podcast
details
.com
Print
Share
Look for any podcast host, guest or anyone
Search
Showing episodes and shows of
Sounil Yu
Shows
The Adversarial Podcast
Adversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different
00:00 Intro03:17 Banks call out US Treasury's cybersecurity failures28:54 SEC scraps proposed cybersecurity rules38:05 What makes AI Security differentBanks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/SEC scraps proposed cybersecurity rules for investment advi...
2025-07-01
59 min
The Adversarial Podcast
Adversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements
00:00 Intro04:15 Our journeys from CISOs to Entreprenuers23:48 Trump changes Biden's Cyber EOs28:40 States rebuff proposed federal ban on AI laws36:43 Vanta bug exposes customers' data to other customers49:12 SentinelOne outage52:53 Banking groups ask SEC to drop incident disclosure requirements1:00:37 Cybersecurity teams generate average $36M in business growth1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting ThemTrump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and em...
2025-06-16
1h 11
Tools for Tech Leaders
Why AI Guardrails Don't Work: Cybersecurity Mental Models With Sounil Yu (Knostic AI)
Every AI guardrail gets broken, but that's not the real problem. Cybersecurity framework creator Sounil Yu reveals why traditional security approaches fail in the knowledge age and how enterprise AI deployments create dangerous "oversharing" vulnerabilities that most organizations don't even recognize. Learn the DIKW pyramid framework for understanding AI risks, discover why your security team's "allergy patterns" are sabotaging productivity, and understand the prisoner's dilemma forcing every organization to accelerate AI adoption despite known dangers. Essential insights for executives navigating the gap between AI opportunity and enterprise security reality.
2025-06-12
33 min
The Adversarial Podcast
Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages
00:00 Intro02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom26:24 Fake OpenAI MCP Integration32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials36:03 Destructive malware available in NPM repo went unnoticed for 2 years48:10 Sam & Jony introduce io58:23 Discussion: how risky are local admin rights?Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by CybercriminalsIn May 2025, an...
2025-05-27
1h 05
The Adversarial Podcast
Adversarial Podcast Ep. 23 – Crowdstrike layoffs, RSA Innovation Sandbox, new Pentagon CIO
00:00 Intro00:44 Sounil's RSA Innovation Sandbox experience5:00 5% staffing cuts at Crowdstrike, AI cited as a factor16:00 Trump picks private sector veteran as Pentagon CIO32:41 Messaging app used by Trump official suspends operations after reported hack49:52 An open letter to third-party suppliers59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support1:04:42 Discussion: delivering secret keys stored in PDFs for password managersHosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)
2025-05-14
1h 09
CISO Tradecraft®
#230 - How To Make Your AI Less Chatty (with Sounil Yu)
In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune...
2025-04-28
44 min
The Adversarial Podcast
Adversarial Podcast Ep. 22 – RSA Conference is here, Verizon's 2025 Data Breach Investigations Report, China names alleged US hackers
00:00 Intro00:31 RSA conference14:38 Verizon's 2025 DBIR report37:55 Security of "Sign in with Google/Microsoft"1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agentsRSA Links:Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandboxProfessional Association of CISOs: https://theciso.org/Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/Verizon's 2025 Data Breach Investigations Report This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead...
2025-04-28
1h 09
The Adversarial Podcast
Adversarial Podcast Ep. 21 – Chris Krebs & Sentinel One's clearances revoked, Oracle hack, how Goldberg got added to Signal chat
⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme23:05 Intro06:56 White House revokes Chris Krebs and SentinelOne's security clearances16:55 How Jeffrey Goldberg got added to the White House Signal group chat26:48 DOGE staffer provided tech support to cybercrime ring39:29 China Acknowledged Role in U.S. Infra Hacks51:56 Oracle under fire for its handling of security incidents54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a YearFact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs...
2025-04-15
1h 08
The Adversarial Podcast
Adversarial Podcast Ep. 20 – corporate espionage among SaaS companies, DC's Signal snafu, where is the cyber market going?
⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:28 Intro02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz33:35 Trump Administration accidentally sends war plans to reporter via Signal47:20 GitHub action supply chain attack53:55 Oracle under fire for its handling of security incidentsRippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against CompetitorRippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corp...
