Secure Talk Podcast

When we think about cybersecurity, images of tech giants and major financial centers come to mind—but what about the towns where most of us actually live? This SecureTalk episode with cybersecurity researcher Lars Kruse explores an often-overlooked question: how do communities of 20,000-100,000 residents protect themselves in an increasingly digital world? Host Justin Beals and Kruse, who studies at Sweden's Defense University, discuss the practical realities of implementing cybersecurity in resource-constrained environments. Through his research on over 600 European municipalities and validation interviews with consultants and administrators, Kruse reveals fascinating insights about the gap between written policies and daily operations. The conversation opens with a real-world incident from Germany where 72 towns simultaneously lost access to their IT systems—not through sophisticated hacking, but through preventable security oversights. This case study illustrates why understanding operational security matters just as much as regulatory compliance. Key topics explored include: - How mid-sized communities differ from "smart cities" in their security approach - The balance between regulatory requirements like GDPR, NIS2, and DORA - Why employee training consistently ranks as the most critical security investment - Practical frameworks for managing third-party technology vendors - The role of political leadership in prioritizing cybersecurity budgets - How research institutions contribute to better security policies Kruse shares optimistic findings too: many organizations already practice good security fundamentals—they just need guidance connecting their existing processes to compliance requirements. The episode emphasizes that cybersecurity isn't about expensive technology alone; it's about building resilient practices that protect community services and citizen data. Perfect for professionals in public administration, IT management, business operations, or anyone curious about how digital security works beyond headlines. This conversation offers practical knowledge about protecting the digital infrastructure we all depend on daily. SecureTalk features conversations with experts shaping the future of cybersecurity and compliance, hosted by Justin Beals, CEO of Strike Graph. #Cybersecurity #PublicSector #DigitalSecurity #CommunityResilience #SecurityEducation #DataPrivacy #TechPolicy #LocalGovernment #CyberAwareness #ITSecurity

Quantum computing represents one of the most significant advances in computer science we'll see in our lifetimes. We're watching error correction rates improve faster than predicted, with Google's Willow chip achieving benchmarks that compress development timelines dramatically. For security professionals, this creates an exciting challenge: how do we architect systems today that remain secure as computing power evolves? What makes this particularly interesting is that blockchain and Web3 technologies are at the forefront of this transition—not because they're more vulnerable, but because they're leading the way in implementing quantum-resistant solutions. Unlike traditional systems where encryption happens behind closed doors, blockchain's transparency means every transaction, every wallet, every cryptographic operation is visible on a public ledger. When post-quantum cryptography becomes necessary, these systems can't just patch quietly in the background. They need to migrate entire ecosystems while maintaining trust with users who can see every change on-chain. In this episode, we sit down with James Stephens, founder and CEO of Krown Technologies and a certified cryptocurrency forensic investigator, to explore how the blockchain industry is pioneering quantum-resistant infrastructure that will inform security practices across all sectors. What We Discuss: * Why blockchain and DeFi are leading quantum-resistance innovation * How transparent, public ledgers change the security equation * The practical steps security leaders can take now to prepare * Why true randomness requires physics, not just algorithms * Lessons from a decade of cryptocurrency forensic investigations * How to build quantum-resistant infrastructure without sacrificing user experience * Assessing vendor roadmaps for quantum readiness across any industry James brings practical experience from both investigating cryptocurrency breaches and building quantum-resistant blockchain infrastructure. His forensic work revealed that most losses come from key mishandling and social engineering rather than cryptographic breaks—insights that shaped how he approaches designing secure systems for any environment. This conversation covers both the technical innovation happening in quantum computing and the architectural decisions security teams need to make to prepare their organizations for this next era of computing power. About the Guest: James Stephens is a recognized authority in blockchain security and cryptocurrency forensics with over a decade of experience at the intersection of digital assets, cybersecurity, and quantum innovation. He holds certifications including CBE, CCFI, and CORCI, and is the author of "Quantum Reckoning: Securing Blockchain and DeFi in the Post-Quantum Era." #Cybersecurity #QuantumComputing #PostQuantumCryptography #Blockchain #Web3 #DeFi #InfoSec

Discover how strategic foresight is revolutionizing cybersecurity thinking. In this compelling SecureTalk episode, renowned futurist Heather Vescent reveals the 12 invisible paradigms that have shaped our entire approach to cybersecurity - and why breaking them could transform how we defend digital systems. Back in 2017, Vescent applied strategic foresight methodology to cybersecurity, uncovering fundamental assumptions like "security always plays catch-up," "the user is always wrong," and "we are completely dependent on passwords." Her research, published in 2018, predicted the passwordless revolution that's now mainstream reality. This isn't just theoretical - Vescent demonstrates how appreciative inquiry flips traditional problem-solving approaches. Instead of asking "what's broken and how do we fix it," she explores "what's working well and how do we amplify it?" This methodology helped identify paradigm shifts that seemed radical in 2018 but are now industry standard. Key insights include: - How to shift from reactive to proactive security postures - Why attack surface analysis needs systematic approaches - The role of AI as thought partner rather than replacement - How transparency reduces insider threat attack surfaces - Practical applications of decentralized identity technologies - Why security teams should focus on strengths, not just vulnerabilities Vescent also addresses the commercialization challenges facing promising technologies like self-sovereign identity, explaining how ethical innovations often get compromised during market adoption. Her work bridges the gap between cybersecurity's technical realities and its broader societal implications. For CISOs, security leaders, and technologists seeking to influence rather than just react to the future, this conversation provides actionable frameworks for anticipating threats and building more resilient systems. Vescent's strategic foresight methodology offers a roadmap for moving beyond endless problem-solving cycles toward security that creates value rather than just preventing loss. Resources:  Shifting Paradigms Paper: https://www.researchgate.net/publication/330542765_Shifting_Paradigms_Using_Strategic_Foresight_to_Plan_for_Security_Evolution  Threat Positioning Framework GPT: https://chatgpt.com/g/g-68100f6a8c7481919d693ec9d4d9faab-the-threat-positioning-framework-gpt-by-h-vescent Self Sovereign Identity Book : https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP?&linkCode=sl1&tag=vescent39-20&linkId=2797fe6ea49dff79952bc866ec8e8baf&language=en_US&ref_=as_li_ss_tl  Heather's  email list: https://research.cybersecurityfuturist.com/

