Episode 80 -- Using Blockchain Technology to Make Messaging Apps More Secure and Private

I enjoyed moderating today's panel discussion on "SASE and How it is Revolutionizing the Cybersecurity Landscape." It was a pleasure engaging with a terrific panel -- Michael Boucher, Theodore Darko - CISSP, CCSP, CISM, CISA, CEH, CCNP, MCSE-SEC, ITIL, Sasha P., Vincent Voci, Mike Wilkes. We discussed various aspects of the Secure Access Service Edge (SASE) framework and shared recommendations and best practices. Kudos to The Millennium Alliance group for hosting yet another terrific security conference, this time in the great city of Dallas, Texas.

Episode 79 -- Authenticate without Storing Credentials: MIT Scientist Cracks the Code

A very Happy New Year! I hope you enjoy this episode. Episode 78 -- Lessons from 2024's Biggest Cyber Incidents and Building Stronger Defenses for 2025 In this episode, Shrav Mehta, Founder and CEO at Secureframe, joins me to discuss major cybersecurity incidents in 2024, highlighting five significant breaches: National Public Data (2.7 billion records), AT&T (50 billion), Ticketmaster (500 million), Change Healthcare (145 million), and Dell (49 million). We emphasize the importance of proactive measures, such as data minimization, continuous training, and zero-trust models. I stressed the need for leadership engagement, robust incident response plans, and a holistic approach to security. Shrav underscores the role of automation and continuous monitoring in enhancing protection. We both agreed on the necessity of evolving security practices to counter emerging threats like deepfakes and AI-enabled attacks. To listen to the podcast -- To download the podcast summary and discussion highlights --

One World, One Big Global Family It is cards like this that make my day. It has been an honor and a privilege to have engaged with The University of Georgia students for 23 years. To be invited back by UGA Morehead Honors College to deliver a talk on “AI and Gen AI Implications” was such a fun and memorable experience. Much love to the global community for the love, affection, and respect I have received over the years. I have great faith in my global family; it is in their midst at conferences and other forums that I feel the greatest joy and satisfaction. Hope the New Year will present many more such opportunities.

@RachelSudbeck @awprihandita I am a huge fan of your writing style. I read this article of yours --

Episode 77 -- Stopping Deepfake Threats Through Identity Verification In this episode, Aaron Painter, CEO at Nametag, joins me in discussing the Deepfake fraud phenomenon and how organizations and individuals should protect themselves from such scams. A recent study conducted by finance software provider Medius finds that over 53% of businesses in the U.S. and U.K. have been targets of financial scams powered by “deepfake” technology, with 43% falling victim to such attacks. 85% of the finance professionals polled view such scams as an “existential” threat to their organization’s financial security. In the United States, families lose an average of $11,000 in each fake kidnapping scam. According to data from the Federal Trade Commission, Americans lost $2.6 billion last year in imposter scams.

For registration, please follow this link --

Episode 76 -- From reactive to proactive: How behavioral psychology is transforming enterprise security IBM recently reported a 71% year-over-year increase in attacks using valid credentials. This continued use of stolen credentials is also evident through ongoing public incidents like the string of attacks targeting Snowflake's customers that resulted in breaches at AT&T and Advanced Auto Parts. Lynsey Wolf, Team Lead and Insider Threat Analyst at DTEX Systems believes that users' psychological and behavioral traits are being overlooked when defending against credential misuse. In this episode, we discuss how best to mitigate such threats using a proactive approach to insider risk management by focusing on user behavior and indicators rather than just incident response. To access and download the entire podcast summary with discussion highlights --

It was a real pleasure moderating the CISO roundtable "Creating and Sustaining High-Performance Information Security Teams: Insights into Best Practices." A very engaging discussion that touched upon a) the characteristics and benefits of high-performing security teams, b) building high-performing information security teams, and c) sustaining high-performance information security teams. There were numerous takeaways, including creating a sense of ownership, purposefulness, and empowerment. Truly caring for people, nurturing their growth and development, and offering reverse mentoring opportunities were other recommendations and best practices. Clarity of purpose, continuous learning opportunities, clear and continuous communication, and feedback are some other ways of building and sustaining a high-performance information security culture. Kudos to The Millennium Alliance for hosting a great conference in Austin, Texas.

Episode 75 -- Compliance in the Cloud: Challenges and Best Practices Accelerating into the cloud without caution often brings complexities that can cause more harm than good. With the rapid pace of cloud adoption, less time is spent ensuring systems are built and operated effectively with proper cyber hygiene. In this episode, Dale Hoak, Director of Information Security at RegScale, joins me in discussing cloud compliance-related challenges and best practices.

