In this episode, John Funge, Managing Director at DataTribe, and I discuss the Global IT Outage caused by a flawed update to CrowdStrike's cloud-based security software. We also review DataTribe's recently published report on cybersecurity trends and predictions for 2024. In closing, John shares some tips and recommendations for those seeking cybersecurity funding.
Action Items and Discussion Highlights
- Organizations need to incentivize and spend more time and effort hardening the QA cycles.
- Continue to focus on building secure software through tools/processes that embrace best practices.
- Assess the concentration of risks and take proactive mitigation steps.
- Take malware at scale, reverse engineer it, and look inside the malware to use that as training for AI models that can detect and mitigate entire classes of malware.
- Create a set of tooling that can monitor what happens in CICD (Continuous Integration & Continuous Delivery) pipelines, create the necessary evidence to help enforce process and risk management compliance, and make the software development process much more transparent.
- Cybersecurity trends include quantum computing, security for serverless architecture, operational technology (OT) security, autonomous defenses, passwordless authentication, AppSec 2.0, and AI SOC Analyst.
Time Stamps
00:02 -- Introduction
01:44 -- Guest's Professional Highlights
06:33 -- Global IT Outage Fiasco -- Lessons
08:11 -- Hardening QA Cycles
10:41 -- Software Malfunction in an AI-Driven World -- Corrective Action
15:50 -- Reviewing Cyber Trends -- Quantum Computing, AI-Enabled Autonomous Defenses, AI SOC Analyst, AppSec Scans, etc.
25:30 -- Cybersecurity Governance Process Improvements and Innovations
31:18 -- What does DataTribe, a cyber foundry, look for when evaluating potential investment opportunities?
34:35 -- Cyber Predictions
36:44 -- Closing Thoughts
Memorable John Funge Quotes/Statements
"Software is just really brittle and creaky. Over time, there's been a combination of incentives toward speed of delivery and time to market rather than spending more effort hardening QA cycles."
"Within the security industry, there's this sort of patch advice: Just keep your systems patched, etc. There isn't much discussion in that conversation about how we can engineer the software so it's more secure with fewer bugs."
"It's unclear whether we are increasing the hardness of many software tools and systems at the same time that their responsibility is increasing."
"At the end of the day, AI is really a tool for consolidating training data and creating a decision mechanism based on that."
"Security is just so rich with data. So, if you follow the data, you really do start to see interesting opportunities to potentially create predictive models that allow you to increase your security performance and efficacy."
"There is this opportunity to create a set of tooling that can monitor what goes on in CICD (Continuous Integration and Continuous Deployment) pipelines and create all the necessary evidence that can help enforce process and give confidence to auditors risk management compliance, and essentially take what's going on inside the software development process, and making it much, much more transparent."
"AI models and the data science teams that work on them represent a bit of a black box, and it can be challenging to collaborate and understand the risks that the organization is taking without having some tooling to help capture and communicate that. So that's another interesting area."
"When we look at an opportunity, it's not just the opportunity itself, but is there a fit between the founder and the opportunity? The really exciting ones tend to have what we would describe as domain masters, people who are maybe top ten in the world in that particular subject area."
"At the really early stage, the team is really, really critical because there is very little actual product existing at the time we enter the investment."
"Video is one thing, but audio deep fakes are a really big deal."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars & Podcasts with Dr. Chatterjee as the Guest
Non-profits and Cybersecurity, a CAPTRUST podcast
How can brands rethink data security to maintain customer trust?, A TELUS International podcast
Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar