Last week I attended the most honest tech conference I can remember. The ironic thing was that it wasn’t a tech conference at all. If was the California Press Foundation (CPF) annual conference.

The CPF traces its history back to 1878 when it was formed originally as the California Press Association to represent the journalism industry in the state. It morphed and partnered with different journalism groups over its existence, and today it operates independently as a statewide nonprofit supporting the next generation of journalists. At its core, it works to keep the shrinking industry alive.

Journalism is crucial to the survival of democracies worldwide, and this organization is doing yeoman's work in pushing it into the 21st century.

Every year at this time I start getting pitches from PR folks offering client's predictions for the coming year. Lots of publications put out their annual predictions articles in December with their own, plus a few selected from these pitches.

At Cyber Protection Magazine we do it a bit different. Our predictions don't come out until January so we can give equal review to the stuff that comes in after Christmas. So you're welcome.

But in this podcast with Ian Thornton-Trump, CISO of Inversion6, we start the process early. We not only give out a few predictions but we also talk about what makes a good prediction. Hint: It doesn't start with "In 2026 we will see a continuation of..." Anything that says everything will go on as it is is not a prediction worth reading.

This is a longer than normal podcast, but when Ian and I get wound up, it's hard to stop.

More often than not, when I'm interviewing a corporate leader about the news they are presenting to me, I find a bit of news in their own content that they didn't see, That was the case when I interviewed Mike Wiacek, founder and CTO of Stairwell. The company is in a very competitive market with almost 250 companies dedicated to identifying malware before it can mess up your system, The report was about the rise of malware variants in the world, but their own report showed that, at least this year, the technology niche they are in is actually knocking that number down. He was surprised, but it made for a good discussion.

Generative AI is BIG business. Maybe too big. In the rush to commercialize and cash in on billions of dollars of investment, Big Tech is letting security slip through the cracks again. Adversaries are weaponizing AI to supercharge phishing attacks, destabilize governments and blackmail innocent people. This episode is the first entry in a months-long series of storeis, podcasts, videos and panels on "Defense Against the AI Arts (with Apologies to Harry Potter". Our first subject Vijay Balasubramaniyan, CEO of Pindrop.

Telesign is part of a growing security niche market dedicated to providing the infrastructure companies need to keep customer data safe. We talked with company CMO Kristi Melani about how the industry needs to educated not just corporations but the users in what is available to them.

This episode is our very first book review. I edited Data for All late last year and had my eyes open to both the massive amount of customer data collected by almost every corporation in the world, and the amount of digital waste produced by the effort. There is also a mini-review of Not with a Bug, but with a Sticker. These are two books that if you read them (and they are both easy reading) will make you sound like an expert in AI and data science in any gathering of people. That may not be a good thing but I enjoy it.

#GenerativeAI was front and center at the RSA Conference 2023 in San Francisco. Companies were either promoting it as a means of improving security or warning against it as a security weakness. It was even the keynote on Tuesday by RSA CEO Rohit Ghai, who took a neutral position that leaned positive on its potential.

But as he spoke, for the most part, glowingly about the AI age we are entering there were some questions that arose. So we contacted him through his PR agency and he graciously accepted an interview appointment to answer those questions. Our focus was, primarily, on the ethical use of generative AI and the failure of the tech industry to live up to its own stated ethics. The conversation was frank and illuminating.

You cannot spit without hitting a news story about generative AI (AKA ChatGPT, Bard, etc.). Some of the news is good, some of it bad, and all of it fairly confusing. ⁠Cyber Protection Magazine⁠ has been digging through the detritus and find what really is good or bad about it and today we continue that with an interview with a very smart man: Dr. James Norrie, a full-time professor in the Management, Marketing, and Entrepreneurship department at York University and founder of the cybersecurity company CyberconIQ. He holds advanced degrees in cybersecurity and intelligence analysis, copyright law, and project management. And he has a very specific take on generative AI.

TikTok has been in the news for quite a while, but at Cyber Protection Magazine, we are pretty sure we aren't getting the whole story, so we are starting a series of articles and podcasts to get to the bottom of the issue, starting with this episode.

We talk to Ian Thornton-Trump -- raconteur, iconoclast, cyberwarrior, and CISO for Cyjax -- and he, as usual, has a lot to say. As you listen you will find that the real problem is not in the app, but in ourselves... and in bad algorithm design.

