Avsnitt
-
What are the strategic directions for AI in homeland security. Attending Milipol APAC and TechX Summit 2024, we speak with Physicist and former Yale University Professor, Dimitri Kusnezov, Under Secretary for S&T, US Department of Homeland Security.
Nominated by President Biden in 2021, Dimitri Kusnezov was the deputy under secretary for artificial intelligence and technology at DoE (Energy), leading efforts to drive the use of AI and machine learning across the department’s core missions.
Australia and the United States of America signed a treaty on cooperation in science and technology (S&T) for domestic security on 21 December 2005.
Recorded 4 April, 2024 at the Sands Expo & Convention Centre, Singapore.
#milipolap #mysecuritytv #DHS #homelandsecurity #ai #nationalsecurity #nationalsecurityscience
-
With the rapidly evolving challenges in global travel, trade, and security, we speak to Australian Border Force Commissioner, Michael Outram APM at the Milipol APAC and TechX Summit 2024 in Singapore.
We discuss how border security been affected by technology and the current landscape, emerging threats, and the importance of fostering collaboration between government and industry to ensure border management has the cutting-edge technologies to ensure security and efficiency.
Recorded 4 April 2024 at the Sands Expo & Convention Centre, Singapore.
#milipolap #maptxs #mysecuritytv #policing #customs #nationalsecurity
-
Saknas det avsnitt?
-
Pentera is an automated pentesting platform. Validate every attack surface in your network, and test continuously to maintain control over your true security posture. Be proactive in fixing vulnerabilities, misconfigurations, leaked credentials, and privileges before they are exploited.
We speak with Jannis Utz, VP Global Sales Engineering at Pentera and get insights into Pentera's capabilities and what will be on display at Booth B20, Hall 8 at GISEC Global 2024, 23-25 April at the Dubai World Trade Centre.
#Pentera #gisecglobal #mysecuritytv
-
In this interview, Renen Hallak, Founder and CEO, Vast Data navigates the dynamic landscape of AI adoption and evolution, tracing its trajectory from the early days in 2016 to today’s diverse applications across various business sectors.
Prior to founding VAST, Renen led the architecture and development of an all-flash array at XtremIO, from inception to over a billion dollars in revenue while acting as VP R&D and leading a team of over 200 engineers. He holds a BA and an MSc in Computer Science, both summa cum laude.
Central to Renen's discourse is the pivotal role of data transformation in unlocking value within organizations in the AI era, and how businesses leverage vast unstructured data to derive valuable insights to gain a competitive edge.
Renen also notes the challenges and opportunities presented by AI in terms of cybersecurity. He delves into the dual role of AI as both a potential vulnerability and a defense mechanism against cyber threats.
Given the significance of scalable infrastructure in supporting the growing demands of AI-driven applications, Renen highlights platforms like Vast Data, which offer scalable solutions capable of handling vast amounts of data with high performance and minimal latency.
Recorded 13 March 2024, 11am. Singapore Shangri La Hotel, Breakfast Session with VAST Data
#mysecuritytv #AI #VastData
-
Headquartered in Singapore, ST Engineering is a global technology, defence and engineering group with customers and partners in more than 100 countries around world.
We speak with Mr THNG Chin Hwee, Vice-President, Public Safety & Security Cluster, ST Engineering about the capabilities on display at Milipol APAC and a must see at Booth 1910.
Find out more visit
https://innovd.stengg.com/spotlight/milipolap-2024/
MySecurity Media will be coordinating a delegation at Milipol APAC 2024 - to find out more visit https://mysecuritymarketplace.com/event/milipol-asia-pacific/
#stengineering #stengg #milipolapac #milipolap #mysecuritytv
-
Sharat Nautiyal, Director of Security Engineering, APJ, Vectra AI.
Sharat has over 15 years of experience assisting organisations in the areas of security architecture, threat detection and threat hunting. He has a strong focus on leading security engineering, security architecture, and the sales engineering team across APJ.
