Look for any podcast host, guest or anyone
Showing episodes and shows of

Sounil Yu

Shows

The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomware00:00 Intro01:50 Louvre password08:54 Trump budget cuts20:35 Google AI threat report36:56 Nevada didn’t pay ransom48:25 Moved the needle58:38 L3Harris Trenchant boss stole exploits, sold to Russia62:00 Ransomware remediation firm employees go rogue63:40 Cybersecurity Is A Digital Identity Problem And We Must Deal With ItThe password for the Louvre’s video surveillance system was “Louvre”The Louvre Museum reportedly had a video-surveillance server password of simply “LOUVRE” as early as 2014..Trump budget cuts, agency...
2025-11-111h 13The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E06 – F5 Breach, AWS Outage, Risk Management vs. Security Engineering00:00 Intro 00:50 AWS Outage 20:48 F5 Breach 41:06 Risk Management vs. Security Engineering 58:19 Moving the Needle Part 3F5 Hack Blamed on ChinaChinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares.AWS OutageA race condition in Amazon DynamoDB’s DNS management system caused widespread outages across the US-EAST-1 region on October 19–20, 2025, disrupting DynamoDB, EC2, NLB, and...
2025-10-281h 12The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E05 – Oracle Zero-Day, US cyber info sharing law expires, UK government guarantor for Jaguar attack00:00 Highlight03:44 Oracle E-Business Suite Zero-Day14:49 UK government to be guarantor for Jaguar Land Rover cyberattack25:54 "Moved the needle" Part 248:18 12 Security Problems Practitioners Want Solved1:02:53 National Risk of Losing the CISA 2015 Act?Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion CampaignMandiant and Google Threat Intelligence Group uncovered a large-scale CL0P-linked extortion campaign exploiting a zero-day (CVE-2025-61882) in Oracle E-Business Suite to steal data from organizations before patches were released.https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation
2025-10-141h 10The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E04 – "Moving the needle" awards, effect of H-1B changes on cyber industry, Salesloft aftermath00:00 Highlight 00:43 Intro 06:40 "Moved the needle" awards 37:05 Scattered Lapsus$ and Jaguar Hack 44:39 One Token to Rule Them All - Entra pwned 1:02:21 H-1B visa changes and their effect on the cyber industryScattered Lapsus$ and Jaguar HackJaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operations at Range Rover plants.https://www.wsj.com/business/jaguar-land-rover-extends-production-pause-until-october-following-cyberattack-0e39b7e8One Token to Rule...
2025-09-301h 19tHe CybeR VauLt - Top Voices in Cyber
tHe CybeR VauLt - Top Voices in CyberWhat is The Cyber Defense Matrix? - The CyberVault with Sounil YuIn this episode of The CyberVault, I’m joined by Sounil Yu, CTO and Chief AI Officer at Knostic, security innovator, and the creator of the Cyber Defense Matrix - a framework that’s transformed how organizations think about security strategy.We unpack:📊 The origin and evolution of the Cyber Defense Matrix🏢 How organizations are applying it in real life to improve security programs🤖 How AI is changing the way the Matrix can be used🔮 What’s next for cyber defense as the threat landscape keeps evolving📌 How security leaders can start applying the Matrix today to reframe their prog...
2025-09-2427 minThe Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E03 – Fumbled NPM Attack, Entering the AI Browser Market, Salesloft breach00:00 Intro03:10 NPM supply chain attack leaves attackers empty handed24:44 Why is Atlassian buying a browser company?37:20 Apple's new Memory Integrity Enforcement52:56 Salesloft breach leads to downstream hacksHackers left empty-handed after massive NPM supply-chain attackHackers briefly compromised popular NPM packages like chalk and debug-js, infecting ~10% of cloud environments, but despite the massive supply-chain reach they only netted about $600 in stolen cryptocurrency.https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/Why is Atlassian Buying a Browser Company?Atlassian...
2025-09-161h 09The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E02 - Cyber acquisitions and raises, 95% of GenAI pilots failing, Zelle's alleged security lapses00:00 Introduction & BlackHat02:06 Cybersecurity in Schools18:53 Black Hat Conference Highlights34:02 New York sues Zelle44:48 Trends in Cybersecurity Mergers and Acquisitions1:02:44 95% of generative AI pilots at companies are failing1:08:53 Prompt injection with poisoned calendar invitesDARPA announces $4 million winner of AI code review competition at DEF CONDARPA announced Team Atlanta as the winner of its two-year competition among researchers to create the best artificial intelligence systems that can find and fix vulnerabilities.Attorney General James Sues Company Behind...
