Security Matters

In this episode of Trust Issues, we dive into the complex and rapidly evolving world of cyber insurance. We discuss the challenges and opportunities facing companies seeking to protect themselves from the ever-present threat of cyberattacks. Joining host David Puner, today’s guest is Ruby Rai, Cyber Practice Leader, Canada at Marsh McLennan, who shares her insights into the current state of the cyber insurance market, its future trajectory and the key requirements companies need to meet to obtain coverage. We also explore the impact of third-party access and non-human identities on cyber insurance requirements and how companies can adopt an identity security approach to meet these requirements. Join us as we dig into the complexities of the cyber insurance market and discuss the importance of collaboration between insurers and clients in ensuring that companies have the coverage they need.

In this episode of the Trust Issues podcast, host David Puner interviews CyberArk Founder and Executive Chairman Udi Mokady on the occasion of the company’s 25th anniversary. They discuss that milestone and reflect on CyberArk’s growth to becoming the global leader in identity security and the ever-evolving threat landscape – and how the company has scaled to meet it. Udi shares his insights on the company's culture, values, philosophies and lessons he's learned. He also dives into the importance of innovation, the role of AI in cybersecurity and his future aspirations for the company. 

And, because we say in the episode that we’ll share it here, Mark Knopfler’s new album is entitled ‘One Deep River’ … Udi describes it as great for driving and optimistic. 

Enjoy the podcast! 

In this episode of Trust Issues, host David Puner interviews Eric Hussey, SVP, Chief Information Security Officer (CISO) at Finastra, a leading provider of financial software solutions and services. Hussey shares his insights on the evolving role of the CISO, the challenges of keeping up with new and evolving cybersecurity regulations, and the importance of balancing innovation with security in the fintech space. He also discusses how identity factors into the equation, mentioning the importance of identity security in the future of fintech and banking, and the need for frictionless enhancements in identity security. Hussey also talks about his career path, AI’s emerging and evolving role in cybersecurity, and the importance of good governance and risk management in prioritizing security concerns. 

In the 50th episode of the Trust Issues podcast, host David Puner interviews Justin Hutchens, an innovation principal at Trace3 and co-host of the Cyber Cognition podcast (along with CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe). They discuss the emergence and potential misuse of generative AI, especially natural language processing, for social engineering and adversarial hacking. Hutchens shares his insights on how AI can learn, reason – and even infer human emotions – and how it can be used to manipulate people into disclosing information or performing actions that compromise their security. They also talk about the role of identity in threat monitoring and detection, and the challenges and opportunities AI presents organizations in defending against evolving threats and how we can harness its power for the greater good. Tune in to learn more about the fascinating and ever-changing landscape of adversarial AI and identity security.

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them. He also discusses how browsers have been designed for consumers, not for the enterprise, and how this creates a fundamental problem in the way we treat and design identities around the usage of browsers... until now. Shay introduces CyberArk Secure Browser, which eliminates cookies from the disk completely and provides an end-to-end control of the flow of identity. The conversation also touches on the expanding attack surface, new identities, and how organizations can protect themselves from session-based attacks. Shay emphasizes the importance of least privilege, monitoring, and an assume breach mindset. 

In this episode of the Trust Issues podcast, Kaivan Karimi, Global Partner Strategy and OT Cybersecurity Lead – Automotive Mobility and Transportation at Microsoft, discusses with host David Puner the complexities of the automotive cybersecurity ecosystem, and they explore the challenges and considerations facing the industry. Karimi shares his insights on the role of identity security in automotive cybersecurity and how it helps ensure that only authenticated entities have the privilege to engage in the high-speed exchange of information. He also talks about the importance of data sovereignty, data privacy and compliance in the automotive industry. This episode provides a fascinating look into the present and future world of automotive cybersecurity and the measures being taken to protect against cyber threats. 

Take the audio ride!  

In this episode of Trust Issues, Jan Vanhaecht, the Global Digital Identity Leader at Deloitte Belgium, delves into the intricate realms of digital trust and risk management with host David Puner. The discussion covers topics ranging from the impact of regulations on cybersecurity practices to the pivotal role of identity in building a robust security culture. Unpacking the nuances of digital trust maturity, the episode explores how organizations can navigate the delicate balance between risk and reward. From the emergence of passwordless authentication to the practical applications of Zero Trust principles, the conversation provides valuable perspectives on safeguarding digital landscapes. Join us as we unravel the complexities of cybersecurity and discover how it intertwines with innovation, compliance and the pursuit of trust in the digital age. 

