Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emphasizing the lessons learned, the debate also explores the challenges of disaster recovery, business continuity, and balancing risk in an increasingly complex digital landscape. Tune in as the hosts delve into the ramifications of over-consolidation, the implications of vendor lock-in, and the importance of maintaining a culture of quality and robust testing.

00:00 Introduction to the Great Security Debate

00:37 Layers of Technology and Finger Pointing

01:23 Disaster Recovery and Business Continuity

02:34 Market Leaders and Single Points of Failure

08:25 The Complexity of Software and Manufacturing Analogies

14:27 Kernel Access and Security Implications

23:29 BitLocker Keys and Recovery Challenges

28:05 Daily Text File Sharing

28:21 Transitioning BitLocker Management

28:45 Risk Profiles and Encryption Decisions

31:47 Team Collaboration and Lessons Learned

33:38 CrowdStrike Incident Analysis

36:18 The Importance of Response and Culture

44:10 Balancing Speed and Safety in Software

51:41 Closing Remarks and Future Plans

This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns.

Insurance policies, force majeure, and government regulations get some quality discussion and debate time, revealing fears and misconceptions about standardised security controls vs. adaptive security practices. And last up: the practicality and pitfalls of self-insurance, government intervention, and the need for standardised security terminology.

Show Links:

• CISA Secure by Design Pledge | CISA
• CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) | CISA
• The 118th Congress is the third oldest since 1789
• Book - The End of the World Is Just the Beginning
• Supreme Court’s ‘Chevron’ ruling means changes for writing laws - Roll Call
• Insurers Warn Standardizing Cyber Policies Could Limit Future Coverage
• Cyberattacks Disrupt Car Sales by Dealers in U.S. and Canada

Help support the podcast: https://ko-fi.com/distillingsecurity

Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

00:00 Introduction to the Great Security Debate

00:30 The Role of Cyber Insurance

01:49 Manual Processes and Business Continuity

03:09 Manufacturing and Supply Chain Challenges

06:11 Insurance Policies and Cybersecurity

08:00 Standardization and Government Involvement

19:14 The Complexity of Cyber Warfare

22:35 Globalization and Cybersecurity

30:33 Leadership vs. Boss Mentality

33:53 The Role of Communication in Crisis

36:51 The Cost of Compliance

40:30 Global Cybersecurity Challenges

44:22 The Complexity of Online Trust

47:56 Insurance and Cybersecurity

53:07 The Future of Cyber Insurance

01:00:15 Conclusion and Final Thoughts

In this episode of the Great Security Debate, Brian, Erik, and Dan dive into the latest trends in ransomware including an uptick in attacks against the hypervisor. Speaking of VMWare, we also "discuss" the way that Broadcom has handled the VMWare acquisition and why it both make sense (to them) and doesn't (to many customers).

The debate also heads into the impact of AI in cyber threats, and compare strategies for mitigating risk, such as prioritising vulnerabilities and understanding the attack landscape.

Additionally, the conversation shifts to business practices in tech acquisitions and the potential future disruptions in the market and importance of balancing security measures with user experience, and the need for adaptive, short-term security roadmaps to stay ahead in an ever-changing environment.

And break the big news about an upcoming Distilling Security in-person meet-up in Michigan in July!

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

episode-links

• Broadcom execs say VMware price, subscription complaints are unwarranted | Ars Technica
• What happened with AI Overviews and next steps
• Book - Titan: The Life of John D. Rockefeller, Sr.

Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Sorry about the audio on this one. We have got the tech back on track for the next episode. I promise!

Join the Great Security Debate as Brian, Erik, and Dan delve into 'pig slaughtering,' a scam involving rapport building to swindle victims out of money.

The discussion explores the intersections of security awareness, blockchain technology, and the ethical implications of digital tracking tools like chain analysis. Featuring real-world cases, including child exploitation traced through blockchain, and the broader debate on privacy versus legality in technology use. Are public blockchain transactions truly private?

And how can we balance innovative tech with ethical concerns? Tune in to hear all about it

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

• Movie: Oppenheimer
• Adobe has built a deepfake tool, but it doesn’t know what to do with it - The Verge
• Movie: Defending Your Life
• Microsoft Edge May Import Your Chrome Tabs Without Your Consent
• Adobe content analysis FAQ
• How the Federal Government Buys Our Cell Phone Location Data
• Public By Default - Stories Found in Venmo Comments
• Chainalaysis
• Book: Tracers in the Dark
• Pig Butchering Scams: Last Week Tonight with John Oliver
• 7 Months Inside an Online Scam Labor Camp

Thanks for listening!

