Cybersecurity Where You Are (audio)

Episode 195: Enigma Machines’ Security Lessons for Today

41 min · Gestern
Episode Episode 195: Enigma Machines’ Security Lessons for Today Cover

Beschreibung

In episode 195 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Ed Skoudis [https://www.linkedin.com/in/edskoudis], President of SANS Technology Institute, and Marcus Sachs [https://www.linkedin.com/in/marcsachs], Senior Vice President and Chief Engineer at the Center for Internet Security® (CIS®). Together, they discuss Enigma machines, their history, and their security lessons for today. Here are some highlights from our episode: * 00:56. Introductions to Ed and Marc * 01:32. What Enigma machines are and why cybersecurity folks still care about them today * 06:10. Enigma machines as a symbol for how we can use hacking for noble purposes * 07:18. How the human mind and the need for ease of use can undermine security * 15:59. The importance of testing when designing and maintaining a security system * 20:45. Why "security through obscurity" isn't actually true * 22:58. Curiosity, logic, and a wide range of knowledge: Essential traits for getting hired in cybersecurity today * 30:57. The impact of culture in shaping security policy and priorities * 35:09. Why artificial intelligence (AI) is the Enigma machine of 2026 * 36:11. How to learn more about Enigma machines Resources * Episode 189: The Present and Future of AI-enabled Pentesting [https://www.cisecurity.org/insights/podcast/episode-189-the-present-and-future-of-ai-enabled-pentesting?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * A Short Guide for Spotting Phishing Attempts [https://www.cisecurity.org/insights/blog/a-short-guide-for-spotting-phishing-attempts?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Penetration Testing [https://www.cisecurity.org/services/penetration-testing?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Vulnerability Assessments [https://www.cisecurity.org/services/vulnerability-assessments?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Episode 192: How Leaders Balance Expertise and Communication [https://www.cisecurity.org/insights/podcast/episode-192-how-leaders-balance-expertise-and-communication?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Episode 193: AI Security and Responsibility in EO 14409 [https://www.cisecurity.org/insights/podcast/episode-193-ai-security-and-responsibility-in-eo-14409?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * National Cryptologic Museum [https://www.nsa.gov/museum/] * Enigma Replica: The Enigma touch [https://obsolescence.dev/enigma-touch.html] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

Kommentare

0

Sei die erste Person, die kommentiert

Melde dich jetzt an und werde Teil der Cybersecurity Where You Are (audio)-Community!

Loslegen

2 Monate für 1 €

Dann 4,99 € / Monat · Jederzeit kündbar.

  • Podcasts nur bei Podimo
  • 20 Stunden Hörbücher / Monat
  • Alle kostenlosen Podcasts

Alle Folgen

195 Folgen

Episode Episode 195: Enigma Machines’ Security Lessons for Today Cover

Episode 195: Enigma Machines’ Security Lessons for Today

In episode 195 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Ed Skoudis [https://www.linkedin.com/in/edskoudis], President of SANS Technology Institute, and Marcus Sachs [https://www.linkedin.com/in/marcsachs], Senior Vice President and Chief Engineer at the Center for Internet Security® (CIS®). Together, they discuss Enigma machines, their history, and their security lessons for today. Here are some highlights from our episode: * 00:56. Introductions to Ed and Marc * 01:32. What Enigma machines are and why cybersecurity folks still care about them today * 06:10. Enigma machines as a symbol for how we can use hacking for noble purposes * 07:18. How the human mind and the need for ease of use can undermine security * 15:59. The importance of testing when designing and maintaining a security system * 20:45. Why "security through obscurity" isn't actually true * 22:58. Curiosity, logic, and a wide range of knowledge: Essential traits for getting hired in cybersecurity today * 30:57. The impact of culture in shaping security policy and priorities * 35:09. Why artificial intelligence (AI) is the Enigma machine of 2026 * 36:11. How to learn more about Enigma machines Resources * Episode 189: The Present and Future of AI-enabled Pentesting [https://www.cisecurity.org/insights/podcast/episode-189-the-present-and-future-of-ai-enabled-pentesting?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * A Short Guide for Spotting Phishing Attempts [https://www.cisecurity.org/insights/blog/a-short-guide-for-spotting-phishing-attempts?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Penetration Testing [https://www.cisecurity.org/services/penetration-testing?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Vulnerability Assessments [https://www.cisecurity.org/services/vulnerability-assessments?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Episode 192: How Leaders Balance Expertise and Communication [https://www.cisecurity.org/insights/podcast/episode-192-how-leaders-balance-expertise-and-communication?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * Episode 193: AI Security and Responsibility in EO 14409 [https://www.cisecurity.org/insights/podcast/episode-193-ai-security-and-responsibility-in-eo-14409?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_195-0708_podcast] * National Cryptologic Museum [https://www.nsa.gov/museum/] * Enigma Replica: The Enigma touch [https://obsolescence.dev/enigma-touch.html] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

