Avsnitt

  • We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.

    Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity.

    Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.

    Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.

    Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds.

    For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #cisoseries #mysecuritytv #cybersecurity

  • We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.

    Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity.

    Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.

    Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.

    Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds.

    For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #cisoseries #mysecuritytv #cybersecurity

  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.

    Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity.

    Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.

    Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.

    Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds.

    For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #cisoseries #mysecuritytv #cybersecurity

  • We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.

    Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC’s mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.

    Balancing Information Sharing and Confidentiality

    One of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.

    Cross-Jurisdictional Collaboration

    With cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.

    The Growing Threat of Ransomware

    Ransomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.

    AI’s Role in OT Cybersecurity

    He also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.

    Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries.

    He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office.

    Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA.

    Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024

    #otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

  • We sat down with Cassie Crosley to explore the complexities of supply chain risks, particularly within the realm of operational technology (OT).

    Comprehensive Supply Chain Security - Crosley detailed the various stages in the supply chain—design, development, and fabrication—where both deliberate and accidental abuses can occur. Each stage presents unique risks, such as compromised design specifications, development flaws, or issues during fabrication. She emphasized that securing the software supply chain requires a holistic approach that goes beyond protecting just software; it must also include firmware and hardware. For example, when working with an Intel chip, securing both the software and firmware associated with that chip is critical. Firmware, which operates at a low level on hardware, is vital for overall system security. Any vulnerabilities in firmware can significantly compromise the entire system, making it essential to secure it alongside software and hardware.

    Challenges in Secure by Design - Crosley also noted that while "secure by design" principles often originate from an IT perspective, they may not seamlessly translate to OT environments. This disparity creates challenges, as certain IT security measures, like multi-factor authentication (MFA), may not be practical or necessary in OT due to specific operational needs. Additionally, OT devices are often multi-generational, increasing the risk of outdated security designs. OT systems, such as programmable logic controllers (PLCs) used in industrial settings, have distinct requirements and constraints, necessitating tailored security approaches.

    Automated Patching Issues - Crosley highlighted that automated patching in OT environments can pose safety concerns and lead to downtime. Unlike IT systems where automated updates are common, OT systems often require careful, manual handling to avoid disrupting critical processes. Automated patching can interfere with vital safety mechanisms, underscoring the need for controlled and deliberate update management.

    SBOM (Software Bills of Materials) - Crosley pointed out that while generating accurate Software Bills of Materials (SBOMs) for modern technologies is relatively straightforward, it becomes more complex for multi-generational OT products due to outdated build practices and the limitations of current scanning tools. While scanners effectively identify open-source components, they struggle with proprietary or commercial libraries, and discrepancies in version identification can be problematic, particularly if certain versions have known vulnerabilities.

    Role of AI in Software Development – She also pointed out how AI can quickly analyze vast amounts of data, identifying risks and correlations between projects that would take humans much longer to detect. For example, AI can track a maintainer's contributions across multiple projects to spot potential security risks, such as involvement in both malicious and non-malicious projects. AI is also increasingly offering developers precise guidance on addressing specific vulnerabilities. Instead of generic suggestions, AI now recommends the best code modifications for a given context, speeding up development and enhancing code security.

    Supplier Assessment - Crosley advised that supplier assessments should focus on specific aspects of vulnerability management and product security rather than generic compliance questions. It's crucial to inquire about suppliers' vulnerability management practices and their methods for ensuring product security. She emphasized the importance of transparency from suppliers regarding their manufacturing processes, product variations, and supply chain details, advocating for detailed questions to effectively understand and mitigate risks.

    Positive Cultural Shift - Crosley shared an encouraging trend where companies are increasingly prioritizing supply chain security. A notable example is a supplier that created a position for a Product Security Officer after facing rigorous scrutiny, reflecting a positive shift towards more robust supply chain security practices.

    Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy.

    #mysecuritytv

  • We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.

    CrowdStrike Lessons Learned

    Tim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.

    Cyber Threat Landscape

    Robert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems.

    He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.

    Critical Control – ICS Network Visibility

    Tim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.

    Critical Control – Incident Response Plan

    Tim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support.

    OT and IT Convergence

    Tim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.

    They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.

    Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.

