WE'RE IN!

In this episode of WE'RE IN, host Josh Mason sits down with Teri Green, VP of Technology at Elevate and CIO/CISO at Light Technology Solutions. Teri breaks down her proprietary TEST Framework (Touch, Execute, Store, Trust)-a practical toolset for CISOs to evaluate AI risk beyond simple vulnerabilities. They discuss why humans remain the greatest vector in the age of AI, how to teach digital citizenship to the next generation, and why the basics of security still apply even as we move toward a quantum future. Timestamps: [00:00] Welcome, meet Teri Green [00:43] Cybersecurity Origin Story [01:44] Degrees and Certifications [02:34] Career Path and Leadership [03:28] TEST AI Risk Framework [05:30] AI Trust and Human Factor [06:53] Teaching AI Ethics to Kids [08:34] Governance Outpaced by AI [09:42] Upcoming Talks and Takeaways [12:37] Learning AI and Plain Language [16:17] AI Already in Your Org [18:13] Where to Follow Terry [18:58] Closing and Thanks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN, Josh Mason sits down with Sayaan Alam, a Level 5 Synack Red Team (SRT) member who started his hacking journey at 14 years old. Sayaan shares his story of how he became the second-youngest researcher onboarded to the SRT and how he climbed the ranks to become recognized on the Synack Acropolis. Timestamps: 00:54 Meet Sayaan: Starting Bug Bounties at 14 01:33 Joining the Synack Red Team (SRT) 03:18 SRT Onboarding Process 04:41 Climbing the Tiers: From Level 1 to Level 5 05:42 Why Synack is Different from Other Platforms 06:30 Improving Professional Pentesting Skills 06:58 Finding Patterns in Client Architectures 08:32 The AI Chatbot Vulnerability: SSRF Case Study 10:57 Remediation Advice for AI File Handling 11:58 Trends in AI Chatbot Security & Stored XSS 13:12 Thoughts on Sara: The Synack Autonomous Red Agent 14:29 How to Connect with Sayaan 15:07 Outro and Closing Remarks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This conversation explores how AI is transforming the offensive security landscape, focusing on the rise of AI-driven vulnerabilities, the evolution of pen testing, and the integration of human and AI efforts in cybersecurity. The discussion highlights the importance of adapting to new threats and the role of Synack's Autonomous Red Agent in enhancing vulnerability detection and remediation processes.Timestamps04:51Traditional vs. Modern Pen Testing Approaches07:55The Role of Human Analysts in AI-Driven Security10:57Introducing Sara Pentest: A New Era in Testing13:16Executing a Sara Pentest: A Step-by-Step Guide20:13Real-Time Insights from Sara Pentest23:20Technical Difficulties and Collaboration23:25Exploring Pen Test Engagements27:00Successful Pen Test Outcomes and Future Implications Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Synack Red Team member Bloodtyper reveals his journey from the DMZ to discovering critical AI prompt injection vulnerabilities. Learn how he creates bug bounty reports that get accepted, as well as other golden nuggets of advice to learn and grow your penetration testing skills.CHAPTERS:0:00 Introduction01:03 Military Origins & The DMZ01:58 Hacker Origin Story04:06 Transitioning from Infantry to Tech07:22 Joining the Synack Red Team (SRT)08:04 Learning with Hack The Box09:52 Bug Bounty Reporting Strategy12:14 Synack Vuln Ops16:03 Advice for New Pentesters18:44 AI Prompt Injection Deep Dive21:35 Retesting & Patch Verification23:25 How to Improve Patching26:02 Advice to Learn Cyber Security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Adam Logue, Independent Security Researcher and Synack Red Teamer, discusses his experiences with responsible disclosure and bug bounty programs, and provides a fascinating technical deep dive into a vulnerability he found in Microsoft 365 Copilot during a client-facing engagement.Timestamps:00:49 - Adam's background with responsible disclosure and bug bounty programs04:33 - Description of M365 vulnerability12:34 - Demo of the vulnerability17:53 - How to pentest AI20:45 - Getting started in pentesting23:07 - Benefits of hacking with Synack Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Blake and Cynthia take an in-depth look at the evolving ransomware threat landscape, the interplay between government and private sector in cybersecurity, and the challenges and opportunities presented by new technologies like AI.Timestamps: 00:19 - Halcyon’s Ransomware Research Center07:24 - Actors behind ransomware campaigns11:22 - Will AI help offense or defense? 17:29 - Known vulnerabilities21:10 - Where do you fall on ransomware payments?28:24 - How to stop bad actors30:44 - Guest fun fact Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rob and Blake discuss vulnerability and exploit discover in the age of AI and increasingly intelligent cyber threats. Rob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this bonus episode, Blake, Sharon Mandell and Mark Kuhr have a discussion about the impact of agentic AI in cybersecurity, focusing on both threats and opportunities. They touch on the rise of AI-enabled cyberattacks and how adversarial and generative AI are being leveraged by attackers, as well as the dual-use nature of AI. How can it can be both a threat and a tool for defenders? Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jim Langevin, former chair of the Congressional Cyber Caucus and Democratic Congressman from Rhode Island, reflects on his belief that cybersecurity remains a bipartisan issue. He emphasizes the importance of collaboration between government and the private sector, and the potential of artificial intelligence in enhancing cybersecurity.Timestamps:01:05 - About Rep. Langevin04:08 - Building a hacker-friendly congress09:53 - Cybersecurity as a bipartisan issue15:39 - Trying to predict the future19:44 - AI and cyber defenseFind Blake on LinkedInFind Rep Langevin on LinkedIn Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Paul Mote, Vice President, Solutions Architects at Synack, discusses if we're ready to embrace AI in a world of ever-evolving threats. Who will AI help more, attackers or defenders?TIMESTAMPS:00:35 - What is a solutions architect?02:56 - Advancing threats13:32 - Are we ready to embrace AI? 20:58 - What’s real, what’s not?25:03 - Find Paul Mote on LinkedIn Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Lea Kissner, CISO of LinkedIn, describes the dangers of perverse metrics, the importance of phishing-resistant technologies, and the ongoing challenge of recruiting and retaining top talent in the field. Lea also explains how they deal with complex privacy issues at scale every day. Lea and Blake also touch on LinkedIn's efforts to balance security with user privacy preferences, and the evolving threat landscape posed by AI.Find Lea on LinkedInFind Blake on LinkedInFollow WE'RE IN! