Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee
Hacker Valley Studio8 Marras 2022

Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee

Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, Cloud Security Podcast’s Ashish Rajan and Shilpi Bhattacharjee speak with the Hacker Valley team at AISA CyberCon in Melbourne, Australia. Ashish and Shilpi discuss their respective talks on supply chain security and zero trust technology, SBOMs, and keynote speakers at this year’s Cybercon worth noting for the audience at home.

Timecoded Guide:

[00:00] Connecting & conversing at a cyber conference post-COVID

[06:50] Breaking down Shilpi’s presentation on supply chain threats & attacks

[11:45] Understanding the paradoxes & limitations of zero trust with Ashish’s talk

[26:13] Defining & explaining SBOM, or Software Bill of Materials

[33:16] Noticing key conversations & trends for those who didn’t attend AISA Cybercon

Sponsor Links:

Thank you to our sponsor Axonius for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Shilpi, can you talk about the idea behind the talk you had at CyberCon?

The inspiration behind Shilpi’s conference talk was supply chain issues. Titling her talk, “Who’s Protecting Your Software in Supply Chain,” Shilpi hoped to further educate and advocate for security in the supply chain process. An estimated one in two companies will experience a supply chain attack in the coming years. Instead of fearing such a statistic, Shilpi hopes her talk inspired further security action to protect our supply chains.

“One staggering fact that I read is that one in every two companies is going to have some sort of a supply chain attack in the next three years. So, who's going to look after the supply chain? Is it going to be the organization? Is it going to be your third-party vendors?” —Shilpi

Ashish, what about your talk at Cybercon?

In contrast, Ashish’s talk was about the triple paradox of zero trust. When talking about and implementing zero trust, Ashish realized many companies don’t implement the cultural changes needed for zero trust and/or only talk about zero trust as a technology process. Zero trust has numerous layers beyond technology, and requires time and major changes in culture and technology to implement in most companies.

“I feel bad for bashing on finance, marketing, and HR teams. They're all smart people, but if you're going to add four or five layers of security for them, they almost always say, ‘I just want to do my job. I don't really care about this. It's your job to do security.’” —Ashish

Where would you recommend starting when it comes to trying to implement the ideas in your respective talks?

When push comes to shove about where cyber companies can start first with supply chain and zero trust, Ashish and Shilpi agree that companies have to discuss business priorities. When company leaders can take the opportunity to look at and understand their cyber hygiene, the next steps might look very different from another company’s tactics. Knowing what a business has is the foundational piece that impacts any new process in cyber.

“If I were to go back to the first principle of what we do with cybersecurity professionals, one of the biggest assets that we're all trying to protect is data. You can't protect what you can't see, that's the foundational piece.” —Ashish

For anyone that wasn't able to make the conference, what is one thing that you would want to share with the audience at home?

There were a lot of conversations taking place at Cybercon this year. Ashish wants the audience at home to know that cloud native, zero trust, supply chain, and leadership positions like CISOs were the main themes in many talks, panels, and conversations. Shilpi wants those who couldn’t attend to watch out for more talks and conversations about cyber from those outside of the industry to understand that the issues impacting cyber influence the world.

“I think there's that interest about cybersecurity being more than just a cybersecurity problem. Cybersecurity is not just a technical problem, it's a societal problem, a cultural problem. I very much agree, because a lot of the things that we're dealing with impacts everyone.” —Shilpi

---------------

Links:

Keep up with our guest Ashish Rajan on LinkedIn

Keep up with our guest Shilpi Bhattacharjee on LinkedIn

Listen to Ashish and Shilpi’s Cloud Security Podcast

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Jaksot(406)

What We All Should Be Talking About When It Comes to AI and Security

What We All Should Be Talking About When It Comes to AI and Security

In this episode, Host Ron Eddings is joined by guests Anirban Banerjee, CEO and Co-Founder at Riscosity, and James Berthoty, Founder and Analyst at Latio Tech. Together they focus on data security, AI-driven product development, and the challenges of implementing AI solutions responsibly. Anirban discusses the importance of organizational buy-in and well-defined policies, while James underscores the need for visibility and a cautious approach in integrating AI models. Be sure to tune in to the end to hear their unique advice at being more productive. Impactful Moments: 00:00 - Welcome 01:20 - Introducing guests Anirban & James 04:15 - The State of AI through Cyber 08:25 - Is AI a New Technology? 10:31 - AI Lets You Ship A Product 16:44 - Pros/Cons of AI & DLP 23:57 - What SHOULD We Be Talking About? 27:31 - Process First! 30:00 - One Step Better…   Links: Connect with our guests Anirban & James : https://www.linkedin.com/in/james-berthoty/ https://www.linkedin.com/in/anirbanbanerjeephd/ Check out Riscosity: https://www.riscosity.com/ Get a Free Data Governance Audit: https://www.riscosity.com/free-data-governance-audit Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

