Approachability, Empathy, and Security with Tracy Z. Maleeff
In this episode of the Entropy Podcast, host Francis Gorman speaks with Tracy Z. Maleeff, a cybersecurity expert with a unique background in library science. Tracy shares her journey from being a librarian to transitioning into cybersecurity, emphasizing the importance of research skills and empathy in the field. She discusses the significance of open source intelligence and the need for digital literacy in today's information landscape. Tracy also highlights the role of storytelling in cybersecurity, advocating for a more human-centric approach to security practices. The conversation concludes with insights into current trends and concerns in cybersecurity, including the impact of AI and the importance of protecting journalistic integrity.TakeawaysTracy transitioned from library science to cybersecurity for longevity.Empathy and approachability are crucial in cybersecurity roles.Open source intelligence (OSINT) is about gathering unclassified information.Digital literacy is essential for navigating today's information landscape.Storytelling can change behavior and improve cybersecurity awareness.Research should be substantiated with credible sources.Approachability encourages users to report security issues.AI poses significant challenges in information accuracy.Protecting journalists is vital for a free press.Cybersecurity requires a human-centric approach.Sound Bites"I made cybersecurity my quirky hobby.""You need to have a research trail.""The truth is out there."Connect with Tracy:https://sherpaintelligence.substack.com/
--------
37:53
--------
37:53
Building Cyber Awareness with Craig Taylor
In this episode of "The Entropy Podcast", host Francis Gorman speaks with Craig Taylor, CEO of CyberHoot, about the challenges and innovations in cybersecurity awareness training. They discuss the failures of traditional phishing awareness programs, the importance of positive reinforcement in training, and the role of gamification in engaging employees. Craig shares insights on the evolving threat landscape, particularly the impact of AI on phishing attacks, and highlights the vulnerabilities of small and medium enterprises (SMEs) to cyber threats. The conversation concludes with a look at the economics of cybercrime and the future of cybersecurity training.TakeawaysMost phishing awareness programs fail due to low engagement.Traditional training methods show minimal behavioral change.Positive reinforcement is more effective than punishment in training.Gamification can significantly increase engagement in cybersecurity training.SMEs are more likely to be targeted by cyber attacks than larger enterprises.AI is being used to craft more sophisticated phishing attacks.Cybercrime is now one of the largest economies in the world.Effective training can lead to better client retention for MSPs.Continuous improvement is key in cybersecurity awareness.CyberHoot offers free access to individuals for training.Sound Bites"Humans are the weakest link.""Reinforced behaviors are repeated.""AI is a game changer for hackers."Additional Information:Craig has arranged for Entropy Podcast listeners to receive a 20% discount on a one-year subscription to CyberHoot. You can access it using the coupon code: The Entropy Podcast. CyberHoot Resources:Main Website: https://cyberhoot.com/Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/Business Registration (Direct Power Platform Signup): https://cyberhoot.com/businesses/Reseller / MSP Registration (Partner Signup): https://nest.cyberhoot.com/partner-signup/Newsletter Registration: https://cyberhoot.com/newsletter-signup/Blog Articles: https://cyberhoot.com/blog/Cybrary (Cybersecurity Library of Terms in Layperson language): https://cyberhoot.com/cybrary/
--------
33:31
--------
33:31
Mastering Cybersecurity for Small Businesses with Paul Tracey
In this episode, Paul Tracey, founder and CEO of Innovative Technologies, discusses the cybersecurity challenges faced by small and medium-sized businesses. He highlights the misconceptions about SME vulnerabilities, the importance of proactive security measures, and the impact of regulations like the NYS SHIELD Act. Paul also offers practical advice on protecting data while traveling and the evolving threats posed by IoT devices and AI.Takeaways43% of cyber attacks target SMEs. Phishing is the top entry point for attacks. No client has paid a ransom under Paul's watch. Early detection is crucial for cybersecurity. Training is key to reducing human error. Regular penetration tests are essential. IoT devices need better security measures. AI is both a threat and a defense tool. Compliance laws protect businesses. Proactive security measures are vital.
