Great Security Debate

What on earth were Ring and Amazon thinking when they aired their Super Bowl advert that previewed a “there’s nowhere you can hide” type of dystopian future masked as a way to find your lost dog? With cameras everywhere, are we safer or just more exposed? When camera data is deleted, is it really gone (spoiler alert: not necessarily), and more. Are we approaching the new location of the “creepy line” or as a society are we content to trade privacy for security? And what happens when the glasses with cameras become more pervasive? Are we all on cam all the time whether we like it or not?Show notes:Ring Super Bowl Advert - https://www.nytimes.com/2026/02/19/business/ring-super-bowl-ad-privacy.html Decoder Podcast - Let’s talk about Ring, lost dogs, and the surveillance state - https://youtu.be/QQjW68B7s8gRing and Flock cancel partnership - https://techcrunch.com/2026/02/13/amazons-ring-cancels-partnership-with-flock-a-network-of-ai-cameras-used-by-ice-feds-and-police/Savanna Guthrie Nest Video Retrieval - https://www.theverge.com/tech/877235/nancy-guthrie-google-nest-cam-video-storageApple San Bernardino Matter - https://epic.org/documents/apple-v-fbi-2/DJI robot vacuum cameras accessible via Internet - https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqttUnifi protect cameras - https://geni.us/isNyY2Zuck in court to testify on social media addiction - https://apnews.com/article/mark-zuckerberg-trial-testimony-instagram-c8cbaa32ccbf4933ec3a7beebd6cf34b Glassholes are back - and forbidden in court - https://www.cbsnews.com/news/meta-trial-mark-zuckerberg-ai-glasses/Movie recommendation - Happy Gilmore - https://geni.us/v96XEgbMeta/Facebook studies on addictiveness of social media - https://www.cnn.com/2026/02/23/tech/facebook-researchers-study-addictive-featuresLinkedIn/Microsoft Verification data being shared with many others, including Persona -= https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

AI is growing in use within information security, but are we ready to trust it to do all the things we hope it can, and do so automatically without doing harm? Context is king, and training to that level is only possible when you give all your experience to the AI. What are the tradeoffs to doing so? What happens when we depend on AI and forget (or worse, never learn) the underpinnings of what makes the AI system work (remember the calculator debates of the 1980s?). And does the end justify the means when it comes to AI use? And what is that “ends” anyway? Efficiency, automation, knowledge? Erik, Dan, and Brian discuss it all in this week’s Great Security Debate!Show NotesReport on reasons Israel didn’t catch oct 7 attacks - https://www.npr.org/2025/03/05/nx-s1-5318591/israel-shin-bet-security-failure-october-7-attackShin Bet Report - Source Doc (Hebrew) - https://www.documentcloud.org/documents/25551448-yqry-tkhqyr-shyrvt-hbytkhvn-hklly-710/#document/p1Waymo hits student on bicycle - https://www.theverge.com/2024/2/7/24065063/waymo-driverless-car-strikes-bicyclist-san-francisco-injuriesWaymo violates school bus rules - https://www.cbsnews.com/news/waymo-recall-3000-vehicles-software-school-bus/Podcast Recommendation - Agentic Dan - https://distillingsecurity.com/episode-64-agentic-dan/TV Recommendation - Pluribus - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlzaTrust Issues in AI - “I bought this Tesla before Elon went crazy” magnet - https://geni.us/DXQYkOpenAI adds ads - https://apnews.com/article/chatgpt-ads-openai-advertising-83812a066375a805fa2e29b28fc77da1Satya Nadella AI Internal Memo - https://africa.businessinsider.com/news/nadellas-message-to-microsoft-execs-get-on-board-with-the-ai-grind-or-get-out/sq0fe52FDA AI Rules - https://www.fda.gov/regulatory-information/search-fda-guidance-documents/considerations-use-artificial-intelligence-support-regulatory-decision-making-drug-and-biologicalUtah AI Prescriptions - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122Movie Recommendation: Terminator - https://geni.us/59025Book Recommendation: The Cuckoos Egg - https://geni.us/hYE9Book Recommendation: AI 2041 - https://geni.us/5dtV54hAnthropic Super Bowl Ad - Scott Galloway on why Anthropic's Super Bowl ad got to Sam ... - FortuneChina facial recognition payments - https://www.chowhound.com/2073279/grocery-store-facial-recognition-china-smile-to-pay/Movie Recommendation: Sneakers - https://geni.us/P7SBThe Dawn of the Post Literate