In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.

Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf

GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response

Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc

Chapters

• 00:00 Introduction to AI and Cryptocurrencies
• 00:27 Welcome to CISO Tradecraft
• 00:55 Guest Introduction: Tomas Roccia
• 01:06 Tomas Roccia's Background and Career
• 02:51 AI in Cybersecurity: Defensive Approaches
• 03:19 The Democratization of AI: Risks and Opportunities
• 06:09 AI Tools for Cyber Defense
• 08:09 Challenges and Limitations of AI in Cybersecurity
• 09:20 Microsoft's AI Tools for Defenders
• 12:13 Open Source AI Security: Project Nova
• 18:37 Community Contributions and Open Source Projects
• 19:30 Case Study: Babit Crypto Hack
• 22:12 Money Laundering Techniques in Cryptocurrency
• 23:01 AI in Tracking Cryptocurrency Transactions
• 26:09 Sophisticated Attacks and Money Laundering
• 33:50 Future of AI and Cryptocurrency
• 38:17 Final Thoughts and Advice for Security Executives
• 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/

ThreatLocker - https://www.threatlocker.com/

Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b Chapters

• 00:00 Introduction and Welcome
• 00:27 Meet Danny Jenkins, CEO of Threat Locker
• 01:12 The Philosophy Behind Threat Locker
• 02:52 Customer-Centric Culture at Threat Locker
• 04:32 Technical Leadership and Personal Insights
• 08:55 Leadership Advice for Aspiring CISOs
• 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance.

Chapters

• 00:00 Introduction to AI Governance
• 00:30 Guest Introduction: Dave Lewis
• 00:49 The Importance of AI Governance
• 01:42 Challenges in AI Implementation
• 03:20 AI in the Modern Enterprise
• 03:49 Shadow AI and Security Concerns
• 04:49 AI's Impact on Jobs and Industry
• 05:27 The Gartner Hype Cycle and AI
• 05:43 AI's Influence on the Stock Market
• 06:14 Historical Context of AI
• 06:32 AI and Credential Security
• 08:29 The Role of Governance in AI
• 12:47 The Future of AI and Security
• 18:36 Governance and Policy Recommendations
• 19:26 AI Governance and Ethical Concerns
• 20:01 AI Self-Preservation and Human Safety
• 20:18 Uncontrollable AI Applications
• 21:17 Vectors of AI Trouble
• 21:58 AI Hallucinations and Data Security
• 22:53 AI Vulnerabilities and Exploits
• 26:29 Deepfakes and AI Misuse
• 27:33 Historical Cybersecurity Incidents
• 29:04 Future of AI and Job Security
• 33:47 Managing AI Identities and Credentials
• 34:21 Conclusion and Final Thoughts