2025-09-041h 16The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast S4E01 - Trump's AI Action Plan, Chip Security Act, receiving gifts from vendors00:00 Introduction & BlackHat 03:14 AI Action Plan Overview 13:30 Chip Security Act 20:48 Government led AI-ISAC? 23:16 UK government considering banning public sector ransomware payments 28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert 42:07 Ethics in Vendor Relationships – Gifts for meetingsAmerica's AI Action Plan“America’s AI Action Plan,” released by the Trump administration, outlines a roadmap with over 90 federal actions across three pillars—accelerating AI innovation, building U.S. AI infrastructure, and asserting international AI leadership through exports and technology alliances.The...
2025-07-3051 minExpert Insights Podcast
Expert Insights Podcast#76. Exploring AI Safety and Organizational Privacy - (Sounil Yu, Knostic)Sounil Yu is Knostic’s Chief AI Security Officer, in addition to being a speaker, author, advisor, and board member. His 30+ years in security have shaped his unique perspective on AI safety and organizational privacy. In this episode, Sounil shares his journey from roles at Bank of America and venture capital to his current mission at Knostic.About Expert Insights:Expert Insights saves you time and hassle by rigorously analyzing cybersecurity solutions and cutting through the hype to deliver clear, actionable shortlists. We specialize in cybersecurity. So, our focus is sharper, our knowledge is deeper, an...
2025-07-2421 minThe Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 27 - Is AI necessary for cyber investment? Microsoft moving away from kernel-based AV; Moonlighting and Fake IT workers00:00 Intro3:23 Cybersecurity stocks: why now might be the time to buy?8:55 AI in cyber investment and business29:28 Microsoft is moving antivirus providers out of the Windows kernel34:29 New AI Malware PoC Reliably Evades Microsoft Defender37:08 VSCode Fork; Putting Millions at Risk43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users54:20 US government takes down major North Korean ‘remote IT workers’ operation1:06:06 Phishing Training Doesn't WorkCybersecurity stocks: why now might be the time to buy?https://mone...
2025-07-151h 16The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different00:00 Intro03:17 Banks call out US Treasury's cybersecurity failures28:54 SEC scraps proposed cybersecurity rules38:05 What makes AI Security differentBanks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/SEC scraps proposed cybersecurity rules for investment advi...
2025-07-0159 minThe Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements00:00 Intro04:15 Our journeys from CISOs to Entreprenuers23:48 Trump changes Biden's Cyber EOs28:40 States rebuff proposed federal ban on AI laws36:43 Vanta bug exposes customers' data to other customers49:12 SentinelOne outage52:53 Banking groups ask SEC to drop incident disclosure requirements1:00:37 Cybersecurity teams generate average $36M in business growth1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting ThemTrump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and em...
2025-06-161h 11Tools for Tech Leaders
Tools for Tech LeadersWhy AI Guardrails Don't Work: Cybersecurity Mental Models With Sounil Yu (Knostic AI)Every AI guardrail gets broken, but that's not the real problem. Cybersecurity framework creator Sounil Yu reveals why traditional security approaches fail in the knowledge age and how enterprise AI deployments create dangerous "oversharing" vulnerabilities that most organizations don't even recognize. Learn the DIKW pyramid framework for understanding AI risks, discover why your security team's "allergy patterns" are sabotaging productivity, and understand the prisoner's dilemma forcing every organization to accelerate AI adoption despite known dangers. Essential insights for executives navigating the gap between AI opportunity and enterprise security reality.  
2025-06-1233 minThe Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages00:00 Intro02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom26:24 Fake OpenAI MCP Integration32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials36:03 Destructive malware available in NPM repo went unnoticed for 2 years48:10 Sam & Jony introduce io58:23 Discussion: how risky are local admin rights?Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by CybercriminalsIn May 2025, an...
