sharing, and a human-centric security culture. Join Caleb and Errol as they explore what makes healthcare cybersecurity unique, how to embed security into clinical culture, and why building a “human firewall” is just as critical as any technical control in today’s evolving threat landscape. Episode Highlights: 00:00 - Intro 01:33 - Moving from consulting and finance to healthcare cybersecurity 02:12 - What ISACs are and how Health-ISAC supports threat sharing 04:39 - Building a threat operations center from scratch 06:38 - Collaboration differences between finance and healthcare ISACs 07:24 - Shifting from disaster recovery to cyber recovery and resilience 09:12 - Why HIPAA 2.0 is unlikely to advance and what’s happening instead 11:58 - How policy mandates collide with healthcare’s talent and budget challenges 13:01 - Biking, mental clarity, and leadership outside of work 14:26 - Embedding security into healthcare culture and creating a human firewall 16:43 - The rise of the minimum viable hospital concept 18:20 - Why Errol remains optimistic about AI and the future of cybersecurity Episode Resources: Health-ISAC Official Site National Council of ISACs website  Rubrik Zero Labs website Caleb Tolin on LinkedIn Errol Weiss on LinkedIn

    22 phút
  8. Securing the Software Supply Chain

    24 THG 6

    Securing the Software Supply Chain

    Navigating Modern Cybersecurity: From Supply Chain Risks to AI Evolution. In this episode of ⁠Data Security Decoded⁠, ⁠Allison Wikoff⁠, a 20-year veteran in information security and threat intelligence, explores current cybersecurity challenges, emerging threats, and practical defensive strategies for organizations of all sizes. What You'll Learn: How to prioritize vulnerability management by focusing on critical edge devices and access points Why understanding your network architecture is crucial for effective threat defense The reality of AI in cyber attacks: current uses, limitations, and practical defense strategies How to build supply chain resilience through vendor assessment and backup supplier planning Why older vulnerabilities remain a primary attack vector and how to address them effectively The framework for developing an actionable threat profile tailored to your organization's needs Key Insights: Threat actors increasingly target known vulnerabilities over sophisticated zero-day exploits Supply chain security requires understanding vendor access levels and maintaining secondary suppliers AI adoption in cyber attacks remains focused on basic tasks like improving phishing emails and code generation Organizations should prioritize patching vulnerabilities in edge devices like VPNs and WAFs Building an effective security strategy starts with understanding your organization's specific threat profile Partnering with vendors and suppliers can help smaller organizations enhance their security capabilities Highlights: [00:00:00] Vulnerability Exploitation Trends Allison Wikoff reveals that vulnerability exploitation has become a dominant attack vector across both criminal and state-sponsored threat actors. The shift marks a departure from traditional assumptions that mainly espionage-focused groups leveraged vulnerabilities. [04:30] Supply Chain Security Essentials   Wikoff emphasizes that modern supply chain security requires looking beyond just your own organization's defenses. Organizations must thoroughly understand their vendors' access levels and potential impact on operations. [07:23] AI in Cybersecurity: Reality vs Hype Tolin shares that while AI adoption by threat actors is increasing, it hasn't revolutionized attack tactics as many feared. Current AI usage focuses mainly on improving phishing email quality and assisting with malware code generation. [14:08] Threat Profile Development Tolin advocates for organizations to start by understanding what assets would interest attackers rather than chasing every new threat. The rapidly changing threat landscape makes it impossible to defend against everything, requiring a focused approach based on your specific risk profile. Episode Resources:  Caleb Tolin on LinkedIn Allison Wikoff on LinkedIn PwC website PwC - Year in Retrospect Report 2024 Rubrik Zero Labs website

    17 phút
Xem tất cả (38)

5
/5
14 Xếp hạng

Giới Thiệu

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

Thông Tin

  • Nhà sáng tạo
    Rubrik
  • Năm hoạt động
    2024 - 2025
  • Tập
    38
  • Xếp hạng
    Sạch
  • Bản quyền
    Copyrights © 2024 All Rights Reserved by Rubrik
  • Trang web chương trình
    Data Security Decoded

Có Thể Bạn Cũng Thích