Trust Issues

EP 64 - Identity Reinvention: Insights From the World's First Augmented Ethical Hacker Oct 23, 2024

In this episode of the Trust Issues Podcast, host David Puner sits down with CyberArk's resident technical evangelist, white hat hacker and transhuman, Len Noe. They dive into Len's singular journey from a black hat hacker to an ethical hacker, exploring his identity reinvention and the fascinating world of subdermal microchip implants and offensive security. Len shares insights from his new book, "Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker," which releases on October 29. They also discuss the relevance of Len's transhuman identity to his work in identity security.

EP 63 - Jailbreaking AI: The Risks and Realities of Machine Identities Oct 09, 2024

In this episode of Trust Issues, host David Puner welcomes back Lavi Lazarovitz, Vice President of Cyber Research at CyberArk Labs, for a discussion covering the latest developments in generative AI and the emerging cyberthreats associated with it. Lavi shares insights on how machine identities are becoming prime targets for threat actors and discusses the innovative research being conducted by CyberArk Labs to understand and mitigate these risks. The conversation also touches on the concept of responsible AI and the importance of building secure AI systems. Tune in to learn about the fascinating world of AI security and the cutting-edge techniques used to protect against AI-driven cyberattacks.

EP 62 - The Evolution of Identity Sep 25, 2024

In this episode of the Trust Issues podcast, host David Puner sits down with Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral guidance on identity-centric security strategies to help organizations reduce the risk of identity-related attacks. They explore the evolution of digital identity, discussing how it has transformed from simple identifiers to complex, multifaceted digital identities for both humans and machines. In today's threat landscape, the number and types of identities, attack methods and environments have dramatically increased, making it more challenging to secure identities. Jeff discusses the challenges and efforts in creating sustainable, interoperable digital identity hubs for cross-border applications, the future of digital passports and the importance of encryption and multi-factor authentication (MFA) for securing sensitive data. The conversation also highlights the significance of thought leadership and maintaining a vendor-agnostic approach in identity security.

EP 61 - Put Your Name on It: Identity Verification and Fighting Fraud Sep 11, 2024

Aaron Painter, CEO of Nametag, joins host David Puner for a conversation that covers several key themes, including the inadequacies of current identity verification methods, the rise of deep fakes and AI-generated fraud – and the importance of preventing identity fraud rather than merely detecting it. Aaron discusses the role of advanced technologies like cryptography, biometrics and AI in improving identity verification. He also highlights the critical issue of social engineering attacks at help desks and the need for trust in digital interactions.

Aaron stresses the importance of preventing identity fraud by using a combination of cryptography, biometrics and AI, rather than solely relying on detection methods. He also touches on the challenges of verifying human identities and the need for platforms to verify their users to create safe online communities.

Put your name on it and give it a listen!

EP 60 - Going Viral: Security Insights from TikTok's Former Global CSO Aug 27, 2024

In this episode of the Trust Issues podcast, Roland Cloutier, who served as TikTok's Global Chief Security Officer (CSO) from April 2020 to September 2022, joins host David Puner for a discussion that covers his extensive experience in the field of security. He previously held similar roles at ADP and EMC and is now a partner at the Business Protection Group.

Roland discusses his challenges in protecting sensitive data at TikTok, the social media platform with over 1 billion active users. He also talks about the complexities of ensuring data security and compliance. Roland emphasizes the importance of identity in modern security, explaining how privilege controls across the IT estate are crucial for protecting workforce users, third-party vendors, endpoints and machine identities.

Roland also highlights the need for a deep understanding of the business and its culture to implement security measures effectively. He shares insights into the role of identity in determining access to data and the importance of continuous controls assurance and validation.

The episode provides a fascinating look into the security imperatives of a major social media platform and the measures taken to protect user data. Listeners will gain valuable insights into the strategies and principles Roland employed during his tenure at TikTok, as well as his broader views on security and privacy in the digital age.

EP 59 - The Persistent Pursuit of Digital Transformation Aug 13, 2024

In this episode of the Trust Issues podcast, Debashis Singh and host David Puner explore the intricate world of digital transformation and identity security. Debashis, the Global CIO at Persistent Systems, shares his frontline insights on the singular challenges and strategies organizations face on their digital transformation journeys. The conversation highlights the importance of integrating identity security into digital initiatives, ensuring compliance – and protecting against the evolving cyber threat landscape.

Debashis also discusses the delicate balance between innovation and security, the impact of AI on cybersecurity and the significance of organizational cyber awareness. Additionally, he talks about the role of generative AI in the industry and the potential risks it poses, such as sophisticated deepfake attacks and ransomware threats.

This episode offers valuable perspectives on how businesses can navigate the complexities of digital transformation while maintaining robust security measures to safeguard their operations and identities.

EP 58 - Trust and Resilience in the Wake of CrowdStrike's Black Swan Jul 30, 2024

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This "black swan" event highlights, among other things, the importance of preparedness, adaptability and robust crisis management. CyberArk Global Chief Information Officer (CIO) Omer Grossman discusses with host David Puner the outage's ramifications, the shaking of trust in technology – and the criticality of resilience against cyberthreats. This conversation underscores the need to be ready for the unexpected and the value of adaptability and resilience in unforeseen circumstances.