The global cybersecurity landscape is witnessing a concerning surge in threats, and is particularly pronounced in the Asia-Pacific region. With the imminent impact of AI-boosted cyberattacks, cybercriminal tactics like phishing and social engineering are evolving in sophistication. Moreover, the recent uptick in high-severity cyber incidents underscores the urgent need for organisations to bolster their defence strategies. The implementation of comprehensive cybersecurity protocols is paramount for businesses and organisations to effectively mitigate these evolving threats.
Vectra AI, Inc. is the leader in hybrid attack detection, investigation and response. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Vectra AI’s patented Attack Signal Intelligence empowers security teams to rapidly detect, prioritize, investigate and stop the most advanced hybrid cyber-attacks. With 35 patents in AI-driven detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI Platform and MDR services to move at the speed and scale of hybrid attackers.
Visit Booth 1810 at Milipol APAC 2024, 3 - 5 April at the Sands Expo & Convention Centre, Singapore.
#milipol #vectra #mysecuritytv
-
We speak with Grant Wright, General Manager of Marketplace and AI Products, SEEK.
Grant leads SEEK's global AI and Analytics teams at SEEK, who build and support the AI services that power SEEK's products including search, recommendations, candidate quality and pricing; and provide internal analytics and experimentation capability to better understand the performance of our products and drive continuous improvement and innovation.
Grant brings to this role his previous experience as Strategy Director at SEEK.
Prior to joining SEEK, Grant worked at L.E.K Consulting for over 10 years where he advised organisations and governments across Australia, New Zealand and the US on strategy, performance improvement and mergers and acquisitions.
Grant holds a Bachelor of Business (Economics) & Bachelor of Computer and Information Science (Software Development) from the Auckland University of Technology, where he was awarded the New Zealand Computer Society Cup for the top Computer and Information Science Graduate.
----
Generative AI, particularly ChatGPT, is transforming service delivery for clients and end-users, prompting businesses to actively integrate this technology for operational refinement. Grant shares anecdotes, such as using ChatGPT to craft children's bedtime stories.
Acknowledging glimpses of success in applying generative AI to customer interactions, Grant highlights the challenges of scaling these applications. Ongoing efforts focus on optimizing technology for widespread use, particularly in customer service scenarios.
In the realm of Gen AI transforming information into intelligence, Grant provides statistical insights into the platform's extensive reach, encompassing millions of candidate profiles, billions of interactions, and a substantial volume of job applications. Gen AI's value lies in extracting insights from traditionally unstructured data like job ads and CVs, summarizing and distilling it for actionable intelligence.
Anticipating a transformative shift in user experience, Grant envisions users communicating with AI more naturally. This evolution, inclusive of voice interfaces, promises new avenues for interaction, moving away from adapting to machine language.
Delving into responsibility in AI implementation, Grant underscores the importance of responsibly handling data and biases to prevent reinforcing discriminatory outcomes through AI. Emphasizing the necessity to understand the risks associated with training data and be mindful of potential impacts on individuals affected by AI-generated decisions.
Exploring the challenges and realities of AI impact on jobs, Grant highlights the disparity between the hype around AI's impact on jobs and tangible transformations in the job market. A balanced perspective is crucial to avoid overestimating or underestimating AI's immediate effects. Jobs are perceived as bundles of tasks, and Grant emphasizes the complexity of job market transformations. While some tasks may automate, others evolve or experience increased demand. For instance, the transition from last-mile delivery to drone-based delivery illustrates how job demands can shift within industries.
In preparing for change and AI adoption, Grant advises individuals, employers, and business owners to embrace adaptability in the face of evolving technological landscapes. Individuals are encouraged to explore and experiment with AI tools in their daily lives. Employers should focus on evolving skill requirements rather than rigidly adhering to traditional hiring practices. Additionally, caution is advised in AI adoption, especially in building internal capabilities. It involves asking the right questions about underlying AI capabilities, understanding potential risks.
