Data Security Decoded

Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

Dr. Ido Sivan Sevilla [https://www.linkedin.com/in/ido-sivan-sevilla/] joins host Caleb Tolin⁠⁠⁠ [https://www.linkedin.com/in/calebtolin/] to break down battlefield stories from a massive analysis of over 3,000 local government entities. Dr. Sivan Sevilla, who serves as an Assistant Professor at the UMD College of Information [https://www.linkedin.com/school/university-of-maryland/] and holds joint positions at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, brings a multidisciplinary lens to the alarming reality of risk clusters. Their discussion moves past theory to explore how hundreds of counties share identical IP addresses and third-party service providers, creating centralized points of failure that attackers can identify using data. The dialogue highlights the dual-use nature of modern AI models. While these tools allow adversaries to automate exploit generation for open-source software, Dr. Sivan Sevilla, leveraging his expertise as founder of UMD's Tech Policy Hub, explains how defenders can use AI operations to map their own attack surfaces for free. By utilizing honeypots and large language models, limited-resource organizations can transition from reactive patching to a proactive posture. The episode concludes with a strategic look at identity resilience, advocating for adaptive regulations that learn from compliance data rather than static, outdated legislative mandates. Resources * CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog [https://www.cisa.gov/known-exploited-vulnerabilities-catalog] * This research [https://www.afcea.org/signal-media/cyber-edge/crucial-first-look-nations-cyber-attack-surfaces] was conducted by Dr. Ido Sivan Sevilla, Dr. Charles Harry, and Mr. Mark McDermot, with additional support from student researcher Mr. Parthav Poudel What You’ll Learn * How to prioritize the 3% of vulnerabilities that actually result in real-world exploitation. * The definition of attack surface diversity versus severity in measuring county level risk. * The impact of LLMs on identifying flaws in open source software for attackers and defenders. * Why risk clusters create a single point of failure for hundreds of independent county governments. * Methods for conducting ethical passive reconnaissance to map organizational security postures from the outside. * How adaptive regulations can improve compliance by learning from real-time security data and metrics. * The strategic benefit of using honeypots to monitor targeted threats against limited-resource digital infrastructure.

The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser

In this episode, host⁠ ⁠Caleb Tolin⁠⁠ [https://www.linkedin.com/in/calebtolin/] explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest⁠ ⁠Cynthia Kaiser⁠⁠ [https://www.linkedin.com/in/cynthia-kaiser-cyber/] shares Battlefield Stories from her time at the FBI and her current work as SVP of the Ransomware Research Center at⁠ ⁠Halcyon⁠⁠ [https://www.linkedin.com/company/halcyonai/], illustrating how the industrialization of cybercrime has reached a tipping point. They dive into the alarming reality of modern dwell times, specifically looking at how groups like Akira move from initial access to full encryption in as little as one hour. The conversation challenges the industry to face the inconvenient truths of cybercrime and ransomware. Kaiser shares case studies of how modern cybercriminals are adopting multilateral techniques to gain access to and exploit your network. By adopting an Assume Breach mindset, elite defenders can build the defense in depth required to combat malicious threat actors who follow their own rules to cause disruption and destruction. Resources * House Homeland Security Committee Testimony: ⁠Online Scams, Crypto Fraud, and Digital Extortion⁠ [https://homeland.house.gov/hearing/online-scams-crypto-fraud-and-digital-extortion-an-examination-of-how-transnational-criminal-networks-target-americans/] * Halcyon Analysis: ⁠Akira Ransomware Attacks in Under an Hour⁠ [https://www.halcyon.ai/ransomware-research-reports/akira-ransomware-attacks-in-under-an-hour] * Halcyon: ⁠Sicarii Ransomware Encryption Key Handling Defect⁠ [https://www.halcyon.ai/ransomware-alerts/alert-sicarii-ransomware-encryption-key-handling-defect] * Previous Episode Referenced: ⁠Downtime in Healthcare is Fatal: Achieving Resilience in Health & Life Sciences [https://www.rubrik.com/podcasts/downtime-in-healthcare-is-fatal-achieving-resilience-in-health-life-sciences] What You’ll Learn * Why designating ransomware as terrorism helps influence adversary target selection. * The impact of Akira's accelerated dwell time on traditional incident response. * How AI enables clumsy amateur "wannabes" to conduct messy attacks. * The critical role of phishing resistant MFA in securing the identity perimeter. * Why Assume Breach necessitates deep defense in depth strategies. * The overestimation of readiness among CISOs compared to actual red team performance Episode Highlights * [00:00] - The Case for Designating Ransomware as Terrorism * [04:20] - Modern Extortion and the Shortening of Dwell Time * [08:30] - Ransomware Recovery in Interconnected Cloud Environments * [11:45] - The Impact of AI on the "Wannabe" Attacker * [17:45] - Three Actionable Steps for Modern Defenders * [21:30] - Inconvenient Truths for Government and Private Sector

