View this email in your browser

Defense in Depth

Responsibly Embracing Generative AI

Businesses are walking a tightrope with generative AI. On the one hand, it's a potentially disruptive technology, and no one wants to be the last one to adopt it. On the other hand, we're only just starting to understand the risks it presents to an organization. So how can organizations implement generative AI responsibly?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security.

Embracing AI without sacrificing security

AI integration isn't just an option—it's a necessity. "Banning AI is like banning the use of the Internet. We have to figure out how to use it safely while avoiding disruption to our business," said Jason Fruge of Risksilience. Forward-thinking CISOs should explore AI's potential. That doesn’t mean there shouldn’t be robust guardrails and controls, but the time to start is now. 

Realistically navigate the landscape of LLMs and data security

CISOs need to differentiate LLM FUD (fear, uncertainty, and doubt) from the actual risks they pose to your organization. Organizations already have acceptable use policies, these can be adapted to these emerging tools. Caleb Sima, former CSO of Robinhood advises, "Data leakage in LLMs is overhyped and not the most critical risk. Enterprises have far more likely areas of vulnerability." While LLMs present unique challenges, CISOs know how to do strategic planning and enact robust data practices. Don’t think a new tool is bigger than your existing security practices.

The importance of smart metrics and business insights

Like anything else in your security program, CISOs need to set themselves up for success with strong metrics on LLMs. "Companies must implement initial metrics and monitoring controls to assess how people embrace and adopt AI policies and protect the enterprise from key AI risks," said Mauricio Ortiz from Merck. These metrics go hand in hand with how the business wants to use these tools. "Understanding how your business desires to use the tech can help identify risk factors and mitigation strategies rather than playing whack-a-mole by 'banning' it and everyone looking for ways around it," said John Scrimsher of Kontoor Brands.

Predicting the AI market's evolution and challenges

Let’s not forget, we’re in early days when it comes to LLM in business. We’re just starting to see the first enterprise-focused services hit the market. So where is the market going? "I foresee a market for self-hosted and on-prem AI systems getting hot, possibly on the back of open-source implementations,” forecast Charles Stewart of Validin. 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Nudge Security

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Howard Holton, CTO and industry analyst, GigaOm.

Thanks to our Cyber Security Headlines sponsor, OffSec

Cyber chatter from around the web...

Jump in on these conversations 

"Risk Quantification: A Primer on Where to Start" (

More here

)

"What are some things a security expert would know that a security enthusiast wouldn't?" (

More here

)

"Why is CyberSecurity marketed so obnoxiously?" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [11-17-23] Hacking US Data Privacy

• [12-01-23] Hacking Trust Management

Save your spot

and register for them all now!

You're Not Alone With Imposter Syndrome

Imposter syndrome is something that a lot of cybersecurity professionals deal with, but isn't talked about enough.

With that in mind, I set out on the show floor at Black Hat 2023 to find out when professionals have experienced imposter syndrome. Often it's triggered by being dropped into an unfamiliar experience, or coming into surprising expectations. The feeling doesn't go away. But it's all part of being a life-long learner and getting "comfortable with the uncomfortable."

Thanks to all those who participated!

Huge thanks to our sponsor, Armis

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.