2025-04-04
59 min
The Adversarial Podcast
The Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room
⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:37 Intro01:37 Malvertising campaign leads to info stealers hosted on GitHub11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals24:02 What Really Happened With the DDoS Attacks That Took Down X28:34 Bring-your-own-laptop policies40:41 Are WAFs useful or are they just another TPRM box to check?46:59 Is the CISO job market warming up?Malvertising campaign leads to info stealers hosted on GitHubMicrosoft Threat Intelligence uncovered a la...
2025-03-18
51 min
Adventures of Alice & Bob
Ep. 74 - The Accidental Worm that Shutdown a University // Sounil Yu
In this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"
2025-03-14
53 min
Security Weekly Podcast Network (Audio)
AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-13
2h 07
Paul's Security Weekly (Video)
AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-13
2h 07
Paul's Security Weekly (Audio)
AI Is Oversharing and Leaking Data - Sounil Yu - PSW #865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news...
2025-03-13
2h 07
The Adversarial Podcast
The Adversarial Podcast Ep. 18 - CISA cuts, North Koreans steal $1.5B in crypto, planning for RSA Conference
00:00 Highlight00:28 Intro3:41 What's getting cut at CISA?19:01 USCYBERCOM told to stop planning offensive attacks against Russia27:54 ByBit hacked for $1.5B in cryptocurrency40:01 CISO discussion: How to regain trust after a cyber breach49:17 CISO discussion: Data security for GenAI tools58:43 How to get the most out of RSA Conference💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were out...
2025-03-04
1h 07
The Adversarial Podcast
The Adversarial Podcast Ep. 17 - 2025 CISO Compensation Survey, Okta layoffs and employee value, TLS inspection
⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme 00:37 Intro 1:21 Hitch Partners survey of CISOs 13:34 Dangling S3 buckets 24:35 Update on Cybersecurity Innovation Executive Order 32:58 Cyber stocks - NET and CRWD at all-time highs 44:07 Okta lays off 180 employees, including security engineers 55:47 Is anyone actually doing TLS inspection? 1:03:21 Is a SOC2 certificate enough to pass TPRM?Hitch Partners survey of CISOsThe 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, repo...
2025-02-11
1h 09
Resilient Cyber
Resilient Cyber w/ Sounil Yu - The Intersection of AI and Need-to-Know
In this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.Sounil and I dug into a lot of interesting topics, such as:The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.The different approaches to AI security and safety...
2025-02-03
26 min
The Adversarial Podcast
The Adversarial Podcast Ep. 16 - Cyber policy wishlist, RedNote/TikTok, Marsh's cyber insurance report, do CISOs need deep technical skills?
⬇️ See below for timestamps/summaries/references for each topic00:00 Intro01:33 Biden's Executive Order on Cyber Security05:18 Cyber policy wishlist21:30 TikTok and RedNote29:36 Marsh's report on cyber insurance49:21 Do CISOs need to be highly technical?Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.📖 Reference...
2025-01-28
1h 05
The Adversarial Podcast
The Adversarial Podcast Ep. 15 - US-China-Taiwan cyber relations, mobile app ads facilitating spying, holiday DoS vulnerabilities
Join former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec. 00:00 Highlight00:32 Intro1:48 China accuses US of stealing trade secrets10:05 Taiwan reports 2.4M Chinese cyberattacks/day18:21 Christmas day Chrome Extension hacks, including Cyberhaven23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions26:40 Wired: Popular apps hijacked to spy on locations through ad tracking33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP34:36 Are DoS vulnerabilities neglected by...
2025-01-14
1h 07
Modern Cyber with Jeremy Snyder
Sounil Yu of Knostic AI on the role of a modern CISO
Join FireTail CEO Jeremy Snyder as he talks with Sounil Yu, co-founder of Knostic, about the evolving role of today’s CISO. They discuss how CISOs can adapt to emerging technologies, tackle technical debt, align security with business goals, and navigate personal liability in high-stakes environments. Gain actionable insights on building modern security programs in a rapidly changing landscape.About Sounil YuSounil Yu is the co-founder of Knostic AI and a highly respected thought leader in cybersecurity. Previously, he served as CISO and Head of Research at JupiterOne, as well as Chief Security Scientist at...