2025-05-271h 05The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 23 – Crowdstrike layoffs, RSA Innovation Sandbox, new Pentagon CIO00:00 Intro00:44 Sounil's RSA Innovation Sandbox experience5:00 5% staffing cuts at Crowdstrike, AI cited as a factor16:00 Trump picks private sector veteran as Pentagon CIO32:41 Messaging app used by Trump official suspends operations after reported hack49:52 An open letter to third-party suppliers59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support1:04:42 Discussion: delivering secret keys stored in PDFs for password managersHosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)
2025-05-141h 09CISO Tradecraft®
CISO Tradecraft®#230 - How To Make Your AI Less Chatty (with Sounil Yu)In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune...
2025-04-2844 minCISO Tradecraft®
CISO Tradecraft®#230 - How To Make Your AI Less Chatty (with Sounil Yu)In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune...
2025-04-2844 minThe Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 22 – RSA Conference is here, Verizon's 2025 Data Breach Investigations Report, China names alleged US hackers00:00 Intro00:31 RSA conference14:38 Verizon's 2025 DBIR report37:55 Security of "Sign in with Google/Microsoft"1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agentsRSA Links:Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandboxProfessional Association of CISOs: https://theciso.org/Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/Verizon's 2025 Data Breach Investigations Report This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead...
2025-04-281h 09The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 21 – Chris Krebs & Sentinel One's clearances revoked, Oracle hack, how Goldberg got added to Signal chat⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme23:05 Intro06:56 White House revokes Chris Krebs and SentinelOne's security clearances16:55 How Jeffrey Goldberg got added to the White House Signal group chat26:48 DOGE staffer provided tech support to cybercrime ring39:29 China Acknowledged Role in U.S. Infra Hacks51:56 Oracle under fire for its handling of security incidents54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a YearFact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs...
2025-04-151h 08The Adversarial Podcast
The Adversarial PodcastAdversarial Podcast Ep. 20 – corporate espionage among SaaS companies, DC's Signal snafu, where is the cyber market going?⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:28 Intro02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz33:35 Trump Administration accidentally sends war plans to reporter via Signal47:20 GitHub action supply chain attack53:55 Oracle under fire for its handling of security incidentsRippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against CompetitorRippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corp...
2025-04-0459 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:37 Intro01:37 Malvertising campaign leads to info stealers hosted on GitHub11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals24:02 What Really Happened With the DDoS Attacks That Took Down X28:34 Bring-your-own-laptop policies40:41 Are WAFs useful or are they just another TPRM box to check?46:59 Is the CISO job market warming up?Malvertising campaign leads to info stealers hosted on GitHubMicrosoft Threat Intelligence uncovered a la...
2025-03-1851 minAdventures of Alice & Bob
Adventures of Alice & BobEp. 74 - The Accidental Worm that Shutdown a University // Sounil YuIn this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"
2025-03-1453 minAdventures of Alice & Bob
Adventures of Alice & BobEp. 74 - The Accidental Worm that Shutdown a University // Sounil YuIn this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"
2025-03-1453 minSecurity Weekly Podcast Network (Video)
Security Weekly Podcast Network (Video)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-132h 07Security Weekly Podcast Network (Audio)
Security Weekly Podcast Network (Audio)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-132h 07Paul\'s Security Weekly (Audio)
Paul's Security Weekly (Audio)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The...
2025-03-132h 07Paul\'s Security Weekly (Video)
Paul's Security Weekly (Video)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-132h 07The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 18 - CISA cuts, North Koreans steal $1.5B in crypto, planning for RSA Conference00:00 Highlight00:28 Intro3:41 What's getting cut at CISA?19:01 USCYBERCOM told to stop planning offensive attacks against Russia27:54 ByBit hacked for $1.5B in cryptocurrency40:01 CISO discussion: How to regain trust after a cyber breach49:17 CISO discussion: Data security for GenAI tools58:43 How to get the most out of RSA Conference💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were out...
2025-03-041h 07The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 17 - 2025 CISO Compensation Survey, Okta layoffs and employee value, TLS inspection⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme 00:37 Intro 1:21 Hitch Partners survey of CISOs 13:34 Dangling S3 buckets 24:35 Update on Cybersecurity Innovation Executive Order 32:58 Cyber stocks - NET and CRWD at all-time highs 44:07 Okta lays off 180 employees, including security engineers 55:47 Is anyone actually doing TLS inspection? 1:03:21 Is a SOC2 certificate enough to pass TPRM?Hitch Partners survey of CISOsThe 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, repo...