Society - https://jmarriott.substack.com/p/the-dawn-of-the-post-literate-society-aa1Leading Causes of Death in the US, 2023 - https://www.cdc.gov/nchs/fastats/leading-causes-of-death.htmAutomated car sex in backseat - https://dailydot.com/driverless-car-sex-autonomousPodcast Recommendation: The Final Act - https://distillingsecurity.com/new-podcast-coming-soon-the-final-act/Calculators and Children - https://www.linkedin.com/pulse/crunching-numbers-debate-over-calculator-use-math-education-church-sg6te/Podcast Recommendation: Mentorcore - https://distillingsecurity.com/tag/mentorcore/Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Recently and over the past few years, world events may have included cybersecurity components in their enactment. So, Brian, Erik, and Dan started talking about the role of security in critical infrastructure protection, asking questions about the ethics and thresholds for government and corporate roles in cyber retaliation, whether we as security practitioners have a role (or an obligation, or even a liability) to close vulnerabilities that can be used in primary or retaliatory scenarios. How much of human nature makes cyber retaliation a foregone conclusion, or can we find ways to reduce the need or use or availability of ways in via the technology. From Stuxnet to Iran to Caracas, using cybersecurity is a prevalent vector of retaliation, but does it always have to be that way? Or will it end with WOPR’s recognition that the only way to win the game is not to play at all?It’s hard to talk about modern cybersecurity and not bring in current events, and even harder to keep it from turning political. We tried very hard to do a good job in the latter as we talked about the former. Thanks for being part of the debate!Show Notes:Caracas Invasion - https://abcnews.go.com/International/explosions-heard-venezuelas-capital-city-caracas/story?id=128861598Stuxnet Explained - https://www.csoonline.com/article/562691/stuxnet-explained-the-first-known-cyberweapon.htmlBook Recommendation: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon - https://geni.us/swbNSan Bernardino vs Apple - https://epic.org/documents/apple-v-fbi-2/Movie Recommendation: Real Genius - https://geni.us/abYUYTBook Recommendation: The Creature from Jekyll Island: A Second Look at the Federal Reserve - https://geni.us/SL21aCIA Triad - https://cybersecuritynews.com/cia-triad-confidentiality-integrity-availability/Book Recommendation: Atomic Habits - https://geni.us/Nn2GSYrMichigan Council of Women in Technology -https://mcwt.orgCritical Infrastructure (Sectors) - https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectorsShadowbrokers - https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/AI Prescriptions (Utah) - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122 Japanese Omoiyari - https://www.linkedin.com/posts/herman-singh-b669357_in-japan-it-is-a-recognized-cultural-practice-activity-7408365447953272834-1op9?utm_source=share&utm_medium=member_desktop&rcm=ACoAAABlrqMBKb13DctlHfhW1OWtb-yWqdfUjnEGSD Episode on Japanese Parking Culture - https://distillingsecurity.com/episode-65-signs-signs-everywhere-a-sign/Book Recommendation: Plato’s Republic - https://geni.us/vLBu4Movie Recommendation: Angela’s Christmas - https://geni.us/Vn9nMovie Recommendation: Die Hard - https://geni.us/eMASsMovie Recommendation: Wargames - https://geni.us/L2R5IjTV Recommendation: West Wing - Proportional Response - https://geni.us/9mU1k4Movie Recommendation: Goldeneye - https://geni.us/0dO0bSome of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Rules are made and policies are established. But the “how” of implementing and meeting those regulations or policies will be very context specific. In this episode of the Great Security Debate, Dan, Erik, and Brian cover a number of key policies and requirements and some different ways to think about implementing them and how the specific situation, company, risk will affect the way you meet the rule. From driving a car to incident response and everything in between. We debate the need to look back at old rules and see if they all still make sense (a great programme called Kill Stupid Rules), and flexibility in control implementation to meet evolving business needs, to move quickly, and keeping the whole picture of the business, customer, and employees in mind.Thanks for Listening!Show Notes:Passing on the right in Michigan: