Look for any podcast host, guest or anyone
Showing episodes and shows of

Sounil Yu

Shows

The Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different00:00 Intro03:17 Banks call out US Treasury's cybersecurity failures28:54 SEC scraps proposed cybersecurity rules38:05 What makes AI Security differentBanks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/SEC scraps proposed cybersecurity rules for investment advi...2025-07-0159 minThe Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements00:00 Intro04:15 Our journeys from CISOs to Entreprenuers23:48 Trump changes Biden's Cyber EOs28:40 States rebuff proposed federal ban on AI laws36:43 Vanta bug exposes customers' data to other customers49:12 SentinelOne outage52:53 Banking groups ask SEC to drop incident disclosure requirements1:00:37 Cybersecurity teams generate average $36M in business growth1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting ThemTrump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and em...2025-06-161h 11Tools for Tech LeadersTools for Tech LeadersWhy AI Guardrails Don't Work: Cybersecurity Mental Models With Sounil Yu (Knostic AI)Every AI guardrail gets broken, but that's not the real problem. Cybersecurity framework creator Sounil Yu reveals why traditional security approaches fail in the knowledge age and how enterprise AI deployments create dangerous "oversharing" vulnerabilities that most organizations don't even recognize. Learn the DIKW pyramid framework for understanding AI risks, discover why your security team's "allergy patterns" are sabotaging productivity, and understand the prisoner's dilemma forcing every organization to accelerate AI adoption despite known dangers. Essential insights for executives navigating the gap between AI opportunity and enterprise security reality.  2025-06-1233 minThe Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages00:00 Intro02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom26:24 Fake OpenAI MCP Integration32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials36:03 Destructive malware available in NPM repo went unnoticed for 2 years48:10 Sam & Jony introduce io58:23 Discussion: how risky are local admin rights?Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by CybercriminalsIn May 2025, an...2025-05-271h 05The Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 23 – Crowdstrike layoffs, RSA Innovation Sandbox, new Pentagon CIO00:00 Intro00:44 Sounil's RSA Innovation Sandbox experience5:00 5% staffing cuts at Crowdstrike, AI cited as a factor16:00 Trump picks private sector veteran as Pentagon CIO32:41 Messaging app used by Trump official suspends operations after reported hack49:52 An open letter to third-party suppliers59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support1:04:42 Discussion: delivering secret keys stored in PDFs for password managersHosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)2025-05-141h 09CISO Tradecraft®CISO Tradecraft®#230 - How To Make Your AI Less Chatty (with Sounil Yu)In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune...2025-04-2844 minThe Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 22 – RSA Conference is here, Verizon's 2025 Data Breach Investigations Report, China names alleged US hackers00:00 Intro00:31 RSA conference14:38 Verizon's 2025 DBIR report37:55 Security of "Sign in with Google/Microsoft"1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agentsRSA Links:Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandboxProfessional Association of CISOs: https://theciso.org/Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/Verizon's 2025 Data Breach Investigations Report This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead...2025-04-281h 09The Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 21 – Chris Krebs & Sentinel One's clearances revoked, Oracle hack, how Goldberg got added to Signal chat⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme23:05 Intro06:56 White House revokes Chris Krebs and SentinelOne's security clearances16:55 How Jeffrey Goldberg got added to the White House Signal group chat26:48 DOGE staffer provided tech support to cybercrime ring39:29 China Acknowledged Role in U.S. Infra Hacks51:56 Oracle under fire for its handling of security incidents54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a YearFact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs...2025-04-151h 08The Adversarial PodcastThe Adversarial PodcastAdversarial Podcast Ep. 20 – corporate espionage among SaaS companies, DC's Signal snafu, where is the cyber market going?⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:28 Intro02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz33:35 Trump Administration accidentally sends war plans to reporter via Signal47:20 GitHub action supply chain attack53:55 Oracle under fire for its handling of security incidentsRippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against CompetitorRippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corp...2025-04-0459 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:37 Intro01:37 Malvertising campaign leads to info stealers hosted on GitHub11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals24:02 What Really Happened With the DDoS Attacks That Took Down X28:34 Bring-your-own-laptop policies40:41 Are WAFs useful or are they just another TPRM box to check?46:59 Is the CISO job market warming up?Malvertising campaign leads to info stealers hosted on GitHubMicrosoft Threat Intelligence uncovered a la...2025-03-1851 minAdventures of Alice & BobAdventures of Alice & BobEp. 74 - The Accidental Worm that Shutdown a University // Sounil YuIn this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"2025-03-1453 minSecurity Weekly Podcast Network (Audio)Security Weekly Podcast Network (Audio)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...2025-03-132h 07Paul\'s Security Weekly (Video)Paul's Security Weekly (Video)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...2025-03-132h 07Paul\'s Security Weekly (Audio)Paul's Security Weekly (Audio)AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...2025-03-132h 07The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 18 - CISA cuts, North Koreans steal $1.5B in crypto, planning for RSA Conference00:00 Highlight00:28 Intro3:41 What's getting cut at CISA?19:01 USCYBERCOM told to stop planning offensive attacks against Russia27:54 ByBit hacked for $1.5B in cryptocurrency40:01 CISO discussion: How to regain trust after a cyber breach49:17 CISO discussion: Data security for GenAI tools58:43 How to get the most out of RSA Conference💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were out...2025-03-041h 07The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 17 - 2025 CISO Compensation Survey, Okta layoffs and employee value, TLS inspection⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme 00:37 Intro 1:21 Hitch Partners survey of CISOs 13:34 Dangling S3 buckets 24:35 Update on Cybersecurity Innovation Executive Order 32:58 Cyber stocks - NET and CRWD at all-time highs 44:07 Okta lays off 180 employees, including security engineers 55:47 Is anyone actually doing TLS inspection? 1:03:21 Is a SOC2 certificate enough to pass TPRM?Hitch Partners survey of CISOsThe 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, repo...2025-02-111h 09Resilient CyberResilient CyberResilient Cyber w/ Sounil Yu - The Intersection of AI and Need-to-KnowIn this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.Sounil and I dug into a lot of interesting topics, such as:The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.The different approaches to AI security and safety...2025-02-0326 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 16 - Cyber policy wishlist, RedNote/TikTok, Marsh's cyber insurance report, do CISOs need deep technical skills?⬇️ See below for timestamps/summaries/references for each topic00:00 Intro01:33 Biden's Executive Order on Cyber Security05:18 Cyber policy wishlist21:30 TikTok and RedNote29:36 Marsh's report on cyber insurance49:21 Do CISOs need to be highly technical?Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.📖 Reference...2025-01-281h 05The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 15 - US-China-Taiwan cyber relations, mobile app ads facilitating spying, holiday DoS vulnerabilitiesJoin former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec. 00:00 Highlight00:32 Intro1:48 China accuses US of stealing trade secrets10:05 Taiwan reports 2.4M Chinese cyberattacks/day18:21 Christmas day Chrome Extension hacks, including Cyberhaven23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions26:40 Wired: Popular apps hijacked to spy on locations through ad tracking33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP34:36 Are DoS vulnerabilities neglected by...2025-01-141h 07Modern Cyber with Jeremy SnyderModern Cyber with Jeremy SnyderSounil Yu of Knostic AI on the role of a modern CISOJoin FireTail CEO Jeremy Snyder as he talks with Sounil Yu, co-founder of Knostic, about the evolving role of today’s CISO. They discuss how CISOs can adapt to emerging technologies, tackle technical debt, align security with business goals, and navigate personal liability in high-stakes environments. Gain actionable insights on building modern security programs in a rapidly changing landscape.About