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.

In this episode of Trust Issues, CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills. Noe explains how these AI kiddies use prompt engineering to circumvent the built-in protections of LLMs like ChatGPT and get them to generate malicious code, commands and information. He also shares his insights on how organizations can protect themselves from these AI-enabled attacks by applying the principles of Zero Trust, identity security and multi-layered defense. All this and a dollop of transhumanism … Don’t be a bot – check it out! 

Guest Dr. Magda Chelly, Managing Director and CISO of Responsible Cyber, joins Trust Issues host David Puner for a conversation about third-party risk management and cyber resilience. Dr. Chelly underscores the imperative of prioritizing identity management, particularly as decentralized work environments are becoming the norm in today’s evolving digital landscape. She also explains how breaking things played a critical role in propelling her into a career in cybersecurity – and then in fostering and advancing it. The interview unfolds against the backdrop of Dr. Chelly’s extensive experience and recently authored book, "Building a Cyber Resilient Business," which serves as a handbook for executives and boards navigating the complexities of cybersecurity. If you’re seeking insights on how to gain stronger visibility and control over your organization’s digital identities, this episode is for you.

Join us to learn how build resiliency against today’s ever-growing array of cyber threats – and what’s to come in 2024 and beyond.

In this year-end Trust Issues podcast episode, host David Puner takes listeners on a retrospective jaunt through some of the show’s 2023 highlights. The episode features insightful snippets from various cybersecurity experts and thought leaders, each discussing crucial aspects of the ever-evolving cyber landscape. From discussions on the dynamic nature of threat actors and the need for agile security approaches to insights on identity security challenges in the cloud and the intricacies of safeguarding data, the episode encapsulates a wealth of knowledge shared by industry professionals. With diverse perspectives on generative AI, risk management, cloud security, DevSecOps – and even a personal bear wrestling story – Trust Issues’ 2023 cannon delivers an engaging compilation for both cybersecurity enthusiasts and industry practitioners.

As the podcast looks back on the year's diverse lineup of guests, it serves as a valuable resource for anyone seeking to stay informed about the latest cybersecurity trends, strategies and challenges. The episode emphasizes the importance of adapting to the rapidly changing threat landscape, adopting innovative security practices and fostering collaboration to address the multifaceted nature of cyber risks in the modern digital era.

Clips featured in this episode from the following guests:

Eran Shimony, Principal Security Researcher, CyberArk Labs

Andy Thompson, Offensive Security Research Evangelist, CyberArk Labs

Eric O’Neill, Former FBI Counterintelligence Operative & Current National Security Strategist 

Shay Nahari, VP of Red Team Services, CyberArk

Diana Kelley, CISO, Protect AI 

Len Noe, Technical Evangelist, White Hat Hacker & Biohacker, CyberArk

Theresa Payton, Former White House CIO, Founder & CEO of Fortalice Solutions

Larry Lidz, VP & CISO, Cisco CX Cloud

Matt Cohen, CEO, CyberArk

Charles Chu, GM of Cloud Security, CyberArk

Brad Jones, CISO & VP of Information Security, Seagate Technology

Dusty Anderson, Managing Director, Global Digital Identity, Protiviti

Philip Wylie, Offensive Security Professional, Evangelist & Ethical Hacker

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today's cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies. The discussion extends to the impact of cloud and hybrid environments, the nuances of cyber insurance trends – and the challenges presented by mergers and acquisitions in relation to identity hygiene. Gurevich highlights the growing importance of considering both cloud and on-prem systems with equal rigor, emphasizing the need for comprehensive cybersecurity measures to combat threats and risks. 

Today’s Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets. Contos delves into the pressing issues surrounding IoT, Extended IoT (xIoT) and OT devices' security vulnerabilities – and explores how these vulnerabilities pose threats to consumer privacy, sensitive data and public safety. The conversation also touches on the intersections of identity security with asset intelligence and the importance of understanding the complete asset landscape in cybersecurity. We’re calling this one “The Identity of Things” … Check it out!

In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs' Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta's support unit. The conversation delves into the details of the attacks – who’s behind them, how identity plays a pivotal role in both – and the larger implications of this new breed of supply chain attack amid the evolving threat landscape. Thompson also shares insights into how organizations can better protect themselves and their customers.

Check out the CyberArk blog for further insights into the MGM and Okta breaches. And, watch Andy Thompson in the CyberArk Labs' webinar, "Anatomy of the MGM Hack."

