For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI).

It is not too long ago since Eoin last visited the podcast, (only 7 months,) but lots has happened in the world of AI since. During the episode, he talks about some of the most significant changes and developments he’s seen the last months, how models are getting smarter, smaller and more specific, and he revisits his crystal ball predictions last episode.

Robby and Eoin discuss potential security risks posed by using AI tools, how to secure AI powered tools, and what you should think about before using them. Eoin also gives some new crystal ball predictions and recommendations to organisations starting to utilise AI adjacent technologies.

Data Brokers and Data Removal Services

What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies?

To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a service that automates user personal data removal from data brokers.

Darius shares from his research on data brokers and their business models, and explains what a typical data broker looks like, the most commons methods they use to collect our data, and who some of the most popular data brokers are.

This brings the conversation to the growing market for data removal services, and the two also talk about new legislative measures that might be changing the landscape these organisations operate in.

For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security.

Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set of security topics ranging from telling the risk story and categorising risk, to darknet monitoring and infiltration, and using chatbots for security analysis and risk management.

Ethical social engineering

Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed?

Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and hands-on experience working as an ethical hacker specialising in social engineering.

In her conversation with Robby, she shares what goes through her head during social engineering assignments, and discusses the importance of company culture and management expectations when doing these kinds of assessments.

Ragnhild is particularity interested in the other side social engineering and how we should meet the humans that are involved in these assignments. During this episode she explores what ethical responsibilities we have, what a pentester should demand from a company before accepting an assignment, and what a company should demand back from a pentester.

How will AI impact the next generation of people working with computer science?

This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos.

Athena was recently visiting colleges, together with her father Brian Contos, a long-time veteran of the mnemonic security podcast. They both noticed a lot of excitement and concern regarding AI amongst those about to embark on their higher education, and questions about how AI will impact their choices of schools, majors, careers, and ultimately their future.

In this episode, Athena and Richard share their perspectives on AI’s potential in education, the ethics of using AI in this context, and how we can go from combating the use of AI in the classroom to making it a useful tool for learning.

How does cybersecurity play a part in ensuring food security?

As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production.

During her conversation with Robby, she shares some of her major research findings, and how data, automation, IoT and AI play an important role in food production these days.

They also discuss the state of cybersecurity in farming technologies and some of the most common cybersecurity threats to the food supply chain.

Conflictual coexistence

Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security.

He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), including being Chief Security Officer at Altinn, the Norwegian authorities' solution for reporting and dialogue with business and industry.

In his conversation with Robby, Raymond shares from his threat research on predicting APT attack behaviour, including his hypothesis, prediction models and some preliminary findings.

Raymond and Robby also discuss conflictual coexistence between nation states, especially US-China and US-Russia relationships, and how this has affected the cyber landscape historically, and will continue to affect it in the future.

To join Robby for this episode on Russian cybercrime and ransomware, we’re welcoming Sam Flockhart, Cyber Threat Intelligence Manager at Santander UK.

Sam has a background in military intelligence from the British army, where he has spent a large part of his career looking at Russian influence in Eastern Europe. Including experience from the British army’s support mission to Ukraine.

Sam goes through his presentation “From Russia with ransomware” presented at FS-ISAC EMEA Summit last month. Robby and Sam discuss ransomware groups with direct relationships with Russian intelligence services, their tactics, and how likely it is that ransomware will be used as a weapon in the short – medium term.

To watch Sam’s presentation, visit the video episode on our YouTube channel: youtube.com/mnemonic