EP 57 - Proactive Defense: Security's AI Infusion Jul 23, 2024

In this episode of the Trust Issues podcast, we explore the transformative impact of artificial intelligence (AI) on identity security. Guest Peretz Regev, CyberArk’s Chief Product Officer, joins host David Puner, for a discussion about how AI is reshaping cyber protection, offering solutions that are as intelligent as they are intuitive. With the ability to predict threats and adapt with unprecedented agility, AI is ushering in a new era of proactive security. Regev shares insights into the company's strategic vision and the role of AI in enhancing customer security and productivity. He also discusses the launch of CyberArk's AI Center of Excellence and the introduction of CyberArk CORA AI, an umbrella of AI capabilities infused within CyberArk's products.

Join us as we examine the challenges and opportunities presented by AI in the cybersecurity landscape, the importance of fostering a culture of innovation and how CyberArk is leading the charge in securing identities in the AI era. This episode is a must-listen for anyone interested in the intersection of AI and identity security – and the future of cyber protection.

EP 56 - Time as Attack Surface Jul 10, 2024

In the latest episode of the Trust Issues podcast, the focus is on the criticality of time in organizational security. The conversation with host David Puner and guest Katherine Mowen, SVP of Information Security at Rate (formerly Guaranteed Rate), highlights the importance of swift decision-making and prompt threat response. They discuss the role of just-in-time (JIT) access and AI in accelerating response times, as well as the ever-evolving threat landscape that requires constant vigilance. The episode emphasizes the strategies and technologies shaping the future of cybersecurity, particularly at the intersection of time management and identity protection.

Join us for a timely discussion that underscores the intersection of time management and identity protection.

EP 55 - AI Insights: Shaping the Future of IAM Jun 25, 2024

In this episode of Trust Issues, Daniel Schwartzer, CyberArk's Chief Product Technologist and leader of the company’s Artificial Intelligence (AI) Center of Excellence, joins host David Puner for a conversation that explores AI's transformative impact on identity and access management (IAM). Schwartzer discusses how CyberArk's AI Center of Excellence is equipping the R&D team to innovate continuously and stay ahead of AI-enabled threats. Learn about the future of AI in IAM, the role of AI in shaping new business models and the importance of an experimentation culture in driving user experience (UX) improvements. Gain insights into the methodical, data-driven approaches to monetization strategies and the significance of learning from on-the-job experiences. This episode is a must-listen for anyone interested in the intersection of AI and IAM, and the opportunities it presents for leading the transition in the industry. Tune in to uncover what's coming down the AI pike and how it will influence the future of IAM.

For more from Daniel on this subject, check out his recent blog, "Predicting the Future of AI in Identity and Access Management."

EP 54 - Zen and the Art of CISO Leadership Jun 12, 2024

In this episode of the Trust Issues podcast, we explore the nexus of mindfulness, identity security and leadership with Jitender Arora, Partner and Chief Information Security Officer (CISO) for Deloitte North and South Europe, and Deloitte's Global Deputy CISO. Arora discusses with host David Puner how a Zen-like mindset can be influential in helping to bolster organizational cyber defenses, sharing his wisdom on the critical role of emotional intelligence, empathy and the human touch within the cyber realm. This episode offers a glimpse into innovative strategies for navigating the intricate cybersecurity landscape, emphasizing the significance of maintaining a Zen-like composure for effective decision-making and risk management. Listeners will gain insights into the evolving role of CISOs and the transformative impact of integrating Zen principles into leadership and cybersecurity practices. Tune in for a fresh perspective on leading with tranquility amid an ever-expanding threat landscape and about the pivotal role of identity security in protecting both human and non-human identities.

EP 53 - Cyber Insurance: Managing Risk and Protection May 28, 2024

In this episode of Trust Issues, we dive into the complex and rapidly evolving world of cyber insurance. We discuss the challenges and opportunities facing companies seeking to protect themselves from the ever-present threat of cyberattacks. Joining host David Puner, today’s guest is Ruby Rai, Cyber Practice Leader, Canada at Marsh McLennan, who shares her insights into the current state of the cyber insurance market, its future trajectory and the key requirements companies need to meet to obtain coverage. We also explore the impact of third-party access and non-human identities on cyber insurance requirements and how companies can adopt an identity security approach to meet these requirements. Join us as we dig into the complexities of the cyber insurance market and discuss the importance of collaboration between insurers and clients in ensuring that companies have the coverage they need.

EP 52 - Built to Last: CyberArk's 25-Year Innovation Evolution w/ Founder and Executive Chairman Udi Mokady May 10, 2024

In this episode of the Trust Issues podcast, host David Puner interviews CyberArk Founder and Executive Chairman Udi Mokady on the occasion of the company’s 25th anniversary. They discuss that milestone and reflect on CyberArk’s growth to becoming the global leader in identity security and the ever-evolving threat landscape – and how the company has scaled to meet it. Udi shares his insights on the company's culture, values, philosophies and lessons he's learned. He also dives into the importance of innovation, the role of AI in cybersecurity and his future aspirations for the company.

