Crucial Tech

I haven't been shy about rejecting the hype behind the coming of Q-day -- the day that a quantum computer exists that can break modern encryption. But I've always felt that the most powerful encryption available could somehow be bypassed. Talking with Crick Waters, CEO of Patero, my fears have been realized. And yet I am encourages.And we talk again with Spencer Timmel, head of cyber security insurance company Safety National, on the affect of mergers and acquisitions on security

This week is a short one and a two-fer. ABC fired a long-time reporter for expressing an opinion on social media. One might be tempted to call it censorship and bowing to our weak and failing leader. But I understand the reason and took some time to explain it.But on a more positive note, I talked with Spencer Timmel of Safety National Insurance about the current retreat of the US government from securing the internet. He provides a refreshing idea that it might not be so bad.

Yes, AI is a problem in the hands of bad actors, especially when they use bots to automate brute force attacks on identity. There are also a ton of companies dedicated to protecting your identity to keep the bad guys from impersonating you and those you care about. One of those companies is Ping (no, not the guys that make the golf clubs). In a continuation of our series on bots, we talk with Peter Barker, chief product officer for Ping and what they are doing about AI-based attacks.

A few weeks ago I posted what was supposed to be an interview with Dale Hoak, CISO for RegScale, on understanding Zero Trust. Unfortunately, the audio was of yet another interview that I have to repost on a different subject. That's what comes from having to wrangle 50 hours of fecordings from the RSAC Conference along with follow ups/.So, I promise, this is the right one.

During @RSAC Conference in April I met with Matthew Gracey-McMinn, VP of Threat Services for Netacea and we talked about the damage malicious bots can do. His company is one of a handful of companies dedicated to protecting users against that threat, in particular media companies. It was a short conversation and I decided it was worth going into a bit more depth.

Physical authentication keys are a common trope in movies, TV and spy thrillers and they have been around for almost 20 years. But they are still hard to find in real life. We talked with Alex Summerer, head of authentication for Swissbit, which is a relatively new player in the field, headquartered in ...of course, Switzerland. Frankly, after talking with him I'm wondering why I haven't bought one of these things.

Still digging through dozens of hours of recordings and pages of notes from #RSAC_Conference last week. But while looking into the issue of bots, both good and bad, discovered a fairly recent story about how scammers use bots to steal financial ait. And as I always say, if I don't know about something, I know someone who does. So I called up an old friend, Craig Mosher, who teaches history and political science about what he has experienced with fake students and how to deal with them.

This was another exhausting #RSAC in San Francisco but I think I'm finally getting a handle on it. There will be more to come, but Bruce Schneier gave a keynote on Tuesday that I think bodes well for journalism.And we had a visit with our friend at Safety National Insurance, Spencer Timmel, about just how far insurance can cover cybersecurity wweaknesses.

This is a short episode previewing what I'll be doing at RSAC 2025 next week, kudos to the California Franchise Tax Board, and a how-to on working with the press.

There comes a moment in many abusive relationships, when observant friends encourage the abused party to leave the abuser.I consider myself a friend of the cybersecurity industry, aside from its bad marketing practices, I see it as important to the well-being of society worldwide. And that’s why I say now, it’s time to leave the federal government, at least for the next two years.The actions persecuting Chris Krebs and SentinelOne for merely for doing their jobs without political bias, demonstrate that no amount of money is worth working with the Trump administration.I spend much of the past week unsuccessfully trying to get members of the US cyber industry to comment publicly on this issue. I was able to get public comment from a few outside the country. Some of that can be found in my piece this week on Cyber Protection Magazine. This podcast is with one of the commenters, James Bore, a British cybersecurity consultant and speaker. He says what everyone is thinking.It’s time to divorce the orange git.

When it comes to polite discussion, there are two things you should never discuss: Politics and Religion. At the same time, most people would also rather not talk about insurance or data encryption. Well, I can’t say I’m all that polite, because that is exactly what this episode is about.The need for encryption on or data has never been more important, but msot of us don’t know what is or isn’t encrypted and that knowledge has a direct bearing on how much cybersecurity insurance might cost. So we sat down with Spencer Timmel, head of cybersecurity and technology insurance for Safety National, the primary sponsor for this podcast, and we discussed the unmentionable topics.

Microsoft haw cancelled plans for a massive build out of AI data centers and China is shutting down gigawatts or AI processing due to lack of demand. It seems the AI boom is on the verge of busting as big as the Dotcom collapse. And since cybersecurity companies seem dependent on the AI buzzwords to sell their services, that is going to mean change for the industry.We chatted with ThreatLocker CEO Danny Jenkins and Reality Defender CEO Ben Colman about what is and isn't real regarding the concepts of AI threats.