Sounil YuSounil Yu is the co-founder of Knostic AI and a highly respected thought leader in cybersecurity. Previously, he served as CISO and Head of Research at JupiterOne, as well as Chief Security Scientist at...2025-01-0924 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 14 - Future of CISA/SEC under Trump, US Telco news, DAO faces $50M hackIn this episode of The Adversarial Podcast, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the latest developments in cybersecurity, geopolitical threats, and emerging trends as 2025 approaches.00:00 Introduction 02:06 Trump 2.0's effect on security 03:25 Future of CISA 09:00 Future of SEC cyber reports 15:57 Possible Trump 2.0 priorities 19:40 Spying on US Telco 20:20 What is SS7? 24:04 SS7 vs. SMS interception 25:40 Privacy impact of SS7 attacks 30:12 National security 31:17 CISA's guidance for telco 36:58 DPRK targets DAO network, $50M heist using macOS malware2024-12-2354 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 13 - East/west coast CISOs, top CISO expenses in 2024, crypto regulationIn this episode of The Adversarial Podcast, Jerry, Mario, and Sounil bring their adversarial insights to a packed discussion of the latest topics in enterprise cybersecurity. - East Coast vs. West Coast CISOs: The trio explores the divide between East Coast and West Coast CISOs. Is the East too focused on risk? Does the West overfit to AppSec and "shift-left" practices? - 2024 CISO Budget Report: Where are CISOs spending their increasing budgets in 2024? The hosts chat about the increasing expenses in identity management and generative AI security. Reference: https://news.crunchbase.com/cybersecurity/ciso-budgets-rising-generative-ai-ellis-yl-ventures/ 2024-12-101h 12The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 12 - RSA Conference making competition winners accept investment, inefficacy of phishing trainingIn this episode of The Adversarial Podcast, former CISOs Jerry Perullo, Mario Duarte, and Sounil Yu explore critical topics shaping the cybersecurity landscape.1. Crosspoint Capital’s RSA Innovation Sandbox Model The hosts discuss Crosspoint Capital's controversial $5 million SAFE investment requirement for Innovation Sandbox finalists. They examine the implications for startups, founders, and the cybersecurity ecosystem as a whole, weighing its potential to drive innovation against the risks of stifling participation.Reference: RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment - https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/2. The Effectiveness of Phishing Simulations and Trai...2024-11-261h 11The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 11 - Incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policyIntroduction:The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.Key Topics:Geopolitical Risks:The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are...2024-11-1953 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 10 - the CISO job market, CRQ, beg bounties, and cryptography(00:00) Intro (5:15) The CISO job market: present and future (25:57) Handling beg bounties and VDP (41:30) Quantum cryptography – how important is cryptography, really? Stories: “Chinese Researchers Reportedly Crack Encryption With Quantum Computer” - https://www.pcmag.com/news/chinese-researchers-reportedly-crack-encryption-with-quantum-computer Hosts:Jerry Perullo: https://www.linkedin.com/in/perullo/Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/Sounil Yu: https://www.linkedin.com/in/sounil/Producer: Tillson Galloway (linkedin.com/in/tillson)2024-10-2254 minModern Cyber with Jeremy SnyderModern Cyber with Jeremy SnyderSounil Yu of Knostic on AIIn this episode of Modern Cyber recorded earlier in 2024, Jeremy sits down with Sounil Yu, co-founder of Knostic.ai, to discuss the growing implications of artificial intelligence (AI) in cybersecurity. Sounil shares his insights on the parallels between AI adoption and previous technological shifts, emphasizing the need for new frameworks to handle knowledge security and privacy. The conversation also explores how AI can be leveraged by both attackers and defenders, as well as the potential for regulatory frameworks to shape the future of AI technology.About Sounil YuSounil Yu is the co-founder of Knostic...2024-10-1133 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 9 - NIST password guidelines, CUPS vulnerabilities, breach vs. hack(00:00) Intro & NIST’s new password complexity requirements(13:19) CUPS vulnerability: critical or a distraction(31:26) Federal standards for cybersecurity in health care: should legal responsibility fall on individuals?