Gestern41 min
Episode Episode 194: 2026 Cybersecurity Predictions Mid-Year Review Cover

Episode 194: 2026 Cybersecurity Predictions Mid-Year Review

In episode 194 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Ed Skoudis [https://www.linkedin.com/in/edskoudis], President of SANS Technology Institute. Together, they conduct a mid-year review of 2026 cybersecurity predictions from seven Center for Internet Security® (CIS®) experts, as shared on the CIS website [https://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictions?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast]. Here are some highlights from our episode: * 01:50. Ongoing conversations about improving defense with artificial intelligence (AI) * 05:19. A trap to avoid: Automating things with AI because we can regardless of utility * 06:54. Ed's prediction about a near-term transition for AI-enabled vulnerability discovery * 09:27. How AI agents change the economics around conducting a penetration test * 11:26. Adversary emulation: A blurry proposition when threat actors use AI to look like anybody * 14:02. Ed's prediction about threat actors shifting APT profiles within a single attack campaign * 17:00. The need to systematically rethink cyber defense to support state and local cybersecurity * 23:34. How adversaries are pivoting to the "authorization sprawl" in light of zero trust efforts * 29:20. Industry-specific threat intelligence as a way to keep organizations informed * 32:10. Why a policy isn't the same as security control for operational technology (OT) * 33:55. Social expectations and public policy objectives around holistic OT security * 39:52. Compliance as a floor, not a ceiling, that results as a byproduct of continuous security * 43:43. The need for oversight and confidence in technology as distinct from the "Fog of More" Resources * Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1 [https://www.cisecurity.org/insights/podcast/episode-169-2026-cybersecurity-predictions-from-cis-pt-1?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2 [https://www.cisecurity.org/insights/podcast/episode-174-2026-cybersecurity-predictions-from-cis-pt-2?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 179: 2026 Cybersecurity Predictions from CIS — Pt 3 [https://www.cisecurity.org/insights/podcast/episode-179-2026-cybersecurity-predictions-from-cis-pt-3?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 189: The Present and Future of AI-enabled Pentesting [https://www.cisecurity.org/insights/podcast/episode-189-the-present-and-future-of-ai-enabled-pentesting?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Authorization Sprawl: The Vulnerability Reshaping Modern Attacks [https://www.rsaconference.com/library/report/authorization-sprawl] * Episode 188: DBIR 2026 Insights and Collaboration with CIS [https://www.cisecurity.org/insights/podcast/episode-188-dbir-2026-insights-and-collaboration-with-cis?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Mapping and Compliance with the CIS Controls [https://www.cisecurity.org/cybersecurity-tools/mapping-compliance/mapping-and-compliance-with-the-cis-controls?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Mapping and Compliance with the CIS Benchmarks [https://www.cisecurity.org/cybersecurity-tools/mapping-compliance/mapping-and-compliance-with-the-cis-benchmarks?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

1. Juli 202651 min
Episode Episode 193: AI Security and Responsibility in EO 14409 Cover

Episode 193: AI Security and Responsibility in EO 14409

In episode 193 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Rob T. Lee [https://www.linkedin.com/in/leerob], Chief of Research & Chief AI Officer at the SANS Institute, and Brian Calkin [https://www.linkedin.com/in/brian-calkin], Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®). Together, they discuss AI security and the responsibility of the U.S. government in creating confidence around it, as represented in Executive Order (EO) 14409, "Promoting Advanced Artificial Intelligence Innovation and Security." Here are some highlights from our episode: * 00:50. Introductions to Rob and Brian * 02:32. How to conceptualize confidence around something as complex as AI security * 04:32. The U.S. government's responsibility to set AI security guardrails as clear expectations * 08:12. The use of "voluntary" participation to create confidence in the context of EO 14409 * 14:38. How Mythos AI and similar developments affect assessment of frontier AI models * 17:11. Airport security as an analogy for understanding AI security and privacy concerns * 18:41. Why cybersecurity is a hard sell until an incident occurs * 20:50. How AI is quickly becoming critical infrastructure * 22:53. Furbies as reference for a flexible, iterative benchmarking process for AI security * 25:50. The need for technical folks to translate AI risks into something understandable * 28:21. Balancing encouragement of AI innovation with mindfulness of risk * 31:24. The basics as a foundation for building shared responsibility around AI security Resources * Promoting Advanced Artificial Intelligence Innovation and Security [https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * Episode 190: Separating Mythos AI Fact from Fiction [https://www.cisecurity.org/insights/podcast/episode-190-separating-mythos-ai-fact-from-fiction?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program [https://labs.cloudsecurityalliance.org/mythos-ciso/] * Anthropic says it has taken its latest AI models offline to comply with new export controls [https://apnews.com/article/anthropic-artificial-intelligence-trump-fable-mythos-d9cc7df5c02e93837d0f0bfb24d5cfd2] * Establishing Essential Cyber Hygiene [https://www.cisecurity.org/insights/white-papers/establishing-essential-cyber-hygiene?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * Episode 187: The Role of a CISO as a Strategic Storyteller [https://www.cisecurity.org/insights/podcast/episode-187-the-role-of-a-ciso-as-a-strategic-storyteller?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