And, because we say in the episode that we’ll share it here, Mark Knopfler’s new album is entitled ‘One Deep River’ … Udi describes it as great for driving and optimistic.

Enjoy the podcast!

EP 51 - Balancing Innovation and Security in FinTech May 01, 2024

In this episode of Trust Issues, host David Puner interviews Eric Hussey, SVP, Chief Information Security Officer (CISO) at Finastra, a leading provider of financial software solutions and services. Hussey shares his insights on the evolving role of the CISO, the challenges of keeping up with new and evolving cybersecurity regulations, and the importance of balancing innovation with security in the fintech space. He also discusses how identity factors into the equation, mentioning the importance of identity security in the future of fintech and banking, and the need for frictionless enhancements in identity security. Hussey also talks about his career path, AI’s emerging and evolving role in cybersecurity, and the importance of good governance and risk management in prioritizing security concerns.

EP 50 - Adversarial AI's Advance Apr 17, 2024

In the 50th episode of the Trust Issues podcast, host David Puner interviews Justin Hutchens, an innovation principal at Trace3 and co-host of the Cyber Cognition podcast (along with CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe). They discuss the emergence and potential misuse of generative AI, especially natural language processing, for social engineering and adversarial hacking. Hutchens shares his insights on how AI can learn, reason – and even infer human emotions – and how it can be used to manipulate people into disclosing information or performing actions that compromise their security. They also talk about the role of identity in threat monitoring and detection, and the challenges and opportunities AI presents organizations in defending against evolving threats and how we can harness its power for the greater good. Tune in to learn more about the fascinating and ever-changing landscape of adversarial AI and identity security.

EP 49 - Secure Browsing and Session-Based Threats Apr 03, 2024

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them. He also discusses how browsers have been designed for consumers, not for the enterprise, and how this creates a fundamental problem in the way we treat and design identities around the usage of browsers... until now. Shay introduces CyberArk Secure Browser, which eliminates cookies from the disk completely and provides an end-to-end control of the flow of identity. The conversation also touches on the expanding attack surface, new identities, and how organizations can protect themselves from session-based attacks. Shay emphasizes the importance of least privilege, monitoring, and an assume breach mindset.

EP 48 - What's Driving the Future of Automotive Security Mar 21, 2024

In this episode of the Trust Issues podcast, Kaivan Karimi, Global Partner Strategy and OT Cybersecurity Lead – Automotive Mobility and Transportation at Microsoft, discusses with host David Puner the complexities of the automotive cybersecurity ecosystem, and they explore the challenges and considerations facing the industry. Karimi shares his insights on the role of identity security in automotive cybersecurity and how it helps ensure that only authenticated entities have the privilege to engage in the high-speed exchange of information. He also talks about the importance of data sovereignty, data privacy and compliance in the automotive industry. This episode provides a fascinating look into the present and future world of automotive cybersecurity and the measures being taken to protect against cyber threats.

Take the audio ride!

EP 47 - Digital Trust and the Identity Cornerstone Mar 05, 2024

In this episode of Trust Issues, Jan Vanhaecht, the Global Digital Identity Leader at Deloitte Belgium, delves into the intricate realms of digital trust and risk management with host David Puner. The discussion covers topics ranging from the impact of regulations on cybersecurity practices to the pivotal role of identity in building a robust security culture. Unpacking the nuances of digital trust maturity, the episode explores how organizations can navigate the delicate balance between risk and reward. From the emergence of passwordless authentication to the practical applications of Zero Trust principles, the conversation provides valuable perspectives on safeguarding digital landscapes. Join us as we unravel the complexities of cybersecurity and discover how it intertwines with innovation, compliance and the pursuit of trust in the digital age.

EP 46 - Behind the Data Breach: Dissecting Cozy Bear's Microsoft Attack Feb 15, 2024

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.

EP 45 - OT Security's Digital Makeover Feb 06, 2024

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.

EP 44 - The Rise of Prompt Engineering: How AI Fuels Script Kiddies Jan 25, 2024

In this episode of Trust Issues, CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills. Noe explains how these AI kiddies use prompt engineering to circumvent the built-in protections of LLMs like ChatGPT and get them to generate malicious code, commands and information. He also shares his insights on how organizations can protect themselves from these AI-enabled attacks by applying the principles of Zero Trust, identity security and multi-layered defense. All this and a dollop of transhumanism … Don’t be a bot – check it out!

EP 43 - Breaking Things in the Name of Cyber Resilience Jan 12, 2024

Guest Dr. Magda Chelly, Managing Director and CISO of Responsible Cyber, joins Trust Issues host David Puner for a conversation about third-party risk management and cyber resilience. Dr. Chelly underscores the imperative of prioritizing identity management, particularly as decentralized work environments are becoming the norm in today’s evolving digital landscape. She also explains how breaking things played a critical role in propelling her into a career in cybersecurity – and then in fostering and advancing it. The interview unfolds against the backdrop of Dr. Chelly’s extensive experience and recently authored book, "Building a Cyber Resilient Business," which serves as a handbook for executives and boards navigating the complexities of cybersecurity. If you’re seeking insights on how to gain stronger visibility and control over your organization’s digital identities, this episode is for you.

Join us to learn how build resiliency against today’s ever-growing array of cyber threats – and what’s to come in 2024 and beyond.