(47:30) What constitutes a hack vs a breach?Stories:“NIST Drops Password Complexity, Mandatory Reset Rules” - https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules“Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution” - https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html“Wyden and Warner Introduce Bill to Set Strong Cybersecurity Standards for American Health Care System” - https://www.finance.senate.gov/chairmans-news/wyden-and-warner-introduce-bill-to-set-strong-cybersecurity-standards-for-american-health-care-systemHosts...2024-10-081h 01The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 8 - Pagers and Supply Chain Attacks, GitHub stealers, “Founder Mode”(00:00) Intro (02:24) Exploding pagers: are psychological attacks worse than breaches? (20:21) Are credit card breaches still a concern in 2024? (24:57) Infostealer delivered through GitHub Issues: how are trustworthy services being abused? (31:45) Founder mode: when is it time to switch from "founder mode" to "manager mode?"(44:02) Is open-source more secure than closed-source? Stories and books mentioned: “Israel planted explosives in Hezbollah's Taiwan-made pagers, say sources” - https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-say-sources-2024-09-18/ Darkwire, by Joseph Cox - https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/?lens=publ...2024-09-2457 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security ControlsListen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels.StoriesLinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has...2024-09-121h 06CTRL+FCTRL+FUnleashing the Power of Secure-by-Design and Resilience-by-Design PrinciplesToday on CTRL+F, Jamil Jaffer is joined by Barmak Meftah from Ballistic Ventures and Sounil Yu from Knostic to delve into the transformative concepts of secure-by-design and resilience-by-design. They explore how these approaches are integrating security and resilience into system development, ensuring that systems are both secure from the outset and capable of rapidly recovering from disruptions.How are secure-by-design and resilience-by-design changing the cybersecurity landscape? What impact will these innovations have on industry, government, and national security? How can organizations and investors leverage these strategies to navigate an increasingly complex digital world?2024-09-0343 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and PasskeysJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they debate the impact of SSN leaks, discuss the effectiveness of recently implemented ransom payment bans in Miami, and recently reported AWS misconfigurations. Then, listen as they debate passkeys, vulnerability management, and board reporting.00:00 Intro 02:17 Social Security Number breach 14:48 Ransomware payment bans 21:47 AWS environments 39:55 Passkeys 52:30 Maturity assessmentsStories: “2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you” - https://www.cnbc.com...2024-08-261h 04The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at EvantaSpeaking live at the Evanta CISO Summit in Atlanta in June 2024, host Jerry Perullo talks candidly about why CISOs are failing to land Board Director roles.2024-08-1626 minEnterprise Security Weekly (Video)Enterprise Security Weekly (Video)Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition Knostic's Website Show Notes: https://securityweekly.com/esw-3712024-08-0934 minEnterprise Security Weekly (Audio)Enterprise Security Weekly (Audio)AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...2024-08-092h 18Security Weekly Podcast Network (Audio)Security Weekly Podcast Network (Audio)AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...2024-08-092h 18The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote EmployeesJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they discuss upcoming lawsuits related to the recent CrowdStrike outage, switching costs, overhyped security vulnerabilities and their effect on practitioners' responsibilities, fake employees from North Korea, the information stealers and the state of password managers, and the increasing threat of deepfakes.Stories“CrowdStrike is sued by shareholders over huge software outage” - https://www.reuters.com/legal/crowdstrike-is-sued-by-shareholders-over-huge-software-outage-2024-07-31/“Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million” - https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html“Microsoft And AWS Outages: A Wake-Up Call For C...2024-08-051h 26The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWindsIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent Crowdstrike outages, PR in the recent Wiz acquisition rumors, stakeholder value in Rapid7, and