2025-01-09
24 min
The Adversarial Podcast
The Adversarial Podcast Ep. 14 - Future of CISA/SEC under Trump, US Telco news, DAO faces $50M hack
In this episode of The Adversarial Podcast, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the latest developments in cybersecurity, geopolitical threats, and emerging trends as 2025 approaches.00:00 Introduction 02:06 Trump 2.0's effect on security 03:25 Future of CISA 09:00 Future of SEC cyber reports 15:57 Possible Trump 2.0 priorities 19:40 Spying on US Telco 20:20 What is SS7? 24:04 SS7 vs. SMS interception 25:40 Privacy impact of SS7 attacks 30:12 National security 31:17 CISA's guidance for telco 36:58 DPRK targets DAO network, $50M heist using macOS malware
2024-12-23
54 min
The Adversarial Podcast
The Adversarial Podcast Ep. 13 - East/west coast CISOs, top CISO expenses in 2024, crypto regulation
In this episode of The Adversarial Podcast, Jerry, Mario, and Sounil bring their adversarial insights to a packed discussion of the latest topics in enterprise cybersecurity. - East Coast vs. West Coast CISOs: The trio explores the divide between East Coast and West Coast CISOs. Is the East too focused on risk? Does the West overfit to AppSec and "shift-left" practices? - 2024 CISO Budget Report: Where are CISOs spending their increasing budgets in 2024? The hosts chat about the increasing expenses in identity management and generative AI security. Reference: https://news.crunchbase.com/cybersecurity/ciso-budgets-rising-generative-ai-ellis-yl-ventures/
2024-12-10
1h 12
The Adversarial Podcast
The Adversarial Podcast Ep. 12 - RSA Conference making competition winners accept investment, inefficacy of phishing training
In this episode of The Adversarial Podcast, former CISOs Jerry Perullo, Mario Duarte, and Sounil Yu explore critical topics shaping the cybersecurity landscape.1. Crosspoint Capital’s RSA Innovation Sandbox Model The hosts discuss Crosspoint Capital's controversial $5 million SAFE investment requirement for Innovation Sandbox finalists. They examine the implications for startups, founders, and the cybersecurity ecosystem as a whole, weighing its potential to drive innovation against the risks of stifling participation.Reference: RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment - https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/2. The Effectiveness of Phishing Simulations and Trai...
2024-11-26
1h 11
The Adversarial Podcast
The Adversarial Podcast Ep. 11 - Incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policy
Introduction:The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.Key Topics:Geopolitical Risks:The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are...
2024-11-19
53 min
The Adversarial Podcast
The Adversarial Podcast Ep. 10 - the CISO job market, CRQ, beg bounties, and cryptography
(00:00) Intro (5:15) The CISO job market: present and future (25:57) Handling beg bounties and VDP (41:30) Quantum cryptography – how important is cryptography, really? Stories: “Chinese Researchers Reportedly Crack Encryption With Quantum Computer” - https://www.pcmag.com/news/chinese-researchers-reportedly-crack-encryption-with-quantum-computer Hosts:Jerry Perullo: https://www.linkedin.com/in/perullo/Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/Sounil Yu: https://www.linkedin.com/in/sounil/Producer: Tillson Galloway (linkedin.com/in/tillson)
2024-10-22
54 min
Modern Cyber with Jeremy Snyder
Sounil Yu of Knostic on AI
In this episode of Modern Cyber recorded earlier in 2024, Jeremy sits down with Sounil Yu, co-founder of Knostic.ai, to discuss the growing implications of artificial intelligence (AI) in cybersecurity. Sounil shares his insights on the parallels between AI adoption and previous technological shifts, emphasizing the need for new frameworks to handle knowledge security and privacy. The conversation also explores how AI can be leveraged by both attackers and defenders, as well as the potential for regulatory frameworks to shape the future of AI technology.About Sounil YuSounil Yu is the co-founder of Knostic...
