The Cosive Podcast - Cybersecurity in Australia & New Zealand Cosive

New Zealand Internet Taskforce (NZITF) chairman and Cosive COO Terry MacDonald speaks on all things NZITF, including what the NZITF does, why it was created, and how to get involved.

You can see Terry in-person at the NZITF conference on the 13th and 14th of November, 2023.

Ever wondered how medical devices like pacemakers, ventilators, and cochlear implants are protected from threat actors? Emily Etchell is a Security Consultant at Cosive. Previously, Emily worked for Australia's Therapeutic Goods Administration (TGA), focusing on how medical devices can be kept safe from malicious actors. Emily shares her experiences in this podcast, explaining some of the challenges involved with securing medical devices, and how they're currently being overcome.

Cosive's Software Development Lead Sid Odgers is a cybersecurity expert who spends his days building secure software. In this podcast you'll learn how Sid approaches code review so that all code shipped to production is secure as well as high-quality. The tips shared here are language agnostic and will be of use to any software developer who wants to get better at security.

Cosive CTO Chris Horsley conducted early experiments using ChatGPT to help assign ATT&CK IDs to threat intelligence reports. While the tool won’t replace an experienced analyst as of today, it will likely change the way we do this kind of work.

Read the blog post where Chris deep-dives on his experiments with using ChatGPT for CTI: https://www.cosive.com/podcast/2022/12/21/episode-004-how-chatgpt-could-transform-the-cti-analyst-role-with-chris-horsley

Unless you have been living in a cave on Mars with your eyes shut and your fingers in your ears for the past few weeks, you have probably heard something about a data breach at Australian telecommunications giant Optus.

As security mistakes go, the vulnerability reported to have enabled the attack leans toward the more embarrassing side of the scale. If reports are true, Optus has effectively exposed customer data on an endpoint available to the entire internet.

While it is plausible that a developer will forget to (re)secure an endpoint once they finish their development work, there are multiple practical steps you can take to catch or mitigate the problem.

Before jointly founding Cosive with Kayne Naughton and Terry MacDonald, Chris Horsley (Cosive’s CTO) spent many years working in national CSIRTs in both Australia and Japan, as well as doing freelance secure software development for operations teams.

In this interview Chris Horsley (CTO at Cosive) talks about the challenges of building software and doing development in SecOps teams.

An edited transcription of this podcast is available here: https://www.cosive.com/blog/2022/8/17/building-production-worthy-software-in-secops-teams-an-impossible-challenge