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Join Dan, Brian, and Erik in the latest episode of The Great Security Debate as they explore the impact and implications of the movie 'Leave the World Behind.' Delving into cyber security, societal impacts of technology, and philosophical elements, this discussion touches upon vulnerability management, risk management, and the effect of constant connectivity on modern life. Tune in to hear not only their analysis of the film but also personal reflections on communication, societal changes, and practical steps for improving individual security resilience. This episode also marks the exciting announcement of the Great Security Debate becoming a part of the Distilling Security network. Don't miss out!

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

episode-links

• Distilling Security – Consumable security, privacy, and compliance
• Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED
• August 2023 Data Incident | U-M Public Affairs
• Recent power outages in Ann Arbor have multiple causes, DTE Energy says
• Watch Leave the World Behind | Netflix Official Site

Editor note: This episode was recorded in the final days of 2023... but was lost to technology demons until now. One of those demons made it necessary to show the Zoom screen rather than our usual edited video cast. Sorry for the inconvenience and pain on your eyes.

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three.

A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more.

Links to everything we talked about are available in the show notes.

Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the software providers to the VAR (resellers) in the middle to the people and techniques used to market and sell the solutions. Some of the key topics of the discussion include:

• The challenges of security tool consolidation by non-security vendors
• Security is not a lock-in tool, and security is not an upsell tool
• Pushing changes to products without telling the customers before they happen or letting those customers have control over the change (and if they take it or not)
• Security Selling with VARs & Deal Registration
• What are the motivators when a product is recommended to you
• You can still buy direct (and why you might want to)
• The challenge of selling into the SMB
• The power of the “vouch” that flies in the face of some sales methods
• The importance of being genuine in sales communications (aka knock off the programmatic drip campaigns that pretend to be personal)

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

This week we are debating modern AI systems, especially the commercial ones on just about everyone's lips when talking about CVs, high school term papers, and interview answers.

Large Language Models (LLMs), of which ChatGPT and Bard are two examples, are growing in prominence, but will they disrupt the technology world, or are they nothing more than just another blockchain fizzle?

In this episode:

• Are these even actually "AI" models, or really just very fast processing of large data sets?
• What should I (and should I not) be putting into LLMs? How does the re-teaching based on data entered impact what you should put into public LLMs?
• What are some valid use cases for LLMs?
• Does depending on tools like LLMs (or calculators) bring us further from core understanding of how things work? Or should we be OK with the efficiency it brings?
• How does copyright fit into the LLM expectation and model, and does the legal licensing of training data dull the shine of LLMs?
• Are the analyses from LLMs skewed not only by the data they chose to use for training, but also by the userbase that uses that LLM?
• How are any of the "good practise" security and privacy requirements for LLM different from any other systems? Spoiler alert: not at all.

Unrelated to AI, we also talk about what happens to all the "smart" things in your house when the internet goes out? What stops working? Way more than you might think...

We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

Links:

Is OpenAI almost bankrupt?: https://www.windowscentral.com/software-apps/chatgpts-fate-hangs-in-the-balance-as-openai-reportedly-edges-closer-to-bankruptcy

Maybe not bankrupt, but has business problem: https://www.forbes.com/sites/lutzfinger/2023/08/18/is-openai-going-bankrupt-no-but-ai-models-dont-create-moats/?sh=3c8922845e22

Gartner declares LLMs at the peak of inflated expectations: https://www.gartner.com/en/newsroom/press-releases/2023-08-16-gartner-places-generative-ai-on-the-peak-of-inflated-expectations-on-the-2023-hype-cycle-for-emerging-technologies

When ChatGPT goes Bad: https://sloanreview.mit.edu/article/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai/

https://venturebeat.com/security/how-fraudgpt-presages-the-future-of-weaponized-ai/

The Circle (Movie): https://www.imdb.com/title/tt4287320/

Amazon Sidewalk, and it's privacy issues: https://www.popsci.com/technology/amazon-sidewalks-privacy-concerns/

Idiocracy (Movie): https://www.imdb.com/title/tt0387808/

Moores law is dead:...