2024-10-11
33 min
The Adversarial Podcast
The Adversarial Podcast Ep. 9 - NIST password guidelines, CUPS vulnerabilities, breach vs. hack
(00:00) Intro & NIST’s new password complexity requirements(13:19) CUPS vulnerability: critical or a distraction(31:26) Federal standards for cybersecurity in health care: should legal responsibility fall on individuals?(47:30) What constitutes a hack vs a breach?Stories:“NIST Drops Password Complexity, Mandatory Reset Rules” - https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules“Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution” - https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html“Wyden and Warner Introduce Bill to Set Strong Cybersecurity Standards for American Health Care System” - https://www.finance.senate.gov/chairmans-news/wyden-and-warner-introduce-bill-to-set-strong-cybersecurity-standards-for-american-health-care-systemHosts...
2024-10-08
1h 01
The Adversarial Podcast
The Adversarial Podcast Ep. 8 - Pagers and Supply Chain Attacks, GitHub stealers, “Founder Mode”
(00:00) Intro (02:24) Exploding pagers: are psychological attacks worse than breaches? (20:21) Are credit card breaches still a concern in 2024? (24:57) Infostealer delivered through GitHub Issues: how are trustworthy services being abused? (31:45) Founder mode: when is it time to switch from "founder mode" to "manager mode?"(44:02) Is open-source more secure than closed-source? Stories and books mentioned: “Israel planted explosives in Hezbollah's Taiwan-made pagers, say sources” - https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-say-sources-2024-09-18/ Darkwire, by Joseph Cox - https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/?lens=publ...
2024-09-24
57 min
The Adversarial Podcast
The Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security Controls
Listen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels.StoriesLinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has...
2024-09-12
1h 06
CTRL+F
Unleashing the Power of Secure-by-Design and Resilience-by-Design Principles
Today on CTRL+F, Jamil Jaffer is joined by Barmak Meftah from Ballistic Ventures and Sounil Yu from Knostic to delve into the transformative concepts of secure-by-design and resilience-by-design. They explore how these approaches are integrating security and resilience into system development, ensuring that systems are both secure from the outset and capable of rapidly recovering from disruptions.How are secure-by-design and resilience-by-design changing the cybersecurity landscape? What impact will these innovations have on industry, government, and national security? How can organizations and investors leverage these strategies to navigate an increasingly complex digital world?
2024-09-03
43 min
The Adversarial Podcast
The Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and Passkeys
Join former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they debate the impact of SSN leaks, discuss the effectiveness of recently implemented ransom payment bans in Miami, and recently reported AWS misconfigurations. Then, listen as they debate passkeys, vulnerability management, and board reporting.00:00 Intro 02:17 Social Security Number breach 14:48 Ransomware payment bans 21:47 AWS environments 39:55 Passkeys 52:30 Maturity assessmentsStories: “2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you” - https://www.cnbc.com...
2024-08-26
1h 04
The Adversarial Podcast
The Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at Evanta
Speaking live at the Evanta CISO Summit in Atlanta in June 2024, host Jerry Perullo talks candidly about why CISOs are failing to land Board Director roles.
2024-08-16
26 min
Enterprise Security Weekly (Video)
Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371
We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition Knostic's Website Show Notes: https://securityweekly.com/esw-371
2024-08-09
34 min
Enterprise Security Weekly (Audio)
AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...
2024-08-09
2h 18
Security Weekly Podcast Network (Audio)
AI Red Teaming and AI Safety - Sounil Yu, Amanda Minnich - ESW #371
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results? ...
2024-08-09
2h 18
The Adversarial Podcast
The Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote Employees
Join former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they discuss upcoming lawsuits related to the recent CrowdStrike outage, switching costs, overhyped security vulnerabilities and their effect on practitioners' responsibilities, fake employees from North Korea, the information stealers and the state of password managers, and the increasing threat of deepfakes.Stories“CrowdStrike is sued by shareholders over huge software outage” - https://www.reuters.com/legal/crowdstrike-is-sued-by-shareholders-over-huge-software-outage-2024-07-31/“Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million” - https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html“Microsoft And AWS Outages: A Wake-Up Call For C...