Also, this is an ad-free episode. If you want to support the work we are doing, go to Cyber Protection Magazine and donate to the cause. The button is on the bottom of the page.

You can't talk in polite company about politics or religion, but everyone can talk about how they hate advertising. And for good reason. I take a break from discussing technology to rant about what tech companies do to get you to buy their stuff, and why you don;t trust them.

“Sextortion” is a popular theme in media and the news, but it may or may not be a big deal. No one can really come up with a consensus about what it is and how widespread it is. It’s even difficult to pin down whether it is a crime. We talked with Ken Kuglin from Digital Forensics Corporation, a cybersecurity firm in Ohio, about how to deal with the attacks and their free services to educate people about how to avoid or deal with sextortion.

Cybersecurity has a healthier and older relationship with artificial intelligence (AI) than pretty much any other industry niche.  That’s because the information available on cyber threats is better vetted than 90 percent of what is fed into ChatGPT and the Google and Microsoft versions of generative AI.  But putting that data to use in security is not that easy… yet.

Cyber Protection Magazine has been tasing with companies for several weeks as we study the constructive uses of AI in security, and try to find a way through the hype. We interviewed the CEO of one company recently, Gopi Sirineni of Axiado.  They are about to launch a security co-processor driven by a unique AI that will be based on the Sirineni calls a “data lake” of attack schemes.  This information is a “living” database that will constantly be updated. But to make sure it is as comprehensive as possible, they are enlisting the help of the worldwide cybersecurity community.  To participate, you can contact Axiado through their website, on the corporate Linkedin page, or to Sirineni directly.  More will be available at the magazine in the next two weeks.

Vishing, short for "voice phishing," is on the rise again.  But then, it’s been rising almost exponentially for the past two years.  Last summer various organizations were reporting anywhere between 500-650 percent increases over the previous six quarters.  Now, as US citizens prepare their tax returns, the scam is getting another bump. We had a chat with Brian McDonald, director of product development and Mutare, about their technology and the problem of vishing.

When it comes to the implementation of AI in a corporation, the question is not if or when. It’s more like, “How much if a disaster are we willing to accept?” A whole new industry niche is arising to help companies determine just how mediocre and unsafe they want to be. Tumeryk is one of those companies helping provide that insight.

Being a security company that gets hit with a data breach or malware attack is embarrassing, besides the fact that it scares the hell out of your customers. But the current tech fad of "decentralization" has a pretty good lesson for anyone thinking about establishing a security operations center, virtual or otherwise. We talked with the CEO of Dispel about how they've been decentralizing security operations in infrastructure clients for years now. 

If you're like us, #dataprivacyweek snuck up on you and almost got by before you knew it. But we were still busy. This podcast includes an interview with Brandon Rogers, a senior security engineer at Halo Security, an attack surface management company, who discusses the rash of data breaches at T-Mobile over the past couple of years and what they SHOULD be doing about it (Note, T-Mobile has not responded to requests for input), and then we have our first All Hands discussion with the team at Cyber Protection Magazine as we talk about the larger issues of data privacy.

It's Martin Luther King day today, which is an important holiday for me. This interview was incredibly satisfying because it demonstrates how far we've come since Dr. King Spoke in Washington DC in 1963. We have a long way to go, but this is a celebration of what is being accomplished.

To kick off the new year and our seventh season, Joe Basques and I tackle the conundrum of distrust in media and why marketing doesn't work the way it's supposed to in the technology world.

For the second year we are publishing predictions for 2023 in Cyber Protection Magazine by asking people and organizations to submit a brief, one-paragraph statement. Our friend and Cyjax CISO sent an entire presentation. And it was fun and scary all at the same time.,So we went with it. Check out the other predictions on the magazine and let us know what you think.

A personal bank account was hacked this week, but because I was getting regular alerts from my bank we kept the damage at a minimum. As luck would have it, I had scheduled this interview with Bruno Farinelli of Clearsale who explained how even when you do everything you can to keep your finances safe, criminals have a way to get around your protections. 

Guess what? Black Friday doesn't give you good deals and the ones you may be looking at may be scams. Take 15 minutes and get smart.