EP 42 - Year in Review 2023: Unleashing AI, Securing Identities Dec 27, 2023

In this year-end Trust Issues podcast episode, host David Puner takes listeners on a retrospective jaunt through some of the show’s 2023 highlights. The episode features insightful snippets from various cybersecurity experts and thought leaders, each discussing crucial aspects of the ever-evolving cyber landscape. From discussions on the dynamic nature of threat actors and the need for agile security approaches to insights on identity security challenges in the cloud and the intricacies of safeguarding data, the episode encapsulates a wealth of knowledge shared by industry professionals. With diverse perspectives on generative AI, risk management, cloud security, DevSecOps – and even a personal bear wrestling story – Trust Issues’ 2023 cannon delivers an engaging compilation for both cybersecurity enthusiasts and industry practitioners.

As the podcast looks back on the year's diverse lineup of guests, it serves as a valuable resource for anyone seeking to stay informed about the latest cybersecurity trends, strategies and challenges. The episode emphasizes the importance of adapting to the rapidly changing threat landscape, adopting innovative security practices and fostering collaboration to address the multifaceted nature of cyber risks in the modern digital era.

Clips featured in this episode from the following guests:

Eran Shimony, Principal Security Researcher, CyberArk Labs

Andy Thompson, Offensive Security Research Evangelist, CyberArk Labs

Eric O’Neill, Former FBI Counterintelligence Operative & Current National Security Strategist

Shay Nahari, VP of Red Team Services, CyberArk

Diana Kelley, CISO, Protect AI

Len Noe, Technical Evangelist, White Hat Hacker & Biohacker, CyberArk

Theresa Payton, Former White House CIO, Founder & CEO of Fortalice Solutions

Larry Lidz, VP & CISO, Cisco CX Cloud

Matt Cohen, CEO, CyberArk

Charles Chu, GM of Cloud Security, CyberArk

Brad Jones, CISO & VP of Information Security, Seagate Technology

Dusty Anderson, Managing Director, Global Digital Identity, Protiviti

Philip Wylie, Offensive Security Professional, Evangelist & Ethical Hacker

EP 41 - Cyber Hygiene and the Identity Imperative Dec 14, 2023

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today's cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies. The discussion extends to the impact of cloud and hybrid environments, the nuances of cyber insurance trends – and the challenges presented by mergers and acquisitions in relation to identity hygiene. Gurevich highlights the growing importance of considering both cloud and on-prem systems with equal rigor, emphasizing the need for comprehensive cybersecurity measures to combat threats and risks.

EP 40 - The Identity of Things Nov 28, 2023

Today’s Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets. Contos delves into the pressing issues surrounding IoT, Extended IoT (xIoT) and OT devices' security vulnerabilities – and explores how these vulnerabilities pose threats to consumer privacy, sensitive data and public safety. The conversation also touches on the intersections of identity security with asset intelligence and the importance of understanding the complete asset landscape in cybersecurity. We’re calling this one “The Identity of Things” … Check it out!

EP 39 - Analyzing the MGM and Okta Breaches: the Identity Connection Nov 02, 2023

In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs' Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta's support unit. The conversation delves into the details of the attacks – who’s behind them, how identity plays a pivotal role in both – and the larger implications of this new breed of supply chain attack amid the evolving threat landscape. Thompson also shares insights into how organizations can better protect themselves and their customers.

Check out the CyberArk blog for further insights into the MGM and Okta breaches. And, watch Andy Thompson in the CyberArk Labs' webinar, "Anatomy of the MGM Hack."

EP 38 - Why Cloud Security Doesn't Taste Like Chicken Oct 19, 2023

Today’s guest is Charles Chu, CyberArk's General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments. Chu sheds light on the complexities of cloud security, emphasizing the need for tailored solutions to protect against evolving cyber threats. Don't miss this insightful conversation that demystifies cloud security and redefines safeguarding digital assets – and answers the pivotal question: Why doesn’t cloud security taste like chicken?

EP 37 - Cloud Transformation and the Art of Simplicity Oct 05, 2023

Arati Chavan, Staff Vice President, Global Head of Identity and Access Management (IAM) at Elevance Health joins host David Puner for a conversation that sheds light on how federated identity solutions are pivotal in achieving efficient and secure access control across diverse entities. Chavan also explores the challenges and opportunities in cloud transformation, the evolving role of AI in healthcare and the delicate balance between customer simplicity and robust security measures. Listen in for a deep dive into the heart of identity security and its impact on the healthcare industry.

EP 36 - The Evolution of an Ethical Hacker Sep 21, 2023

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling.

Considering a cybersecurity career? You won’t want to miss this episode – Wylie’s passion for cybersecurity education and mentorship is contagious. Plus, you’ll discover many unexpected parallels between pro wrestling and red teaming – and how they can help strengthen your organization’s digital defenses.

EP 35 - Threat Innovations: Exploring Cascading Supply Chain Attacks Sep 07, 2023

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.

