Encryption, Privacy, Trust, and Black Hat – UberKnowledge Podcasts, August 2019

August saw us publish our podcasts from Black Hat 2019 and more. Encryption, privacy, and trust were hot topics for many of our guests.

PGP legends Jon Callas and Phil Dunkelberger both discussed the advantages of encryption and the increasing role it will play in security. Jon was largely positive about the protection of privacy and believes the future lies in proper policy, regulation, legislation, and consumer activism. He also discussed the skills gap and suggested that companies need to look for talent in less obvious places. Conversely, Phil believes we are back at ground zero in protecting our privacy and talked about the erosion of trust in every area of our society. He stated that he’d love to see some standards set globally and voiced his concern that the cybersecurity industry may be motivated more by profit than the desire to solve problems. 

Emily Mossburg discussed Deloitte’s recent report on digital transformation and the additional risk created for companies as they go through it. She shared her opinion that scaling technology and automation will require human input as well as AI and ML. She shared that she is seeing more interest in privacy from different stakeholders across organizations, such as marketing and product management, and explored the functionality of digital personas when it comes to consumer identity management.

Digital personas and the possibilities for building trust were also compelling for Tammy Moskites of Accenture. She discussed the ever-present skills shortage and joked that the 80/20 hiring rule (80% qualified, 20% teachable) has been reduced to candidates who are breathing and passionate. She suggested that grooming interns is a good solution and that Accenture had seen success there. As in her first podcast with UberKnowledge, Tammy talked about the crucial nature of networks and relationships for vendors looking to talk to CISOs and the importance of asset inventory – you can’t protect what you don’t know you have.

The challenge of staying up-to-date in the ever-evolving cloud was addressed by Cloud Security Alliance’s John Yeoh. He emphasized the importance of ongoing education and training and recommended people read, absorb, and download, but most importantly, participate. He talked about how impressed he was by the speed of the industry’s response to the CapitalOne data breach: from discovery to arrest in under two weeks and said we need to stop being quiet about breaches.

Eric Olden, co-founder and CEO of Stealth, talked about the industry’s tendency to try to build a better mouse-trap and recommended instead that everyone listen to their customers. It’s a process he calls customer development and one he developed early in his career. In his podcast, Eric floated the idea of a trust report, much like a credit report, and discussed the concept of trust as a product. He also shared some alarming statistics on the dollar cost when trust is lost.

As VP of Communications and Government Affairs at BitSight, Jake Olcott brought a different perspective. He discussed the cybersecurity questions we should be asking: what legislators should be asking citizens; what boards should be asking CISOs; what companies should be asking during M&A processes; and what citizens should be asking themselves. He also discussed the issue of privacy and noted that the average American citizen is far less concerned about privacy than their European counterparts. (A point Phil Dunkelberger made too.) Jake argued that now is the time for cybersecurity professionals to get involved in legislation.

Helen Patton, CISO of Ohio State University, also brought a different perspective to the podcast. She discussed the unique challenges of cybersecurity in higher education and shared her thoughts on how vendors can learn to provide true value to CISOs.  She described the security community as a kind one, always willing to help each other, but pointed to the growing ethics problem in cybersecurity and shared what she is doing at OSU to address that. 

Another believer in the inherent kindness of the cybersecurity community is Sergio Caltagirone, VP of Threat Intelligence at Dragos, who shone a light on several neglected issues.  He fondly described the cybersecurity community as a dysfunctional family of good and caring people but pointed out that the cost of caring can have a serious impact on mental health. He explained the dangers of the cyberspace power vacuum and the need for cyber diplomacy and a digital Geneva Convention. He also pointed out that industrial control cybersecurity is one of the most important challenges we face because of the direct relationship to livelihoods and lives. 

If you’d like to hear more about our podcasts, sign up to receive our weekly newsletter at the top of this page.