EP6: Shorter Lifespans, Bigger Stakes: Crypto Agility and the Future of Digital Trust
Welcome to “The TRUST Pod,” Australia’s premier podcast on Digital Trust. In this episode, the hosts - Ashvin Shukal and Candice Smith discuss significant changes in the digital certificate landscape, particularly the shortening of certificate lifespans as mandated by the CAB Forum. They explore the implications of these changes for businesses, including the need for automation in certificate management and the importance of achieving crypto agility. The conversation highlights the challenges organizations face in adapting to these changes, the necessity for visibility and governance in digital trust management, and strategies for preparing for the upcoming shifts in theindustry.Takeaways:- The CAB Forum has approved the shortening of certificate lifespans.- Certificates will go from 397 days to 200 days by March 2026.- Domain validation reuse will decrease from 12 months to 10 days.- Automation is crucial for managing the new certificate lifecycle.- Businesses need to improve visibility of their digital certificates.- Crypto agility is essential for adapting to future changes.- Certificate pinning is becoming less favored in favor of crypto agility.- Organizations must consolidate certificate management across teams.- Digital trust management should involve senior leadership.- There are tools available to simplify the transition to automation.For more insights on digital trust and cyber security, follow us on [linkedin.com/company/the-trust-pod] LinkedIn. If you found this episode helpful, please rate, review, and subscribe
--------
29:19
--------
29:19
EP 5: AISA CyberCon 2024: Voices from Australia's Biggest Security Conference
Welcome to “The TRUST Pod,” Australia’s premier podcast on Digital Trust.
Join Candice Smith and Ashvin Shukal, as they share key insights from their conversations at AISA CyberCon
2024, one of Australia's largest cybersecurity conferences. In this episode, they interview industry leaders about digital identity, quantum computing, AI security challenges, and diversity in cybersecurity. Featured guests include Rajiv Shah from MDR Consulting, discussing Australia's Digital ID Act, Hani Koshaji from Skillfield , exploring AI's evolving role in cybersecurity, and several other experts sharing their perspectives on the future of the industry. Discover the latest trends, concerns, and innovations shaping the cybersecurity landscape in Australia and beyond.
Featured Industry Experts:
Rajiv Shah
Hani Koshaji
Raheem Sar
Roma Singh
Pranali Madewalkar
Ross Khan
Jose Bishop
Daanish Antulay
For more insights on digital trust and cyber security, follow us on [linkedin.com/company/the-trust-pod] LinkedIn.
If you found this episode helpful, please rate, review, and subscribe!
--------
48:54
--------
48:54
EP 4: Gartner’s CLM Framework – Delve into Discovery with Expert Ashoke Kulandaivel
Welcome to “The TRUST Pod,” Australia’s premier podcast on Digital Trust.
In this episode, hosts Candice Smith and Ashvin Shukal sit down with Ashoke Kulandaivel, an industry expert with 18 years of experience in PKI (Public Key Infrastructure) and cryptography. Together, they dive into the critical topic of certificate discovery and why it's essential for organizations to understand and manage their digital certificates in today's complex digital environment.
Ashoke breaks down the certificate discovery process, highlighting its importance in preventing outages, strengthening security, and preparing for future challenges like quantum computing. The conversation covers key risks of unmanaged certificates, the benefits of using CA-agnostic tools, and offers practical strategies that organizations of all sizes can adopt to stay secure and compliant.
The team tackles real-world incidents, like Microsoft Teams and SpaceX outages, and provide insights into balancing security with operational convenience, offering actionable advice for those managing segmented or air-gapped environments.
Stay tuned for our next episode, where we’ll explore the next pillar of Gartner's seven-step framework for certificate lifecycle management.
Key Topics Covered:
What is certificate discovery and why it matters.
The importance of having a "Central Book of Record" for cryptographic assets.
Risks of unmanaged certificates: outages, duplicate certificates, and compromised cryptographic keys.
Practical solutions for mid-tier to large organizations, including CA-agnostic tools and open-source options.
Real-world examples of outages related to certificate management risks.
Planning discovery mechanisms for specific network environments.
Preparing for the future: quantum computing and evolving cryptographic standards.
Ashoke Kulandaivel is a PKI and cryptography veteran with extensive experience as a consultant, architect, and product manager. Having worked with major enterprises and financial institutions, Ashoke shares his knowledge on implementing robust certificate discovery and management practices.
For more insights on digital trust and PKI management, follow us on [linkedin.com/company/the-trust-pod] LinkedIn.
If you found this episode helpful, please rate, review, and subscribe!
--------
37:43
--------
37:43
EP 3: Gartner's CLM Framework – Centralized Governance with Expert Lindsay Hansen
Welcome to “The TRUST Pod,” Australia’s premier podcast on Digital Trust.
In this episode, Lindsay Hansen joins Ashvin Shukal and Candice Smith to discuss the first of the Gartner core functions of Certificate Lifecycle Management - "Centralized Governance and Control and Decentralized Issuance". Lindsay emphasizes the need for visibility and management of certificates, as well as the challenges organizations face with multiple CA sources. He highlights the importance of digital trust and the role it plays in business continuity, and the benefits of working with suppliers with experience and expertise when evaluating CLM tools.
Stay tuned as we bring in industry experts in upcoming episodes to focus on each of these functions with real-world insights.
--------
32:26
--------
32:26
EP 2 : Navigating Digital Trust with PKI and Certificate Lifecycle Management
Welcome to “The TRUST Pod,” Australia’s premier podcast on Digital Trust.
In this episode, we are diving into Public Key Infrastructure (PKI) and certificate lifecycle management. We discuss the seven core functions of certificate lifecycle management outlined by Gartner, highlighting the need for centralized governance, discovery, and automation to enhance security and mitigate risks.
With today's complex IT infrastructure and diverse authentication needs, it'scrucial for organizations to adopt CA-agnostic CLM tools to streamline certificate operations and build crypto agility to stay ahead with quantum-safe cryptography and future-proof your business-critical systems.
Stay tuned as we bring in industry experts in upcoming episodes to focus on each of these functions with real-world insights.
Welcome to “The Trust Pod,” Australia’s premier podcast on Digital Trust. Picture this: Two colleagues and friends, reveling in the festive spirit of a Christmas party, stumbled upon a brilliant idea. As we clinked glasses and shared laughter, the notion of starting a podcast emerged—a platform to spread knowledge on Digital Trust and Cybersecurity. Join us on this journey as we delve into key themes like Securing Software Supply Chain Trust, Privacy, Crypto Agility, Digital Certificates, and Cybersecurity.
Host : Ashvin Shukal and Candice Smith
New Zealand