Today’s guest is Charles Chu, CyberArk's General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments. Chu sheds light on the complexities of cloud security, emphasizing the need for tailored solutions to protect against evolving cyber threats. Don't miss this insightful conversation that demystifies cloud security and redefines safeguarding digital assets – and answers the pivotal question: Why doesn’t cloud security taste like chicken?  

Arati Chavan, Staff Vice President, Global Head of Identity and Access Management (IAM) at Elevance Health joins host David Puner for a conversation that sheds light on how federated identity solutions are pivotal in achieving efficient and secure access control across diverse entities. Chavan also explores the challenges and opportunities in cloud transformation, the evolving role of AI in healthcare and the delicate balance between customer simplicity and robust security measures. Listen in for a deep dive into the heart of identity security and its impact on the healthcare industry.

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling. 

Considering a cybersecurity career? You won’t want to miss this episode – Wylie’s passion for cybersecurity education and mentorship is contagious. Plus, you’ll discover many unexpected parallels between pro wrestling and red teaming – and how they can help strengthen your organization’s digital defenses.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.  

Today’s episode of Trust Issues focuses on spycatching! Eric O'Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history. O'Neill details his “cover job” of working beside Hanssen in the FBI’s new information assurance (cybersecurity) division, while secretly uncovering his espionage activities. O'Neill’s made-for-the-big-screen experiences emphasize the challenges posed by malicious insiders – some of the most difficult and expensive cybersecurity threats of our time. His gripping account draws intriguing parallels between spies and cyber criminals, shedding light on identity security’s significant role in thwarting insider espionage and defenders’ continuous push to outpace attacker innovation. 

Crystal Trawny, Optiv’s Practice Director, Privileged Account and Endpoint Privilege Management (PAM/EPM), joins host David Puner in exploring the ever-evolving identity landscape and how emerging threats impact organizations’ cybersecurity requirements. Through the eyes of an end user, Trawny shares best practices for overcoming change resistance, creating effective deployment timelines and avoiding scope creep. This episode maps the correlation between critical program elements – such as robust endpoint privilege management and dynamic access controls – and privileged access management (PAM) maturity. In the face of complexity and ransomware, insider threats and other sophisticated cyberattacks, organizations can use these insights to help assess their current strategy and chart a course for success.  

In this episode of Trust Issues, host David Puner talks with CyberArk CEO Matt Cohen, who shares his distinct take on leadership – emphasizing the importance of leading without fanfare. Cohen talks about his transition into the CEO role, insights on identity security and the current threat landscape. He also touches on the significance of company culture, professional development – and his admiration for a particular Boston Red Sox manager’s leadership style. The discussion delves into CyberArk's mission to secure the world against cyber threats by securing identities, and empower organizations to move forward, fearlessly to unlock growth, innovation and progress. 
 
 Three key takeaways from this episode are: 
 1) The significance of authenticity and humility in leadership.
 2) The criticality of identity security in today's evolving threat landscape.
 3) The value of customer-centricity and trust-building in successful business relationships.

While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we’re still just in the early days of the technology. In this episode, CyberArk Labs’ Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders. 

Diana Kelley, Chief Information Security Officer (CISO) at Protect AI joins host David Puner for a dive into the world of artificial intelligence (AI) and machine learning (ML), exploring the importance of privacy and security controls amid the AI Gold Rush. As the world seeks to capitalize on generative AI’s potential, risks are escalating. From protecting data from nefarious actors to addressing privacy implications and cyber threats, Kelley highlights the need for responsible AI development and usage. The conversation explores the principle of least privilege (PoLP) in AI, the privacy implications of using AI and ML platforms and the need for proper protection and controls in the development and deployment of AI and ML systems.

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker. Noe joins host David Puner to shed light on the concept of synthetic identity, which involves gathering publicly available, unprotected data and then using AI chatbots and platforms like ChatGPT along with predictive analytics to correlate the data and generate deep digital portraits of individuals. Then, thinking like an attacker, Noe dives into how this new digital clairvoyance has the potential to up threat actors’ games and what organizations and individuals should be doing to combat it. Noe also shares his POV on the implications for cybersecurity and his concerns about sharing personal and proprietary information with AI chatbots and platforms. 

In this episode of the Trust Issues podcast, host David Puner interviews Brad Jones, CISO and VP of Information Security at Seagate Technology. They delve into cloud security challenges, including protecting data in a constantly shifting technological landscape. Jones discusses the importance of establishing trust as a data company and implementing rigorous controls to safeguard sensitive information. Then, they take a deep dive into the evolving external threat landscape, the role of AI in security and Seagate's cloud migration journey. Tune in to learn how to bridge security gaps, set your organization up for cloud security success and stay ahead of threat actors in the digital age.