24. Juni 202639 min
Episode Episode 192: How Leaders Balance Expertise and Communication Cover

Episode 192: How Leaders Balance Expertise and Communication

In episode 192 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Marcus Sachs [https://www.linkedin.com/in/marcsachs], Senior Vice President and Chief Engineer at the Center for Internet Security® (CIS®). Together, they discuss how leaders, including those in cybersecurity, balance their technical expertise with mastery of communication strategies. Here are some highlights from our episode: * 00:51. Introductions to Marcus * 02:04. How Marcus found value in using analogies to communicate complex topics * 08:40. Coordination with non-technical folks as a sign of leadership maturity * 14:03. The wisdom in knowing what to say and what not to say when managing up * 17:31. The need to balance technical skills with team resourcing in a way that's imitable * 21:07. The challenge of leaders learning by proximity in hybrid and remote environments * 24:16. "Classic" engineering vs. "new" engineering * 25:13. Lessons from Boards in applying discipline, rigor, and order to software engineering * 28:23. The value in leaders continuously learning how businesses work Resources * Episode 183: The Role of CISO in Supporting Risk Translation [https://www.cisecurity.org/insights/podcast/episode-183-the-role-of-ciso-in-supporting-risk-translation?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * Episode 187: The Role of a CISO as a Strategic Storyteller [https://www.cisecurity.org/insights/podcast/episode-187-the-role-of-a-ciso-as-a-strategic-storyteller?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * Episode 99: How Cyber-Informed Engineering Builds Resilience [https://www.cisecurity.org/insights/podcast/episode-99-how-cyber-informed-engineering-builds-resilience?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * 7 CIS Experts' 2026 Cybersecurity Predictions [https://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictions?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

17. Juni 202631 min
Episode Episode 191: GenAI Misuse for Physical Threat Planning Cover

Episode 191: GenAI Misuse for Physical Threat Planning

In episode 191 of Cybersecurity Where You Are, Sean Atkinson sits down with Sasha Elvenaes, Sr. Multidimensional Threat Analyst at the Center for Internet Security® (CIS®), and Rian Davis, Multidimensional Threat Analyst at CIS. Together, they discuss how threat actors are misusing generative artificial intelligence (GenAI) to plan physical threats. Here are some highlights from our episode: * 00:40. Introductions to Sasha, Rian, and their research on GenAI misuse * 01:56. The impact of GenAI on lowering the barrier for operationalizing physical threat activity * 03:37. Exploitation of GenAI model design to circumvent models' guardrails * 05:58. The misuse of session persistence to streamline physical threat research * 07:57. GenAI misuse: A call for critical infrastructure operators to think about security differently * 11:52. Factors that make large-scale events a target of physical threat activity * 14:33. The use of GenAI as a strategy for organizations to see what threat actors could see * 15:37. Ongoing question: How can drones help mitigate risks while protecting public safety? * 17:13. Extrapolation as a reinforcement of GenAI session persistence * 20:15. The new reality: Look at what information AI can provide to threat actors * 25:01. Traditional methods vs. GenAI conversations for threat planning * 27:58. Continuous vulnerability assessments, communication, and other recommendations Resources * An Examination of Generative AI and Physical Threat Planning [https://www.cisecurity.org/insights/white-papers/an-examination-of-generative-ai-and-physical-threat-planning?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * An Examination of AI-Enabled Threats to Event and Stadium Security [https://www.cisecurity.org/insights/white-papers/an-examination-of-ai-enabled-threats-to-event-and-stadium-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Multidimensional Threats [https://www.cisecurity.org/topics/multidimensional-threats?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Man who exploded Cybertruck in Las Vegas used ChatGPT in planning, police say [https://www.npr.org/2025/01/07/nx-s1-5251611/cybertruck-explosion-las-vegas-chatgpt-ai] * Episode 190: Separating Mythos AI Fact from Fiction [https://www.cisecurity.org/insights/podcast/episode-190-separating-mythos-ai-fact-from-fiction?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Episode 185: AI Prompt Injection from a Risk Perspective [https://www.cisecurity.org/insights/podcast/episode-185-ai-prompt-injection-from-a-risk-perspective?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 5 Steps to Help Secure Your City before a Large-Scale Event [https://www.cisecurity.org/insights/blog/5-steps-to-help-secure-your-city-before-a-large-scale-event?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings [https://www.cisecurity.org/insights/white-papers/uas-evolving-risks-to-large-scale-public-gatherings?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 8 Security Essentials for Managing Your Online Presence [https://www.cisecurity.org/insights/blog/8-security-essentials-for-managing-your-online-presence?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Vulnerability Assessments [https://www.cisecurity.org/services/vulnerability-assessments?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

10. Juni 202631 min