A few weeks ago I was on a panel at San Jose State, #yesyoucan, about the future of democracy and how it intersects with technology and media. It went over an hour, which twice longer than what I normally do, but it included Harry Hursti speaking on election security and Sari Stenfors regarding a "hopeful future." After what we've been through the past few months, it might help.

You've read the headlines about the stock market and the tech sector in particular. Self-proclaimed genius tech bros are hemorrhaging wealth, portfolios are crashing. But while the cybersecurity industry isn't completely unaffected, it is still attracting billions in new investment and private equity acquisitions. We talk to Brad LaPorte of Lionfish Advisors about why investments are falling in tech and why cyber is the new darling.

I'm working on a story about some interesting numbers regarding the state of cyber crime. The number seem to indicate that, overall, we might be making progress on reducing it, though not eliminating it. But to be sure I've spent the past two weeks talking to experts about the numbers who are totally pessimistic and doubtful. One of them is Gerry Kennedy, CEO of Observatory Strategic Management, an organization that advises industry and governments about insurance issues. In our discussion he recommended other sources, which will be included in the article on Cyber Protection Magazine.

The first of September began with a bang. I've got a lot to write and talk about, but barely had time to do this much. There is an AI infrastructure conference coming next week, along with a special issue on AI economics. But companies really need to start learning how to tell a story all over again. Generative AI and marketese is killing a lot of really good technology. Listen in and find out how to fix that.

Want some good news about technology? Stay tuned

I was pleasantly introduced to a non-profit cybersecurity company this week. Quad9 was established 6 years ago with the goal of reducing human error as the source of breaches, which makes of more than 90 percent of all successful cyberattacks. And they do it for free. Their website (www.quad9.com) has a lot of easy to understand and use tools to block malicious actors from accessing your systems and data. Check it out.

The most innocuous things can be open invitations to criminbals to hack your data, or infiltrate your company. Adam Levine, cybersecurity podcaster and founder of Credit.com talked with Crucial Tech about "office phishing" and the "three M's" of personal cyber protection.

Quantum computing is often in the news, mostly about how it's going to destroy the world as nation states bust the hardest encryptions around so they can steal national and corporate secrets. However, there are no quantum computers available today that can actually accomplish the task and, thankfully, there are whole industries popping up to deal with the worst aspects of the tech while encouraging some good things. We talked with Eric Garcell of Classiq, one of the companies dedicated to protecting quantum computing intellectual property, about why quantum computers are a good thing and that, in some cases, are doing good things now.

I get a new report from a different research company almost every week about the state of cybersecurity. Most of them say the same thing, but I do read them all the way through. Recently received a report from a company called HelpSystems, a cybersecurity services company that works with some pretty big name companies and they issued a report that got me yawning almost immediately. But their research subsidiaries, Agari and PhishLabs, buried a couple of items that perked up my ears so I said yes to an interview. What follows is a 30-minute discussion about the report focusing on a couple of areas, hybrid vishing, and vulnerabilities criminals are using to target Office 365 users. John Wilson, senior fellow for threat research went on to talk about which email platforms are most popular for criminals and how criminal activity using cryptocurrency is on the rise. You can get a copy of the report here.big-name

Period and ovulation trackers have been around for quite a while but they are not, for the most part, privacy forward. In fact, according to the Mozilla foundation, only a few even have privacy policies. That is problematic for women in states that are criminalizing abortion where they are subpoenaing records of women even searching for options. Virtru, a security software company decided to fix that problem at and Def Con 2022 the demonstrated a concept app that put complete control of access to the data in the hands of the user. In preparation for Women's Equality Day on August 26, we talked with the team leader that developed the app, Cassandra Bailey, and the senior vice president of product strategy, Rob McDonald about the process. Unfortunately, they have no plans to make the app available to the public but have put the building blocks on Git Hub for app developers to run with. You can see a demonstration of it here. Maybe somebody out there will make a secure app.

As a journalist, I am morally bound to be objective. That's why, because I'm not a big fan of cryptocurrency, I have made an effort to give enthusiasts of the technology every chance to defend their positions. But I got a chance to interview Bruce Schneier about the subject and had to take it. I tried very hard to be supportive of the innovative uses of blockchain and its primary application in this interview. It didn't go well. But, boy, was it entertaining.