2025-02-111h 09Resilient Cyber
Resilient CyberResilient Cyber w/ Sounil Yu - The Intersection of AI and Need-to-KnowIn this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.Sounil and I dug into a lot of interesting topics, such as:The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.The different approaches to AI security and safety...
2025-02-0326 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 16 - Cyber policy wishlist, RedNote/TikTok, Marsh's cyber insurance report, do CISOs need deep technical skills?⬇️ See below for timestamps/summaries/references for each topic00:00 Intro01:33 Biden's Executive Order on Cyber Security05:18 Cyber policy wishlist21:30 TikTok and RedNote29:36 Marsh's report on cyber insurance49:21 Do CISOs need to be highly technical?Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.📖 Reference...
2025-01-281h 05The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 15 - US-China-Taiwan cyber relations, mobile app ads facilitating spying, holiday DoS vulnerabilitiesJoin former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec. 00:00 Highlight00:32 Intro1:48 China accuses US of stealing trade secrets10:05 Taiwan reports 2.4M Chinese cyberattacks/day18:21 Christmas day Chrome Extension hacks, including Cyberhaven23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions26:40 Wired: Popular apps hijacked to spy on locations through ad tracking33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP34:36 Are DoS vulnerabilities neglected by...
2025-01-141h 07Modern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderSounil Yu of Knostic AI on the role of a modern CISOJoin FireTail CEO Jeremy Snyder as he talks with Sounil Yu, co-founder of Knostic, about the evolving role of today’s CISO. They discuss how CISOs can adapt to emerging technologies, tackle technical debt, align security with business goals, and navigate personal liability in high-stakes environments. Gain actionable insights on building modern security programs in a rapidly changing landscape.About Sounil YuSounil Yu is the co-founder of Knostic AI and a highly respected thought leader in cybersecurity. Previously, he served as CISO and Head of Research at JupiterOne, as well as Chief Security Scientist at...
2025-01-0924 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 14 - Future of CISA/SEC under Trump, US Telco news, DAO faces $50M hackIn this episode of The Adversarial Podcast, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the latest developments in cybersecurity, geopolitical threats, and emerging trends as 2025 approaches.00:00 Introduction 02:06 Trump 2.0's effect on security 03:25 Future of CISA 09:00 Future of SEC cyber reports 15:57 Possible Trump 2.0 priorities 19:40 Spying on US Telco 20:20 What is SS7? 24:04 SS7 vs. SMS interception 25:40 Privacy impact of SS7 attacks 30:12 National security 31:17 CISA's guidance for telco 36:58 DPRK targets DAO network, $50M heist using macOS malware
2024-12-2354 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 13 - East/west coast CISOs, top CISO expenses in 2024, crypto regulationIn this episode of The Adversarial Podcast, Jerry, Mario, and Sounil bring their adversarial insights to a packed discussion of the latest topics in enterprise cybersecurity. - East Coast vs. West Coast CISOs: The trio explores the divide between East Coast and West Coast CISOs. Is the East too focused on risk? Does the West overfit to AppSec and "shift-left" practices? - 2024 CISO Budget Report: Where are CISOs spending their increasing budgets in 2024? The hosts chat about the increasing expenses in identity management and generative AI security. Reference: https://news.crunchbase.com/cybersecurity/ciso-budgets-rising-generative-ai-ellis-yl-ventures/
2024-12-101h 12The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 12 - RSA Conference making competition winners accept investment, inefficacy of phishing trainingIn this episode of The Adversarial Podcast, former CISOs Jerry Perullo, Mario Duarte, and Sounil Yu explore critical topics shaping the cybersecurity landscape.1. Crosspoint Capital’s RSA Innovation Sandbox Model The hosts discuss Crosspoint Capital's controversial $5 million SAFE investment requirement for Innovation Sandbox finalists. They examine the implications for startups, founders, and the cybersecurity ecosystem as a whole, weighing its potential to drive innovation against the risks of stifling participation.Reference: RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment - https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/2. The Effectiveness of Phishing Simulations and Trai...