EP 34 - How to Catch a Malicious Insider w/ Eric O'Neill Aug 23, 2023

Today’s episode of Trust Issues focuses on spycatching! Eric O'Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history. O'Neill details his “cover job” of working beside Hanssen in the FBI’s new information assurance (cybersecurity) division, while secretly uncovering his espionage activities. O'Neill’s made-for-the-big-screen experiences emphasize the challenges posed by malicious insiders – some of the most difficult and expensive cybersecurity threats of our time. His gripping account draws intriguing parallels between spies and cyber criminals, shedding light on identity security’s significant role in thwarting insider espionage and defenders’ continuous push to outpace attacker innovation.

EP 33 - The Evolution of Privileged Access Management (PAM) Aug 08, 2023

Crystal Trawny, Optiv’s Practice Director, Privileged Account and Endpoint Privilege Management (PAM/EPM), joins host David Puner in exploring the ever-evolving identity landscape and how emerging threats impact organizations’ cybersecurity requirements. Through the eyes of an end user, Trawny shares best practices for overcoming change resistance, creating effective deployment timelines and avoiding scope creep. This episode maps the correlation between critical program elements – such as robust endpoint privilege management and dynamic access controls – and privileged access management (PAM) maturity. In the face of complexity and ransomware, insider threats and other sophisticated cyberattacks, organizations can use these insights to help assess their current strategy and chart a course for success.

EP 32 - Building Trust and Collaboration in Identity Security w/ CyberArk CEO Matt Cohen Jul 20, 2023

In this episode of Trust Issues, host David Puner talks with CyberArk CEO Matt Cohen, who shares his distinct take on leadership – emphasizing the importance of leading without fanfare. Cohen talks about his transition into the CEO role, insights on identity security and the current threat landscape. He also touches on the significance of company culture, professional development – and his admiration for a particular Boston Red Sox manager’s leadership style. The discussion delves into CyberArk's mission to secure the world against cyber threats by securing identities, and empower organizations to move forward, fearlessly to unlock growth, innovation and progress.
Three key takeaways from this episode are:
1) The significance of authenticity and humility in leadership.
2) The criticality of identity security in today's evolving threat landscape.
3) The value of customer-centricity and trust-building in successful business relationships.

EP 31 - How Generative AI is Reshaping Cyber Threats Jul 06, 2023

While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we’re still just in the early days of the technology. In this episode, CyberArk Labs’ Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders.

EP 30 - Securing Data Amid the AI Gold Rush Jun 21, 2023

Diana Kelley, Chief Information Security Officer (CISO) at Protect AI joins host David Puner for a dive into the world of artificial intelligence (AI) and machine learning (ML), exploring the importance of privacy and security controls amid the AI Gold Rush. As the world seeks to capitalize on generative AI’s potential, risks are escalating. From protecting data from nefarious actors to addressing privacy implications and cyber threats, Kelley highlights the need for responsible AI development and usage. The conversation explores the principle of least privilege (PoLP) in AI, the privacy implications of using AI and ML platforms and the need for proper protection and controls in the development and deployment of AI and ML systems.

EP 29 - Synthetic Identity: Unmasking a New AI-Fueled Cyber Threat Jun 07, 2023

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker. Noe joins host David Puner to shed light on the concept of synthetic identity, which involves gathering publicly available, unprotected data and then using AI chatbots and platforms like ChatGPT along with predictive analytics to correlate the data and generate deep digital portraits of individuals. Then, thinking like an attacker, Noe dives into how this new digital clairvoyance has the potential to up threat actors’ games and what organizations and individuals should be doing to combat it. Noe also shares his POV on the implications for cybersecurity and his concerns about sharing personal and proprietary information with AI chatbots and platforms.

EP 28 - Safeguarding Data in the Cloud May 24, 2023

In this episode of the Trust Issues podcast, host David Puner interviews Brad Jones, CISO and VP of Information Security at Seagate Technology. They delve into cloud security challenges, including protecting data in a constantly shifting technological landscape. Jones discusses the importance of establishing trust as a data company and implementing rigorous controls to safeguard sensitive information. Then, they take a deep dive into the evolving external threat landscape, the role of AI in security and Seagate's cloud migration journey. Tune in to learn how to bridge security gaps, set your organization up for cloud security success and stay ahead of threat actors in the digital age.

EP 27 - How Identity Factors into DevSecOps May 11, 2023

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time. And she sheds light on how the intricate web of identities – both human and non-human – shape the modern development pipeline to underscore the importance of visibility, governance and Zero Trust-based thinking. Tune in for insights to help fortify your cybersecurity practices and unlock the full potential of effective DevSecOps strategies.

EP 26 - Ransomware Revisited: Combating the Identity Explosion Apr 26, 2023

Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what's causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks. As more organizations adopt cloud and DevOps technologies, the number of digital identities has skyrocketed, providing attackers with more accounts to exploit. However, Thompson emphasizes that staying vigilant about properly configured identities and analyzing their behavior can go a long way in mitigating the risk of ransomware attacks. Tune in to stay ahead of the curve in the ever-evolving landscape of cybersecurity threats.

EP 25 - Cisco CX Cloud CISO on the Language of Risk Apr 13, 2023

We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most.

In short, we buckle up for safety.