The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik

The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik [https://www.linkedin.com/in/joseph-h-9248913/], Head of Rubrik [https://www.linkedin.com/company/rubrik-inc/] Zero Labs, and Staff Security Researcher Amit Malik [https://www.linkedin.com/in/doublezer0/] to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies. A primary focus is implementing a three-layer framework for AI Operations. This model targets the Tool Layer, where agents interact with databases; the Cognitive Layer, which serves as the LLM brain; and the critical Identity Layer. The conversation explores stories in which agents, without malicious intent, have caused catastrophic data loss simply by following an optimized logic path. These instances prove that agents need not be sentient to be destructive when they lack proper human-in-the-loop checkpoints. Technical hurdles of Identity Resilience are also addressed, specifically the explosion of non-human identities that spin up and down like elastic cloud infrastructure. The episode examines the fear index regarding job security, noting that 92% of leaders fear for their roles post-breach. Joe and Amit join Caleb to explore the evolution of personal liability for CISOs and the urgent need to move from basic visibility to deep observability. This is a forward-looking briefing for leaders who recognize that, in an era of autonomous routines, the human must remain the ultimate command-and-control center. What You’ll Learn * Define the agentic paradox to understand why AI efficiency naturally compromises traditional security guardrails. * Implement a three-layer framework to secure the tool, cognitive, and identity components of AI. * Transition from basic visibility to deep observability to track autonomous decision-making in real time. * Mitigate prompt injection risks by auditing the input and output flows of the cognitive layer. * Utilize ephemeral containers to sandbox agentic tools and prevent unauthorized database alterations. * Manage the elasticity of non-human identities to maintain control over rapidly spinning AI agents. * Anchor AI operations with human-in-the-loop checkpoints to ensure integrity during high-stakes executions. Episode Highlights * Defining the Agentic Identity and Autonomous Routines * Revenue vs. Resilience: The Drivers of AI Urgency * The Three-Layer Framework for Agentic Defense * Shadow AI and the Rise of Invisible Insider Threats * The Context Gap: Why Rolling Back AI Actions is Hard * The CISO Fear Index and Personal Liability Post-Breach * Visibility vs. Observability in Elastic Identity Environments

Detecting Adversary Intent: Analyzing Behavioral Tells in Admin Logs with Allison Wikoff