Recorded on 29th February 2024, 6pm, SEEK office (Wallich Street, Singapore).
-
We speak with Charles Chu, General Manager of Cloud Security at CyberArk in the lead up to his Australian visit in March 2024.
CyberArk has advanced capabilities for securing access to cloud services and modern infrastructure for all users, based on the company’s risk-based intelligent privilege controls.
The CyberArk Secure Cloud Access solution provides just-in-time access with zero standing privileges to cloud management consoles and services running in multi-cloud environments. These security controls enable secure access to every layer of cloud environments, while causing no disruption or change to the way developers and other users access cloud services.
Charles will be in Sydney & Melbourne - 18-22 March, 2024.
For a demo visit https://www.cyberark.com/request-demo/ or find out more at https://www.cyberark.com/contact/
#mysecuritytv #cyberark #iam #identitysecurity #cloudsecurity #pam
-
Ivo de Carvalho Peixinho, Head Cybercrime Intelligence Unit, INTERPOL, has a BS degree in Computer Science at Universidade Federal da Bahia, with two post-graduations, one in Distributed Systems and another on Mechatronics. He is also a BS7799 certified auditor. Ivo has more than 10 years of experience on network security, and worked the last two years on security research and incident handling. Prior to Interpol, he works as a Forensics Expert at the Brazilian Federal Police Department.
In this interview, Ivo shared insights in 6 topics:
1. Information sharing challenges: Addressing conflicts between private sectors and law enforcement priorities, particularly in cases like ransomware, where the need to restore operations clashes with preserving evidence.
2. Data Processing Regulations: Exploring Interpol's regulations for data processing and exchange, considering cultural barriers, language differences, and data sovereignty concerns when sharing information among different countries.
3. Project Gateway Initiative: Understanding the process and significance of Project Gateway, a collaboration framework between Interpol and private entities, including the steps for private organizations to join this initiative.
4. AI's Impact on Cybersecurity: Recognizing AI as a productivity enhancer, both for defenders and attackers, and the importance of balancing technological advancements with legal frameworks in the evolving cybercrime landscape.
5. Training and Collaboration: Emphasizing the need for regular training sessions and exercises to foster a common understanding and language among global law enforcement agencies, crucial for effective collaboration during global cybercrime operations.
6. Skill Set for Investigators: Discussing the essential skills for law enforcement investigators, including self-driven motivation, the importance of work-life balance, and the role of teamwork, personal interests, and joy in maintaining stamina and perseverance in the field of cybersecurity.
Recorded 7th December, ISC2 Secure Asia Pacific 2023, 10.30am.
#interpol #mysecuritytv #cybersecurity
-
Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software.
Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security.
He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework.
When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk.
Since then Eclypsium has been on a mission to protect devices from supply chain risks.
In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today’s digital devices, and the risk posed by threat actors.
Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:
“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”
He elaborated that “even if it's OK now … 3 months from now, it can be compromised because of those vulnerabilities.”
To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce - discovered in the past 3 to 4 years.
He highlighted the characteristics of such threats:
• These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation.
• They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.
• BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot - a fundamental security feature adopted by modern operating systems - sets it apart as an advanced threat, marking the first instance of such threats discovered "in the wild."
He explained that compromising firmware is attractive for threat actors for many reasons:
• Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.
• Achieve "Persistence" - where traditional mitigation measures cannot remove the malware/threats.
• Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.
• Gain high privileges – Remain hidden and persistent while gaining high level of privileges.
To mitigate against malicious firmware implants, Yuriy suggested,
(a) assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment),
(b) continuous monitoring of system integrity,
(c) implement specialized technologies designed for malicious firmware detection.
Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.