https://legislature.mi.gov/Laws/MCL?objectName=MCL-257-637Overtake time in Triathlon: https://www.triathlete.com/training/race-tips/9-race-rules-didnt-know-breaking/Reflex Security (Agentic Tabletop Exercises and Training): https://reflexsecurity.ioKill Stupid Rules: https://www.wsb.com/blog/employee-retention-secret/GM Dress Code Change (2020): https://gmauthority.com/blog/2020/06/how-general-motors-ceo-mary-barra-changed-the-companys-dress-code-for-the-better/Silly State Rules: https://www.buzzfeed.com/rhiannacampbell/weird-old-american-laws-you-wont-believeSex in Full Self Driving Cars (Clean): https://www.cbc.ca/news/science/sex-distracted-driving-1.3562029Movie Recommendation - The Usual Suspects: https://geni.us/wVrLOCBJohn Bingham, COO, Speak by Design: https://www.speakbydesign.com/about-usMovie Recommendation - Gremlins: https://geni.us/qE6NACMovie Recommendation -Die Hard: https://geni.us/eMASsMovie Recommendation - Love Actually: https://geni.us/yj8FqhSome of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

We are back for another Great Security Debate. In this episode: we discuss the potential role of agentic AI in security, from true “copilot” to automated decider of things, and whether LLMs are just a really cool search engine. Brian, Erik, and Dan also debate the means and extent to which we could replace ourselves with agents and what the inhibitors and risks are (spoiler alert: trust and survival of that agent after employment were big factors), and how do we train those agents of all the steps our brains take to make the decisions that the humans make, and do so without polluting it with aspirational versions of ourselves (think: Instagram vs Reality). And it all leads to a parenting lesson by Brian and an automotive process lesson by Erik? It’s quite a debate. Thanks for listening! We might do one more episode in 2026, but if not have a wonderful holidays and a happy new year!Here’s the quote that Brian references at the end of the episode by Tolstoy:Patience is waiting. Not passively waiting. That is laziness. But to Keep going when the going is hard and slow - that is patience. The two most powerful warriors are patience and time. The value lies not in reducing "power" (computational energy) but in leveraging that processing power to achieve outcomes that are difficult, slow, or impossible for humans to manage alone.Thanks for listening!Show Notes:Reflex Security - https://reflexsecurity.ioMovie Recommendation: Multiplicity - https://geni.us/7vgKOPlaid Privacy Policy - https://plaid.com/legal/Prompts.ai - https://www.prompts.ai/enMusic Recommendation: Take On Me - A-ha - https://www.youtube.com/watch?v=djV11Xbc914Book Recommendation: The Toyota Way - Book - https://geni.us/3LcpMBook Recommendation: Six Sigma - https://geni.us/CS8qlBook Recommendation: Matricide - https://geni.us/Xfn2MBBook Recommendation: The Lorax - https://geni.us/Fy8X4bPerplexity - https://www.perplexity.aiTV Recommendation - Pluribus (Apple TV+) - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlzaSome of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

On this weeks’ Debate, Brian brings a truckload of acronyms for more single panes of glass to help us consolidate our various single panes of glass, Erik may actually be Brian (or maybe Brian is Erik), and Dan confirms he still (and likely always will) spend the rest of his days living in the house he just built deep in the Trough of Disillusionment.What started out as a chat about some new technologies in the space turned into a treatise on the state of leadership and the future talent pipeline’s need for more curiosity (and why we think they are starved of the opportunity to learn to be curious). Along the way we talk about what motivates organisations to do security right from the get go vs leaving it alone based on difficulty to remediate, and the risk balances of both (think: productivity vs security). Throw in a little “binary opinions have dragged us into the mire” and you’ve got a full episode of The Great Security Debate.We also drop some hints about a new show coming from The Distilling Security network in 2026 called The Final Act which will bring guests in the later stages of their careers about the urgency of our careers in security and tech, what they want to leave behind as legacy, and what they are doing to prepare their orgs for their eventual departure. Add on how they have and will give back to the community, and what their successors want to see done before this first generation of security and tech leaders hit the road.Please subscribe and leave a comment.  