Listen to Easy Prey

Red models associated with AI technologies highlight real-world vulnerabilities and the importance of proactive security measures. It is vital to educate users about how to explore the challenges and keep AI systems secure. Today’s guest is Dr. Aditya Sood. Dr. Sood is the VP of Security Engineering and AI Strategy at Aryaka and is a security practitioner, researcher, and consultant with more than 16 years of experience. He obtained his PhD in computer science from Michigan State University and has authored several papers for various magazines and journals. In this conversation, he will shed light on AI-driven threats, supply chain risks, and practical ways organizations can stay protected in an ever-changing environment. Get ready to learn how the latest innovations and evolving attack surfaces affect everyone from large companies to everyday users, and why a proactive mindset is key to staying ahead. Show Notes: * [01:02] Dr. Sood has been working in the security industry for the last 17 years. He has a PhD from Michigan State University. Prior to Aryaka, he was a Senior Director of Threat Research and Security Strategy for the Office of the CTO at F5. * [02:57] We discuss how security issues with AI are on the rise because of the recent popularity and increased use of AI. * [04:18] The large amounts of data are convoluting how things are understood, the complexity is rising, and the threat model is changing. * [05:14] We talk about the different AI attacks that are being encountered and how AI can be used to defend against these attacks. * [06:00] Pre-trained models can contain vulnerabilities. * [07:01] AI drift or model or concept drift is when data in the training sets is not updated. The data can be used in a different way. AI hallucinations also can create false output. * [08:46] Dr. Sood explains several types of attacks that malicious actors are using. * [10:07] Prompt injections are also a risk. * [12:13] We learn about the injection mapping strategy. * [13:54] We discuss the possibilities of using AI as a tool to bypass its own guardrails. * [15:18] It's an arms race using AI to attack Ai and using AI to secure AI. * [16:01] We discuss AI workload analysis. This helps to understand the way AI processes. This helps see the authorization boundary and the security controls that need to be enforced. * [17:48] Being aware of the shadow AI running in the background. * [19:38] Challenges around corporations having the right security people in place to understand and fight vulnerabilities. * [20:55] There is risk with the data going to the cloud through the LLM interface. * [21:47] Dr. Sood breaks down the concept of shadow AI. * [23:50] There are also risks for consumers using AI. * [29:39] The concept of Black Box AI models and bias being built into the particular AI. * [33:45] The issue of the ground set of truth and how the models are trained. * [37:09] It's a balancing act when thinking about the ground set of truth for data. * [39:08] Dr. Sood shares an example from when he was researching for his book. * [39:51] Using the push and pretend technique to trick AI into bypassing guardrails. * [42:51] We talk about the dangers of using APIs that aren't secure. * [43:58] The importance of understanding the entire AI ecosystem. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Aditya K Sood [https://adityaksood.adrokk.com/] * Aditya K Sood - LinkedIn [https://www.linkedin.com/in/adityaks/] * Aditya K Sood - X [https://x.com/adityaksood] * Aryaka [https://www.aryaka.com/] * COMBATING CYBERATTACKS TARGETING THE AI ECOSYSTEM: Assessing Threats, Risks, and Vulnerabilities [https://www.amazon.com/COMBATING-CYBERATTACKS-TARGETING-ECOSYSTEM-Vulnerabilities-ebook/dp/B0DJRMBQQ6/] * Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks [https://www.amazon.com/Empirical-Cloud-Security-Practical-Intelligence-ebook/dp/B0CJQ82Y24/] * Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks [https://www.amazon.com/Empirical-Cloud-Security-Practical-Intelligence-ebook/dp/B092NLPMBH]