    Celebrating Wins

    Finally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts.

    Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/

    Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

    Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/

    SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks.

    Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H

    #mysecuritytv #otcybersecurity

  • This episode dives into OT Cybersecurity and discusses:

    SCADA, ICS & IIoT Cybersecurity

    How do we define an OT-related cyber incident?

    What are the leading standards and guidelines for managing OT Cybersecurity and resilience?

    Threat intelligence and suitable ISAC models

    Vendor platform insights and cyber maturity landscape

    Speakers include:

    Daniel Ehrenreich, Secure Communications and Control Experts

    Lesley Carhart, Director of Incident Response - Dragos

    Ilan Barda, Founder - Radiflow

    Rahul Thakkar, Team Lead, System Engineering, ANZ, Forescout

    Dean Frye, Solutions Architect ANZ, Nozomi Networks

    To visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/

    #mysecuritytv #otcybersecurity

    Further reading:

    https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/

    https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/

    https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/

  • In March 2024, the Australian Senate resolved that the Select Committee on Adopting Artificial Intelligence (AI) be established to inquire into and report on the opportunities and impacts for Australia arising out of the uptake of AI technologies in Australia. The committee intends to report to the Parliament on or before 19 September 2024.

    More than 40 Australian AI experts made a joint submission to the Inquiry. The submission from Australians for AI Safety calls for the creation of an AI Safety Institute. “Australia has yet to position itself to learn from and contribute to growing global efforts. To achieve the economic and social benefits that AI promises, we need to be active in global action to ensure the safety of AI systems that approach or surpass human-level capabilities.” “Too often, lessons are learned only after something goes wrong. With AI systems that might approach or surpass human-level capabilities, we cannot afford for that to be the case.”

    This session has gathered experts and specialists in their field to discuss best practice alignment of AI applications and utilisation to safety and cybersecurity requirements. This includes quantum computing which is set to revolutionise sustainability, cybersecurity, ML, AI and many optimisation problems that classic computers can never imagine. In addition, we will also get briefed on: OWASP Top 10 for Large Language Model Applications; shedding light on the specific vulnerabilities LLMs face, including real world examples and detailed exploration of five key threats addressed using prompts and responses from LLMs; Prompt injection, insecure output handling, model denial of service, sensitive information disclosure, and model theft; How traditional cybersecurity methodologies can be applied to defend LLMs effectively; and How organisations can stay ahead of potential risks and ensure the security of their LLM-based applications.

    Panelists

    Dr Mahendra Samarawickrama

    Director | Centre for Sustainable AI

    Dr Mahendra Samarawickrama (GAICD, MBA, SMIEEE, ACS(CP)) is a leader in driving the convergence of Metaverse, AI, and Blockchain to revolutionize the future of customer experience and brand identity. He is the Australian ICT Professional of the Year 2022 and a director of The Centre for Sustainable AI and Meta61. He is an Advisory Council Member of Harvard Business Review (HBR), a Committee Member of the IEEE AI Standards, an Expert in AI ethics and governance at the Global AI Ethics Institute (GAIEI), a member of the European AI Alliance, a senior member of IEEE (SMIEEE), an industry Mentor in the UNSW business school, an honorary visiting scholar at the University of Technology Sydney (UTS), and a graduate member of the Australian Institute of Company Directors (GAICD).

    Ser Yoong Goh

    Head of Compliance | ADVANCE.AI | ISACA Emerging Trends Working Group

    Ser Yoong is a seasoned technology professional who has held various roles with multinational corporations, consulting and also SMEs from various industries. He is recognised as a subject matter expert in the areas of cybersecurity, audit, risk and compliance from his working experience, having held various certifications and was also recognised as one of the Top 30 CSOs in 2021 from IDG.

    Shannon Davis

    Principal Security Strategist | Splunk SURGe

    Shannon hails from Melbourne, Australia. Originally from Seattle, Washington, he has worked in a number of roles: a video game tester at Nintendo (Yoshi’s Island broke his spirit), a hardware tester at Microsoft (handhelds have come a long way since then), a Windows NT admin for an early security startup and one of the first Internet broadcast companies, along with security roles for companies including Juniper and Cisco. Shannon enjoys getting outdoors for hikes and traveling.