If you’d like to sponsor the network, please email sponsors@distillingsecurity.comThanks for listening!Show Notes:What is Data Security Posture Management (DSPM) - https://www.ibm.com/think/topics/data-security-posture-managementWhat is Identity Security Posture Management (ISPM) - https://www.sentinelone.com/cybersecurity-101/identity-security/identity-security-posture-management-ispm/What is an Institutional Review Board (IRB) - https://www.hhs.gov/ohrp/education-and-outreach/online-education/human-research-protection-training/lesson-3-what-are-irbs/index.htmlLucy pulls the football (hand egg) away from Charlie Brown - https://www.youtube.com/watch?v=9dsm7K1Xkn4Healthy foods are more costly - https://www.cnbc.com/2023/12/27/healthy-foods-are-often-more-expensive-heres-why.htmlWhy Ford cancelled the Bronco after OJ - https://www.slashgear.com/1560204/reason-ford-bronco-discontinued-after-oj-simpson-trial-explained/Not enough data - GSD Episode 62 [Audio] - https://podcasts.apple.com/us/podcast/the-100-years-ai-flood/id1513770103?i=1000735045511Not enough data - GSD Episode 62 [Video] - Book Recommendation - Anxious Generation by Jonathan Haidt - https://geni.us/lDrdn3Book Recommendation - The Coddling of the American Mind by Jonathan Haidt - https://geni.us/Xqary2VFord has 5000 skilled mechanic jobs they can’t fill - https://fortune.com/2025/11/12/ford-ceo-manufacturing-jobs-trade-schools-we-are-in-trouble-in-our-country/Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

The Great Security Debate is *back*! It’s been a busy year, but it’s time to get this show back on the air (and maybe on the road). Dan takes a break from the rat race, Erik took over the world, and Brian uses Elmer’s Glue to splice his network cables.Topics in the show this week: AWS and Microsoft make the best cases for business continuity plans, the AIIs public cloud reliable enough? Should we all move back to local data centres? How can we reliably assess that risk?Want an AI Data Centre on your town? NIMBY vs Innovation!We will be back every 2 weeks on Mondays. Subscribe on YouTube at https://youtube.com/@greatsecuritydebate to see our smiling faces as you watch, or in your favourite podcast application to listen on your commute or with your whole family around the radio.See you on the 17th with more debates! And some entirely new shows coming from Distilling Security very soon, too. Subscribe to the newsletter on our website https://distillingsecurity.com to hear all about themLinks to mentioned articles and topics:AWS Outage - 20 October 2025 - https://www.bbc.com/news/articles/cev1en9077roMicrosoft Azure Outage - https://www.wsj.com/tech/microsoft-hit-with-azure-365-outage-b3ac072437Signals move from AWS to Data Centre - https://world.hey.com/dhh/our-cloud-exit-savings-will-now-top-ten-million-over-five-years-c7d9b5bd100 Years Flood - usgs.gov - https://www.usgs.gov/water-science-school/science/100-year-floodGreat Flood of 1937 - https://www.weather.gov/lmk/flood_37Impact of Jaguar Land Rover Incident - https://www.bbc.com/news/articles/c0qpl0v3gnzoCDK Attack and Outage - https://www.industryweek.com/technology-and-iiot/article/55091142/major-cybersecurity-breach-affects-auto-manufacturersRussian grain blockade against Ukraine - https://www.cfr.org/article/how-ukraine-overcame-russias-grain-blockadeSaline, Michigan OpenAI Data Centre & Pushback - https://apnews.com/article/openai-inc-joi-harris-data-management-and-storage-microsoft-corp-oracle-corp-f25196fca5865ed79d94c972249a272cRacine, Wisconsin Foxconn and Microsoft site failures - https://racinecountyeye.com/2025/10/08/microsoft-abandon-1st-caledonia/Racine, Wisconsin What happened to FoxConn? https://www.nbcchicago.com/news/local/what-happened-to-foxconn-a-look-at-the-1-2-billion-spent-and-where-it-all-went/3759518/Gartner Hype Cycle - https://www.gartner.com/en/research/methodologies/gartner-hype-cycle

It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three.A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more.Links to everything we talked about are available in the show notes.Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk!Takeaways: The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges. In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders. The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency. Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor. Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations. Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

