Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee
Hacker Valley Studio8 Nov 2022

Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee

Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, Cloud Security Podcast’s Ashish Rajan and Shilpi Bhattacharjee speak with the Hacker Valley team at AISA CyberCon in Melbourne, Australia. Ashish and Shilpi discuss their respective talks on supply chain security and zero trust technology, SBOMs, and keynote speakers at this year’s Cybercon worth noting for the audience at home.

Timecoded Guide:

[00:00] Connecting & conversing at a cyber conference post-COVID

[06:50] Breaking down Shilpi’s presentation on supply chain threats & attacks

[11:45] Understanding the paradoxes & limitations of zero trust with Ashish’s talk

[26:13] Defining & explaining SBOM, or Software Bill of Materials

[33:16] Noticing key conversations & trends for those who didn’t attend AISA Cybercon

Sponsor Links:

Thank you to our sponsor Axonius for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Shilpi, can you talk about the idea behind the talk you had at CyberCon?

The inspiration behind Shilpi’s conference talk was supply chain issues. Titling her talk, “Who’s Protecting Your Software in Supply Chain,” Shilpi hoped to further educate and advocate for security in the supply chain process. An estimated one in two companies will experience a supply chain attack in the coming years. Instead of fearing such a statistic, Shilpi hopes her talk inspired further security action to protect our supply chains.

“One staggering fact that I read is that one in every two companies is going to have some sort of a supply chain attack in the next three years. So, who's going to look after the supply chain? Is it going to be the organization? Is it going to be your third-party vendors?” —Shilpi

Ashish, what about your talk at Cybercon?

In contrast, Ashish’s talk was about the triple paradox of zero trust. When talking about and implementing zero trust, Ashish realized many companies don’t implement the cultural changes needed for zero trust and/or only talk about zero trust as a technology process. Zero trust has numerous layers beyond technology, and requires time and major changes in culture and technology to implement in most companies.

“I feel bad for bashing on finance, marketing, and HR teams. They're all smart people, but if you're going to add four or five layers of security for them, they almost always say, ‘I just want to do my job. I don't really care about this. It's your job to do security.’” —Ashish

Where would you recommend starting when it comes to trying to implement the ideas in your respective talks?

When push comes to shove about where cyber companies can start first with supply chain and zero trust, Ashish and Shilpi agree that companies have to discuss business priorities. When company leaders can take the opportunity to look at and understand their cyber hygiene, the next steps might look very different from another company’s tactics. Knowing what a business has is the foundational piece that impacts any new process in cyber.

“If I were to go back to the first principle of what we do with cybersecurity professionals, one of the biggest assets that we're all trying to protect is data. You can't protect what you can't see, that's the foundational piece.” —Ashish

For anyone that wasn't able to make the conference, what is one thing that you would want to share with the audience at home?

There were a lot of conversations taking place at Cybercon this year. Ashish wants the audience at home to know that cloud native, zero trust, supply chain, and leadership positions like CISOs were the main themes in many talks, panels, and conversations. Shilpi wants those who couldn’t attend to watch out for more talks and conversations about cyber from those outside of the industry to understand that the issues impacting cyber influence the world.

“I think there's that interest about cybersecurity being more than just a cybersecurity problem. Cybersecurity is not just a technical problem, it's a societal problem, a cultural problem. I very much agree, because a lot of the things that we're dealing with impacts everyone.” —Shilpi

---------------

Links:

Keep up with our guest Ashish Rajan on LinkedIn

Keep up with our guest Shilpi Bhattacharjee on LinkedIn

Listen to Ashish and Shilpi’s Cloud Security Podcast

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Episoder(405)