    Greg Sadler

    CEO | Good Ancestors Policy

    Greg Sadler is also CEO of Good Ancestors Policy, a charity that develops and advocates for Australian-specific policies aimed at solving this century’s most challenging problems. Greg coordinates Australians for AI Safety and focuses on how Australia can help make frontier AI systems safe. Greg is on the board of a range of charities, including the Alliance to Feed the Earth in Disasters and Effective Altruism Australia.

    Lana Tikhomirov

    PhD Candidate, Australian Institute for Machine Learning, University of Adelaide

    Lana is a PhD Candidate in AI safety for human decision-making, focussed on medical AI. She has a background in cognitive science and uses bioethics and knowledge about algorithms to understand how to approach AI for high-risk human decisions

    Chris Cubbage

    Director - MYSECURITY MEDIA | MODERATOR

    For more information and the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/

  • In this interview, we sat down with Greg Smith (Head of Global Product and Solution Marketing, Certinia) to get his insights into the stages of data maturity within the AI adoption journey.

    Greg advices that a key distinction in the nature of data handling between generative and predictive AI. Unlike predictive AI, which primarily analyzes existing data, generative AI creates new data from existing information. This fundamental shift necessitates a robust data strategy aligned with AI objectives to maximize the technology's potential.

    The maturity model outlines a progression from fragmented data usage to a sophisticated, integrated approach. Organizations initially leverage external data for efficiency gains, but internal data becomes crucial for deeper insights and influencing business metrics. As AI adoption matures, a focus on closed-loop systems emerges, where predictions are continuously refined based on real-world outcomes. This journey involves both technological and cultural transformations, with early stages emphasizing technology and later stages prioritizing cultural changes such as data governance and AI skill development.

    The ultimate goal is to transition from efficiency gains to improved decision-making and scaled impact.

    ----

    Greg Smith, Head of Global Product and Solution Marketing, Certinia.

    A primary focus of Greg’s is to help services organizations of any size run a more efficient, profitable, and data-driven services organization.

    ----

    Recorded at SuperAI Singapore, 6th June 2024, 2.30pm.

    #mysecuritytv #ai #certinia #superai

  • We speak with Nick McKenzie, CI&SO and Sunil Joshi, Head of Digital & Communication Solutions, APJC, Orange Business about the CISO perspectives in the Asia Pacific Region.

    #mysecuritytv #bugcrowd

    For the full interview and to join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

  • Nick McKenzie, CI&SO with Bugcrowd & Sumit Bansal, VP Asia Pacific & Japan, BlueVoyant discuss CxO perspectives on supply chain defence and Third Party Risk Management (TPRM).

    To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #mysecuritytv

  • Unlock the secrets of effective threat management with cybersecurity experts plus representatives from the Hacker community. This series will dive into the realm of cybersecurity and cybercrime analytics as our line-up of hackers and technologists debate the crucial role ethical hacking plays in fortifying digital defences.

    This includes exploring the 'living off the land' strategies, offensive best practices, and insights on harnessing the ethical hacker's prowess to stay one step ahead in the ever-evolving threat landscape. Don't miss this illuminating series on proactive cybersecurity measures that can redefine the way organizations safeguard their digital assets.

    Casey Ellis, Chief Strategy Officer with Bugcrowd was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections.

    Saj Lohani, is a celebrated Whitehat hacker and in the Hacker Hall of Fame for Amazon, Yahoo, Github, AT&T, US Defense and others. At Bugcrowd his role is Global TISO & Snr Director, Cybersecurity.

    To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #mysecuritytv

  • Hot on the heels of Bugcrowd recently achieving Unicorn status, following their recent USD $102 million fund raise, Bugcrowd's CEO Dave Gerry and founder and Chief Strategy Officer, Casey Ellis outline Bugcrowd’s vision for the future and plans for growth and expansion throughout the Asia Pacific region in 2024/5 and beyond.

    Dave Gerry has been in the AppSec market for nearly a decade and has held key leadership positions within several cybersecurity companies such as WhiteHat Security, Veracode, Sumo Logic, and The Herjavec Group. Dave is passionate about building programs that are repeatable, scalable, and predictable, helping to drive customer business outcomes and technical value.