#mysecuritytv #govware #sicw
-
Mr Yeong Zee Kin holds a Master of Laws from Queen Mary University of London and completed his undergraduate law degree at the National University of Singapore. His experience as a Technology, Media and Telecommunications lawyer spans both the private and public sectors. He has spoken and published in areas relating to electronic evidence and intellectual property, as well as legal issues relating to Blockchain and AI deployment.
Zee Kin is an internationally recognized expert on AI ethics. He spearheaded the development of Singapore’s Model AI Governance Framework, which won the UNITU WSIS Prize in 2019. He is currently a member of the OECD Network of Experts on AI (ONE AI). In 2019, he was a member of the AI Group of Experts at the OECD (AIGO), which developed the OECD Principles on AI. These principles have been endorsed by the G20 in 2019. He was also an observer participant at the European Commission’s High-Level Expert Group on AI, which fulfilled its mandate in June 2020
Zee Kin is also a well-regarded expert on data privacy issues. He has contributed to publications on legal issues relating to data privacy and has spoken at many well-recognised international and domestic platforms on this topic.
--
In this interview, Zee Kin shares his insights on the legal challenges in the Era of Advanced AI
Zee Kin highlighted that with the latest AI innovations, the responsibility and legal issues remain largely consistent, but the tools and technology introduce different challenges.
For instance, he shared that such concerns around content, child protection, intermediary behavior, data security, data protection, and cybercrime remain, while challenges such as detection of fake content has intensified due to increased tool accessibility and the scalability of threats.
Referring to the "Getty vs. Stability AI" case, he shared that the interesting question is the use of copyrighted data to train AI models – which is not new, and the key is to establish a proper legal basis for using such data. Data lineage and the provenance of data have always been important in legal contexts.
He also noted that these concerns have also surfaced during the recent governmental responses around the world to the latest AI innovations.
Zee Kin also highlighted the challenges with defining terms such as "fairness," "transparency," and "repeatability" – varies by context, where expectations and priorities for AI differ based on its use, such as safety and predictability in medicine, and bias and fairness in personal data applications.
Repeatability poses an additional challenge in Generative AI because every iteration of an image or summary will vary (**owing to Generative AI's statistical predictive nature).
Zee Kin also shares his views of AI's impact on job security, nothing that there will be emerging opportunities for lawyers to use AI tools for efficiency and error reduction.
Recorded at TechLaw Fest 2023, 21st Sept 2023, 3.30pm, Marina Bay Sands, Singapore.
#mysecuritytv #cybersecurity #ai #law #ailawyer
-
Mr Wong Wai Meng is currently the Chief Executive Officer (Data Centres) of Data Centres & Networks Division. He has almost 30 years of experience in the Information and Communications Technology (ICT) industry and currently spearheads the company's thrust towards being one of the leading data centre developers and solution provider in Europe and Asia Pacific.
Prior to joining Keppel T&T, Mr Wong was Vice President of BT Advise BT Global Services across Asia Pacific, Middle East, Africa and Turkey (AMEA) where he managed the company's practices in business consulting, systems integration, software development, networking, mobility, collaboration and security. He was also CEO of the BT Frontline group of companies where he played a critical role in the integration of BT Frontline into BT Global Services.
Mr Wong now serves as Chair of SGTech Council, Member of the Council and Chair of Digitalisation Committee in Singapore Business Federation, and is active on various industry panels and committees.
In November 2022, he won the Top Business Leaders accolade at the Asia-Pacific Cloud & Datacentre Awards
More recently in August 2023, he was named by the Singapore Computer Society as Tech Leader of the Year 2023.
In this interview, Mr Wong shared his insights on the evolution of data centres over the last two decades, from the early computing days to today’s AI and Web3 eras, highlighting the pivotal role of connectivity in transforming how “we consume technology today”.
Noting how the shift bring to realisation of a “computer” in our palms and concepts such as “software as a service”, he said these transformations contribute to a trend from on-premises solutions to cloud-based applications. These changes in turn have driven demands for centralisation of services in the cloud, leading to the growth of data centres, and the rise of hyperscalers.