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time. And she sheds light on how the intricate web of identities – both human and non-human – shape the modern development pipeline to underscore the importance of visibility, governance and Zero Trust-based thinking. Tune in for insights to help fortify your cybersecurity practices and unlock the full potential of effective DevSecOps strategies.

Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what's causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks. As more organizations adopt cloud and DevOps technologies, the number of digital identities has skyrocketed, providing attackers with more accounts to exploit. However, Thompson emphasizes that staying vigilant about properly configured identities and analyzing their behavior can go a long way in mitigating the risk of ransomware attacks. Tune in to stay ahead of the curve in the ever-evolving landscape of cybersecurity threats.

We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most. 

In short, we buckle up for safety. 

And risk is something that today’s guest Larry Lidz, who’s Vice President and Chief Information Security Officer (CISO) for Cisco CX Cloud, thinks about a lot. On today’s episode, host David Puner talks with Lidz about cyber risk, the shifting tolerance levels for it and how it influences security decision-making. 

Quantum computing is coming and it has the potential to be both exciting and terrifying... On today's episode of Trust Issues, host David Puner speaks with cryptographer Dr. Erez Waisbard, CyberArk’s Technology and Research Lead, about quantum computing innovation and its cybersecurity implications – from data encryption to surveillance and privacy. 

Dr. Waisbard breaks down how encryption works, why it’s so important for safeguarding our data, and how quantum computers will break the methods used today. This may sound ominous, but designs for quantum-resistant encryption algorithms are already well underway. Check out the episode to learn more about them and how your organization can start preparing now.

And, if you like this episode, be sure to check out Erez Waisbard’s blog post, "Quantum Computing Is Coming… Here are 4 Ways to Get Ready," on the CyberArk Blog. 

Today's guest is Den Jones, who's Chief Security Officer (CSO) at Banyan Security, a startup Zero Trust network access solution (and a CyberArk technology partner). Jones spent almost 19 years at Adobe, followed by a stop at Cisco, before landing at Banyan in 2021. As his Twitter bio tells it, he's a “Large Scale Zero Trust Deliverer,” which is part of his multifaceted CSO charge.
 
In this episode, host David Puner talks with Jones about his singular cybersecurity career path – beginning with a formative stint as a Royal Mail postman in Scotland – and how he worked his way up the ladder to become a Zero Trust-delivering CSO. Jones explains how his role at Banyan encompasses all aspects of security, including product (putting the security around the security, as it were), enterprise and physical security. He also discusses the challenges he faces in his current role, including evangelizing the company's security strategy. 

Today's episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you're already here, so maybe just stick around?
 
In this episode, host David Puner and Payton continue their discussion, diving into the implications of AI and tools like ChatGPT for the cyber threat landscape – and the potential threats posed by deep fakes backed by synthetic identities. Also, could AI tech make it easier for bad actors to spread disinformation on a large scale? 

Since the earliest digital days, cyberattackers have targeted identities in their quests for riches, chaos and even revenge. So, what if we could hop into a flux capacitor-equipped DeLorean, hammer-down to 88 mph, and go back in time to better understand how yesterday’s threats influence today’s landscape – and what history can teach us about outpacing adversaries? Today, we do that – and a whole lot more – with a fantastic guest: Theresa Payton. 

Payton is the first woman to have served as White House Chief Information Officer, a best-selling author and the founder and CEO of Fortalice Solutions. In part one of our talk, host David Puner and Payton cover a lot of ground: Payton highlights some of the major cybersecurity trends and threats during her time in the George W. Bush White House – from SQL injection attacks to emerging ransomware. She also reflects on technology’s role in expanding – and complicating – the attack surface, and offers innovative insights for defenders, drawing from her experience as a veteran cybercrime fighter. 

As you’ll hear, it’s a great talk – so good that we’re releasing it in two installments. Be sure to check out part two of our conversation with Theresa Payton, which will release on March 1. You can make sure not to miss it by following Trust Issues – available on all major podcast platforms. 

Great Scott! 

Even if you've been living under a super-sized rock for the last few months, you've probably heard of ChatGPT. It's an AI-powered chatbot and it's impressive. It's performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental.