    Casey Ellis was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections.

    To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/

    #bugcrowd #mysecuritytv

  • Prior to Joining Seaco as CIO, Damian Leach held the position of Chief Technology Officer for Workday Asia Pacific and Japan. Prior to his CTO position at Workday Damian spent 13 years in the Banking and Finance industry in Global Technology roles, most recently working for Standard Chartered Bank based in Singapore. Damian led the Digital Transformation program for the Bank to move to the cloud and pioneered Voice Biometric technologies for the retail Banking customers.

    Prior to coming to Asia, Damian spent many years managing professional services teams to develop core banking interactive technology systems in Europe.

    Damian is a certified AI professional having studied AI Bias and Governance at NTU and also completed an EMBA in Business Administration focused on Asian Leadership and Entrepreneurship with overseas segments in Wharton Penn university and UC Berkley HaaS.

    In his spare time Damian coaches, mentors, and is a panelist on startups / innovation contest across Asia.

    ---

    In this interview, Damian shares the highlights of how Seaco, a global company HQ in Singapore leverages a network of shipping ports and depots and has over 3million TEUs in circulation. The Seaco IT team in partnership with the business are running a series of experiments with AI and Big data to help it adapt to stay ahead of the curve. While there is a lot of hype surrounding AI, Damian emphasizes the importance of understanding the core business problems before jumping to technology solutions.

    He introduced the ACE framework (Analytics, Conversational, and Experience) which can help pinpoint the most relevant business cases for AI adoption. For instance, at Seaco, they evaluated 30 potential use cases and narrowed it down to 3 that deliver the biggest boost to productivity and revenue.

    However, successful AI adoption goes beyond technology. Damian highlights the importance of employee and stakeholder buy-in. This means addressing fears of job displacement and showcasing how AI can actually enhance productivity. For example, he explains how success stories from pilot projects can pave the way for realizing the technology's full impact.

    He also emphasizes fostering a culture of "psychological safety" where employees feel comfortable experimenting with new technologies. Looking to the future, he acknowledged that AI presents both opportunities and challenges for business leaders. As such, it’s essential to have a clear vision and strategy in place, along with a commitment to ongoing learning and development for his employees.

    Recorded 29th May 2024, ATxSG Singapore Expo, 12.30pm.

  • In this interview at SINCON 2024, Dr. Joshua James, a Regional Counter Cyber Crime Coordinator for the United Nations Office on Drugs and Crime (UNODC), shared his insights on the Regional Counter-cybercrime programme at UNODC.

    Dr. James argued that while law enforcement agencies are getting better at responding to cybercrime, the cyber criminals are also getting better at what they do. This is because cybercrime is a business for them, and they invest heavily in security measures to protect their operations.

    He believes that the key to defeating cybercrime is for governments to see their citizens as assets rather than liabilities. If people are viewed as assets, then more will be invested in educating them and giving them the tools they need to protect themselves online.

    He also said that international cooperation is essential in the fight against cybercrime. The current system for international cooperation, called mutual legal assistance, was created before the internet and is not effective for cybercrime. New tools and methods for international cooperation are needed.

    In conclusion, Dr. James said that he is confident that cybercrime can be defeated, but it will take a lot of work from governments and citizens alike.

    Recorded 23rd May 2024, 10.30am, SINCON 2024, Singapore.

    Dr. Joshua James is the United Nations Office on Drugs and Crime (UNODC) Regional Counter-Cybercrime for Southeast Asia and the Pacific, based in Bangkok, Thailand. He and his team implement counter-cybercrime programme in the region through capacity building and awareness programmes at all levels of government. He has worked as a seconded researcher with the Irish Police Computer Crimes Investigation Unit, INTERPOL’s Financial and High-Tech Crime Unit, and the Korean National Police. He has also worked closely with public and private sector groups to raise awareness about cybersecurity and cybercrime issues. He completed his Bachelor’s degree in Network Security from Purdue University, and his PhD in Computer Science with a focus on automating human inference in investigations from University College Dublin.