--------
35:48
--------
35:48
OSINT Language as a Tool with Skip Schiphorst
In this episode, Francis Gorman interviews Skip Schiphorst, an expert in Open Source Intelligence (OSINT) and language studies. They discuss the critical role of language skills in OSINT, the importance of understanding cultural naming conventions, and the methodologies for conducting multilingual research. Skip emphasizes the need for careful vetting of sources, especially in authoritarian contexts, and shares insights from his military experience that translate into the OSINT field. The conversation also touches on the use of AI and machine translation, the significance of motivation in language learning, and the broad applicability of OSINT across various sectors. Finally, Skip introduces upcoming free webinars aimed at providing foundational knowledge in OSINT methodologies.TakeawaysLanguage skills are a force multiplier in OSINT investigations.Understanding naming conventions in different cultures is crucial for accurate research.AI and machine translation should be used as tools, not crutches.Methodology is key in multilingual research; keywords are essential.Vetting sources and double-checking information is vital, especially in authoritarian contexts.Military experience can provide valuable skills for OSINT work.Motivation is the most important factor in learning a new language.OSINT is applicable across various sectors, including law enforcement and business.Language learning can be enhanced through movement and physical activity.Free webinars can provide a great introduction to OSINT methodologies.Sound Bite"AI should be used as a tool, not a crutch."Information mentioned in episode:I-Intelligence also hosts free webinars, including the upcoming sessions on September 22nd and 26th 2025, which will introduce the basics of OSINT in foreign languages such as Russian, Arabic, and Chinese. Everyone is welcome to participate!Details: https://shorturl.at/jhjhSBeyond the classroom, Skip explores how movement can enhance language learning. He shares his dynamic, movement-based techniques on Instagram while learning Japanese:Follow him at https://www.instagram.com/skipmovestolearn/
--------
30:40
--------
30:40
The Quantum Threat and Opportunity with Dr. Michele Mosca
In this episode, Dr. Michele Mosca co-founder of the Institute for Quantum Computing, professor at the University of Waterloo, and leading voice in quantum safe cryptography, joins Francis Gorman to discuss the looming risks and opportunities of quantum computing.He explains how his early skepticism in the 1990s turned into conviction once quantum error correction was discovered, making scalable quantum computers a real possibility. Michele outlines his “Mosca’s theorem,” which frames the urgency of preparing for quantum threats: the time to migrate to quantum-safe cryptography must be shorter than the time it will take for adversaries to weaponize quantum computers.Key themes include:Quantum timelines: From early doubts to today’s multi-platform race, he estimates a 10% chance of cryptographically relevant quantum computers within 5 years and 30% within 10.Quantum risk: The greatest threat is to cryptographic trust, confidentiality, integrity, and authenticity of digital systems potentially destabilizing governments, finance, and infrastructure.Cryptographic resilience: Organizations must adopt agility and long-term planning, building cryptographic inventories, migration strategies, and centers of excellence, rather than treating it as a lone CISO problem.Lessons from Y2K and beyond: Unlike Y2K, the quantum threat won’t “break systems overnight” but will erode confidentiality and trust if not addressed early.Positive opportunities: Quantum technologies also promise advances in materials, energy, healthcare, and new cryptographic tools, but only if societies prepare now.Michele closes by urging businesses and governments to act quickly, not out of fear, but to ensure resilience and position themselves to benefit from the quantum era.https://globalriskinstitute.org/publication/an-updated-methodology-for-quantum-risk-assessment/
Nibble Knowledge is delighted to bring you "The Entropy Podcast"—hosted by Francis Gorman. The Entropy Podcast centers on cybersecurity, technology, and business, featuring conversations with accomplished professionals who share real-world knowledge and experience. Our goal is simple: to leave you better informed and inspired after every episode.We chose the name “Entropy” because it symbolizes the constant flux and unpredictability in cybersecurity, technology, and business. By understanding the forces that drive change and “disorder,” we can create better strategies to adapt and thrive in an ever-evolving technology and geo political landscape.You can also check out our YouTube Channel here: https://youtube.com/@nibbleknowledge-v7l?feature=sharedDisclaimer: The views and opinions expressed on all episodes of this podcast are solely those of the host and guests, based on personal experiences. They do not represent facts and are not intended to defame or harm any individual or business. Listeners are encouraged to form their own opinions.
Ireland