I Failed Over 300 Times Trying To Get Into Security ft. Joe South

I Failed Over 300 Times Trying To Get Into Security ft. Joe South

Joe South is a testament to resilience, unconventional decisions, and finding success in unexpected places. If you’ve ever felt stuck in a rut or on the verge of giving up, Joe’s experience might be the jolt you need to keep pushing forward. Joe, Principal Security Engineer and host of the “Security Unfiltered” podcast, shares his journey into cybersecurity and battling depression after being rejected more than 300 times when applying for security roles. Joe shares advice on breaking into cybersecurity, dealing with rejection, the importance of mentorship, and staying persistent.   00:00 Introduction 01:00 Joe South, Principal Security Engineer and Host of the Security Unfiltered podcast 02:34 Early Career Struggles and Breakthrough 03:59 The Turning Point: From Help Desk to Cybersecurity 06:44 Rejection and Finding Success 11:17 Advice for Aspiring Cybersecurity Professionals 16:19 The Importance of Continuous Learning in Cybersecurity 18:10 Join the Hacker Valley Creative Mastermind! 19:10 Securing AI Models: Challenges and Strategies 20:10 The Importance of Communication in Security 21:22 Experience and Career Advancement 21:52 Rethinking Success: The Value of Being Number Two 23:57 Pressure and Rewards of Being a CISO 26:16 The Benefits of Podcasting and Content Creation 32:28 Balancing Personal and Public Information 35:27 Overcoming Adversity and Putting Yourself Out There 38:01 Final Thoughts and Advice for Aspiring Content Creators Links: Connect with our guest, Joe South: https://www.linkedin.com/in/joseph-south/ Check out the Security Unfiltered podcast here: https://securityunfiltered.com   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Sep 202440min

Cybersecurity Challenges: AI, Burnout, and Insider Threats with Kayla Williams

Cybersecurity Challenges: AI, Burnout, and Insider Threats with Kayla Williams

At Black Hat 2024, we sat down with Kayla Williams, Chief Information Security Officer at Devo, to discuss her career journey, the role of AI in cybersecurity, and the pervasive issue of burnout among SOC analysts. Through her research with Wakefield Research, Kayla and her team discovered that 83% of IT professionals are burnt out due to stress, lack of sleep, and anxiety. IT and Security burnout leads to breaches. For the past 4 years, Devo has been hosting SOC Analyst Appreciation Day, a virtual event where they shower SOC analysts with the love, appreciation and recognition that they deserve.   Impactful Moments: 00:00 - Introduction 01:25 - Kayla Williams, Chief Information Security Officer at Devo 01:38 - How Kayla Became a CISO 03:06 - Challenges and Rewards 04:23 - Burnout in Cybersecurity 04:31 - 83% of IT professionals are Burnt Out 09:38 - How AI Fits into the SOC 09:59 - Key Use Cases for AI in Cybersecurity 15:07 - Insider Threat and Employees Stealing Company Data 18:14 - Non-Traditional Paths into Cybersecurity 21:00 - Future of Cybersecurity and AI 22:31 - Advice for Aspiring CISOs   Links: Connect with our guest, Kayla Williams: https://www.linkedin.com/in/kaylamwilliams1/ Check out Devo: https://www.devo.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

27 Aug 202424min

Offensive Security: Unlocking Hidden ROI with Seemant Sehgal

Offensive Security: Unlocking Hidden ROI with Seemant Sehgal

In this episode, Ron sits down at Black Hat with guest Seemant Sehgal, Founder & CEO of BreachLock, to learn more about how offensive security, such as red teaming and pen testing, fits into the cyber ecosystem. Seemant highlights how his background as a practitioner has helped him better understand the pain points that customers feel and assist them in making the most of their budget. Impactful Moments: 00:00 - Welcome 00:50 - Introducing Guest, Seemant Sehgal 02:47 - Penetration Testing vs Red Teaming 05:22 - What A Hacker Wants 06:17 - From our Sponsor, BreachLock 07:35 - There’s Always A ‘Low Hanging Fruit’ 08:49 - Trusted Partners 10:49 - Closing Doors On Hackers 13:08 - Advice to Entrepreneurs: Knowing Your ‘Why’   Links: Connect with our guest, Seemant Sehgal: https://www.linkedin.com/in/s-sehgal/ Check out BreachLock: https://www.breachlock.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

16 Aug 202415min

Black Hat 2024 Conference Pre-Game

Black Hat 2024 Conference Pre-Game

In this episode, Ron and Jen welcome you to Vegas and discuss a little background on Black Hat and DEF CON and how to make the most of your time professionally. Impactful Moments: 00:00 - Welcome 00:56 - Hello From Vegas! 01:41 - Conference Anxiety 03:43 - Origins of Black Hat 06:17 - Which Conference? 08:18 - Conference Strategy 11:47+ - You Can Only Pick One…   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