That's where today's guest Eran Shimony, Principal Security Researcher for CyberArk Labs, comes into the picture. In fact, in an effort to stay ahead of the bad guys, Eran recently had ChatGPT create polymorphic malware. In conversation with host David Puner, he helps us understand if we are collectively prepared to deal with ChatGPT and the implications it may have for cyber threats. 

How'd did he get ChatGPT to do this and what are the implications? Listen in to find out.

If you find this episode interesting, be sure to check out Eran's recent blog post on the CyberArk Threat Research blog: https://www.cyberark.com/chatgpt-blog 

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company's nearly 40,000 employees cyber-trained and secure. And, as you'll hear, Nigel highlights the similarities between football and cybersecurity and that understanding one's opponent and environment is crucial to success in both. 

We're starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we're seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries. On today’s episode, host David Puner talks with David Higgins, who’s a Senior Director in CyberArk‘s Field Technology Office, about how the critical infrastructure landscape has changed, its global implications and how cyber protectors have had to adapt.

Too often when we think of the human element in cybersecurity it's the insider threats. But more often it's the hardworking protectors inside the organization who, while passionate about their jobs, would rather work to live rather than live to work. Although that reality can easily flip due to the nature of the cyber world. That's where today's guest Omar Khawaja, who’s been the CISO at Highmark Health for nine years, comes into the picture. As you'll hear, Khawaja’s been on the cutting edge of cultivating talent and creating a cyber culture that empowers the human element of an organization with more than 37,000 employees. What you'll learn: How the power of language, relationships and story can be used to effectively communicate cybersecurity strategies and best practices with partners outside of the space. And how the benefits of this can lead to better culture, retention of talent and business growth.  

Today's episode is a bit of a year-end cybersecurity fortune cookie. Its focus is an attack trend that's surged in 2022: Cookie hijacking (aka stolen cookies). Session cookies, that is. And it’s an attack trend CyberArk Labs researchers predict will continue to flourish in 2023. To dig into the stolen cookies trend and what's coming next, host David Puner talks with VP of CyberArk Red Team Shay Nahari, and Research Evangelist of CyberArk Labs, Andy Thompson, both of whom have spent a considerable amount of time popping the hood on the trend. And it's something you should be thinking about too in preparing for 2023 cybersecurity challenges.

In the spring of 2022, Costa Rica was hit with a series of large-scale, long-lasting ransomware attacks, which wreaked havoc on the government and healthcare system – and paralyzed imports and exports. The ripple effects were far-reaching and the economy was crippled. President Rodrigo Chaves declared a national state of emergency. Trust was shaken. On today’s episode, Vinicio Chaves Alvarado, acting CISO at BAC Credomatic, the Costa Rica-based international bank, talks with host David Puner about being on the frontlines of stabilizing and building back trust. As he puts it, "We are not only cybersecurity professionals – we not only create cybersecurity controls or detect or react to threats. We create trust."

Being a Chief Information Security Officer is a tough job. CISOs are on the front lines, protecting against the unknown day after day, week after week. It's no wonder mental health issues such as depression and anxiety are surging in our industry. There are a lot of things that need to change, but on a positive note, this once-taboo subject is starting to get the attention it so desperately deserves. This is in part thanks to security leaders like Kirsten Davies, CISO at Unilever, stepping forward. On today’s episode, host David Puner talks with Davies about some of her passions, including the humanization of the teams in our cybersecurity community. She's equally passionate about being an innovative cyber protector and finding solutions to the multitude of challenges high-level CISOs face on a daily basis. The timing of the episode is apropos because October is both Cybersecurity Awareness Month and Depression and Mental Health Awareness and Screening Month. Time to elevate this critical conversation, advocate against stigma, and bring awareness to the various resources available to those who need them.

Even when looking at layered enterprise solutions designed to thwart attacks and contain them, we must always go back to cybersecurity basics at the individual level. And that’s what, on today's episode, guest Bryan Murphy, CyberArk’s Senior Director of Architecture Services and Incident Response stops by to talk with host David Puner about. Murphy also dives into the importance of cyber hygiene as an essential preventive measure for protecting identities, as part of a defense-in-depth strategy. It’s a perfect fit for October, which happens to be Cybersecurity Awareness Month (CSAM). Raise your awareness and give it a listen!   

U.S. government agencies are warning that ransomware actors are "disproportionately targeting the education sector," especially K-12. That’s because sensitive student data, overworked staff and competing priorities make investing in cybersecurity talent and tools a major challenge. On today's episode, host David Puner checks in with Matt Kenslea, CyberArk's Director of State, Local and Education (SLED), for a discussion about these targeted cyberattacks, the challenges they pose – and what schools can do.