In a converted hat factory in 1990s Boston, a group of hackers worked through the night to techno beats and Soul Coughing, driven by a simple philosophy: "smarter beats bigger." One of them, Chris Wysopal, would later stand before Congress and deliver a stark warning—a small group of dedicated hackers could bring down the entire internet in 30 minutes. Today, that same hacker faces a new challenge. The AI revolution everyone celebrates may be creating the largest security vulnerability in computing history. Chris and his team at Veracode just completed the most comprehensive study of AI-generated code ever conducted—testing 100 different language models across 80 coding scenarios over two years. What they discovered contradicts everything the tech industry believes about AI development tools. The Reality Behind the Hype: Despite billions in investment and years of development, AI systems create vulnerabilities 45% of the time—exactly matching human error rates. While AI has dramatically improved at writing code that compiles and runs, it has learned nothing about writing secure code. The models have simply gotten better at disguising their mistakes. The Mathematics of Risk: Development teams now code 3-5x faster using AI assistants like GitHub Copilot and ChatGPT. Same vulnerability rate, exponentially faster development speed equals a multiplication of security flaws entering production systems. Many organizations are simultaneously reducing their security testing capacity just as they accelerate their vulnerability creation rate. The Training Data Problem: The source of the issue lies in contaminated training data. These AI systems have absorbed decades of insecure code from open-source repositories and crowd-sourced platforms like Reddit. They've learned every bad coding practice, every deprecated security measure, every vulnerability pattern from the past 30 years—and they're reproducing them at machine speed. The Technical Reality:  Chris walks through specific findings: Java fails security tests 72% of the time, cross-site scripting vulnerabilities appear consistently, and inter-procedural data flows confuse even the most advanced models. The study reveals why some vulnerability types prove nearly impossible for current AI to handle correctly. From Underground to Enterprise: This isn't just another technical report—it's a perspective from someone who helped define modern cybersecurity. The same analytical approach that once exposed vulnerabilities in massive corporate systems now reveals why the AI coding revolution presents unprecedented challenges. The Path Forward:  While general-purpose AI struggles with security, specialized models focused on fixing rather than generating code show promise. Chris explains how Veracode's targeted approach to code remediation succeeds where broad AI systems fail, pointing toward solutions that embrace the "smarter beats bigger" philosophy. The hacker who once operated in shadows now examines these systems in broad daylight, revealing how our accelerated development practices may be outpacing our ability to secure them. Chapters 00:00 The Origins of Loft Hacking Group 07:48 Generative AI in Software Development 13:39 Vulnerabilities in AI-Generated Code 18:56 The Challenges of Secure Coding 24:34 The Future of AI in Software Security 29:45 The Impact of AI on Developer Roles Resources: Veracode 2025 GenAI Security Report [https://www.veracode.com/resources/analyst-reports/2025-genai-code-security-report/]

90% of Twitter users are represented by only 3% of tweets. When you scroll through your feed and form opinions about what "people are saying" about politics, you're not seeing the voices of nine out of ten users. You're seeing the loudest, most extreme 10% who create 97% of all political content on the platform. In this episode of SecureTalk, host Justin Beals explores the "invisible majority problem" with Dr. Claire Robertson, Assistant Professor at Colby College. Together they examine how moderate voices have been algorithmically erased from our public discourse, creating pluralistic ignorance that threatens democracy itself. Dr. Robertson's journey began at Kenyon College during the 2016 election—a blue island in a sea of red where Trump won the county by 40 points but the campus precinct went 90% blue. Surrounded by good people who saw the same election completely differently, she dedicated her career to understanding how we end up living in different realities. Topics covered: * The psychology behind false polarization * How extreme voices get mathematically amplified * Why conflict drives engagement in the attention economy * The abandonment of scientific rigor in AI deployment * Research methods for understanding our digital public square * Resources: Claire E. Robertson, Kareena S. del Rosario, Jay J. Van Bavel, Inside the funhouse mirror factory: How social media distorts perceptions of norms, Current Opinion in Psychology, Volume 60, 2024, 101918, ISSN 2352-250X, https://doi.org/10.1016/j.copsyc.2024.101918. (https://www.sciencedirect.com/science/article/pii/S2352250X24001313)