9 Aug 202413min

The Present and Future of AI in Cyber

The Present and Future of AI in Cyber

In this episode, Hosts Ron Eddings and Jen Langdon discuss questions about AI in Cyber. From the current state to where AI could be going, to resources to help you engage and up-level, there’s a little bit of everything for everyone in this episode.   Impactful Moments: 00:00 - Welcome 00:46 - Introduction 02:29 - Engineering AI 06:54 - Was it Made By AI? 09:07 - Join Our Mastermind 10:15 - AI in the Future 13:26 - AI in 2044 17:56 - AI & Resources 19:40 - AI Resources! 20:55 - One Step Better…   Links: Check out some resources shared during this episode: https://www.futuretools.io/   https://theresanaiforthat.com/ https://www.google.com/books/edition/On_Intelligence/Qg2dmntfxmQC?hl=en&gbpv=0 https://www.youtube.com/channel/UCbfYPyITQ-7l4upoX8nvctg   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

30 Jul 202423min

Leaving an Impression: Strategies for Captivating a Massive Audience

Leaving an Impression: Strategies for Captivating a Massive Audience

In this episode, hosts Ron Eddings and Jen Langdon discuss the power of storytelling through various media. Whether your goal is to create video content, deliver keynotes on stage, or be creative through other digital mediums, there will be something for everyone! Impactful Moments: 00:00 - Welcome 01:05 - Introductions 04:55 - Storytelling in Story Circle 09:23 - Crossing Across the Story Circle 12:15 - Join Our Mastermind! 12:57 - Is ‘Speaking’ Your Thing? 19:33 - Audience Considerations 22:24 - Speaking vs Writing 25:24 - Video/Digital Media 28:30 - Making it Captivating 32:03 - Last Reminders…   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

23 Jul 202432min

How Can I Best Proactively Secure My SaaS?

How Can I Best Proactively Secure My SaaS?

In this episode, Ron Eddings will explore the massive adaptation of SaaS applications and ways to tame the beast. Our guest Yoni Shohet, Co-Founder & CEO at Valence Security, will help provide insight into the capabilities of a SaaS Security Posture Management (SSPM) platform and best practices for implementing a SaaS security solution. Impactful Moments: 00:00 - Welcome 01:59 - Introducing guest, Yoni Shohet 03:25 - Founding A SaaS Security Company 06:30 - What is SSPM? 08:27 - From our Sponsor, Valence 09:30 - Before Clicking ‘Allow’ 11:54 - Users Want Their LLMs! 14:37 - Common Missteps 19:08 - Can You Manage SaaS w/o Technology? 24:15 - SaaS Breaches & MFA & APIs 32:42 - One Step Better…   Links: Connect with our guest, Yoni Shohet: https://www.linkedin.com/in/yonishohet/ Check out Valence Security: https://www.valencesecurity.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Jul 202434min

What We All Should Be Talking About When It Comes to AI and Security

What We All Should Be Talking About When It Comes to AI and Security

In this episode, Host Ron Eddings is joined by guests Anirban Banerjee, CEO and Co-Founder at Riscosity, and James Berthoty, Founder and Analyst at Latio Tech. Together they focus on data security, AI-driven product development, and the challenges of implementing AI solutions responsibly. Anirban discusses the importance of organizational buy-in and well-defined policies, while James underscores the need for visibility and a cautious approach in integrating AI models. Be sure to tune in to the end to hear their unique advice at being more productive. Impactful Moments: 00:00 - Welcome 01:20 - Introducing guests Anirban & James 04:15 - The State of AI through Cyber 08:25 - Is AI a New Technology? 10:31 - AI Lets You Ship A Product 16:44 - Pros/Cons of AI & DLP 23:57 - What SHOULD We Be Talking About? 27:31 - Process First! 30:00 - One Step Better…   Links: Connect with our guests Anirban & James : https://www.linkedin.com/in/james-berthoty/ https://www.linkedin.com/in/anirbanbanerjeephd/ Check out Riscosity: https://www.riscosity.com/ Get a Free Data Governance Audit: https://www.riscosity.com/free-data-governance-audit Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

9 Jul 202433min

Populært innen Fakta

fastlegen
dine-penger-pengeradet
merry-quizmas
foreldreradet
treningspodden
relasjonspodden-med-dora-thorhallsdottir-kjersti-idem
rss-strid-de-norske-borgerkrigene
dypdykk
hverdagspsyken
sinnsyn
rss-var-forste-kaffe
fryktlos
gravid-uke-for-uke
rss-kull
rss-kunsten-a-leve
rss-sarbar-med-lotte-erik
jakt-og-fiskepodden
level-up-med-anniken-binz
sovnlos
hva-er-greia-med