The "Signalgate" scandal has raised the issue of encryption to a broader audience in the past week.  On the plus side, many sources say that 95% of digital traffic is encrypted now, compared to 43% in 2014, but most people have no idea that their personal data is being encrypted. It’s one of those invisible technologies that touch many people.But there is a basic fact, that a lot of stuff that should be secured, isn’t because users don’t know they have to turn it on  For example, WhatsApp, the messenger platform from Meta, advertises that they have end to end encryption, but they don’t tell you that you have to turn it on to get that benefit.  So that brings us to today.  What is encryption? Why do we need it and where does it come into play.  We talk with Luigi Caramico, CTO and founder of DataKrypto, a company dedicated to encryption. And not just encryption but fully homomorphic encryption, an important step forward in protecting our data

As I've said before, I get a lot of "studies" and "surveys" from cybersecurity firms with breathless and urgent warnings about a coming cyber-pocalypse of one sort or another. Funny thing, it's always about something that they supposedly defend against. As I started writing this note, I got another one.I did one podcast about a survey from Huntress about phishing in February, which was actually pretty good. Then I did one a couple of weeks ago about a less-than-good survey from iProov. Well, my partner in Germany, Patrick Boch, wanted to get into the fun and we decided to talk about two more of these that were also less-than-good from HiddenLayer and Ontinue. No, we didn't interview representatives from either company on this one. We were just having some fun at, unfortunately, their expense.Here are some of the highlights of our discussion.Many cybersecurity surveys lack scientific rigor, often using small, potentially biased samples (e.g., 250 IT decision-makers)Reports fre

The DDoS attack on X.com this week provided a certain amount of schadenfreude for people less than enamored by Elon Musk. It also rang alarm bells in the cybersecurity community as that style of attack seems to be making a comeback, and not for financial gain. All indications are corporations, and, in particular, government institutions are not ready to repel attacks motivated by political revenge. We talked with Inversion6 CISO Ian Thornton-Trump about how the attack was allowed to happen and what it may mean for the very near future.

I get a lot of "studies" about the state of cybersecurity and most of them are poorly done. In Episode 10.8 I talked about one I like, from Huntress and the week it came out I got pitched another report from iProov that was, well, less than well done. And as much as I tried to help them focus on reality, the more they pushed back.Again, this is not a knock on what the company does, which is to ensure the veracity of biometric identity, but it is a good example of how cybersecurity companies spend too little and on the wrong efforts to get their story out.

Artificial Intelligence is all the rage right now with broad claims about how it is going to change the world as we know it. I have my doubts about the hype and so does Bob Ackerman, the granddaddy of cybersecurity venture capital, founder and managing director of AllegisCyber Capital (for the past 29 years) and cofounder of the cyber incubator, DataTribe in Maryland. I always enjoy chatting with Bob because he sees the nuts and bolts of tech advancements and isn’t the kind of investor to get swayed by the glitz of questionable marketing. In this session, we discussed how AI is starting to displace high-paying jobs like computer coding and legal work, raising concerns about who will be left to buy the AI subscriptions and services. While there will be short-term disruption, he thinks AI will ultimately enable new industries and use cases that create new jobs and economic opportunities. Surprisingly enough, he believes the transition may require policies like universal basic income to support displaced workers

Today we are talking about insurance and government regulation... No! Wait! It's good stuff so bear with us.As the US administration seems intent on dismantling government protections in cybersecutiy, we will all rely heavily on foreign governments and private industries, like insurance, to keep us safe from cybercrime. The Digital Operations Resilience Act, that the EU put into force in January, is a good example of the former, and the insurance industry is a good example of the latter.We talk to Spencer Timmel, head of cybersecurity and technology for Safety National Insurance(our sponsor) and Arnaud Treps fromOdaseva about how insurance and cybersecurity tech companies are working hand-in-glove to fill in the gaps being left by the Musk/Trump administration.

Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. But new defenses and increased wariness among potential victims are blunting the potential for widespread harm.We talked with Greg Linares, Principle Threat Intelligence Analyst for Huntress regarding their annual Threat Intelligence report. It sounds grim, but in a new article on Cyber Protection Magazine, we also report on how defensive technology from companies like DeepTempo and personal awareness can blunt the attacks.

I am very far behind in writing stories and making podcasts. The events since January 20 have made it difficult to keep up. But today, while walking downtown I came across a brand-new independent book store That had a copy of a book dedicated to Martin Luther King Jr.'s "Dream" speech. I attended that event, with my mother, when I was 11. It was a foundational moment for me. It is when I became "woke." When I saw that book, I knew I had to buy it for my grandchildren, because being two generations separated from that moment is too far. I needed to bring it forward for them, so I bought the book for them and intend to read it to them and help them understand how important the dream is for them as well, especially today. This isn't a political issue for me. It is how I want to model my life. It does afect my politics, but it also affects my view of family, friends, neighbors, theology, and the world. If you choose to listen to me read this speech, I thank you for taking the ti