2024-11-261h 11The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 11 - Incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policyIntroduction:The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.Key Topics:Geopolitical Risks:The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are...
2024-11-1953 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 10 - the CISO job market, CRQ, beg bounties, and cryptography(00:00) Intro (5:15) The CISO job market: present and future (25:57) Handling beg bounties and VDP (41:30) Quantum cryptography – how important is cryptography, really? Stories: “Chinese Researchers Reportedly Crack Encryption With Quantum Computer” - https://www.pcmag.com/news/chinese-researchers-reportedly-crack-encryption-with-quantum-computer Hosts:Jerry Perullo: https://www.linkedin.com/in/perullo/Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/Sounil Yu: https://www.linkedin.com/in/sounil/Producer: Tillson Galloway (linkedin.com/in/tillson)
2024-10-2254 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderSounil Yu of Knostic on AIIn this episode of Modern Cyber recorded earlier in 2024, Jeremy sits down with Sounil Yu, co-founder of Knostic.ai, to discuss the growing implications of artificial intelligence (AI) in cybersecurity. Sounil shares his insights on the parallels between AI adoption and previous technological shifts, emphasizing the need for new frameworks to handle knowledge security and privacy. The conversation also explores how AI can be leveraged by both attackers and defenders, as well as the potential for regulatory frameworks to shape the future of AI technology.About Sounil YuSounil Yu is the co-founder of Knostic...
2024-10-1133 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 9 - NIST password guidelines, CUPS vulnerabilities, breach vs. hack(00:00) Intro & NIST’s new password complexity requirements(13:19) CUPS vulnerability: critical or a distraction(31:26) Federal standards for cybersecurity in health care: should legal responsibility fall on individuals?(47:30) What constitutes a hack vs a breach?Stories:“NIST Drops Password Complexity, Mandatory Reset Rules” - https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules“Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution” - https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html“Wyden and Warner Introduce Bill to Set Strong Cybersecurity Standards for American Health Care System” - https://www.finance.senate.gov/chairmans-news/wyden-and-warner-introduce-bill-to-set-strong-cybersecurity-standards-for-american-health-care-systemHosts...
2024-10-081h 01The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 8 - Pagers and Supply Chain Attacks, GitHub stealers, “Founder Mode”(00:00) Intro (02:24) Exploding pagers: are psychological attacks worse than breaches? (20:21) Are credit card breaches still a concern in 2024? (24:57) Infostealer delivered through GitHub Issues: how are trustworthy services being abused? (31:45) Founder mode: when is it time to switch from "founder mode" to "manager mode?"(44:02) Is open-source more secure than closed-source? Stories and books mentioned: “Israel planted explosives in Hezbollah's Taiwan-made pagers, say sources” - https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-say-sources-2024-09-18/ Darkwire, by Joseph Cox - https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/?lens=publ...
2024-09-2457 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security ControlsListen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels.StoriesLinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has...
2024-09-121h 06The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and PasskeysJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they debate the impact of SSN leaks, discuss the effectiveness of recently implemented ransom payment bans in Miami, and recently reported AWS misconfigurations. Then, listen as they debate passkeys, vulnerability management, and board reporting.00:00 Intro 02:17 Social Security Number breach 14:48 Ransomware payment bans 21:47 AWS environments 39:55 Passkeys 52:30 Maturity assessmentsStories: “2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you” - https://www.cnbc.com...
2024-08-261h 04The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at EvantaSpeaking live at the Evanta CISO Summit in Atlanta in June 2024, host Jerry Perullo talks candidly about why CISOs are failing to land Board Director roles.
2024-08-1626 minSecurity Weekly Podcast Network (Video)
Security Weekly Podcast Network (Video)Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition Knostic's Website Show Notes: https://securityweekly.com/esw-371
2024-08-0934 minEnterprise Security Weekly (Video)
Enterprise Security Weekly (Video)Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition Knostic's Website Show Notes: https://securityweekly.com/esw-371
2024-08-0934 minEnterprise Security Weekly (Audio)
Enterprise Security Weekly (Audio)AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...
2024-08-092h 18Security Weekly Podcast Network (Audio)
Security Weekly Podcast Network (Audio)AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...