Other topics discussed include:
1. The impact of AI on the tech industry, and the significance of AI in the context of AI vs. AI scenarios.
2. Location considerations for data centres (factors such as power availability, water supply for cooling, and connectivity infrastructure being key considerations); sustainability in data centres (including energy efficiency and the use of renewable energy sources).
3. Cybersecurity as a holistic approach to digital trust, which goes beyond just technology and involves governance, data management, and privacy considerations.
Mr Wong wrapped up the interview by sharing how the tech industry's perpetual evolution change keep him passionately engaged throughout his career – and the promise of groundbreaking change, making each day a thrilling journey of discovery.
Recorded at Tech Week 2023, 12th October 2023, 4pm, Singapore Marina Bay Sands.
#mysecuritytv
-
Dennis Giese is a researcher with focus on the security and privacy of IoT devices.
While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.
His most known projects are the documentation and hacking of various vacuum robots. His current vacuum robot army consists of over 49 different models from various vendors.
Recorded on 18 October, 2023 at The Australian Cyber Conference 2023 - Melbourne with the Australian Information Security Association.
#cybercon #IoTsecurity #mysecuritytv
-
Jane Lo speaks with Ben Verschaeren, Director, Global Solutions, Sophos about cybersecurity opportunities and challenges with Generative AI.
With over 19 years in the IT industry, Ben Verschaeren is a seasoned professional based in Melbourne. He leads global strategic initiatives, educates on threat landscapes, and develops training tools focusing on real-world exploits.
Ben also directs a global sales engineering team responding to RFPs, and a software engineering team creating high-quality products for various uses. His prior roles include serving as a Solution Architect at JB HiFi, Australia's largest retailer, and at Thiess, the leading mining and construction company in Australia.
Ben’s unique blend of sales and engineering experience across diverse sectors enables him to drive tech-forward initiatives with an innovative approach, affirming his position as a key asset in the industry.
In this interview, Ben kicked off the interview by sharing his insights on drivers into the wide-spread popularity of the latest AI technology – “generative AI”.
On discussing how generative AI could transform the cybersecurity landscape, Ben acknowledged that it could help increase the productivity of cyber defenders, as an “AI” personal assistant – such as “help you write code” or “help you write query”.
However, he also cautioned that the technology also introduces new threats.
Elaborating on some of the emerging threats, he said that contrary to expectations, malware generated by LLM can be more easily detected than phishing emails and synthetic voice.
To mitigate against such threats, he suggested enhancing business processes and controls (for example, robust fund transfer authorisation, to mitigate phishing risk). He also recommended conducting user awareness training regularly to align with the fast-evolving landscape of phishing tactics, emphasising the importance of understanding the "why."
Another threat is the potential of generative AI to “hallucinate” when making recommendations for software libraries. He pointed out this issue underscores the need to maintain a SBOM (software bill of materials), and implementing quality controls throughout the software development process.
Ben also recommended that organisations looking to embrace AI, develop an “AI policy”, providing guidance in areas such as the types of data or models that to be used during training and deployment. He also shared that middleware solutions are available to anonymise the data entered in the prompt, and check that no personally identifiable information (PII) is included.
Wrapping up, Ben notes that rapid pace of generative AI development and “the landscape is changing everyday”, and advises cyber defenders to “stay on top”, “don’t be complacent”, and it is “another area where and different threats are emerging every day”.
Recorded at Cloud Expo Asia, Singapore Marina Bay Sands, 12th October 2023.
#mysecuritytv #sophos #generativeai #cybersecurity
-
Recognised by the US Cybersecurity and Infrastructure Security Agency (CISA), Motorola Solutions has established a cyber threat Information Sharing and Analysis Organisation (ISAO) to provide public safety agencies the capabilities they need to defend against attacks.
Since January 2022, Motorola Solutions’ Public Safety Threat Alliance observed 350+ cyber attacks impacting public safety organisations worldwide, often resulting in downtime of critical services.