9 Heinä 202433min

Navigating AI as a CISO with Whitney Palacios

Navigating AI as a CISO with Whitney Palacios

In this episode, Host Ron Eddings catches up with one of his colleagues, Whitney Palacios, Vice President and CISO at BigBear.ai. They explore the challenges and responsibilities of being a CISO and Whitney addresses key cybersecurity issues such as the importance of balancing security with innovation, especially in the context of AI. Whitney offers sage insight into Security Operations Centers (SOCs), the need for diversity in tech leadership roles and closes out with helpful advice for rising CISOs.   Impactful Moments: 00:00 - Welcome 01:26 - Introducing guest, Whitney Palacios 04:03 - What Is A CISO? What Do You Do? 06:19 - SOC or No SOC? 08:40 - CISO Role & Risk/Accountability 11:12 - “One of A Few CISOs” 12:00 - Join Our Mastermind! 15:21 - AI: Allowing Innovation 18:27 - AI Use Cases 20:30 - One Step Better…   Links: Connect with our guest, Whitney Palacios : https://www.linkedin.com/in/whitneypalacios/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

2 Heinä 202422min

The Power of AppSec, Cyber Education, and Friendship with Tanya Janca

The Power of AppSec, Cyber Education, and Friendship with Tanya Janca

In this episode, Host Ron Eddings catches up with longtime friend, Tanya Janca, Head of Education and Community at SemGrep and author of 'Alice and Bob Learn Application Security.' Tanya shares her experiences from working in the Canadian government to joining Microsoft and eventually founding WeHackPurple. Tanya talks about her new role at SemGrep, where she focuses on making application security education accessible, and the importance of building supportive communities in the tech industry. Impactful Moments: 00:00 - Welcome 01:20 - Introducing guest, Tanya Janca 03:09 - “IDK How to Make SemGrep Rules…” 0707 - Finding Shadow IT & Embezzlers 11:27 - Join Our Mastermind 12:09 - Becoming an AppSec Professional 15:22 - Elections CISO 18:00 - Speaking at Conferences 21:15 - Microsoft Calls Me One Day… 23:21 - Parting Ways; But Still Friends 24:30 - “Can You Train Our Devs?” 27:50 - Fairness Is Important 32:27 - Put Yourself Out There!   Links: Connect with our guest, Tanya Janca: https://www.linkedin.com/in/tanya-janca/ Check out SemGrep Academy: https://academy.semgrep.dev/ We Hack Purple Podcast: https://wehackpurple.buzzsprout.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Kesä 202435min

Networking 2.0: The Future of Decentralized Networking & Access Management

Networking 2.0: The Future of Decentralized Networking & Access Management

In this episode, Hosts Ron Eddings, and Jen Langdon share takeaways from Ron's RSA conversation with Colin Constable, Co-Founder and CTO at Atsign On this show, they’ll break down Networking 2.0 and how it can serve as the next evolution for data ownership and access control. Colin and his team at Atsign have built the atProtocol®, a new open-source internet protocol that makes private and secure data sharing simple and intuitive, enabling any person, entity or thing to implement NIST Zero Trust principles into their solution. Impactful Moments: 00:00 - Welcome 02:17 - Introducing, Colin Constable 03:42 - The Problem with the Current Internet 08:02 - The Catalyst Behind atProtocol® 11:12 - Nexus of Networking, Identity & Privacy 14:19 - From our Sponsor, Atsign 15:23 - What’s Networking 2.0? 18:54 - Internet Anonymity & Accountability 24:31 - Unique Solutions using atProtocol®   Links: Connect with Colin Constable: https://www.linkedin.com/in/colinconstable/ Check out Atsign: https://atsign.com/ Read the atProtocol Whitepaper here: https://atsign.com/resources/white-papers/the-atprotocol/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

18 Kesä 202432min

How AI is the Key Turning Point in TPRM with Paul Valente

How AI is the Key Turning Point in TPRM with Paul Valente

In this episode, Host Ron Eddings enjoys a reprieve from the hectic RSA conference with guest Paul Valente, CEO of VISO Trust. Paul discusses how he used his extensive experience as a CISO to solve a huge pain point he was experiencing with third party risk management (TPRM) and how it prompted him and a colleague to start their own company to create the solution they had been wishing for. However, nothing could be more exciting than the ways AI has expanded the potential for TPRM to change security outcomes and allow the security sector to drop the ‘department of no’ branding for good. Tune in to hear the whole story!   Impactful Moments: 00:00 - Welcome 01:03 - Introducing guest, Paul Valente 04:49 - Core Pillars of Being a CISO 06:14 - Why Cyber Startup? 7:46 - AI: The Key Turning Point for TPRM 10:40 - Why Do Companies Need TPRM? 15:09 - From our Sponsor, VISO Trust 16:17 - Data & Controlling Risk 22:35 - No Security Questionnaires! 24:14 - One Step Better…   Links: Connect with our guest, Paul Valente: https://www.linkedin.com/in/pauldvalente/ Check out VISO Trust: https://visotrust.com/hackervalley Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