Len Noe – our favorite cyborg and CyberArk resident technical evangelist and white hat hacker – is back! On today’s episode, he’s talking with host David Puner about risky QR codes. On first blush it may seem like a simple subject, but attackers are having a field day with them and there seems to be a general lack of awareness about it. Help stop the havoc-wreaking and find out what you can do to protect yourself.

Sports, at their highest levels, are shaped by lifetimes dedicated to practicing, strategizing and anticipating. The same goes for cybersecurity. Although, in our world, it's not a game and there are no set parameters. On today’s episode, host David Puner speaks with Clarence Hinton, CyberArk Chief Strategy Officer, Head of Corporate Development about looking into the future and preparing for the unknown. Like hockey, it’s about skating to where the puck’s going – not where it’s been. 

If you're in the business of collecting consumer data these days, you better be in the business of protecting that data. Or you could find yourself with no business. On today's episode, host David Puner talks with Thomas Tschersich, Chief Security Officer of Deutsche Telekom (parent company of T-Mobile) and Chief Technical Officer of Telekom Security, about the new rules of data privacy and protection and how telecommunication providers must live and breathe trust as they operate critical infrastructure. 

For every me or you, there are now 45 machine identities. That's 45 machine identities for every single human identity, according to the CyberArk 2022 Identity Security Threat Landscape Report. And 68% of those machine identities have some level of sensitive access. Attackers know this, and are doing their best to take advantage of those odds. Host David Puner sits down with Udi Mokady, Founder, Chairman and CEO of CyberArk, shortly after the wrap of the company’s Impact 2022 conference, for a talk about Identity Security – where CyberArk has been, where it's going – and a little about guitar playing too.  

How do we stand a chance against emerging cyber threats? It's because, in large part, there are researchers at the cutting edge – dedicated to the pursuit and understanding of novel threats and vulnerabilities – by thinking just like attackers. That's the world in which Lavi Lazarovitz, CyberArk Labs’ Head of Security Research, lives and thrives. Lazarovitz leads an elite group of white hat hackers, intelligence experts and cybersecurity practitioners. Host David Puner talks with Lazarovitz about deconstructing the attack cycle and various ways to better understand how threat actors operate – in the ongoing effort to stay ahead of them.

Securing critical infrastructure that powers our way of life can be a sleepless job. But sometimes that's the cost of being a protector... Today's guest, Carla Donev, is no stranger to working round-the-clock. As Vice President and Chief Information Security Officer at NiSource, she leads security operations for one of the largest utilities in the country, which delivers gas and electricity to millions of citizens across six states. Host David Puner talks with Donev about the evolving threat landscape and how building safer, more resilient operations is key to preserving trust. 

You may have heard the famous Mike Tyson quote, “Everybody has a plan until they get punched in the face.” Applied to the context of cybersecurity, the message is – when things get real, what will you do? How will you react? You can attempt to prepare for seemingly every scenario under the sun, but you still can’t know when or how or where you'll actually get punched.  
 
So how do you prepare for the unknown – for that metaphorical Iron Mike punch to the face? And what do you do when it happens? That's what host David Puner gets into with today's guest Shay Nahari, CyberArk’s VP of Red Team Services.

Fighting attacker innovation requires a level of innovation that can only be achieved through a collaborative approach. One that brings diverse backgrounds, perspectives and solutions together to strengthen cyber resilience from every angle. Melissa Carvalho, Vice President of Identity and Access Management at Royal Bank of Canada, speaks with host David Puner on the importance of diversity and inclusion in cybersecurity and how it has factored into the evolution of her role.  

While COVID-19 strained the healthcare system in every possible way, it also sparked a revolution. By emphasizing trust’s central role in every interaction – between patients and clinicians and across interconnected IT ecosystems – the pandemic brought clarity and opportunity to rebuild. Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals, speaks with host David Puner on technology’s growing role in building transparent, equitable healthcare systems and driving better outcomes for all.

In our cyber world identities are typically split into two distinct categories: human and machine. But there's one notable intersection: cyborg. On today's episode, host David Puner talks with Len Noe, technical evangelist, white hat hacker – and CyberArk's resident transhuman.

Today, thanks to cheap plug-and-play ransomware kits, anyone with a credit card can get into the cyber extortion action. No special training or skills required. So, what can we do? In the premiere episode of the Trust Issues™ podcast, David Puner talks about this and more with Andy Thompson, advisor & evangelist at CyberArk Labs.