- CISO Series Newsletter
- Posts
- [12-12-23]--You’re Not Leaving This House Until You Cover Up That LLM
[12-12-23]--You’re Not Leaving This House Until You Cover Up That LLM
You’re Not Leaving This House Until You Cover Up That LLM
CISO Series Podcast
You’re Not Leaving This House Until You Cover Up That LLM
Security spending on AI grew 51% over the last two years. But many CISOs think adopting new LLM-based tools will make breaches more likely. So why the rush to throw money at them?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian.
What do IT heroes say about your security program?
Regardless of department, organizations thrive on people who can step up to meet new challenges. These are the type of people you want to encourage, particularly in cybersecurity. But it’s one thing to call upon people to step up, it’s another thing to depend on them. Anton Chuvakin points out that depending on this type of “IT heroism” in your SOC actually points to a lack of ability to scale processes for unexpected incidents. Worse, it creates a culture where developing this process is hampered by the very people stepping up to solve day to day issues.
Fearing AI so much that you adopt it faster
Many people fear adopting LLM-based tools would make breaches more likely, according to a recent survey from IBM’s Institute for Business Value. Yet this comes as organizations continue to pour money into AI, with spending up 51%. It seems that fears about getting left behind with this new technology outpace any security considerations. Or maybe the business and cybersecurity aren’t aligned?
Is red teaming offensive?
How should your organization use red teaming? Some see it as a scout team, designed to act as an attacker against your defenses to see how they do, according to Andy Ellis. But there’s more than one way to do offensive cybersecurity. Richard Ford argues you should use offensive cybersecurity to continuously test already established defenses. This allows you to focus your defenses and patching efforts around what your offensive cybersecurity team is able to do against you.
Finding the signal in the threat intelligence noise
The last few years have been characterized by a rise in reports of state-affiliated threat actors. Some of this is due to better reporting on these actors, some due to a rise in hot wars across the globe. Either way, there’s a lot of activity to keep track of, as ESET’s Q2-Q3 Activity Report clearly illustrates. To paraphrase Richard Ford, what matters with these reports is whether they will actually change what you and your organization need to do. Don’t chase these threat actor reports. The priority is making sure you’re doing all your security fundamentals well. Then you can keep an ear on something that applies specifically to your organization.
Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to our podcast sponsor, Praetorian
What’s a great approach from a security vendor?
"I love it when a security vendor comes in and they lose all the marketing fluff, and they just tell me what this thing really does, and we get straight to the chase. It’s refreshing, saves a lot of time, it’s fun, and bluntly, it’s better for everyone." - Richard Ford, CTO, Praetorian
Listen to full episode of
Do We Have to Fix ALL the Critical Vulnerabilities?
"'Trust but verify.' You want to trust the platform, but you need to be able to verify what it's telling you is accurate, and until you have that trust you're not going to know whether it's giving you the right information unless you have the experience and the time behind you to manage those types of understandings and in that context, right?" - David Christensen, VP, CISO, PlanSource
Listen to full episode of
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
LIVE!
Cyber Security Headlines - Week in Review
Make sure you
to join the LIVE "Week In Review" this Friday for
Cyber Security Headlines
with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Rusty Waldron, chief business security officer, ADP.
Thanks to this week's headlines sponsor, Barricade Cyber Solutions
Super Cyber Fridays!
What Do You Have In Your SaaS Environment?
Getting started on your SaaS security journey means understanding what you actually have in your environment. Many organizations have estimates, but Ofer Klein, co-founder and CEO at Reco, is still surprised at the sheer number of apps and app connections that go unaccounted for in a new customer. This is a preview of our Super Cyber Friday event happening this Friday, December 15, 2023. Our topic will be "Hacking the Saas Security Journey: An hour of critical thinking of how to secure your SaaS applications in a holistic way."Watch the video of our discussion.Also joining me and Ofer will be Robert Kugler, head of security and compliance, Cresta.
It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!
Thanks to our Super Cyber Friday sponsor, Reco
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.