I am delighted to share that the paper "Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness” co-authored with the brilliant Anne Leslie CISM CCSP got accepted for publication in the very prestigious Business Horizons. This human factors-focused approach is based on the fundamental premise that cybersecurity readiness is everybody’s business, and organizations must find ways of galvanizing organization-wide support and commitment. Insights gained from in-depth interviews with business leaders and subject-matter experts reveal five characteristics of a human-centered whole-of-enterprise approach to cybersecurity preparedness: a) Enlightened and engaged leadership, b) Capitalizing on people’s best intentions and creativity, c) Looking inwards before looking outwards, d) Getting ownership, responsibility, and accountability right, and e) Measuring the right thing, incentivizing the right behavior. The full paper will be available online in a few weeks. I also want to thank Prof. Jan Kietzmann and his review team for skillfully guiding the paper's development. I am very grateful to Lisa Miller for efficiently managing the review process.

Episode 74 -- Reducing the Risk of Social Engineering to Exploit IT Help Desk In this episode, Mike Manrod, the Chief Information Security Officer (CISO) of Grand Canyon Education, and Ori Eisen, the Founder and CEO of Trusona, joined me to discuss how best to reduce the risks of social engineering attacks on IT support and help desk personnel. This episode was motivated by the major cyber attack that brought MGM Resorts International's operations to a screeching halt. It was a social engineering attack where the attackers gained super administrator privileges by providing the MGM Help Desk with basic employee information.

I really enjoyed the opportunity to deliver the lecture Cybersecurity and Healthcare—A Holistic Approach. Thank you, Prof. Imelda Reyes, for your invitation and kind hospitality.

Episode 73 -- Unlocking Cyber Potential: The Power of Collaboration in K-12 Cyber Education In this episode, Laurie Bourgeois Salvail, PhD, Executive Director of joins me to discuss the importance of cybersecurity education for K-12 students. Primarily funded by the Cybersecurity and Infrastructure Security Agency (CISA), is a powerful and free resource available to K-12 students and educators in the United States. s Range, a cloud-based virtual environment, empowers K-12 students with real-world cybersecurity skills in a secure platform. Kudos to Jen Easterly, Director CISA, and her team for supporting this significant initiative.

Episode 72 -- Large Language Model (LLM) Risks and Mitigation Strategies As machine learning algorithms continue to evolve, Large Language Models (LLMs) like GPT-4 are gaining popularity. While these models hold great promise in revolutionizing various functions and industries—ranging from content generation and customer service to research and development—they also come with their own set of risks and ethical concerns. In this episode, Rohan Sathe, Co-founder & CTO/Head of R&D at  and I review the LLM-related risks and how best to mitigate them. Action Items and Discussion Highlights There are three main LLM attack vectors: a) Attacking the LLM Model directly, b) Attacking the infrastructure and integrations, and c)Attacking the application. Prevention and mitigation strategies include a) Strict input validation and sanitization, b) Isolating the LLM environment from other critical systems and resources, c) Restricting the LLM's access to sensitive resources and limiting its capabilities to the minimum required for its intended purpose; d) Regularly audit and review the LLM's environment and access controls; e) Implement real-time monitoring to promptly detect and respond to unusual or unauthorized activities; and f) Establish robust governance around ethical development and use of LLMs.

Great to be at The University of Georgia Honors College to deliver a talk on Unraveling the Implications of AI and Gen AI: A Current and Futuristic Perspective. Engaging with bright and eager minds is always exciting. Thank you Kora Burton for the invitation and great hospitality.

Episode 71 -- Identity Continuity in Multi-Cloud Environments First, I would like to share a significant milestone and thank you for your support. The Cybersecurity Readiness Podcast Series has now been downloaded over 10K times and has listeners in 105 countries. The podcast episodes are being used in classrooms and for corporate training and serve as insight sources in research and publications. In Episode 71, I discussed identity resiliency with Eric Olden, Co-Founder, Chairman, and Chief Executive Officer of Strata Identity. The importance of maintaining uninterrupted services cannot be overemphasized, especially in light of the recent global IT outage fiasco. With the increasing dependence on cloud-based services, uninterrupted connectivity is essential to maintaining business continuity. Since identity providers control access to an organization's application and data, any downtime can shut down mission-critical operations.