    #mysecuritytv #unodc #cybercrime

  • In this interview, we speak with Mac Munsayac, Head of Customer Experience at Philippine Airlines, to explore the transformative role of AI in the aviation industry. Mac elaborates on the integration of generative AI and tools to enhance customer interactions by providing personalized, proactive, and frictionless experiences, especially in scenarios involving flight disruptions and service-related concerns.

    He underscores the significance of recognizing AI's limitations and stresses the necessity of human intervention in high-risk tasks to ensure accuracy and reliability. Training employees effectively and maintaining ongoing communication are crucial to successfully implementing AI. Mark highlights that starting with high-volume, less complex pain areas allows for immediate impact and smoother adoption.

    Using the example of checking flight statuses—a high-volume but straightforward task—he illustrates how AI can significantly reduce customer queries and improve service efficiency. This approach serves as a training ground, gradually extending AI's application to more complex scenarios. Mark also touches on the importance of defining clear metrics for operational efficiency, customer experience, and cost savings to measure AI's success.

    Ultimately, he advises organizations to adopt a phased approach, beginning with manageable tasks to build trust and progressively enhancing AI capabilities. This ensures that AI is leveraged effectively to improve customer experiences and operational efficiency while managing risks and expectations realistically.

    Mac Munsayac, Head of Customer Experience, Philippine Airlines: A dynamic leader with 20 years of diverse leadership experience spanning global finance, business process outsourcing, and aviation. Currently serving as the head of PAL Customer Experience, he excels in fostering innovation, problem-solving, and maximizing organizational performance. In this capacity, he oversees initiatives aimed at enhancing passenger satisfaction, streamlining services, and elevating the overall customer journey. Beyond his professional pursuits, Mac is an avid traveler, deeply passionate about immersing himself in diverse cultures and experiences.

    Recorded 8 May 2024, 3pm, World Tour Essentials Asia 2024, Singapore Marina Bay Sands Convention Centre #mysecuritytv

  • As Vice President and CTO, Solutions, for Salesforce ASEAN, Gavin Barfield leads a team of Salesforce engineers across the region to develop and drive integrated technology solutions for Salesforce customers. Gavin works closely with customers in ASEAN on their digital transformations, bringing together the full value of the Salesforce platform to drive positive business outcomes.

    A seasoned IT veteran with over 20 years of experience, Gavin has a deep technology background in areas like IT infrastructure, enterprise architecture, cybersecurity, and program management for a variety of industries. Prior to joining Salesforce, he has held C-level positions managing IT and transformation for some of Southeast Asia’s largest companies, such as Ayala Corporation and Meralco. Gavin also brings many years of experience in management consulting into his work for customers.

    Gavin has a passion for emerging technologies and he regularly speaks at international conferences and other forums on the future of disruptive technologies and how they affect people and work.-

    In this interview, Gavin discusses how, to drive AI adoption and reap the benefits of AI, businesses need accurate, complete data and humans in the driver’s seat. He highlights several key points:

    • Trust and Value Gaps: Two main barriers to AI adoption are the trust gap and the value gap. Trust in generative AI is essential, as companies need to ensure that AI outputs are accurate, unbiased, and secure.

    • Human at the Helm: Gavin emphasizes the importance of having humans oversee AI operations. AI should complement human work by enhancing capabilities while maintaining transparency and trust with customers.

    • Quality Data: AI systems need to be grounded in high-quality, trusted data. Many companies struggle with AI outputs due to a lack of trust in the data used to train these models.

    • Use Case Awareness: Understanding the appropriate use cases for AI is crucial. Companies need to educate employees and align AI implementations with specific business problems to maximize benefits.

    • Governance and Training: Effective governance and training are necessary to build trust in AI. Organizations should focus on data accuracy, transparency, and the role of AI as a supportive tool, not a replacement for humans.

    • Security and Privacy: Protecting customer and company data is paramount. Salesforce has implemented a trust layer that masks personal information, uses secure gateways, and ensures data is not retained by large language models (LLMs).

    • Future of AI: Gavin anticipates that within a year, the AI landscape will evolve with more specialized LLMs tailored to specific industries and regions. Trust, security, and embedding AI into everyday workflows will remain critical factors for successful AI adoption.