Quantum computing has been in the news for some time but most people don't know why they should care. They should. Jack Hidary, CEO of SandboxAQ explains why.

Even the promising announcements from Apple and Google about the end of passwords is going to take a long time to spread through the user base. But the technology exists to make them disappear if only we weren’t so stubborn about using them. We talked to Boian Simic, CEO of HYPR, a company making true passwordless tech… that is yet available to anyone but the wealthiest among us.

The wildly popular massive-multiplayer online games don't make the news much for big security breaches, but it appears they are vulnerable to lateral attacks that can steal data and abuse children. The companies that run these platforms tend to blame the users for breaching security. We spent some time with Raj Dodhiawala, CEO of Remediant, a cybersecurity SaaS company that defends networks against lateral attacks. He was pretty hard on companies that expect users to protect the network. Look for a larger article on game platform breaches in Cyber Protection Magazine

A few weeks ago I talked with Paul Valente, CEO of VISO TRUST. In the excitement of Agentic AI adoption, a massive security hole has opened and Valente's goal is plugging that hole. Our conversation adds a needed reality check to the AI euphoria/

One of my favorite security gurus, Ian Thornton-Trump sent me a text recently about the top-five security failures in recent history that we have yet to learn from. So I decided to call him and ask what he meant. It's worth listening to.

The Metaverse can be used for immersive education that can engage students and enhance the experiential aspects of education. It certainly makes for more interesting field trips. But the potential for disaster looms.  Luckily there are some, while recognizing the upsides of the technology, who take a very realistic view of the potential downsides. One of them is Jaime Donnelly.

Donnelly is an author, and speaker on immersive technology for education. She’s also the engagement director for Identity Automation, a company dedicated to identity and access management tools for K-12 and universities. She is also a great promoter for the future of immersive technology for education.

We sat down to chat about her extensive collection of VR goggles and her realistic expectations. She makes an old curmudgeon feel a bit better about the future.

The week after #RSAC2022 seems to be a good time to start a new season of Crucial Tech, so here we go.
I talked to a lot of people at the conference about how to keep foreign agents out of your network and some of what I learned is in a larger article in Cyber Protection Magazine, but.I went to someone who wasn't there -- Grant Wernick, CEO of #Fletch -- to chat about the problem, how to find them and how to stop them from doing real damage. Grant gave me a view into how you can find them and root them out once they infiltrate.

I'm going to the RSA Conference in San Francisco this week, so I didn't do a full episode yet. This is a preview of what's to come so stay tuned.

The realities of cyberattacks are not going away. Based on what we know, we have no idea how big the problem is because a lot of individuals and organizations just don’t report attacks. Conservatively, Cyber Protection Magazine estimates that half of all the attacks are unreported. More knowledgeable people than us say it's more like 90 per cent. As we have reported in past podcasts, that is likely due to a combination of complacency and just not knowing what to do.

We talked to Emil Sayegh, CEO of Ntirety, a company that helps small to midsize organizations reach security compliance with best practices and new privacy legislation. Ntirety is one of dozens of similar companies that are doing quite well. Sayegh claims they have 2400 customers, which is impressive in and of itself. But 2400 customers is a long way from any one industry being protected. Even 240,000 would be a drop in the bucket. That doesn’t mean you have to be their customer, or a customer of any competitor to get started.

Sayegh outlined a five-point plan in our discussion. Grab a coffee and have a listen. 

Joe Basques and I took our time to talk about personal priorities in cybersecurity and in the process we ended up talking about secure browsers, privacy, abortion, state surveillance and recalling recent podcasts with Chase Cunningham and Supreet Manchanda. The upshot is we are entering a time where personal responsibility remains the single biggest determinant of vulnerability. Don't skip over and don't ignore this episode. Your finances, personal privacy and the fate of the nation is is your hands. 

Most individuals and businesses know they need to address cybersecurity, but they don't know where to start. That's understandable because the digital world is like a sieve with thousands of holes. You may patch most of them but there are always a few for criminals to slip through. The question is, what are the most important holes to plug. The Zero Trust approach is proving to be the most comprehensive solution to security, but even then there are dozens of ways and companies dedicated to achieving a Zero Trust paradigm. Where should you look?
Well, Dr. Chase Cunningham, Chief Strategy Officer (CSO) at Ericom Software, has created something that might help. It's an online market map listing the applications and solution providers for Zero Trust. We spent some time talking about how he developed it and how it can help people and organizations navigate the Zero Trust rapids.