And risk is something that today’s guest Larry Lidz, who’s Vice President and Chief Information Security Officer (CISO) for Cisco CX Cloud, thinks about a lot. On today’s episode, host David Puner talks with Lidz about cyber risk, the shifting tolerance levels for it and how it influences security decision-making.

EP 24 - Making the Leap to Post-Quantum Computing Encryption Mar 30, 2023

Quantum computing is coming and it has the potential to be both exciting and terrifying... On today's episode of Trust Issues, host David Puner speaks with cryptographer Dr. Erez Waisbard, CyberArk’s Technology and Research Lead, about quantum computing innovation and its cybersecurity implications – from data encryption to surveillance and privacy.

Dr. Waisbard breaks down how encryption works, why it’s so important for safeguarding our data, and how quantum computers will break the methods used today. This may sound ominous, but designs for quantum-resistant encryption algorithms are already well underway. Check out the episode to learn more about them and how your organization can start preparing now.

And, if you like this episode, be sure to check out Erez Waisbard’s blog post, "Quantum Computing Is Coming… Here are 4 Ways to Get Ready," on the CyberArk Blog.

EP 23 - From Delivering Mail to Delivering Zero Trust: A CSO's Cyber Journey Mar 15, 2023

Today's guest is Den Jones, who's Chief Security Officer (CSO) at Banyan Security, a startup Zero Trust network access solution (and a CyberArk technology partner). Jones spent almost 19 years at Adobe, followed by a stop at Cisco, before landing at Banyan in 2021. As his Twitter bio tells it, he's a “Large Scale Zero Trust Deliverer,” which is part of his multifaceted CSO charge.
In this episode, host David Puner talks with Jones about his singular cybersecurity career path – beginning with a formative stint as a Royal Mail postman in Scotland – and how he worked his way up the ladder to become a Zero Trust-delivering CSO. Jones explains how his role at Banyan encompasses all aspects of security, including product (putting the security around the security, as it were), enterprise and physical security. He also discusses the challenges he faces in his current role, including evangelizing the company's security strategy.

EP 22 - Deep Fakes, ChatGPT and Disinformation: Theresa Payton on Evolving Digital Threats (Part 2) Mar 01, 2023

Today's episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you're already here, so maybe just stick around?
In this episode, host David Puner and Payton continue their discussion, diving into the implications of AI and tools like ChatGPT for the cyber threat landscape – and the potential threats posed by deep fakes backed by synthetic identities. Also, could AI tech make it easier for bad actors to spread disinformation on a large scale?

EP 21 - Back to the Cyber Future: Theresa Payton on Evolving Digital Threats (Part 1) Feb 15, 2023

Since the earliest digital days, cyberattackers have targeted identities in their quests for riches, chaos and even revenge. So, what if we could hop into a flux capacitor-equipped DeLorean, hammer-down to 88 mph, and go back in time to better understand how yesterday’s threats influence today’s landscape – and what history can teach us about outpacing adversaries? Today, we do that – and a whole lot more – with a fantastic guest: Theresa Payton.

Payton is the first woman to have served as White House Chief Information Officer, a best-selling author and the founder and CEO of Fortalice Solutions. In part one of our talk, host David Puner and Payton cover a lot of ground: Payton highlights some of the major cybersecurity trends and threats during her time in the George W. Bush White House – from SQL injection attacks to emerging ransomware. She also reflects on technology’s role in expanding – and complicating – the attack surface, and offers innovative insights for defenders, drawing from her experience as a veteran cybercrime fighter.

As you’ll hear, it’s a great talk – so good that we’re releasing it in two installments. Be sure to check out part two of our conversation with Theresa Payton, which will release on March 1. You can make sure not to miss it by following Trust Issues – available on all major podcast platforms.

Great Scott!

EP 20 - Hacking ChatGPT Feb 01, 2023

Even if you've been living under a super-sized rock for the last few months, you've probably heard of ChatGPT. It's an AI-powered chatbot and it's impressive. It's performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental.

That's where today's guest Eran Shimony, Principal Security Researcher for CyberArk Labs, comes into the picture. In fact, in an effort to stay ahead of the bad guys, Eran recently had ChatGPT create polymorphic malware. In conversation with host David Puner, he helps us understand if we are collectively prepared to deal with ChatGPT and the implications it may have for cyber threats.

How'd did he get ChatGPT to do this and what are the implications? Listen in to find out.

If you find this episode interesting, be sure to check out Eran's recent blog post on the CyberArk Threat Research blog: https://www.cyberark.com/chatgpt-blog

EP 19 - The Cybersecurity Gridiron Jan 18, 2023

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company's nearly 40,000 employees cyber-trained and secure. And, as you'll hear, Nigel highlights the similarities between football and cybersecurity and that understanding one's opponent and environment is crucial to success in both.

EP 18 - Why Protecting Critical Infrastructure is Critical in 2023 Jan 05, 2023

We're starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we're seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries. On today’s episode, host David Puner talks with David Higgins, who’s a Senior Director in CyberArk‘s Field Technology Office, about how the critical infrastructure landscape has changed, its global implications and how cyber protectors have had to adapt.