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mike Witt, NASA's Senior Agency Information Security Officer and Chief Information Security Officer for Cybersecurity and Privacy, has a long history of public service. In addition to serving 10 years in the U.S. Army, Mike was the director of the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security and a key cybersecurity official at the IRS. Now, he’s leading NASA’s efforts to secure spaceflight centers nationwide and their missions to the final frontier.Tune in to the latest episode of WE’RE IN! to hear more about how NASA balances its out-of-this-world mission with real-world concerns about cybersecurity resulting from increased activity from other space agencies and commercial interests alike.Listen to learn more about: How NASA responded to the Log4j vulnerabilities revealed in 2021Why the SAISO position was created How NASA’s stellar reputation helps it address the cybersecurity talent shortage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Lieutenant General Lori Reynolds' (Ret., USMC) career journey from a Naval Academy graduate to a key figure in cybersecurity and information warfare illustrates the progression of military communications and cyber operations. Initially commissioned as a Marine Corps communications officer in 1986, Lori’s career took her from managing traditional radio communications to leading the Marine Corps Cyberspace Command. Tune in to hear how she played an important part in integrating cyber operations into the Marine Corps' combined arms approach and later spearheaded efforts to create a comprehensive information warfighting function.Listen to learn more about: How China's cyber operations have become more sophisticated, quiet and focused on long-term strategic positioningWhy the threat now extends beyond cyberattacks to include technological exports and influence operations How Russia and other state actors are also engaged in hybrid warfare, operating below the threshold of conventional conflict Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Department of Defense Cyber Crime Center (DC3) operates a Vulnerability Disclosure Program (VDP) that handles critical cybersecurity issues reported by the public, including using an actual red phone for urgent matters. In the latest episode of WE’RE IN!, Melissa Vice, director of DC3’s VDP, describes how they respond to cyberthreats and collaborate with other groups within the center, such as the Operation Enablement Directorate and cyber forensics laboratory. Tune in to hear how the program, which began in 2016 following a successful bug bounty event, has processed over 53,000 reports, 56% of which were actionable, and resulted in nearly 30,000 remediated vulnerabilities.Listen to learn more about:Why VDP has been recognized by the government as a reliable and economical cybersecurity strategy How Melissa and her team handled the notorious Log4j vulnerabilityHow DC3 has explored the use of AI and machine learning to enhance capabilities and scale operations Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hear from this season’s guests for their thoughts and predictions on AI and cybersecurity. We took sound bites from a range of WE’RE IN! interviewees, whose opinions on AI vary from thinking it’s overblown to being cautiously curious. Tune into this episode to better understand AI’s seismic effects on the infosec industry. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bill Dunnion, chief information security officer at global telecommunications company Mitel, is well-versed in the critical nature of telecom infrastructure and the devices that support it. He’s also keenly aware of how his role as CISO is under increasing scrutiny from regulators around the world and in Canada, where Mitel is based. In this episode of WE’RE IN!, Bill expresses skepticism about AI, preferring the term "machine learning" for most current applications, but he acknowledges its potential benefits, such as improving threat detection.Listen to hear more about: How Bill's diverse background in telecom, IT, and security has provided him with a well-rounded perspective to approach his CISO roleWhy the integration of voice, data, and collaboration tools in enterprise communications presents new cybersecurity challengesWhy security awareness is crucial for both professional and personal life Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jen, a former military professional turned hacker, shares her journey into cybersecurity and her experiences with the Synack Red Team in the latest episode of WE’RE IN! She transitioned from fixing security issues to actively seeking vulnerabilities, inspired by her brother and motivated by her experiences at the storied hacker conference, DEF CON. Jen emphasizes the importance of skill development and preparation for women entering the male-dominated cybersecurity field, and discusses her preferred hacking tools and techniques.In this episode of WE’RE IN!, Jennifer gives her take on AI in penetration testing, suggesting it should be used as a tool for initial reconnaissance but not for exploiting vulnerabilities. Listen to hear more about: Why all of Jennifer’s smart home devices’ warranties are voidedHow anyone can be a hacker by following the Open Source Intelligence methodology to find vulnerabilitiesThe importance of producing high-quality work and going above and beyond to gain trust in the pentesting industry Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sara Mosley, technical director for the Bureau of Diplomatic Security's Cybersecurity and Technology Services, works with the U.S. State Department to help identify threats and potential compromises. In her role, she advocates for a Zero Trust approach that focuses on protecting critical data rather than trying to secure everything equally. She recommends balancing security measures with mission needs to prevent users from circumventing security protocols.In this episode of WE’RE IN!, Sara underlines the importance of collaboration between IT and security teams to adequately protect data and address relevant threats in anticipation of the September deadline for federal Zero Trust compliance.Listen to hear more about:The role of the private sector in adopting Zero Trust frameworks and providing security toolsPreparing for emerging technologies like quantum computing and their accelerated development due to AI advancementsWhy Sara believes hackers will initially benefit more from AI advancements than defenders Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.