What makes someone betray their country? It’s rarely just about money. In this episode, you’ll hear from a retired CIA officer who spent 25 years recruiting foreign spies by tapping into something deeper than greed. Jim Lawler shares real stories from his career in human intelligence, where persuasion was built on empathy, trust, and understanding what truly drives people. From failed pitches to high-stakes successes, he explains the psychology behind espionage, how personal stress becomes a powerful leverage point, and why most people who commit treason believe they’ve been betrayed first. Whether you’re curious about spycraft or just want a better grasp of human behavior, this conversation pulls back the curtain on how people can be influenced to cross the line. Show Notes: * [00:50] Jim was a CIA operations officer. His job was to recruit foreign spies for the CIA. * [01:21] Most of his career was about battling weapons of mass destruction. His specialty was human intelligence and recruiting foreign spies was the backbone of that. * [02:32] He's now a speaker and a teacher. He's also written three spy novels. * [03:02] MICE Framework: Money, Ideology, Coercion, and Ego. * [05:11] Jim shares a story from one of his first recruitment pitches. He also found out that revenge is a driving force for espionage. * [11:58] Polygraph tests are stress detectors. * [15:16] Divorce is one of the most psychologically tumultuous times in a person's life. When recruiting, Jim would become their best friend because he never once recruited a happy person. * [16:07] He would study the crack system like a rock climber. He was a keen listener and very curious.  * [17:33] Empathy and patience were everything when recruiting spies. * [20:21] Jim talks about the metaphysics, which is like a neural link where he would put out what he would envision as an invisible link to the brain of his recruits. * [22:11] If something is too good to be true it is. * [23:45] As a recruiter, he had to manipulate, exploit, and subvert people to get them to do what he wanted them to do. * [27:58] Jim believes in treating people the way he would like to be treated. He was sincere with his actions. * [28:35] He believes in using his powers of persuasion for good. * [32:43] Over 90% of the people he pitched became assets. * [33:48] Jim explains what a cold pitch is and the objective to get the second meeting.  * [36:58] His novels are thinly based on operations he did. A lot of his stories are based on things that he has done or things that his colleagues have done. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Jim Lawler - SPYEX [https://www.spyex.com/expert/james-lawler] * The Traitor's Tale (The Guild Series Book 3) [https://www.amazon.com/Traitors-Tale-Guild-Book-ebook/dp/B0DZPZHY1N] * In the Twinkling of an Eye: A Novel of Biological Terror and Espionage (The Guild Series Book 2) [https://www.amazon.com/Twinkling-Eye-Biological-Terror-Espionage-ebook/dp/B09P23CSF4] * Living Lies: A Novel of the Iranian Nuclear Weapons Program (The Guild Series Book 1) [https://www.amazon.com/Living-Lies-Iranian-Nuclear-Weapons-ebook/dp/B09D8M8R22] * Soulcatcher: James Lawler Discusses The Motivations For Espionage [https://www.youtube.com/watch?v=yPZcm8_kgAk]

When it comes to cybersecurity, most people think about firewalls, passwords, and antivirus software. But what about the attackers themselves? Understanding how they operate is just as important as having the right defenses in place. That’s where Paul Reid comes in. As the Vice President of Adversary Research at AttackIQ, Paul and his team work to stay one step ahead of cybercriminals by thinking like them and identifying vulnerabilities before they can be exploited.   In this episode, we dive into the world of cyber threats, ransomware, and the business of hacking. Paul shares insights from his 25+ years in cybersecurity, including his experience tracking nation-state attackers, analyzing ransomware-as-a-service, and why cybercrime has become such a highly organized industry. We also talk about what businesses and individuals can do to protect themselves, from understanding threat intelligence to why testing your backups might save you from disaster. Whether you're in cybersecurity or just trying to keep your data safe, this conversation is packed with insights you won’t want to miss. Show Notes: * [00:58] Paul is the VP of Adversary Research at AttackIQ.  * [01:30] His team wants to help their customers be more secure. * [01:52] Paul has been in cybersecurity for 25 years. He began working in Novell Networks and then moved to directory services with Novell and Microsoft, Active Directory, LDAP, and more.  * [02:32] He also helped design classification systems and then worked for a startup. He also ran a worldwide threat hunting team. Paul has an extensive background in networks and cybersecurity.  * [03:49] Paul was drawn to AttackIQ because they do breach attack simulation. * [04:22] His original goal was actually to be a banker. Then he went back to his original passion, computer science. * [06:05] We learn Paul's story of being a victim of ransomware or a scam. A company he was working for almost fell for a money transfer scam. * [09:12] If something seems off, definitely question it. * [10:17] Ransomware is an economically driven cybercrime. Attackers try to get in through social engineering, brute force attack, password spraying, or whatever means possible. * [11:13] Once they get in, they find whatever is of value and encrypt it or do something else to extort money from you. * [12:14] Ransomware as a service (RaaS) has brought ransomware to the masses. * [13:49] We discuss some ethics in these criminal organizations. Honest thieves? * [16:24] Threats look a lot more real when you see that they have your information. * [17:12] Paul shares a phishing scam story with just enough information to make the potential victim click on it.  * [18:01] There was a takedown of LockBit in 2020, but they had a resurgence. It's a decentralized ransomware as a service model that allows affiliates to keep on earning, even if the main ones go down. * [20:14] Many of the affiliates are smash and grab, the nation states are a little more patient.  * [21:11] Attackers are branching out into other areas and increasing their attack service, targeting Linux and macOS. * [22:17] The resiliency of the ransomware as a service setup and how they've distributed the risk across multiple affiliates. * [23:42] There's an ever growing attack service and things are getting bigger. * [25:06] AttackIQ is able to run emulations in a production environment. * [26:20] Having the ability to continuously test and find new areas really makes networks more cyber resilient. * [29:55] We talk about whether to pay ransoms and how to navigate these situations.  * [31:05] The best solution is to do due diligence, updates, patches, and separate backups from the system.  * [35:19] Dealing with ransomware is a no win situation. Everyone is different. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Paul Reid - Vice President, Adversary Research AttackIQ [https://www.attackiq.com/who-we-are/] * Paul Reid on LinkedIn [https://www.linkedin.com/in/paul-reid-77097a15/] * AttackIQ Academy [https://www.academy.attackiq.com/] * Understanding Ransomware Threat Actors: LockBit [https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a]

Ever had that creepy feeling someone's watching you online? Now imagine if that feeling was actually your reality, not just your browsing history being tracked, but cameras following your every move on the street, your conversations being monitored, your payments scrutinized. For our guest Josh Summers, this wasn't some dystopian nightmare, it was his daily life. Josh isn't your typical privacy advocate. As the creator behind All Things Secured (both a website and YouTube channel), his passion for digital privacy was forged through nearly 20 years living abroad, much of it in China. There, he didn't just read about surveillance, he lived under its shadow, using VPNs to bypass censorship and experiencing the gut-wrenching moment of being detained and questioned by Chinese authorities. In our revealing conversation, Josh pulls back the curtain on what government surveillance actually feels like from the inside. He shares how these experiences transformed a personal survival strategy into a mission to help others protect themselves in our increasingly watched world. We dive into how surveillance actually works from those eerily accurate facial recognition systems to the GPS tracking that follows your every move, and the countless ways big companies turn your personal information into profit. Josh not only makes us aware of potential problems, he offers real-world solutions that balance security with the convenience we all crave. With Josh's guidance, we discover surprisingly simple ways to shield our digital lives from encrypted messaging apps that keep conversations private, virtual credit cards that protect your finances, and alternative mailing addresses that safeguard your physical location. He also reveals the hidden dangers lurking in those so-called smart devices scattered throughout your home, and explains why privacy matters even if you think you have nothing to hide. Show Notes: * [00:34] Josh is the host of All Things Secured. He wants to help people become a hacker's worst nightmare. * [01:30] Josh, his wife, and children lived in China. There was censorship and social platforms were blocked.  * [02:05] He began using VPNs. Over the decade there, every type of surveillance was used. * [03:34] He had a travel site and walked around with a camera. * [04:03] In 2018 he was detained by the government. It was scary and he realized the rights he was giving up when traveling to other countries. * [05:53] He was kicked out of China, and became more conscious of the pervasive mass surveillance. * [08:40] He was severely outmatched with the psychological tricks of the interrogators. * [12:57] Even if surveillance is legal, that doesn't make it ethical.  * [13:18] Small consistent steps towards privacy will make us less of a target. * [14:25] Josh talks about ways that we are being monitored from cameras to facial recognition. Digital currencies track what we purchase. * [17:04] Facebook has so many files on us. Being tracked online adds up. * [21:07] There are ways to build a privacy moat around your digital life and still stay in contact with friends and family. * [22:27] Steps for practical privacy include being careful about how you share data, encrypted alternatives, and use masking services to reduce your digital footprint. You can also use virtual credit cards. * [31:46] We talk about using peer-to-peer payment apps. * [34:12] When your habits and your contacts are public, it makes it easier to social engineer. * [35:29] Virtual mailboxes can add additional privacy.  * [39:50] Issues with IoT devices include how it's being stored, transmitted, and shared. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Josh Summers [https://www.joshsummers.com/] * All Things Secured [https://www.allthingssecured.com/] * All Things Secured YouTube [https://www.youtube.com/@AllThingsSecured] * Go West Ventures [https://www.gowestventuresllc.com/] * Josh Summers on LinkedIn [https://www.gowestventuresllc.com/] * The Unexpected Cost of Privacy with John McAfee [https://www.easyprey.com/the-unexpected-cost-of-privacy-with-john-mcafee/] * Privacy.com [http://privacy.com] * IronVest [https://ironvest.com/] * PostScan Mail [https://www.postscanmail.com/] * Traveling Mailbox [https://travelingmailbox.com/]

In a world where data is more important than ever, understanding how it is acquired, shared, and misused is critical. Data brokers work behind the scenes, amassing enormous amounts of personal information from online activity, loyalty programs, and even public records, often without the users' knowledge. This data powers targeted marketing, scams, and even identity theft. But what can be done to regain control of personal privacy? Today we're diving deep into this topic with cybersecurity expert Darius Belejevas, who has spent years assisting folks in removing their data from these digital marketplaces. He is the head of Incogni and Surfshark.  In this chat, Darius is going to share how these sneaky data brokers operate. He'll break down why it's such a big deal when our data gets out there for all to see, and he'll arm us with some solid strategies to keep our privacy intact. We’ll also look at practical tactics that everyone can apply to limit their exposure to hackers. We’ll discuss data sharing, using privacy-focused products, and understanding legislation like GDPR and CCPA. We also dive into the shifting landscape of digital security, the role of AI in data collection and fraud, and what the future of online privacy may look like.  Show Notes: * [01:01] We learn about Darius's background. * [02:16] We learn about the creation of Incogni.  * [04:04] Data brokers are businesses who collect data and sell it to other businesses. One problem can be lack of transparency of what is happening to your data.  * [07:19] There are probably a few thousand data brokers. * [09:36] Does removing your data get you out of a breach? * [10:48] Limiting what we share. Prevention, consequences, and clean up. * [12:22] When giving identifiers like your phone number, stop and ask if you really need to do that. * [14:10] Some brokers make it way more difficult to remove data. * [20:13] We talk about privacy regulations and how they can help you or make things more difficult. * [22:12] How AI will make malicious activities easier to scale. * [23:41] Have people given up on privacy? At the end of the day, it's about personal comfort.  * [25:00] Privacy laws are helping with data broker issues.  * [26:59] Being mindful about what you post online. Many people don't want to share too much. * [29:56] Physical junk mail has decreased.  * [30:52] What to do today. Think about what you want to share. Do you really need to subscribe? * [32:21] Use a service like Incogni to help you protect your data. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Incogni [https://incogni.com/] * Surfshark [https://surfshark.com/] * Darius Belejevas on Facebook [https://www.facebook.com/darius.belejevas/] * Darius Belejevas on LinkedIn [https://www.linkedin.com/in/dariusbelejevas/?originalSubdomain=lt]