In this episode of The Great Security Debate, Dan, Brian and Erik invent (and copyright) the idea of a Fantasy Hacker League then dig into more serious discussions on deception technology, asset discovery challenges, and resource management. The conversation also delves into the impact of budget constraints on security projects, the mental toll on cybersecurity professionals, and the evolving role of CISOs in digital transformation. Issues such as job stress, burnout, and role mismatches among security leaders are addressed, alongside strategic insights on integrating security within broader business operations.00:00 Introduction to the Great Security Debate00:39 Humorous Take on Hacker Recruitment03:16 Fantasy Hacker League Concept09:18 Microsoft's Honeypot Strategy22:58 Challenges in Security Budgets and Resources31:03 The Reality of Full-Time Positions31:31 Introverts vs. Extroverts in Leadership32:06 The Challenges of Being a CISO33:53 Work-Life Balance and Stress37:04 The Role of Security in Business39:36 The Future of Security Leadership41:00 Adapting to Economic Constraints59:28 The Importance of Enjoying Your Work01:00:26 Conclusion and Farewell

Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emphasizing the lessons learned, the debate also explores the challenges of disaster recovery, business continuity, and balancing risk in an increasingly complex digital landscape. Tune in as the hosts delve into the ramifications of over-consolidation, the implications of vendor lock-in, and the importance of maintaining a culture of quality and robust testing.00:00 Introduction to the Great Security Debate00:37 Layers of Technology and Finger Pointing01:23 Disaster Recovery and Business Continuity02:34 Market Leaders and Single Points of Failure08:25 The Complexity of Software and Manufacturing Analogies14:27 Kernel Access and Security Implications23:29 BitLocker Keys and Recovery Challenges28:05 Daily Text File Sharing28:21 Transitioning BitLocker Management28:45 Risk Profiles and Encryption Decisions31:47 Team Collaboration and Lessons Learned33:38 CrowdStrike Incident Analysis36:18 The Importance of Response and Culture44:10 Balancing Speed and Safety in Software51:41 Closing Remarks and Future Plans

This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns. Insurance policies, force majeure, and government regulations get some quality discussion and debate time, revealing fears and misconceptions about standardised security controls vs. adaptive security practices. And last up: the practicality and pitfalls of self-insurance, government intervention, and the need for standardised security terminology.Show Links:CISA Secure by Design Pledge | CISACISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) | CISAThe 118th Congress is the third oldest since 1789Book - The End of the World Is Just the BeginningSupreme Court’s ‘Chevron’ ruling means changes for writing laws - Roll CallInsurers Warn Standardizing Cyber Policies Could Limit Future CoverageCyberattacks Disrupt Car Sales by Dealers in U.S. and CanadaHelp support the podcast: https://ko-fi.com/distillingsecurityThanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for listening!00:00 Introduction to the Great Security Debate00:30 The Role of Cyber Insurance01:49 Manual Processes and Business Continuity03:09 Manufacturing and Supply Chain Challenges06:11 Insurance Policies and Cybersecurity08:00 Standardization and Government Involvement19:14 The Complexity of Cyber Warfare22:35 Globalization and Cybersecurity30:33 Leadership vs. Boss Mentality33:53 The Role of Communication in Crisis36:51 The Cost of Compliance40:30 Global Cybersecurity Challenges44:22 The Complexity of Online Trust47:56 Insurance and Cybersecurity53:07 The Future of Cyber Insurance01:00:15 Conclusion and Final Thoughts