2024-08-092h 18The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote EmployeesJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they discuss upcoming lawsuits related to the recent CrowdStrike outage, switching costs, overhyped security vulnerabilities and their effect on practitioners' responsibilities, fake employees from North Korea, the information stealers and the state of password managers, and the increasing threat of deepfakes.Stories“CrowdStrike is sued by shareholders over huge software outage” - https://www.reuters.com/legal/crowdstrike-is-sued-by-shareholders-over-huge-software-outage-2024-07-31/“Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million” - https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html“Microsoft And AWS Outages: A Wake-Up Call For C...
2024-08-051h 26The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWindsIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent Crowdstrike outages, PR in the recent Wiz acquisition rumors, stakeholder value in Rapid7, and the SEC dropping charges in the SolarWinds case.Stories: - Activist Jana has a stake in Rapid7. There are two paths to bolster value at the cybersecurity company: https://www.cnbc.com/2024/06/29/two-paths-for-jana-to-bolster-shareholder-value-at-rapid7.html - Google Near $23 Billion Deal for Cybersecurity Startup Wiz: https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a - Most SEC charges dismissed in SolarWinds...
2024-07-261h 15Modern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderSounil Yu on FCC Consent Decrees and API SecurityIn this special episode of Modern Cyber, Jeremy chats with Sounil Yu about a recent consent decree from the FCC that specifically calls for improved API security. They discuss what consent decrees are, their seriousness, and the potential consequences for companies that fail to comply. Sounil also provides insights into best practices for API security and the role of standards like NIST and OWASP in guiding organizations.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background as a former CISO and chief security scientist at Bank of America. He is renowned...
2024-07-2509 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Pilot – Cybersecurity Investments, Secure Configurations vs. Code, and Risk ManagementJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they reflect on the state of cybersecurity investments in 2024, debate the importance of configuration vs. code security, and discuss the importance of governance in risk management.Stories:‘There’s A Lot Of Noise’ — VCs Trying To Find Clarity In Cluttered Cyber AI Landscape: https://news.crunchbase.com/cybersecurity/venture-funding-ai-wiz-ma-rsa/Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions: https://techcrunch.com/2024/05/07/wiz-raises-1b-at-12b-valuation-expanding-through-acquisitions/CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo: h...
2024-07-1948 minThe Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 2 - Chrome Extension Vulns, Cyber Job Market, Mouse Jigglers, and the Ransomware PlagueIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss malicious Chrome extensions, the cybersecurity job market, mouse jigglers and security policy, and the impact of the recent ransomware wave. They share insights from their experiences, exploring the challenges of managing browser security policies, job burnout, and banning ransom payments.Stories:Millions under threat from malicious browser extensions — what to do: https://www.tomsguide.com/news/millions-under-threat-from-malicious-browser-extensions-what-to-doDemand for better cybersecurity fuels a booming job market: https://www.washingtonpost.com/business/2024/06/21/cybersecurity-job-demand-boot-camps/Wells Fargo Fires Over a Dozen for ‘Simu...
2024-07-101h 02The Adversarial Podcast
The Adversarial PodcastThe Adversarial Podcast Ep. 1 - Snowflake, Shared Fate, and the Gili Ra’anan ModelIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent wave of cyber-attacks using Snowflake and the model of shared fate. They debate the effectiveness of banning ransom payments and explore the complexities of cybersecurity regulation, using recent events involving UnitedHealth and Jerry's former employer as case studies. The conversation also touches on the ethical dilemmas CISOs face when interacting with venture capital, highlighting personal experiences and the fine line between advisory roles and conflicts of interest.Stories:UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion: https...
2024-07-011h 12Modern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderSounil Yu of Knostic on NIST CSF Update & GovernanceIn this episode of the Modern Cyber Podcast, Jeremy Snyder, CEO of FireTail, sits down with Sounil Yu, Co-founder of Knostic. With extensive experience as a former CISO and cybersecurity expert, Sounil discusses the recent update to the NIST Cybersecurity Framework and its impact on industry practices.Join the conversation as Sounil shares insights into the complexities of cybersecurity governance and risk management. Learn how organizations can adapt to evolving threats and build robust cybersecurity frameworks tailored to their needs.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background...