11 Kesä 202425min

A Deep Dive into MSSPs: Understanding the Evolution and Secrets Within with Ricardo Nicolini

A Deep Dive into MSSPs: Understanding the Evolution and Secrets Within with Ricardo Nicolini

In this episode, Ron Eddings and Jen Langdon explore the origins of MSSPs and the solutions they offer to the cybersecurity industry with insights from Ricardo Nicolini, CTO at Bulletproof. Ricardo will uncover the potential of MSSPs to alleviate headaches and reduce burnout in cybersecurity by detailing his personal experience with overcoming a ransomware attack in the City of Saint John. Impactful Moments: 00:00 - Welcome 05:15 - Introducing guest, Ricardo Nicolini 07:21 - Find & Prevent: FAST! 11:39 - Who MSSPs Support 13:48 - From our Sponsor, ContraForce 14:48 - City of Saint John & Ransomware 20:02 - Implications of Ransomware 25:16 - SOC Burnout is Real 29:21 - Improving the SOC with the Right Person 35:46 - Is Reducing Cognitive Load Possible?   Links: Connect with our guest Ricardo Nicolini : https://www.linkedin.com/in/rnicolini/ Check out ContraForce: https://www.contraforce.com/ Learn more about how Bulletproof helped the City of Saint John: https://content.bulletproofsi.com/read-cosj-case-study Check out our upcoming events: hackervalley.com/livestreams Continue the conversation by joining our Discord: https://hackervalley.com/discord Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

4 Kesä 202440min

Zero Trust Tactics: Preventing Breaches with Ivan Fonseca & Nick Cottrell

Zero Trust Tactics: Preventing Breaches with Ivan Fonseca & Nick Cottrell

In this episode, Host Ron Eddings teams up with Ivan Fonseca and Nick Cottrell, Cybersecurity Engineers at ThreatLocker, as they break down the anatomy of previous breaches and the attacker’s playbook using MITRE ATT&CK. Ivan and Nick will take you through the defender’s perspective and will also share tools that are commonly used to defend breaches and discuss how Zero Trust can be implemented to better defend organizations.   Impactful Moments: 00:00 - Welcome 01:35 - Introducing guests, Ivan Fonseca and Nick Cottrell 04:39 - 3CX Breach & Supply Chain Attacks 08:10 - Ring Fencing Defense 11:16 - Living Off the Hacker Valley Land 13:06 - From our Sponsor, ThreatLocker 13:56 - Hacker Mindset in the Op 18:45 - Zero Trust, Default Deny 24:23 - Common Attack Vectors 30:09 - 7 Zip is a Russian Application? 32:49 - Learning How to Defend Better   Links: Connect with our guests, Ivan Fonseca and Nick Cottrell : https://www.linkedin.com/in/ivan-fonseca-64139222b/ https://www.linkedin.com/in/nicholas-cottrell-083564165/ Learn more about ThreatLocker: https://www.threatlocker.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

28 Touko 202439min

Enterprise Browsers: Work’s Natural Next Step

Enterprise Browsers: Work’s Natural Next Step

In this episode, Ron Eddings and Jen Langdon talk about the evolution of browsers and how enterprise browsers have entered to change the game for corporations. Special guest Bradon Rogers, Chief Customer Officer at Island, joins to explain how enterprise browsers expand capabilities in asset management, security, and user experience. They also discuss how enterprise browsers can streamline IT infrastructure, offering a glimpse into the future and AI's role in it. Impactful Moments: 00:00 - Welcome 04:25 - Introducing guest, Bradon Rogers 07:23 - Extension vs Browser 14:53 - Security Use Cases 18:12 - From our Sponsor 19:34 - Better User Decisions 24:01 - Tool Reduction 26:24 - IT & Security Should Play Nice 29:41 - Data Protection   Links: Connect with our guest, Bradon Rogers: https://www.linkedin.com/in/bradon/ Check out Island’s website here: https://www.island.io/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

21 Touko 202434min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-niinku-asia-on
jari-sarasvuo-podcast
psykologia
rss-duodecim-lehti
aloita-meditaatio
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-psykalab
aamukahvilla
rss-liian-kuuma-peruna
rss-narsisti
rss-vapaudu-voimaasi
mielipaivakirja
rss-valo-minussa-2
rss-arkea-ja-aurinkoa-podcast-espanjasta
rss-rouva-keto
rss-anteeks-etukateen
filocast-filosofian-perusteet