Adversaries are already logging into your network using your own admin credentials. In this episode, Caleb Tolin [https://www.linkedin.com/in/calebtolin/] sits down with Allison Wikoff [https://www.linkedin.com/in/allison-w/] to move past the identity clichés and analyze the specific behavioral signals that separate routine IT maintenance from state-sponsored sabotage. They dissect why resilience is not a flash of genius during a crisis, but a mindset that organizations can adopt to stay ahead of dynamic threat actors. The conversation explores how attackers are increasingly bypassing traditional controls like MFA and leveraging non-human identities such as service accounts, APIs, and AI agents. These identities often operate with persistent access and elevated privileges, making them highly attractive targets. As AI continues to lower the barrier to entry, adversaries are moving faster and blending more effectively into normal activity, making detection significantly more challenging. The episode also examines how ransomware, espionage, and sabotage offer different behavioral tells, with data exfiltration now central across multiple threat types. In parallel, organizations must begin preparing for long-term risks like quantum computing, where encrypted data stolen today could be exposed in the future (i.e., “harvest now, decrypt later”_. Throughout the discussion, practical strategies take center stage. From strengthening identity hygiene and segmentation to improving visibility across users, systems, and third parties, the fundamentals remain critical. The key takeaway is clear. While the threat landscape is evolving, organizations that focus on identity, preparedness, and resilience will be best positioned to reduce risk and recover effectively. What You’ll Learn * How attackers bypass MFA and blend in using legitimate credentials * Which non-human identities are high-risk targets * How threat actors are leveraging AI to lower the barrier to entry for cybercrime * The difference between ransomware, espionage, and sabotage intent signals * What “harvest now, decrypt later” means for quantum risk * The three hygiene practices that still stop most attacks Episode Highlights [00:00:00] The Limits of MFA Why attackers are starting to work around multi-factor authentication [00:02:00] The Explosion of Non-Human Identities Service accounts, APIs, and AI agents as new attack surfaces [00:04:00] AI and the Speed of Threats How AI is accelerating reconnaissance and malware creation [00:05:00] Ransomware vs. Espionage Why data exfiltration is now central to both [00:06:00] Healthcare Under Pressure Why critical sectors face compounded cyber risk [00:08:00] Quantum Threats Explained Understanding “harvest now, decrypt later” [00:11:00] Identity Recovery Challenges Why restoring trust is harder than restoring systems [00:14:00] The 3 Security Fundamentals Identity hygiene, segmentation, and visibility

Downtime in Healthcare is Fatal: Achieving Resilience in Health & Life Sciences

Cybersecurity in healthcare is undergoing a critical shift. What was once viewed as a back-office IT concern is now directly tied to patient safety and clinical outcomes. In this episode of Data Security Decoded, host Caleb Tolin sits down with John Fokker, Vice President of Threat Intelligence Strategy at Trellix, to explore new findings that reveal a significant increase in inpatient mortality rates following cyberattacks on hospitals, reframing cybersecurity as a life-or-death issue. The conversation dives into how attackers infiltrate healthcare environments, often through familiar entry points like email, before moving laterally across interconnected systems. From HVAC units to supply chain logistics, even nonclinical systems can disrupt care delivery when compromised. The discussion highlights how adversaries blend into hospital networks using legitimate tools, making detection increasingly difficult. We also examine the alarming dwell times seen in healthcare environments and what defenders can do to identify subtle anomalies before they escalate. The episode outlines practical strategies, including stronger email defenses, network segmentation, and proactive threat hunting. Finally, we confront two uncomfortable truths: apolitical healthcare and humanitarian organizations remain prime targets, and AI introduces both powerful defenses and new risks. The takeaway is clear. Cyber resilience is not optional. It is essential to maintain trust, ensure continuity, and ultimately save lives. What You’ll Learn * Why cyberattacks in healthcare directly impact patient mortality * How nonclinical systems can disrupt critical care delivery * What long dwell times reveal about attacker behavior * How threat actors use legitimate tools to evade detection * The most effective ways to reduce healthcare attack surfaces * Why email remains the primary entry point for attackers * How to reframe cybersecurity as a patient safety priority Episode Highlights 00:00 – A Shocking Statistic A 29 percent increase in mortality reframes cyber risk 02:30 – From IT to Patient Safety Why CISOs now have a stronger voice at the board level 05:10 – The Backdoor Problem Nonclinical systems and third parties as attack vectors 09:00 – Living in the Network Understanding long dwell times and stealthy attackers 13:45 – Spotting the Signals Key behavioral indicators defenders should watch 18:20 – Three Steps to Resilience Email security, segmentation, and attack surface reduction 23:10 – Two Inconvenient Truths AI risk and the myth of healthcare immunity 27:00 – Final Takeaway Cybersecurity as operational resilience