EP 17 - Highmark Health CISO on the Power of Storytelling Dec 21, 2022

Too often when we think of the human element in cybersecurity it's the insider threats. But more often it's the hardworking protectors inside the organization who, while passionate about their jobs, would rather work to live rather than live to work. Although that reality can easily flip due to the nature of the cyber world. That's where today's guest Omar Khawaja, who’s been the CISO at Highmark Health for nine years, comes into the picture. As you'll hear, Khawaja’s been on the cutting edge of cultivating talent and creating a cyber culture that empowers the human element of an organization with more than 37,000 employees. What you'll learn: How the power of language, relationships and story can be used to effectively communicate cybersecurity strategies and best practices with partners outside of the space. And how the benefits of this can lead to better culture, retention of talent and business growth.

EP 16 - Beware of Stolen Cookies for MFA Bypass Dec 06, 2022

Today's episode is a bit of a year-end cybersecurity fortune cookie. Its focus is an attack trend that's surged in 2022: Cookie hijacking (aka stolen cookies). Session cookies, that is. And it’s an attack trend CyberArk Labs researchers predict will continue to flourish in 2023. To dig into the stolen cookies trend and what's coming next, host David Puner talks with VP of CyberArk Red Team Shay Nahari, and Research Evangelist of CyberArk Labs, Andy Thompson, both of whom have spent a considerable amount of time popping the hood on the trend. And it's something you should be thinking about too in preparing for 2023 cybersecurity challenges.

EP 15 - Navigating a Ransomware Crisis in Latin America Nov 08, 2022

In the spring of 2022, Costa Rica was hit with a series of large-scale, long-lasting ransomware attacks, which wreaked havoc on the government and healthcare system – and paralyzed imports and exports. The ripple effects were far-reaching and the economy was crippled. President Rodrigo Chaves declared a national state of emergency. Trust was shaken. On today’s episode, Vinicio Chaves Alvarado, acting CISO at BAC Credomatic, the Costa Rica-based international bank, talks with host David Puner about being on the frontlines of stabilizing and building back trust. As he puts it, "We are not only cybersecurity professionals – we not only create cybersecurity controls or detect or react to threats. We create trust."

EP 14 - Humanizing Cybersecurity Oct 25, 2022

Being a Chief Information Security Officer is a tough job. CISOs are on the front lines, protecting against the unknown day after day, week after week. It's no wonder mental health issues such as depression and anxiety are surging in our industry. There are a lot of things that need to change, but on a positive note, this once-taboo subject is starting to get the attention it so desperately deserves. This is in part thanks to security leaders like Kirsten Davies, CISO at Unilever, stepping forward. On today’s episode, host David Puner talks with Davies about some of her passions, including the humanization of the teams in our cybersecurity community. She's equally passionate about being an innovative cyber protector and finding solutions to the multitude of challenges high-level CISOs face on a daily basis. The timing of the episode is apropos because October is both Cybersecurity Awareness Month and Depression and Mental Health Awareness and Screening Month. Time to elevate this critical conversation, advocate against stigma, and bring awareness to the various resources available to those who need them.

EP 13 - Cyber Fundamentals: Where Things Fall Apart Oct 11, 2022

Even when looking at layered enterprise solutions designed to thwart attacks and contain them, we must always go back to cybersecurity basics at the individual level. And that’s what, on today's episode, guest Bryan Murphy, CyberArk’s Senior Director of Architecture Services and Incident Response stops by to talk with host David Puner about. Murphy also dives into the importance of cyber hygiene as an essential preventive measure for protecting identities, as part of a defense-in-depth strategy. It’s a perfect fit for October, which happens to be Cybersecurity Awareness Month (CSAM). Raise your awareness and give it a listen!

EP 12 - K-12 Schools in Ransomware Crosshairs w/ Matt Kenslea, Director of State, Local and Education at CyberArk Sep 27, 2022

U.S. government agencies are warning that ransomware actors are "disproportionately targeting the education sector," especially K-12. That’s because sensitive student data, overworked staff and competing priorities make investing in cybersecurity talent and tools a major challenge. On today's episode, host David Puner checks in with Matt Kenslea, CyberArk's Director of State, Local and Education (SLED), for a discussion about these targeted cyberattacks, the challenges they pose – and what schools can do.

EP 11 - Step Away From the QR Code and Listen to This w/ Len Noe, Technical Evangelist & White Hat Hacker at CyberArk Sep 13, 2022

Len Noe – our favorite cyborg and CyberArk resident technical evangelist and white hat hacker – is back! On today’s episode, he’s talking with host David Puner about risky QR codes. On first blush it may seem like a simple subject, but attackers are having a field day with them and there seems to be a general lack of awareness about it. Help stop the havoc-wreaking and find out what you can do to protect yourself.

EP 10 - Skating to Where the Cyber Puck’s Going, Not Where it’s Been w/ Clarence Hinton, CyberArk Chief Strategy Officer, Head of Corporate Development Aug 30, 2022

Sports, at their highest levels, are shaped by lifetimes dedicated to practicing, strategizing and anticipating. The same goes for cybersecurity. Although, in our world, it's not a game and there are no set parameters. On today’s episode, host David Puner speaks with Clarence Hinton, CyberArk Chief Strategy Officer, Head of Corporate Development about looking into the future and preparing for the unknown. Like hockey, it’s about skating to where the puck’s going – not where it’s been.