Cyber attacks against public safety agencies increased in both 2021 and 2022, with 2022 seeing a 700 percent increase in distributed denial of service (DDoS) attacks for public safety organisations and a 179 percent increase in hacktivist activity.
In many Australian states and territories, emergency services use the Motorola Solutions Land Mobile Radio (LMR) communication networks and devices as well as their managed services to help maintain reliable voice and data communications and keep their technology securely and optimised, 24 x 7.
However, LMR networks and other critical infrastructures can also be targeted by threat actors (e.g. critical infrastructures including utilities being targeted in the war in Ukraine)
Motorola Solutions continues to grow and invest in its portfolio of communications, software and video security products including our cyber security offerings. The ActiveEye platform monitors about 1M cyber attack events on public safety networks each month, with 98 percent auto-triaged by artificial intelligence, and the rest looked at by cybersecurity experts on our team to determine how to mitigate risks.
Among Australian customers already using these cyber services are the NSW Telco Authority for which Motorola Solutions are providing a comprehensive suite of public safety services for PSN, including network lifecycle upgrades and 24 x 7 cybersecurity, helping to keep this mission-critical technology up-to-date, secure and performing reliably in any situation.
For more information and to get involved, visit Public Safety Threat Alliance -https://www.motorolasolutions.com/psta
#motorola #cybersecurity #mysecuritytv #publicsafety #motorolasolutions
-
Brendan is a cyber security expert with more than 20 years of experience in the financial sector and U.S. intelligence community, including leadership roles as the founder and CEO of a successful startup and an executive at the National Security Agency. He has a deep knowledge of advanced cyber threat actors, threat hunting, financial sector systemic risks, and risk management best practices.
In this interview, Brendan shared his perspectives on cybersecurity skills, threats and budgets.
Reflecting on his career at the NSA from 2002 to 2013 and essential cybersecurity skills, Brendan emphasized the importance of curiosity, analytical thinking, and adaptability, which he believes are still relevant in today's cybersecurity landscape.
When it comes to the question of whether cyber threat actors possess greater expertise than cyber defenders, Brendan suggested that they strive to utilize their resources as effectively as possible to breach networks. From this standpoint, they share similarities with other criminals who possess the necessary skills to perpetuate their criminal activities.
For cyber defenders also seeking to optimise the return on investments, he noted the challenge of quantifying cybersecurity investments and the need to tailor metrics for different companies and industries.
On the topical theme of AI in cybersecurity, Brendan highlighted the potential of AI, particularly in threat intelligence characterization and customer engagement. He also mentioned the challenges of AI models and their potential use by threat actors.
He also shared his experiences starting a company and raising funds, and the value of Information Sharing and Analysis Centers (ISACs) and various industry-specific information-sharing groups.
Recorded 26th Sept 2023, 5.30pm, Asia Square Singapore.
#mysecuritytv #cybersecurity #isac
-
We speak with Bugcrowd CEO Dave Gerry in Sydney as he visits Australia to meet with partners and customers.
Bugcrowd, a multi-solution crowdsourced cybersecurity platform, has also announced significant global customer momentum, highlighting the market need for Bugcrowd’s crowdsourced cybersecurity platform. The company’s rapidly growing customer base includes top brands such as ExpressVPN, Rapyd and T-Mobile, which have chosen to partner with Bugcrowd for one or more of its Bug Bounty, Penetration Testing and Vulnerability Disclosure Programs.
Serving nearly a thousand organizations worldwide, Bugcrowd empowers customers and hackers to unleash their ingenuity to protect brands and intellectual property. The company drove over 50% growth in payments to the hacker community through customer programs, amplifying a pivotal time of remarkable growth and innovation for the Bugcrowd Platform.