In this episode of the Great Security Debate, Brian, Erik, and Dan dive into the latest trends in ransomware including an uptick in attacks against the hypervisor. Speaking of VMWare, we also "discuss" the way that Broadcom has handled the VMWare acquisition and why it both make sense (to them) and doesn't (to many customers).The debate also heads into the impact of AI in cyber threats, and compare strategies for mitigating risk, such as prioritising vulnerabilities and understanding the attack landscape. Additionally, the conversation shifts to business practices in tech acquisitions and the potential future disruptions in the market and importance of balancing security measures with user experience, and the need for adaptive, short-term security roadmaps to stay ahead in an ever-changing environment. And break the big news about an upcoming Distilling Security in-person meet-up in Michigan in July!Help support the podcast: https://ko-fi.com/distillingsecurityShow Notes:episode-linksBroadcom execs say VMware price, subscription complaints are unwarranted  | Ars TechnicaWhat happened with AI Overviews and next stepsBook - Titan: The Life of John D. Rockefeller, Sr.Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Sorry about the audio on this one. We have got the tech back on track for the next episode. I promise!Join the Great Security Debate as Brian, Erik, and Dan delve into 'pig slaughtering,' a scam involving rapport building to swindle victims out of money. The discussion explores the intersections of security awareness, blockchain technology, and the ethical implications of digital tracking tools like chain analysis. Featuring real-world cases, including child exploitation traced through blockchain, and the broader debate on privacy versus legality in technology use. Are public blockchain transactions truly private? And how can we balance innovative tech with ethical concerns? Tune in to hear all about itHelp support the podcast: https://ko-fi.com/distillingsecurityShow Notes:Movie: OppenheimerAdobe has built a deepfake tool, but it doesn’t know what to do with it - The VergeMovie: Defending Your LifeMicrosoft Edge May Import Your Chrome Tabs Without Your ConsentAdobe content analysis FAQHow the Federal Government Buys Our Cell Phone Location DataPublic By Default - Stories Found in Venmo CommentsChainalaysisBook: Tracers in the DarkPig Butchering Scams: Last Week Tonight with John Oliver7 Months Inside an Online Scam Labor CampThanks for listening!Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Join Dan, Brian, and Erik in the latest episode of The Great Security Debate as they explore the impact and implications of the movie 'Leave the World Behind.' Delving into cyber security, societal impacts of technology, and philosophical elements, this discussion touches upon vulnerability management, risk management, and the effect of constant connectivity on modern life. Tune in to hear not only their analysis of the film but also personal reflections on communication, societal changes, and practical steps for improving individual security resilience. This episode also marks the exciting announcement of the Great Security Debate becoming a part of the Distilling Security network. Don't miss out!Help support the podcast: https://ko-fi.com/distillingsecurityShow Notes:episode-linksDistilling Security – Consumable security, privacy, and complianceHackers Remotely Kill a Jeep on the Highway—With Me in It | WIREDAugust 2023 Data Incident | U-M Public AffairsRecent power outages in Ann Arbor have multiple causes, DTE Energy saysWatch Leave the World Behind | Netflix Official SiteEditor note: This episode was recorded in the final days of 2023... but was lost to technology demons until now. One of those demons made it necessary to show the Zoom screen rather than our usual edited video cast. Sorry for the inconvenience and pain on your eyes.Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the software providers to the VAR (resellers) in the middle to the people and techniques used to market and sell the solutions. Some of the key topics of the discussion include:The challenges of security tool consolidation by non-security vendorsSecurity is not a lock-in tool, and security is not an upsell toolPushing changes to products without telling the customers before they happen or letting those customers have control over the change (and if they take it or not)Security Selling with VARs & Deal Registration What are the motivators when a product is recommended to youYou can still buy direct (and why you might want to)The challenge of selling into the SMBThe power of the “vouch” that flies in the face of some sales methodsThe importance of being genuine in sales communications (aka knock off the programmatic drip campaigns that pretend to be personal)Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for listening!