EP 9 - Living and Breathing Telecom Trust w/ Thomas Tschersich, CSO of Deutsche Telekom and CTO of Telekom Security Aug 16, 2022

If you're in the business of collecting consumer data these days, you better be in the business of protecting that data. Or you could find yourself with no business. On today's episode, host David Puner talks with Thomas Tschersich, Chief Security Officer of Deutsche Telekom (parent company of T-Mobile) and Chief Technical Officer of Telekom Security, about the new rules of data privacy and protection and how telecommunication providers must live and breathe trust as they operate critical infrastructure.

Ep 8 - Seeing the Big Picture with Identity Security w/ Udi Mokady, Founder, Chairman and CEO of CyberArk Aug 02, 2022

For every me or you, there are now 45 machine identities. That's 45 machine identities for every single human identity, according to the CyberArk 2022 Identity Security Threat Landscape Report. And 68% of those machine identities have some level of sensitive access. Attackers know this, and are doing their best to take advantage of those odds. Host David Puner sits down with Udi Mokady, Founder, Chairman and CEO of CyberArk, shortly after the wrap of the company’s Impact 2022 conference, for a talk about Identity Security – where CyberArk has been, where it's going – and a little about guitar playing too.

Ep 7 - Cyber Attack Cycle Deconstruction w/ Lavi Lazarovitz, Head of Security Research at CyberArk Labs Jul 19, 2022

How do we stand a chance against emerging cyber threats? It's because, in large part, there are researchers at the cutting edge – dedicated to the pursuit and understanding of novel threats and vulnerabilities – by thinking just like attackers. That's the world in which Lavi Lazarovitz, CyberArk Labs’ Head of Security Research, lives and thrives. Lazarovitz leads an elite group of white hat hackers, intelligence experts and cybersecurity practitioners. Host David Puner talks with Lazarovitz about deconstructing the attack cycle and various ways to better understand how threat actors operate – in the ongoing effort to stay ahead of them.

EP 6 - Protecting Critical Infrastructure w/ Carla Donev, VP & CISO at NiSource Jul 05, 2022

Securing critical infrastructure that powers our way of life can be a sleepless job. But sometimes that's the cost of being a protector... Today's guest, Carla Donev, is no stranger to working round-the-clock. As Vice President and Chief Information Security Officer at NiSource, she leads security operations for one of the largest utilities in the country, which delivers gas and electricity to millions of citizens across six states. Host David Puner talks with Donev about the evolving threat landscape and how building safer, more resilient operations is key to preserving trust.

EP 5 - Preparing for the Cyber Unknown w/ Shay Nahari, CyberArk VP of Red Team Services Jun 21, 2022

You may have heard the famous Mike Tyson quote, “Everybody has a plan until they get punched in the face.” Applied to the context of cybersecurity, the message is – when things get real, what will you do? How will you react? You can attempt to prepare for seemingly every scenario under the sun, but you still can’t know when or how or where you'll actually get punched.
So how do you prepare for the unknown – for that metaphorical Iron Mike punch to the face? And what do you do when it happens? That's what host David Puner gets into with today's guest Shay Nahari, CyberArk’s VP of Red Team Services.

EP 4 - How Diversity Can Help Combat Cyber Attacker Innovation w/ Royal Bank of Canada’s Melissa Carvalho Jun 07, 2022

Fighting attacker innovation requires a level of innovation that can only be achieved through a collaborative approach. One that brings diverse backgrounds, perspectives and solutions together to strengthen cyber resilience from every angle. Melissa Carvalho, Vice President of Identity and Access Management at Royal Bank of Canada, speaks with host David Puner on the importance of diversity and inclusion in cybersecurity and how it has factored into the evolution of her role.

EP 3 - Why Technology is Key to Restoring Trust in Healthcare w/ Takeda Pharmaceuticals' Mike Towers May 24, 2022

While COVID-19 strained the healthcare system in every possible way, it also sparked a revolution. By emphasizing trust’s central role in every interaction – between patients and clinicians and across interconnected IT ecosystems – the pandemic brought clarity and opportunity to rebuild. Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals, speaks with host David Puner on technology’s growing role in building transparent, equitable healthcare systems and driving better outcomes for all.

EP 2 - Transhumanism: Charting the Cybersecurity Frontier w/ Len Noe May 10, 2022

In our cyber world identities are typically split into two distinct categories: human and machine. But there's one notable intersection: cyborg. On today's episode, host David Puner talks with Len Noe, technical evangelist, white hat hacker – and CyberArk's resident transhuman.

EP 1 - Talking Ransomware w/ Andy Thompson Apr 26, 2022

Today, thanks to cheap plug-and-play ransomware kits, anyone with a credit card can get into the cyber extortion action. No special training or skills required. So, what can we do? In the premiere episode of the Trust Issues™ podcast, David Puner talks about this and more with Andy Thompson, advisor & evangelist at CyberArk Labs.

Trust Issues Trailer Apr 13, 2022

Trailer for CyberArk's Trust Issues™ podcast. Debuting spring 2022.

Our TOPPODCAST Picks

Follow Us

Stay Connected

Related Podcasts

Links

Stay Connected