2024-04-2523 minThe Adversarial Podcast
The Adversarial PodcastSeason 02 Episode 02 - The Interim CISOJoined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects on his experience as the Interim CISO of Silicon Valley Bank and explores the challenges of the role from hiring manager and candidate perspectives.Yael Nagler: https://www.linkedin.com/in/yaelnagler/Aurobindo Sundaram: https://www.linkedin.com/in/aurobindosundaram/
2024-01-2356 minInk8r (in·​cu·​ba·​tor) Podcast
Ink8r (in·​cu·​ba·​tor) PodcastEpisode #33 - A discussion with Sounil Yu, author of the Cyber Defense MatrixSounil Yu is an author, cybersecurity visionary/strategist, advisor, security scientist, and leader.  In his capacity of Chief Security Scientist at BoA he was in part responsible for developing and optimizing their cybersecurity portfolio.  With an ever-expanding set of entrants in cybersecurity, he recognized the need to develop a framework that would provide a consistent mechanism to describe and organize solutions.  Over the last several years this framework, the Cyber Defense Matrix, has evolved into a very robust matrix that can apply to an expanding set of use cases.  At The Incubator Podcast, we are using the matr...
2023-08-0336 minThe Adversarial Podcast
The Adversarial PodcastSeason 02 Episode 01 - Board/CISO InteractionReturning from 6 months as the interim CISO of Silicon Valley Bank, host Jerry Perullo speaks about Board/CISO interaction on the FS-ISAC Insights podcast. Full video interview at fsisac.com/insights
2023-08-0231 minhubysravbys
hubysravbys[W.O.R.D] Cyber Defense Matrix The Essential Guide to Navigating the Cybersecurity Landscape read ebook [pdf]Download Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape Full Edition,Full Version,Full Book by Sounil Yu Reading Now at : https://happyreadingebook.club/?book= OR DOWNLOAD EBOOK NOW! [PDF] Download [W.O.R.D] Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape read ebook [pdf] Ebook | READ ONLINE Download [W.O.R.D] Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape read ebook [pdf] read ebook online PDF EPUB KINDLE Download [W.O.R.D] Cyber Defense Matrix...
2023-05-0500 minEnterprise Security Weekly (Video)
Enterprise Security Weekly (Video)The Joe Sullivan Case: Anomaly or Precedent? Part 2 - ESW #296In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment? We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg...
2022-11-1142 minSecurity Weekly Podcast Network (Audio)
Security Weekly Podcast Network (Audio)ESW #296 - Travis Spencer, Sounil Yu, Brian Markham, Robert Graham, Rich FriedbergDon’t leave the door open. Modern systems are complex and require you to consider many aspects. Here are some aspects we consider critical: - APIs are the dominant software development direction/trend. Traditional/legacy ways to grant access is not fit for purpose of protecting this new way of delivering products and services. - Customers are demanding better digital experiences. To maintain a competitive edge and drive brand loyalty businesses need to provide great online experiences. - Standards (such as OAuth and OpenID Connect) are important to ensure high-security levels. Also enables sc...
2022-11-112h 10Enterprise Security Weekly (Audio)
Enterprise Security Weekly (Audio)ESW #296 - Travis Spencer, Sounil Yu, Brian Markham, Robert Graham, Rich FriedbergDon't leave the door open. Modern systems are complex and require you to consider many aspects. Here are some aspects we consider critical: - APIs are the dominant software development direction/trend. Traditional/legacy ways to grant access is not fit for purpose of protecting this new way of delivering products and services. - Customers are demanding better digital experiences. To maintain a competitive edge and drive brand loyalty businesses need to provide great online experiences. - Standards (such as OAuth and OpenID Connect) are important to ensure high-security levels. Also enables scalability...
2022-11-112h 10Enterprise Security Weekly (Video)
Enterprise Security Weekly (Video)The Joe Sullivan Case: Anomaly or Precedent? Part 1 - ESW #296In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment? We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg...
2022-11-1147 minAsk A CISO
Ask A CISOThe Cyber Defense MatrixSounil Yu, author of The Cyber Defense Matrix, joins host Jeremy Snyder this week to talk about his bestselling book, and what we could all learn from it. We also held our first-ever giveaway, a copy of Sounil's book. If you participated in it, tune in to find out what Sounil's answer to your question was and if you've won! The Ask A CISO podcast is a production of Horangi Cyber Security, Asia's leading cloud security provider. The show is hosted weekly by cofounder and CEO, Paul Hadjy. -- Show Notes and Transcript -- ...
