Cyberside Chats: Cybersecurity Insights from the Experts
The Rocky Mountain Information Security Conference just celebrated its 20th anniversary in Denver — and the anniversary edition told us exactly where the industry's head is at. In this quick-hit recap, Matt Durrin and Todd Stewart break down the biggest themes from three days at the Colorado Convention Center: agentic AI moving into the SOC (and the “circuit breaker” conversation about how to rein it in), state-level AI regulation getting real with the Colorado AI Act and updated CCPA audit rules, and deepfake extortion graduating from awareness slides to full tabletop simulations — including LMG's own hands-on deepfake extortion lab from the conference floor. Plus: post-quantum jitters, CMMC 2.0 lessons from the assessment trenches, the 31% attrition problem, and five actionable takeaways for IT and security leaders. Key Takeaways for Leaders 1. Put a leash on your AI agents before they need one. If you're deploying agentic AI in the SOC or business workflows, define kill switches, escalation thresholds, and human-approval gates now. The circuit-breaker conversation at RMISC made clear that rollback plans are being written after incidents, not before. 2. Inventory your shadow AI. Employees are already wiring AI agents and coding assistants into production workflows without approval. Run a discovery exercise this quarter — you can't govern what you haven't found. 3. Treat AI regulation as a state-level problem, not a federal one. The Colorado AI Act and updated CCPA audit requirements were front and center. Map which state laws touch your operations and assign ownership — waiting for federal harmonization is a losing bet. 4. Exercise deepfake extortion before it happens to you. Deepfake-driven fraud and extortion have graduated from awareness-slide material to tabletop scenarios. Add one to your next IR exercise cycle — including verification protocols for voice and video requests involving executives and payments. 5. Budget for retention, not just recruitment. With cybersecurity attrition cited at 31%, the cheapest hire is the analyst you don't lose. Burnout mitigation, career pathing, and realistic on-call rotations are now security-resilience line items, not HR nice-to-haves. Resources & Links 1. RMISC (Rocky Mountain Information Security Conference): www.rmisc.org [http://www.rmisc.org] 2. LMG Security — training, tabletop exercises, and research: www.lmgsecurity.com [http://www.lmgsecurity.com] 3. Related episode: “Poisoned on Open: When Looking at the Code Is the Attack” — our deep dive on the Miasma supply-chain worm Connect With Us Enjoyed the episode? Subscribe to Cyberside Chats wherever you get your podcasts, and share it with a colleague who's wrestling with AI governance. Questions or topic suggestions? Reach out to the LMG Security team at www.lmgsecurity.com [http://www.lmgsecurity.com]
78 Folgen
Kommentare
0Sei die erste Person, die kommentiert
Melde dich jetzt an und werde Teil der Cyberside Chats: Cybersecurity Insights from the Experts-Community!