The Entropy Podcast

In this episode of the Entropy podcast, host Francis Gorman speaks with Tim D. Williams, co-founder and CTO of ProteQC, about the evolving landscape of cybersecurity, particularly in the context of post-quantum cryptography. They discuss the importance of learning from past mistakes, the economics of security architecture, and the critical role of cryptography in protecting data. Tim emphasizes the need for organizations to develop a comprehensive cryptography strategy and the importance of human expertise in navigating complex security challenges. The conversation also touches on the impact of AI on security architecture and the future of cybersecurity education.TakeawaysTim shares a significant learning experience from his early career in cybersecurity.Understanding the economics of security is essential for effective architecture.Organizations must prioritize cryptography in their security strategies.Pre-discovery activities are crucial for effective cryptographic readiness.Resource allocation in cybersecurity must be precise and well-planned.Estimating costs for quantum readiness is challenging but necessary.Human expertise is irreplaceable in cybersecurity, especially with legacy systems.AI's role in security must be carefully managed to ensure accountability.Education plays a vital role in preparing the next generation of cybersecurity professionals.The future of cybersecurity will require a multidisciplinary approach.Sound Bites"Attacks always get better, they never get worse.""AI can't replace the need for human expertise.""We need to know who is in control of the agents."You can find ProteQC website here: https://ProteQC.com Cryptography course recommended by Tim:https://www.coursera.org/learn/crypto?utm_medium=sem&utm_source=gg&utm_campaign=b2c_emea_x_multi_ftcof_career-academy_cx_dr_bau_gg_pmax_gc_s1_en_m_hyb_25-12_mobileonly&campaignid=23325041170&adgroupid=&device=m&keyword=&matchtype=&network=x&devicemodel=&creativeid=&assetgroupid=6639819582&targetid=&extensionid=&placement=&gad_source=1&gad_campaignid=23315894040&gbraid=0AAAAADdKX6aeXSiSl2UDGiv575em-o8qm

In this episode of the Entropy Podcast, host Francis Gorman speaks with Alethe Denis, a senior security consultant at Bishop Fox, about her experiences in social engineering and the DEFCON community. Alethe shares her journey into the world of cybersecurity, her participation in the Social Engineering Capture the Flag contest, and the strategies she employed to succeed. The conversation delves into the ethics of social engineering, the impact of AI on security practices, and the importance of understanding human behavior in cybersecurity. Alethe also offers advice for those looking to enter the field of social engineering, emphasizing the value of mentorship and foundational knowledge.TakeawaysAlethe Denis emphasizes the welcoming nature of the DEFCON community.The Social Engineering Capture the Flag contest is a significant event for learning and showcasing skills.Understanding human psychology is crucial for effective social engineering.Ethics play a vital role in social engineering practices.AI is changing the landscape of social engineering and cybersecurity.Organizations need to align their testing with realistic attack scenarios.Mentorship is essential for those starting in social engineering.Building rapport is a key strategy in social engineering.Human behavior is often the weakest link in cybersecurity.Continuous learning and adaptation are necessary in the field of cybersecurity.

In this episode of the Entropy Podcast, host Francis Gorman engages with Dov Baron, an expert on emotional intelligence and leadership, to explore the implications of transhumanism and the rapid advancement of AI. They discuss the ethical dilemmas posed by technology, the necessity of purpose and meaning in an increasingly automated world, and the importance of emotional intelligence in leadership. Dov emphasizes the need for guidelines in AI development to safeguard human values and the emotional source code that drives human behavior. The conversation highlights the challenges and opportunities presented by the convergence of humanity and technology, urging listeners to consider the future of work and the human condition in a tech-driven era.TakeawaysDov emphasizes the importance of emotional intelligence in leadership.The convergence of technology and humanity raises ethical concerns.AI's rapid advancement necessitates guidelines to protect human values.Purpose and meaning are essential for human fulfillment in an AI-driven world.The emotional source code influences individual and organizational behavior.Human beings are driven by identity and comfort, impacting their choices.AI can augment human capabilities but may also lead to isolation.The need for a moral compass in technological innovation is critical.Emotional logic drives human behavior more than rational thought.The future of work will be significantly shaped by AI and automation.Sound Bites"We need purpose and meaning.""Normal isn't healthy.""Human beings need validation."Here's the report we discussed in the episode:Is Our Soul’s Future Silicon

In this episode of the Entropy Podcast, host Francis Gorman speaks with cybersecurity expert Ross Young about the complexities of cybersecurity leadership. They discuss the challenges of budgeting, the importance of tool utilization, and the often overlooked impact of reputational damage. Ross shares insights from his book, 'Cybersecurity's Dirty Secret,' and introduces the OWASP Threat and Safeguard Matrix as a framework for understanding cybersecurity threats. The conversation also delves into the evolving role of AI in cybersecurity, the necessity of a comprehensive cyber strategy, and the skills required to become a successful CISO.TakeawaysRoss Young emphasizes the importance of budgeting in cybersecurity leadership.Understanding tool utilization can prevent wasted resources.Reputational damage may not be as impactful as previously thought.The OWASP Threat and Safeguard Matrix helps identify material threats.AI in cybersecurity requires careful oversight and governance.A comprehensive cyber strategy should include people, processes, and tools.Vulnerability management will become increasingly challenging with AI advancements.Building relationships within the organization is crucial for a CISO.Gamification techniques can enhance organizational change.Continuous learning and skill development are essential for aspiring CISOs.Sound Bites"Why Most Budgets Go to Waste""We haven't fully deployed our existing tools.""We need to have oversight on AI."You can also check out the following items discussed during the show:CISO Tradecraft episode on strategy:https://cisotradecraft.substack.com/p/refreshing-your-cybersecurity-strategy?utm_source=publication-search Buy Ross's book "Cybersecurity's Dirty Secret" https://www.amazon.com/Cybersecuritys-Dirty-Secret-Budgets-Tradecraft%C2%AE/dp/B0G26WHVTG/  

In this conversation, David discusses the intricacies of interviews in the cybersecurity field, particularly focusing on the balance between providing necessary information and safeguarding sensitive details. Drawing from his experience recruiting for MI5, he highlights the unique challenges faced in cyber interviews, where the stakes are high due to the potential for information to be exploited by malicious actors. David emphasizes the need for companies to rethink their approach to sharing information during the recruitment process to protect their systems and personnel.TakeawaysEven when you're in an interview, you have to consider what you're actually going to say.Recruiting for MI5 was always quite exciting.They could never send you a job spec, which is a unique challenge.A huge amount of companies should think about information security in interviews.In a cyber interview, you're giving out a lot of information.It's important to consider what questions are asked in the interview.Personal interests can be interesting information for bad actors.Companies need to be cautious about the information they share.Cyber interviews require careful consideration of information shared.The dynamics of cyber interviews are complex and require strategic thinking.Sound Bites"They could never send you a job spec.""Companies should think about that now.""Information for someone nefarious or a bad actor."