Show Notes
Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, Cloud Security Podcast’s Ashish Rajan and Shilpi Bhattacharjee speak with the Hacker Valley team at AISA CyberCon in Melbourne, Australia. Ashish and Shilpi discuss their respective talks on supply chain security and zero trust technology, SBOMs, and keynote speakers at this year’s Cybercon worth noting for the audience at home.
Timecoded Guide:
[00:00] Connecting & conversing at a cyber conference post-COVID
[06:50] Breaking down Shilpi’s presentation on supply chain threats & attacks
[11:45] Understanding the paradoxes & limitations of zero trust with Ashish’s talk
[26:13] Defining & explaining SBOM, or Software Bill of Materials
[33:16] Noticing key conversations & trends for those who didn’t attend AISA Cybercon
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
Shilpi, can you talk about the idea behind the talk you had at CyberCon?
The inspiration behind Shilpi’s conference talk was supply chain issues. Titling her talk, “Who’s Protecting Your Software in Supply Chain,” Shilpi hoped to further educate and advocate for security in the supply chain process. An estimated one in two companies will experience a supply chain attack in the coming years. Instead of fearing such a statistic, Shilpi hopes her talk inspired further security action to protect our supply chains.
“One staggering fact that I read is that one in every two companies is going to have some sort of a supply chain attack in the next three years. So, who's going to look after the supply chain? Is it going to be the organization? Is it going to be your third-party vendors?” —Shilpi
Ashish, what about your talk at Cybercon?
In contrast, Ashish’s talk was about the triple paradox of zero trust. When talking about and implementing zero trust, Ashish realized many companies don’t implement the cultural changes needed for zero trust and/or only talk about zero trust as a technology process. Zero trust has numerous layers beyond technology, and requires time and major changes in culture and technology to implement in most companies.
“I feel bad for bashing on finance, marketing, and HR teams. They're all smart people, but if you're going to add four or five layers of security for them, they almost always say, ‘I just want to do my job. I don't really care about this. It's your job to do security.’” —Ashish
Where would you recommend starting when it comes to trying to implement the ideas in your respective talks?
When push comes to shove about where cyber companies can start first with supply chain and zero trust, Ashish and Shilpi agree that companies have to discuss business priorities. When company leaders can take the opportunity to look at and understand their cyber hygiene, the next steps might look very different from another company’s tactics. Knowing what a business has is the foundational piece that impacts any new process in cyber.
“If I were to go back to the first principle of what we do with cybersecurity professionals, one of the biggest assets that we're all trying to protect is data. You can't protect what you can't see, that's the foundational piece.” —Ashish
For anyone that wasn't able to make the conference, what is one thing that you would want to share with the audience at home?
There were a lot of conversations taking place at Cybercon this year. Ashish wants the audience at home to know that cloud native, zero trust, supply chain, and leadership positions like CISOs were the main themes in many talks, panels, and conversations. Shilpi wants those who couldn’t attend to watch out for more talks and conversations about cyber from those outside of the industry to understand that the issues impacting cyber influence the world.
“I think there's that interest about cybersecurity being more than just a cybersecurity problem. Cybersecurity is not just a technical problem, it's a societal problem, a cultural problem. I very much agree, because a lot of the things that we're dealing with impacts everyone.” —Shilpi
---------------
Links:
Keep up with our guest Ashish Rajan on LinkedIn
Keep up with our guest Shilpi Bhattacharjee on LinkedIn
Listen to Ashish and Shilpi’s Cloud Security Podcast
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Recent Episodes
How to Hack your Career: Building a vCISO Business with Ayman ...
In this episode, Ron Eddings gets a chance to speak with Ayman Elsawah, Founder of Cloud Security Labs, and have him share his experience with becoming a vCISO. Ayman will break down the vast ...
Hyperautomation, Open Security Data Architecture, and the Future ...
Ron Eddings and Neal Humphrey, Vice President of Market Strategy at Deepwatch, discuss the changes in Security Operations infrastructure, and how these changes in structure, data, and automation ...
Securing Your SaaS and Cyber Influencer Networking with CRO Bob ...
Ron Eddings sits down with Bob Horn, Chief Revenue Officer at Valence Security. Their conversation centers around the world of SaaS security, examining the current landscape and challenges in ...
From ‘Hand-to-Hand Combat’ To Management in Cyber with Ofer Gayer
HVS Host Ron Eddings chats it up with guest Ofer Gayer, VP of Product at Hunters. While both of them reminisce about their first love in security research, Ofer clarifies how he diverted his ...
How Threat Actors Are Accessing Your SaaS Environments with Jaime ...
Ron Eddings and Jaime Blasco, Co-Founder and CTO at Nudge Security, discuss how well-known adversaries are taking advantage of enterprises that don’t have visibility into their full SaaS ...
The Future of Endpoint Threats and Why Zero Trust is the Only ...
Get ready for a SPECIAL episode! Ron Eddings will take you on an inside look at Threatlocker’s rapidly growing event, Zero Trust World, and will talk with Rob Allen, Chief Product Officer at ...
Slugging it Out in the SOC to Find Your Niche in Cyber with Nate ...
Ron Eddings sits down in-person with Nate Malicoat, Threat Intel Engineer at ContraForce, for a down-to-earth interview about entering the cybersecurity workforce from the Marines. Impactful ...
Creating Value in the Cyber Industry with Nick Lantuh
Nick Lantuh, CEO of Interpres Security, joins Ron Eddings on the mic at Hacker Valley’s “On the Big Screen” event to talk about how Nick’s previous career experience have given him unique ...
AI & Phishing: Fighting Fire with Fire
In this episode, Host Ron Eddings is joined by Vishal Dixit, Co-founder & CTO at Graphus Inc., and Sven Bechmann, Senior Product Manager of Email Security at Kaseya to dig into how phishing ...
Andrew Forgie's Path From Apache Mechanic to Cybersecurity Sales ...
In this episode, Andrew Forgie takes us on his journey from his early days as an Apache helicopter mechanic in the military to his current role as a regional sales manager in cybersecurity. ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.