    Recorded 8th May 2024, 12noon, Singapore Marina Bay, Salesforce World Tour Essentials 2024 Singapore

  • In this interview at Black Hat Asia 2024, we spoke with Adrian Wood and Mary Walker, security engineers from Dropbox, about the critical issues surrounding AI security, backdoors, and malware.

    Adrian and Mary explained that many users rely on pre-existing machine learning (ML) models from public repositories rather than creating their own. This introduces vulnerabilities similar to those found in open-source software. Using in-house data requires careful handling to avoid bias and unintended consequences, while third-party models can be compromised.

    They emphasized that downloading and running models from the internet can introduce malware. Attackers can backdoor models to alter their functions or insert malicious code, posing significant threats, especially in sensitive industries.

    Adrian and Mary also stressed the importance of understanding the ML environment, ensuring proper logging, and having incident response plans in place. Companies should prepare by conducting tabletop exercises and securing their supply chains.

    For more educational information on machine learning: https://gist.github.com/5stars217/236bab5d1d8d50e9785a4136aca8cf20

    --------

    Dropbox, Security Engineer - Adrian Wood, aka threlfall, currently works for Dropbox on their red team. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive security research team at a US bank. His research recently has been in supply chain attacks on CI/CD and ML systems, which includes maintaining the offsec ml playbook and has presented on these topics at DEFCON 30, 31, the DEFCON AI village, Cackalackycon and more.

    Dropbox, Security Engineer - Mary Walker, aka mairebear, currently works for Dropbox on their threat intelligence team; she splits her time at work between research (primarily focused on ML) and building tooling to help her team move faster. She's previously worked at a major online retailer on their malware analysis and forensics team, a US bank on their red team, and an energy company in their SOC. Her background is primarily in DFIR and malware analysis, with a keen interest in production environments.

    Recorded 18th April 2024, 4.30pm, BlackHat Asia 2024, Singapore

    #BHAsia #mysecuritytv #blackhat

  • Now in its fourth year we'll be starting this year's series at a heightened time of risk and significant activity across the security domain - the opening episodes will be discussing how these events impact private security and emergency services and what may be the broader requirements and implications.

    To open the series, which will run regular episodes of live webinars, pre-recorded interviews and in-person events, we wanted to open with the current state of play – regional conflicts in the Middle East and Europe with a steadily growing risk of an Indo-Pacific conflict and how this will and may impact on the private security and emergency management sector.

    In this episode we're joined by:

    Paul Riley, Director, Foreign Risk at Curtin University

    Bryan de Caries, CEO, Australian Security Industry Association

    Dr Shannon Ford, Faculty of Humanties, Curtin University

    Prof Sissel Jore, visiting Professor with Edith Cowan University

    Webinar title: Requirements and implications on the private security sector in a phase of multi-region conflict

    • Implications of war (and pre-war) in the Indo-Pacific and impacts on the private security sector

    • Alignment and consistency of national security advice

    • Trust in information systems and delivery/interpretation

    • Current and required national response frameworks should war break out in the Indo-Pacific

    • Learning outcomes from the Pandemic – what went wrong and what needs to change?

    #mysecuritytv

  • Now in its fourth year we'll be starting this year's series at a heightened time of risk and significant activity across the security domain - the opening episodes will be discussing how these events impact private security and emergency services and what may be the broader requirements and implications.

    To open the series, which will run regular episodes of live webinars, pre-recorded interviews and in-person events, we wanted to open with the current state of play – regional conflicts in the Middle East and Europe with a steadily growing risk of an Indo-Pacific conflict and how this will and may impact on the private security and emergency management sector.

    In this episode we're joined by:

    • Dr Malcolm Davis, Senior Analyst, ASPI

    • Stephen Beaumont AM, Chair, Critical Infrastructure ISAC and

    • Gill Savage, Senior Fellow, ASPI

    Webinar title: Requirements and implications on the private security sector in a phase of multi-region conflict

    • Implications of war (and pre-war) in the Indo-Pacific and impacts on the private security sector

    • Alignment and consistency of national security advice

    • Trust in information systems and delivery/interpretation

    • Current and required national response frameworks should war break out in the Indo-Pacific

    • Learning outcomes from the Pandemic – what went wrong and what needs to change?

    #mysecuritytv