Security by Default

• Understanding Identity Threats in Cybersecurity with Filipi Pires

  In this episode of the Security by Default podcast, host Joe Carson speaks with Filipi Pires, a cybersecurity expert with a diverse background in both technical and sales roles. They discuss Filipi's journey into cybersecurity, the importance of identity in security, and the challenges organizations face with misconfiguration. The conversation also covers tools and techniques used in cybersecurity research, the significance of observability, and the need for continuous learning in the field. Filipi shares insights on community engagement and the importance of respecting the journey in one's cybersecurity career.TakeawaysIdentity is a central theme in cybersecurity.Misconfiguration is a leading cause of security issues.Continuous learning is essential in the cybersecurity field.Tools should be used to understand techniques, not just for their own sake.Community engagement is vital for knowledge sharing.Phishing remains a simple yet effective attack method. Legacy software poses significant risks to organizations.Observability is crucial for effective security management.Respecting the journey in cybersecurity is important for growth.Chapters00:00 Introduction to Cybersecurity Journey02:49 Exploring Cybersecurity Research and Trends05:32 Tools and Techniques in Cybersecurity Research08:34 Learning Through Capture The Flag Events11:28 Identity Threats and Misconfigurations14:16 Legacy Systems and Their Impact on Security25:40 Understanding Use Cases in Security Permissions27:36 The Principle of Least Privilege29:31 The Complexity of Identity Management30:28 Challenges in Observability and Access Control32:16 Navigating Multi-Cloud Permissions34:07 Tools for Enhancing Security Visibility 36:14 Continuous Learning in Cybersecurity 41:53 Community Engagement and Knowledge Sharing45:32 Respecting the Journey in Cybersecurity

  --------  

  48:03

  --------

  48:03
• HackTricks AI - The Ethical Cybersecurity AI Assistant with Carlos Polop

  In this episode of the Security by Default podcast, host Joe Carson welcomes back cybersecurity expert Carlos Polop. They discuss Carlos's journey into the cybersecurity field, the creation and impact of HackTricks, and the role of AI in cybersecurity. Carlos shares insights on using large language models for hacking, the future of AI, and upcoming training courses.The conversation emphasizes the importance of ethical hacking and the need for continuous learning in the rapidly evolving tech landscape.Key TakeawaysHackTricks was created as a personal resource for learning and sharing knowledge.The community has greatly benefited from HackTricks in their learning journeys.AI is revolutionizing the field of cybersecurity and coding.Large language models can assist in finding vulnerabilities and automating tasks.It's important to ask the right questions when using AI tools.Carlos is developing new training courses focused on cloud security and privilege escalation.Hacktricks AI is designed to help users with specific cybersecurity queries.The future of AI in cybersecurity is promising but requires ethical considerations.Continuous learning and adaptation are crucial in the cybersecurity field.Chapters:00:00 Introduction to Cybersecurity and Hacktricks02:54 The Journey into Hacking and OSCP05:54 The Impact of Hacktricks on the Community08:58 Recent Projects and Innovations in Cybersecurity12:00 The Role of AI in Cybersecurity14:57 Automating Code Creation with AI18:01 Future of Hacktricks and Upcoming Courses20:53 Final Thoughts on AI and CybersecurityResources:https://book.hacktricks.wiki/en/index.htmlhttps://training.hacktricks.xyz/https://www.hacktricks.ai/https://github.com/peass-ng/PEASS-ng

  --------  

  29:18

  --------

  29:18
• Evolution of Identity Governance in Modern Organizations with Martin Sandren

  In this conversation, Joseph Carson and Martin Sandren delve into the evolving landscape of Identity Governance and Access Management (IGA). They discuss the significance of IGA in modern organizations, the challenges faced, and the impact of cloud solutions and AI on identity management. The conversation highlights the need for contextual and adaptive policies, the importance of interoperability, and the role of community engagement through conferences to stay updated in this rapidly changing field.Key TakeawaysIGA is essential for managing access and compliance in organizations.The shift to cloud-based IGA solutions has transformed the landscape.Contextual and adaptive policies are becoming the norm in identity management.AI is playing a crucial role in enhancing identity governance.Interoperability between systems is a significant challenge.Phishing attacks are increasingly sophisticated due to AI advancements.Zero trust principles emphasize reducing friction in access management.Shadow IT and shadow AI pose risks to organizational security.The signal-to-noise ratio in ITDR systems is a major concern.Engagement in conferences and communities is vital for professional growth in IGA.Chapters00:00 Introduction to Identity Governance and Administration01:43 Understanding IGA vs. IAM04:02 Challenges and Shortcomings of IGA10:05 The Role of IGA in Modern Organizations17:20 Modernizing IGA: Cloud Solutions and Innovations19:07 The Acceleration of Cloud Adoption21:01 Evolving Identity Management Landscape22:53 AI's Role in Identity Governance24:41 Managing Non-Human Identities26:05 The Rise of Shadow IT and AI28:37 Future of AI in Identity Management30:35 Staying Updated in a Rapidly Changing FieldResources:Join an IdentiBeer meetup near youhttps://identi.beer/