This week we are debating modern AI systems, especially the commercial ones on just about everyone's lips when talking about CVs, high school term papers, and interview answers.Large Language Models (LLMs), of which ChatGPT and Bard are two examples, are growing in prominence, but will they disrupt the technology world, or are they nothing more than just another blockchain fizzle?In this episode:Are these even actually "AI" models, or really just very fast processing of large data sets?What should I (and should I not) be putting into LLMs? How does the re-teaching based on data entered impact what you should put into public LLMs?What are some valid use cases for LLMs?Does depending on tools like LLMs (or calculators) bring us further from core understanding of how things work? Or should we be OK with the efficiency it brings?How does copyright fit into the LLM expectation and model, and does the legal licensing of training data dull the shine of LLMs?Are the analyses from LLMs skewed not only by the data they chose to use for training, but also by the userbase that uses that LLM?How are any of the "good practise" security and privacy requirements for LLM different from any other systems? Spoiler alert: not at all.Unrelated to AI, we also talk about what happens to all the "smart" things in your house when the internet goes out? What stops working? Way more than you might think...We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for listening!Links:Is OpenAI almost bankrupt?: https://www.windowscentral.com/software-apps/chatgpts-fate-hangs-in-the-balance-as-openai-reportedly-edges-closer-to-bankruptcyMaybe not bankrupt, but has business problem: https://www.forbes.com/sites/lutzfinger/2023/08/18/is-openai-going-bankrupt-no-but-ai-models-dont-create-moats/?sh=3c8922845e22Gartner declares LLMs at the peak of inflated expectations: https://www.gartner.com/en/newsroom/press-releases/2023-08-16-gartner-places-generative-ai-on-the-peak-of-inflated-expectations-on-the-2023-hype-cycle-for-emerging-technologiesWhen ChatGPT goes Bad: https://sloanreview.mit.edu/article/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai/https://venturebeat.com/security/how-fraudgpt-presages-the-future-of-weaponized-ai/The Circle (Movie): https://www.imdb.com/title/tt4287320/Amazon Sidewalk, and it's privacy issues: https://www.popsci.com/technology/amazon-sidewalks-privacy-concerns/Idiocracy (Movie): https://www.imdb.com/title/tt0387808/Moores law is dead: https://www.technologyreview.com/2016/05/13/245938/moores-law-is-dead-now-what/GM deletes Car Play from future EVs: https://www.theverge.com/2023/4/4/23669523/gm-apple-carplay-android-auto-ev-restrict-accessGM announces $130K EV Escalade (without CarPlay): https://www.theverge.com/2023/8/10/23827059/gm-no-carplay-android-auto-escalade-iqFragile Things (Book): https://amzn.to/47BWWkB

It's been a minute, but we are back with another Great Security Debate!Whether it is compliance, trust, questionnaires, we all sell something to someone and security is core to that process.In this episode, the focus is on how security integrates into the core of each of our businesses or organisations. From being part of strategic planning, the reminder that perfect being the enemy of progress, to the power in being a first mover on security and privacy topics:Compliance vs security: Is it pro forma? Do you check the SOC2 (and other) reports you get from your suppliers?You're not a special snowflake: Why won't more orgs use standard questionnaires on supplier assessments?There are multiple ways to solve a problem, and context is key. The process and environment may mean you don't need a technology control or a specific (prescribed) technology control."The business" is a term that should never be uttered again by security or technology practitioners and leaders.There is power and business value in governance and transparency in security and privacy; build trust in your brand.We need to move our programs a layer above the specific people. Risk is reduced by living at the process layer. Heroics are not scalable.How can preparing for a triathlon be used to describe adherence to targets that lead to good security (and the brand value that comes with it)Remember that you can't be "SOC2 Certified." And PFMEA is not always the answer to every question. Or is it?We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for listening!