2022-11-0940 minThe Adversarial Podcast
The Adversarial PodcastSeason 01 Episode 07 - Bug Bounties with guest Casey EllisBugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber trial. Whether you've been running bounty programs for years or just learned of them last week, this conversation will take you from basics straight into the most interesting and controversial bits.
2022-10-2058 minThree Buddy Problem
Three Buddy ProblemChainguard's Dan Lorenc gets real on software supply chain problems Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence. Dan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation. Links:Dan Lorenc on LinkedInChainguard EnforceSounil Yu on...
2022-10-1347 minAfternoon Cyber Tea with Ann Johnson
Afternoon Cyber Tea with Ann JohnsonCyber Resiliency with Sounil YuSounil Yu, Chief Information Security Officer and Head of Research at JupiterOne, joins Ann on this week's episode of Afternoon Cyber Tea. Ann and Sounil discuss the importance and evolution of cyber resilience and what organizations can do today to build resilience for the future. Sounil is a security innovator with over 30 years of experience creating, breaking, and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches security as an Adjunct Professor, co-chairs Art into Science: A Conference on Defense, and advises many startups.   In T...
2022-10-0435 minThe Adversarial Podcast
The Adversarial PodcastSeason 01 Episode 06 - Retire Many Times with guest Sounil YuSounil Yu joins the #lifeafterCISO podcast and shares the idea of "retiring many times". Sounil is the renowned author of the Cyber Defense Matrix and lauded by the CISO community for his ability to step back and view problems in a new light. Host Jerry Perullo and Sounil go on to look at the Equifax breach from a new angle, talk about CISO accountability, and finally offer up their early thoughts on the Twitter whistleblower report.01:43 Returning to work as a CISO10:30 Do CISOs spend too much time on tech?11:38 CDM and the...
2022-09-0635 minThe Adversarial Podcast
The Adversarial PodcastSeason 01 Episode 05 - Deciding When It's Time to Go with guest Jason ChanAn essential part of moving on from a long tech career is just figuring out when the time is right. Join host Jerry Perullo and retired Netflix CISO Jason Chan for a discussion about picking your time, "Identity Management" after retirement, and the Psychology of Happiness.Links to the material discussed by Jason Chan include:https://arthurbrooks.com/podcast_show/the-art-of-happiness-with-arthur-brooks/https://www.coursera.org/learn/the-science-of-well-being
2022-08-2338 minCISO Tradecraft®
CISO Tradecraft®#83 - Cyber Defense Matrix Reloaded (with Sounil Yu)This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link On this episode, Sounil Yu continues his discussion about his new book ("Cyber Defense Matrix").  Listen to learn more about:    Pre-Event Structural Awareness vs Post-Event Situational Awareness Environmental vs Contextual Awareness Understanding Security Handoffs Rationalizing Technologies Portfolio Analysis Responding to Emerging Buzzwords (Zero Trust and SASE)
2022-06-2048 minCISO Tradecraft®
CISO Tradecraft®#83 - Cyber Defense Matrix Reloaded (with Sounil Yu)This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link On this episode, Sounil Yu continues his discussion about his new book ("Cyber Defense Matrix").  Listen to learn more about:    Pre-Event Structural Awareness vs Post-Event Situational Awareness Environmental vs Contextual Awareness Understanding Security Handoffs Rationalizing Technologies Portfolio Analysis Responding to Emerging Buzzwords (Zero Trust and SASE)
2022-06-2048 minThe Adversarial Podcast
The Adversarial PodcastSeason 01 Episode 04 - The CISO ProfessorIn this Episode host Jerry Perullo talking about cybersecurity in higher education. A Professor of the Practice in the Georgia Tech School of Cyber Security and Privacy, Perullo thinks aloud on the challenges that have prevented cyber from taking off at the undergraduate level before focusing on specific steps you might take to pursue this career path.00:00:55 A Brief History of Cyber in Higher Ed 00:03:11 The Archetype Cyber Curriculum 00:08:03 Enter the CISO: t-500:13:25 When You Are Ready to Take the Leap 00:16:01 Is It Worth It?
2022-06-1623 min