The SEC is considering requiring corporations provide a board seat to the CISOs. It's something I've seen as long overdue especially considering how security illiterate most boards are. And in the start-up world that literacy needs to start with venture capitalists. I decided to talk to one of my favorite entrepreneurial investors, Supreet Manchanda, and ask him what he thought an investor's role in security would be.

Woke up this morning to the news that high-flying quantum cryptography company, Arqit, is being hit with fraud lawsuits in the UK and US throwing shade on the viability of its technology. In preparation for an article on the news for Cyber Protection Magazine I had a chat with Gerry Kennedy, CEO of Observatory Holdings, about the importance of the case not only for future standardization but to companies looking to keep data safe when quantum computing becomes a thing.

Much of the West has feared Russian aggression since the Cuban Missile Crisis 1962. Then it was their technologically superior military. Most recently it’s been their vaunted cyber warfare capabilities. This podcast episode is about the one positive coming out of the Ukraine war: the Russians are not as scary as we thought they were. Oh, they are still scary, but scary like a feral, rabid house cat, rather than a man-eating tiger.

The genesis of this interview was a Linkedin post by Ian Thornton-Trump, who is something of a celebrity in the cybersecurity world. Ian is a certified IT professional with 25 years of experience in IT security and information technology.

His post in Linked in, essentially said, “Russian cyber warfare? Meh.” That intrigued me so I sent him a private message and asked him to elaborate, and boy did he. So I invited him on the podcast. Turns out he’s a fan. Who knew?

Be prepared to be encouraged.

I got a pitch from Reality Defender (deepfake video detection) about a partnership with ValidSoft (deepfake voice) last week. We don’t generally cover partnership agreements because, well, we get a handful every week and they just aren’t news. But the pitch threw out a few statistics that seemed a bit off. After some research, I found out how off they were.

See, fraud can be divided into two types: Criminal fraud, which companies like these are dedicated to stopping, and legally protected fraud like advertising and political speech (First Amendment and all that). As far as impacts go, the latter is much more dangerous and prevalent, but security companies can’t relly do anything about that. And that is what I discussed with Reality Defender CEO, Ben Colman discussed.

Key Takeaways and Links

Deepfake fraud attempts are low in percentage but high in potential impact, especially for high-value clients in regulated industries

There's a critical need for national regulation to address AI-generated content on consumer platforms, as current measures are insufficient.

Reality Defender and Validsoft claim to lead in deepfake detection, focusing on inference-based and provenance-based approaches respectively

The "David Act" (Deepfake Audio Video Image Detection Act) has been proposed to require platforms to flag AI-generated content.

This is the day you should not just THINK about backing up your data, but actually DO it. It really isn’t that hard. It can be done while you re getting a cup of coffee. It can be done automatically, and it can be done for free for most people. We spent a bit of time outlining all ways it can be done without muss or fuss.

If you aren't a regular reader of Cyber Protection Magazine, shame on you. But this podcast might change your habits. We've created a list of secure messaging apps for you in the accompanying article with this podcast. And because we started with the article instead of the podcast, the details are there. But we decided to call Gerry Kennedy, CEO of Observatory Holdings and get a reality check on our qualifications for the list. He said we were on the right track but got into some detail. Gerry's company advises companies and insurance firms on how to mitigate liability and security is a big focus for them.

Cyber warfare has been an open secret for many years, but the conflict in Ukraine has brought it out into the open and includes more than government-sponsored hacking. Anonymous took out the broadcast network, Russia Today (RT) with a massive DDoS attack, and the Russian Duma and several military servers were similarly hit within the past 48 hours. Meanwhile, Ukrainian hackers aligned with Russia have been attacking the Ukrainian infrastructure, hoping to get on the payroll of the GRU.
We talked with Dr. Pano Yannakogeorgos of NYU’s Center for Global Affairs about the relative preparedness of NATO countries for attacks from Russia and it's surrogates as well as the extent of guerrilla-type warfare from unaligned hackers on both sides.