Welcome to a very special Great Security Debate. If it is spring, it means that the annual Forrester “Top Recommendations For Your Security Program” report has come out, and we get to visit with one of the authors, Jess Burn. But this year, we get an added extra voice in that of Jess’ Forrester colleague Jeff Pollard. Both Jess and Jeff share a ton of insight on topics from that report and a few others (see the links below for blog posts about most of them)In this episode we cover:How (if) CISOs have been able to become “part of the business” and help colleagues understand that in 2023 security is business.Board reporting by CISOs and CIOs and where/how we succeed and fail.Talent shortages in infosec: a self-created nightmare?Consolidation in times of austerity: right or wrong for security?Huge thanks to Jess and Jeff for joining (find their LinkedIn and Twitter in the links section). Even though Jess is legacy, we are pretty sure that Jeff will be welcomed back in 2024 with open arms.We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for Listening!Special Guest: Jessica Burn.Support The Great Security DebateLinks:Cybersecurity's Staffing Shortage Is Self-InflictedLeadership Communication and Speaker Coaching | Speak by Design | United StatesBuild Better Bridges: Introducing Forrester’s BISO Role ProfileAnnouncing Analyst Experience: SOC Analysts Finally Escape The Shackles Of Bad UXThe Pay Gap Isn’t The Only Problem For Women In CISO RolesTop Recommendations For Your Security Program, 2023 | ForresterHow CISOs Can Navigate The 2023 DownturnJess Burn | LinkedInJeff Pollard | LinkedInJess Burn (@Jess_Burn_) / TwitterJeff Pollard (@jeff_pollard2) / Twitter

This week, Brian, Erik, and Dan look into the security impacts of last week’s Silicon Valley Bank closure, both from a direct security risk, but also what we can learn about risk from the events leading up to the incident that we can apply to our information security responsibilities.Brian kicks it off with a great description of how Silicon Valley Bank got here (based on what we knew on 12 March 2023 - subject to change as more becomes known after). And from that, we go some of the direct and indirect lessons and implications such as:Fraud attempts amongst a bevvy of legitimate bank account payment change requests from companies. Check from a known source before changing where you pay.Putting all your eggs into one (infosec or financial) basket can be risky. And risk can bring great rewards, or great resentmentEvaluating vendors for where they bank as part of third party risk management (or not)Clear insight to tough choices that have to be made to keep small business and startups running - sometimes that’s not “doing every thing of security”Business continuity planning requires a more realistic “yeah that could happen” when doing the reviewRemember that there is no such thing as no risk, just determining the right balance of (realistic) risk and downtime for your organisationIf one vendor goes away suddenly, what happens? What about if 6 go away all at once? Diversity of suppliers vs. focusing on basics in the security stackAlong with some strong recommendations (or maybe they are warnings) for our security vendor listeners on how not to use this incident as a sales tool (tl;dr: DON’T!), there are a few correlations to the automotive industry. And check out the book club recommendations in the show notes on our website www.greatsecuritydebate.net, too.Since we recorded another bank, Signature Bank, has also been closed and placed into receivership. On behalf of all of us at Great Security Debate, we wish all those affected either as companies of these banks or their customers good wishes and hope for good news ahead on the recovery of funds.Thanks for listening!Support The Great Security DebateLinks:The Demise of Silicon Valley Bank - by Marc RubinsteinAll the Devils Are Here: A Novel (Chief Inspector Gamache Novel Book 16) - Kindle edition by Penny, Louise. Mystery, Thriller & Suspense Kindle eBooks @ Amazon.com.Silicon Valley Bank profit squeeze in tech dip attracts short sellers | Financial PostThe Tenth Man Rule - Principle ExplainedThe Innovator's Dilemma: The Revolutionary Book That Will Change the Way You Do Business: Christensen, Clayton M.: 8601300047348: Amazon.com: Books — https://amzn.to/3LcZKvTThe Innovator's Dilemma: The Revolutionary Book That Will Change the Way You Do Business: Christensen, Clayton M.: 8601300047348: Amazon.com: Books