2024-08-05
1h 26
The Adversarial Podcast
The Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWinds
In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent Crowdstrike outages, PR in the recent Wiz acquisition rumors, stakeholder value in Rapid7, and the SEC dropping charges in the SolarWinds case.Stories: - Activist Jana has a stake in Rapid7. There are two paths to bolster value at the cybersecurity company: https://www.cnbc.com/2024/06/29/two-paths-for-jana-to-bolster-shareholder-value-at-rapid7.html - Google Near $23 Billion Deal for Cybersecurity Startup Wiz: https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a - Most SEC charges dismissed in SolarWinds...
2024-07-26
1h 15
Modern Cyber with Jeremy Snyder
Sounil Yu on FCC Consent Decrees and API Security
In this special episode of Modern Cyber, Jeremy chats with Sounil Yu about a recent consent decree from the FCC that specifically calls for improved API security. They discuss what consent decrees are, their seriousness, and the potential consequences for companies that fail to comply. Sounil also provides insights into best practices for API security and the role of standards like NIST and OWASP in guiding organizations.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background as a former CISO and chief security scientist at Bank of America. He is renowned...
2024-07-25
09 min
The Adversarial Podcast
The Adversarial Podcast Pilot – Cybersecurity Investments, Secure Configurations vs. Code, and Risk Management
Join former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they reflect on the state of cybersecurity investments in 2024, debate the importance of configuration vs. code security, and discuss the importance of governance in risk management.Stories:‘There’s A Lot Of Noise’ — VCs Trying To Find Clarity In Cluttered Cyber AI Landscape: https://news.crunchbase.com/cybersecurity/venture-funding-ai-wiz-ma-rsa/Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions: https://techcrunch.com/2024/05/07/wiz-raises-1b-at-12b-valuation-expanding-through-acquisitions/CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo: h...
2024-07-19
48 min
The Adversarial Podcast
The Adversarial Podcast Ep. 2 - Chrome Extension Vulns, Cyber Job Market, Mouse Jigglers, and the Ransomware Plague
In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss malicious Chrome extensions, the cybersecurity job market, mouse jigglers and security policy, and the impact of the recent ransomware wave. They share insights from their experiences, exploring the challenges of managing browser security policies, job burnout, and banning ransom payments.Stories:Millions under threat from malicious browser extensions — what to do: https://www.tomsguide.com/news/millions-under-threat-from-malicious-browser-extensions-what-to-doDemand for better cybersecurity fuels a booming job market: https://www.washingtonpost.com/business/2024/06/21/cybersecurity-job-demand-boot-camps/Wells Fargo Fires Over a Dozen for ‘Simu...
2024-07-10
1h 02
The Adversarial Podcast
The Adversarial Podcast Ep. 1 - Snowflake, Shared Fate, and the Gili Ra’anan Model
In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent wave of cyber-attacks using Snowflake and the model of shared fate. They debate the effectiveness of banning ransom payments and explore the complexities of cybersecurity regulation, using recent events involving UnitedHealth and Jerry's former employer as case studies. The conversation also touches on the ethical dilemmas CISOs face when interacting with venture capital, highlighting personal experiences and the fine line between advisory roles and conflicts of interest.Stories:UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion: https...
2024-07-01
1h 12
Modern Cyber with Jeremy Snyder
Sounil Yu of Knostic on NIST CSF Update & Governance
In this episode of the Modern Cyber Podcast, Jeremy Snyder, CEO of FireTail, sits down with Sounil Yu, Co-founder of Knostic. With extensive experience as a former CISO and cybersecurity expert, Sounil discusses the recent update to the NIST Cybersecurity Framework and its impact on industry practices.Join the conversation as Sounil shares insights into the complexities of cybersecurity governance and risk management. Learn how organizations can adapt to evolving threats and build robust cybersecurity frameworks tailored to their needs.About Sounil Yu:Sounil Yu is a cybersecurity luminary with a rich background...
2024-04-25
23 min
The Adversarial Podcast
Season 02 Episode 02 - The Interim CISO
Joined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects on his experience as the Interim CISO of Silicon Valley Bank and explores the challenges of the role from hiring manager and candidate perspectives.Yael Nagler: https://www.linkedin.com/in/yaelnagler/Aurobindo Sundaram: https://www.linkedin.com/in/aurobindosundaram/
2024-01-23
56 min