ExpressVPN, an industry-leading privacy and security company, chose Bugcrowd for its world-class team of hackers that had skills expertly matched to their unique scope. The company’s goal is to allow users to take control of their internet experience – with privacy and security at its core – and Bugcrowd makes this possible by streamlining the reporting, remediation, reward and disclosure processes of a public bug bounty program. ExpressVPN has been harnessing Bugcrowd’s powerful and highly-scalable Vulnerability Disclosure and Bug Bounty programs to protect their data and customers for over three years.
Bugcrowd’s latest customers include U.K.-based fintech company Rapyd, who chose Bugcrowd for its ability to support organizations around the globe in scaling their security programs to meet rapid organizational growth. During a time of major acquisitions and the need for more focused API testing, the 500+ Rapyd team transitioned to Bugcrowd in order to leverage the company’s highly specialized team of hackers that fit their exact needs. Bugcrowd’s CrowdMatch technology, which enables precise crowd matching, allows organizations to connect with the right hackers for Rapyd’s needs. In one year, the team found 40 total vulnerabilities, 15 of which were critical.
Top customers also include T-Mobile, the U.S.’ leader in 5G with the largest, fastest and most awarded 5G network in the country. T-Mobile and Bugcrowd launched a revamped public bug bounty platform to invite hackers to find vulnerabilities in T-Mobile’s applications and websites. T-Mobile evaluates the reported vulnerabilities and takes appropriate action.
Recorded 10 October, 2023.
#mysecuritytv #cybersecurity #pentesting #bugbounty #bugcrowd
-
In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore’s “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.
Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.”
Other topics covered in the interview include:
• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.
• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”
• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation
• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences.
John Lee, Managing Director, Global Resilience Federation
John has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.
Thian Chin Lim Senior Director (Governance Group) GovTech
Thian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity.
Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA).
Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.
Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor’s Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.
Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.
-
Mr. Yigal Unna was appointed by Israel’s Prime Minister as the Director General of the Israel National Cyber Directorate (INCD) in 2018. In this 4 years role, until 2022, Mr. Unna reported directly to the Israeli Prime Minister and led a team of 350 employees responsible for all aspects of cyber security, including formulating policy and building technological power for operational defense of critical infrastructure. In addition to his work protecting Israel, Mr. Unna forged long-term relationships with many foreign governments and lectured around the world on cyber security.
Prior to the INCD, Mr. Unna served in the Israel Security Agency (ISA), also known as Shin Bet and Shabak, for 23 years. The ISA is Israel’s domestic intelligence service. He retired as the Director of the Cyber and Signal Intelligence Operations Division (military rank equivalent of major general).
Mr. Unna began his career as an officer in the elite Unit 8200 in the Israel Defense Forces. Unit 8200 is responsible for collecting signal intelligence and code decryption.
Overall, Mr. Unna served 33 years in Israel National security – all of them in cyber security and Data warfare.
Since retiring from public office, Mr. Unna advise to leading and promising Israeli cyber startups and growing enterprises, a venture partner in venture capital funds focusing on cyber security, and manage national cyber projects for foreign governments (Africa, Asia and eastern Europe).
Mr. Unna take part in the international advisory panel for Singapore Ministry of Transportation in Maritime, contributing his experience on cyber security aspects of Maritime.
Mr. Unna is part of the Global Cyber Group of Aspen institute, and a member of the advisory team to Krach Institute for tech diplomacy at Purdue, both US research institutions.
In this interview, Mr Unna shares with the audience his extensive experience, and his perspectives on the emerging cybersecurity issues introduced by innovations such as blockchain and AI.
Touching briefly on blockchain, Mr Unna notes that, the technology is a huge step “for managing our data and our knowledge in a better and more secure way” and will mature as we build more safeguards and applications.
As an example, he referred to the NFTs. He points out some of the lessons and possibilities introduced by the phenomenon, such as how to better secure and define assets in the future, including non-tangible assets.
On the topic of AI, Mr Unna also believes that, if history is any guide, that after the “first shock of fear and enthusiasm”, AI will be here to stay and “mankind will eventually build security and safeguards”.