the SEC dropping charges in the SolarWinds case.Stories: - Activist Jana has a stake in Rapid7. There are two paths to bolster value at the cybersecurity company: https://www.cnbc.com/2024/06/29/two-paths-for-jana-to-bolster-shareholder-value-at-rapid7.html - Google Near $23 Billion Deal for Cybersecurity Startup Wiz: https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a - Most SEC charges dismissed in SolarWinds...2024-07-261h 15Modern Cyber with Jeremy SnyderModern Cyber with Jeremy SnyderSounil Yu on FCC Consent Decrees and API SecurityIn this special episode of Modern Cyber, Jeremy chats with Sounil Yu about a recent consent decree from the FCC that specifically calls for improved API security. They discuss what consent decrees are, their seriousness, and the potential consequences for companies that fail to comply. Sounil also provides insights into best practices for API security and the role of standards like NIST and OWASP in guiding organizations.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background as a former CISO and chief security scientist at Bank of America. He is renowned...2024-07-2509 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Pilot – Cybersecurity Investments, Secure Configurations vs. Code, and Risk ManagementJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they reflect on the state of cybersecurity investments in 2024, debate the importance of configuration vs. code security, and discuss the importance of governance in risk management.Stories:‘There’s A Lot Of Noise’ — VCs Trying To Find Clarity In Cluttered Cyber AI Landscape: https://news.crunchbase.com/cybersecurity/venture-funding-ai-wiz-ma-rsa/Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions: https://techcrunch.com/2024/05/07/wiz-raises-1b-at-12b-valuation-expanding-through-acquisitions/CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo: h...2024-07-1948 minThe Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 2 - Chrome Extension Vulns, Cyber Job Market, Mouse Jigglers, and the Ransomware PlagueIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss malicious Chrome extensions, the cybersecurity job market, mouse jigglers and security policy, and the impact of the recent ransomware wave. They share insights from their experiences, exploring the challenges of managing browser security policies, job burnout, and banning ransom payments.Stories:Millions under threat from malicious browser extensions — what to do: https://www.tomsguide.com/news/millions-under-threat-from-malicious-browser-extensions-what-to-doDemand for better cybersecurity fuels a booming job market: https://www.washingtonpost.com/business/2024/06/21/cybersecurity-job-demand-boot-camps/Wells Fargo Fires Over a Dozen for ‘Simu...2024-07-101h 02The Adversarial PodcastThe Adversarial PodcastThe Adversarial Podcast Ep. 1 - Snowflake, Shared Fate, and the Gili Ra’anan ModelIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent wave of cyber-attacks using Snowflake and the model of shared fate. They debate the effectiveness of banning ransom payments and explore the complexities of cybersecurity regulation, using recent events involving UnitedHealth and Jerry's former employer as case studies. The conversation also touches on the ethical dilemmas CISOs face when interacting with venture capital, highlighting personal experiences and the fine line between advisory roles and conflicts of interest.Stories:UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion: https...2024-07-011h 12Modern Cyber with Jeremy SnyderModern Cyber with Jeremy SnyderSounil Yu of Knostic on NIST CSF Update & GovernanceIn this episode of the Modern Cyber Podcast, Jeremy Snyder, CEO of FireTail, sits down with Sounil Yu, Co-founder of Knostic. With extensive experience as a former CISO and cybersecurity expert, Sounil discusses the recent update to the NIST Cybersecurity Framework and its impact on industry practices.Join the conversation as Sounil shares insights into the complexities of cybersecurity governance and risk management. Learn how organizations can adapt to evolving threats and build robust cybersecurity frameworks tailored to their needs.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background...2024-04-2523 minThe Adversarial PodcastThe Adversarial PodcastSeason 02 Episode 02 - The Interim CISOJoined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects on his experience as the Interim CISO of Silicon Valley Bank and explores the challenges of the role from hiring manager and candidate perspectives.Yael Nagler: https://www.linkedin.com/in/yaelnagler/Aurobindo Sundaram: https://www.linkedin.com/in/aurobindosundaram/2024-01-2356 min