  --------  

  35:22

  --------

  35:22
• The Journey of a Hardware Hacker with Joe Grand

  In this episode, Joe Carson interviews Joe Grand, a renowned hardware hacker and educator. They discuss Joe Grand's journey into hacking, the importance of community and collaboration in the field, and the evolution of technology and security challenges over the years. Joe shares his early experiences with computers, his transition from engineering to hardware hacking, and the pivotal role of the Loft in shaping his career. The conversation also touches on the founding of @Stake (ATstake, Inc.) and the challenges of balancing passion with corporate expectations in the cybersecurity industry. In this conversation, Joe Grand discusses his journey in the hacking community, including his experiences designing badges for Defcon, the importance of artistic engineering, and the impact of live hacking events. He shares insights on parenting in the digital age, the significance of legacy software security, and the challenges of vendor communication. Joe also highlights his current projects, the learning process through failure, and resources for aspiring hackers, culminating in a discussion about his involvement in a film related to cryptocurrency.TakeawaysCommunity and collaboration are vital in the hacking world.Hacking is a continuous learning process; you never know everything.Early experiences with computers often start with games and curiosity.The Loft provided a transformative experience for Joe Grand.Transitioning from engineering to hacking can be a natural progression.AtStake was a significant step in Joe's career, merging hacking with business.Finding purpose in teaching others about hardware hacking is fulfilling.The importance of viewing security from an adversarial perspective.Hacking and engineering can complement each other in unique ways. Joe Grand returned to design the Defcon badge after years away.He emphasizes the blend of art and engineering in hacking.Live events showcase the real-time problem-solving process in hacking.Parenting involves guiding children through the digital landscape.Not all hacks need to be groundbreaking to be significant.Legacy software security remains a critical issue.Effective communication between vendors and hackers is essential.Current projects focus on refining fault injection techniques.Learning through failure is a vital part of the hacking process.Documentation is crucial for replicating and building on work.Chapters00:00 Introduction to the Podcast and Guest01:43 The Journey of a Hardware Hacker05:16 The Importance of Community in Hacking09:50 Early Experiences and Hacker Origins14:41 Transitioning from Engineering to Hardware Hacking18:16 The Loft: A Transformational Experience23:51 From Passion to Career: The AtStake Journey30:56 Finding Purpose in Teaching and Hacking33:21 Reviving the Defcon Badge Design34:47 Exploring Artistic Engineering in Hacking35:44 The Impact of Live Hacking Events37:33 Parenting in the Digital Age39:28 Lessons from Hacking Time42:48 The Importance of Legacy Software Security46:37 Vendor Communication and Security48:58 Current Projects and Future Directions51:51 Learning Through Failure54:54 Resources for Aspiring Hackers58:56 The Intersection of Hacking and FilmAdditional Resources:https://grandideastudio.com/https://www.youtube.com/watch?v=o5IySpAkThg https://www.imdb.com/title/tt27307826/

  --------  

  54:58

  --------

  54:58
• Shadow AI and AI's Impact on Cybersecurity Strategies with Terence Jackson

  In this episode of the Security by Default podcast, host Joseph Carson speaks with cybersecurity expert Terence Jackson about the evolving landscape of cybersecurity, the challenges faced by CISOs, and the importance of data security and governance. They discuss the impact of AI on security practices, the role of the CISO as a risk manager, and the need for organizations to prioritize foundational security measures in a rapidly changing technological environment. In this conversation, Terence Jackson and Joseph discuss the evolving landscape of cybersecurity, emphasizing the importance of asset management, the role of AI in business intelligence, and the need for a balance between security and user experience. They explore the future of CISOs in a world increasingly governed by digital intelligence and the necessity of continuous learning and community engagement in the cybersecurity field.Key TakeawaysThe cybersecurity landscape is constantly evolving, with new challenges emerging.AI is transforming both the attack and defense sides of cybersecurity.Data security remains a critical concern for organizations.CISOs are increasingly seen as risk managers rather than just security officers.Governance and compliance are essential for effective data management.Organizations must prioritize identity and access management.The role of the CISO has become more strategic and board-level.Understanding data exposure risks is crucial for compliance.Foundational security practices are necessary for effective defense.Continuous learning and adaptation are vital in the fast-paced tech world. AI will play a crucial role in enhancing business intelligence.Effective asset management is foundational for organizational security.Zero trust must be balanced with zero friction for user experience.Creating a positive security culture is essential for engagement.CISOs will increasingly focus on data governance and business risks.The proliferation of AI agents presents new security challenges.Security should be integrated seamlessly into user workflows.Continuous learning is vital in the rapidly changing cybersecurity landscape.Community engagement fosters knowledge sharing and support.Focusing on the basics is key to effective cybersecurity.Chapters00:00 Introduction to Cybersecurity Journeys02:17 Challenges in Cybersecurity Today06:43 The Evolving Role of the CISO11:06 Governance, Compliance, and Data Security14:56 Prioritizing Security in a Fast-Paced World19:39 The Role of AI in Business Intelligence20:02 Importance of Asset Management21:52 Zero Trust and Zero Friction Security23:38 Creating a Positive Security Culture24:27 The Future of CISOs and Digital Intelligence29:32 Continuous Learning and Community EngagementAdditional Resources:Connect with Terence: https://www.linkedin.com/in/terencejackson/https://www.terencedjackson.com/

  --------  

  35:24

  --------

  35:24

More Business podcasts

Trending Business podcasts

About Security by Default

Security by Default: Podcasts in Family