However, he also points out that as with other new technologies, the AI innovation outpaces our abilities to put in appropriate safeguards. In particular, he cautions that for the first time in human history, “Intelligent and maybe even self aware machines may begin to become dangerous to mankind”.
He advises that technological companies put ethical principles before business outcomes, to fully harness the benefits of the AI while addressing the potential abuses.
Mr Unna also shares the three areas of AI that the Israel cybersecurity community is working and researching on:
(a) how cyber threat actors could exploit AI
(b) how cyber defenders could harness AI
(c) emerging threats from adversarial AI - a new playground of AI vs. AI
Wrapping up, Mr Unna shares 3 valuable cybersecurity lessons drawn from his extensive experience for defenders.
Recorded at ST Engineering’s InnoTech Conference 2023, held at Marina Bay Sands, Singapore on 5th September 2023, 4.30pm.
Our previous Webinar session with Mr Unna when in the role as Director General is available here
https://australiancybersecuritymagazine.com.au/australia-israel-counterpart-series-national-cybersecurity-strategy-insights/
-
Mark Orsi is the Chief Executive Officer of Global Resilience Federation, (GRF) a non-profit with the mission to develop and support threat intelligence and information sharing communities including education, operations technology, financial services, retail and hospitality, legal and professional services, energy, health, and oil and natural gas.
Launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, GFR is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure.
Mr. Orsi led strategic efforts for several prominent Fortune 100 companies, working directly with CIOs and CISOs to develop, deploy, and improve security controls protecting the confidentiality, integrity, and availability of sensitive information.
Mark joined the company from JPMorgan Chase where he served as executive director and product owner for cybersecurity and technology controls. Prior to JPMorgan, Mr. Orsi served KPMG as director of cybersecurity, and Goldman Sachs as vice president of technology risk.
Mark holds an MBA from Columbia Business School, an MS in computer science from Johns Hopkins University, and a BS in Aerospace Engineering from the University of Maryland
In this interview, Mark shared the latest in artificial intelligence, and operational resiliency.
Artificial intelligence
Mark highlights how the latest AI innovations powered by large language model differ from the previous iterations of AI technologies such as democratising the cyberattacks tools used by nation state actors and leveraging dynamic datasets in training AI models.
He also notes how cyber defenders are adopting the technology to “multiply” the efforts of resources, for example, in code development and testing. He also foresees that such technology would empower cyber defenders to deliver more targeted threat intelligence.
Through a personal story, Mark illustrates how the technology lowers the barriers of entry for hacktivists and other threat actors, and the importance of exercising extra vigilance – including understanding how the third parties in the supply chain are using AI. He also notes that an “AI” SBOM (akin to the software SBOM) could help to address the AI model and data supply chain concerns.
Operational resiliency
Mark introduces the Operational Resilience Framework (ORF) launched by Global Resilience Federation’s Business Resilience Council (BRC) to solve the challenge of providing services in an impaired state.
For example, while businesses may have robust processes in place for backing up business or customer data for regulatory reasons, less attention may be paid to backup data such as system images or active directory, network configurations –which would minimize service disruptions in the face of destructive attacks and events.
He also explains that ORF was developed to be broadly applicable and is aligned with existing controls like those from NIST and ISO.
Some useful links and contacts:
BRC: https://www.grf.org/brcOperational Resilience Framework: https://www.grf.org/orfLeadership Guide to AI Security - https://www.grf.org/the-leadership-guide-to-securing-aiPractitioners’ Guide to AI Security - https://www.grf.org/practitioners-guide-to-managing-ai-securityGeneral info: [email protected]; Mark Orsis: [email protected] on Security and Third-Party Risk – Oct 11-12 Austin Texas: https://www.grf.org/2023-summit-on-security-and-third-party-riskRecorded 25th August 2023, 1.30pm, GRF APAC Headquarters Singapore
- Visa fler
