The Evolving Landscape of Identity Threats: Strategies for Mitigation and Awareness

Posted by:

|

On:

|

This podcast episode delves into the pressing issue of identity threats and the evolving trends surrounding them. Our esteemed guest, Philippe Peters, who leads Identity Threat Labs at Segura, provides invaluable insights into the methodologies employed by cybercriminals in their quest to exploit vulnerabilities associated with credentials. We explore the alarming shift in tactics, where attackers increasingly purchase credentials rather than relying solely on zero-day exploits, highlighting the importance of vigilance in monitoring user behavior and implementing robust security measures. Moreover, we discuss the significance of events such as BSides, which serve as platforms for knowledge exchange, networking, and community engagement in the cybersecurity landscape. This episode aims to equip listeners with a deeper understanding of identity threats and the proactive steps necessary to mitigate these risks in their organizations.

In this episode of the Security by Default podcast, host Joe Carson welcomes back Filipi Pires, Head of Identity Threat Labs & Global Product Advocate at Segura® to discuss the latest trends in identity threats and cybersecurity. They explore the evolution of attacks, particularly focusing on social engineering and the role of AI in both offensive and defensive strategies. Filipi shares insights from recent events, including the significance of BSides conferences in fostering community and knowledge sharing. The conversation emphasizes the importance of a zero trust approach and the need for continuous education in cybersecurity.

Key Takeaways

  • The BSides community is essential for cybersecurity education.
  • Attackers are increasingly using social engineering techniques.
  • AI is being leveraged by both attackers and defenders.
  • Zero trust is a critical framework for modern security.
  • Organizations must implement multiple layers of protection.
  • Credential theft is a major concern in identity threats.
  • B-Sides events provide networking opportunities for newcomers.
  • Cybersecurity Awareness Month is a time for reflection and improvement.
  • The rise of AI in social engineering poses new challenges.
  • Community-driven events like B-Sides foster collaboration and learning.

Chapters

  • 00:00 Introduction to Security by Default Podcast
  • 01:59 Understanding BSides Events
  • 05:57 Current Trends in Identity Threats
  • 11:50 The Evolution of Authentication Methods
  • 14:57 The Rise of InfoStealer Malware
  • 18:52 AI’s Role in Cybersecurity Threats
  • 21:13 AI in Cybersecurity: Defensive and Offensive Perspectives
  • 24:36 The Role of APIs and Observers in Cybersecurity
  • 26:06 Best Practices for Securing AI in Organizations
  • 31:04 BSides Porto: Community and Event Insights
  • 39:06 Future BSides: Expanding to Porto Alegre

Resources:

https://www.linkedin.com/in/filipipires/

https://segura.security/

https://www.instagram.com/filipipires.sec/

https://segura.security/events/filipi-pires

https://www.linkedin.com/showcase/identity-threat-labs/about/

https://labs.segura.blog/

About Segura®

Segura® is an Identity Security Platform built to help organizations secure privileged access, detect identity threats, and respond rapidly to attacks targeting human and machine identities.

Designed for hybrid and high-risk environments, Segura delivers identity threat detection and response (ITDR), secure remote access, and privileged session protection — ensuring that only verified users, devices, and applications can access critical systems.

From infrastructure and servers to cloud platforms and the supply chain, Segura provides unified visibility and control across every identity interaction. By combining advanced analytics, behavioural detection, and Zero Trust access principles, Segura empowers companies to prevent credential misuse, lateral movement, and privilege escalation before damage occurs.

Transcript
Speaker A:

Hi everyone.

Speaker A:

Welcome back to another episode of the Security By Default podcast.

Speaker A:

The podcast here to really bring clarity to the chaos of security and also make sure that everyone has the opportunity to getting security in the organizations.

Speaker A:

And I always love bringing back amazing guests and having really hot topics and trends of what’s happening in the world.

Speaker A:

I’m the host of the show, Joe Carson.

Speaker A:

I’m the chief security evangelist at Segura and it’s a pleasure to be here with more fun, interesting discussions.

Speaker A:

And I’m actually joined back again by an awesome guest who’s returning for the second time in the podcast.

Speaker A:

So welcome back, Philippe.

Speaker A:

Give the, you know, maybe the audience, maybe those who are new, a little bit of background about yourself and what you do and what you’ve been up to recently as well.

Speaker A:

You’ve been quite busy.

Speaker B:

Yeah, thank you sir.

Speaker B:

Again we are here once again.

Speaker B:

So thank you so much joy for, for having me here.

Speaker B:

So it’s always a pleasure to talk to you.

Speaker B:

So yeah, so I’m Filip Peters basically.

Speaker B:

So I’m head of Identity Threat Labs here at Segura.

Speaker B:

I’m responsible for.

Speaker B:

My main role at the company is to make investigations reps.

Speaker B:

So basically more doing more analysis, you know, the new exploitations or that happen in different companies or trying to find some different vulnerabilities and different perspective of identity of course and this is the main role and the second sub rule is a sub rule let’s say is based on this content.

Speaker B:

I can share this in different type of audience as you said.

Speaker B:

So I was participating quite events last few weeks and authenticating.

Speaker B:

San Diego actually is not exactly in San Diego was in Carlsbad very close participating some roundtables discussing about the different topics about identity.

Speaker B:

And two days ago basically I was speaking actually at BSIDES Brasilia and I was presenting one of my last research about the.

Speaker B:

The attack that happened using PDF malicious.

Speaker A:

And was very cool, fantastic for the audience.

Speaker A:

I think, you know, you just give the audience a bit of a kind of insights into what, you know, what BSIDES is because I know, you know, you speak a lot of B sides, you know, went to lots and did lots of speaking to B sides and participating just for the audience.

Speaker A:

Some are maybe new to the industry, some have been going to the traditional type events, you know, maybe just give a recap or a bit of kind of insights what bsides, what, what it, what it is and who typically attends.

Speaker B:

Yeah, very, very start very quick information about BSides.

Speaker B:

Actually BSides started more than 20 years ago in the US and and actually in the beginning we had basically the two main events we call DEFCON and Black Hat.

Speaker B:

So the people received many many in defcon.

Speaker B:

They received many call for papers like a bunch of thousand talks.

Speaker B:

And they didn’t have a slot for all those speakers.

Speaker B:

So basically the.

Speaker B:

The community in US decided to create this new in double quotes they called bsides 20 years ago actually and they decided to create this B side.

Speaker B:

So do you remember the old people that remember the disc that they use in the to.

Speaker B:

To.

Speaker B:

To.

Speaker B:

To listen side of the.

Speaker B:

Let’s say is like the outside the B sides.

Speaker B:

So basically because of that they carry this name.

Speaker B:

This is the history behind of the name.

Speaker B:

And they created this 20 years ago.

Speaker B:

So they started in the US and in Las Vegas.

Speaker B:

And after that they decided to put in B sides in other states in US like for example San Francisco and other states.

Speaker B:

And of course they decide to spread the message using B sites in the rural around actually the world.

Speaker B:n that they we have more than:Speaker B:

Besides this was big big big brand.

Speaker B:

And then basically the idea of the event is focused on cybersecurity hacking future.

Speaker B:

And they bring actually in the different events they bring new speakers and the others known speakers mainly when they invite.

Speaker B:

And let’s say the bigger speakers is usually to be the keynote speakers.

Speaker B:

And actually this keynote speaker is invited to talk and you to work in the openings.

Speaker B:

And of course they open the call for papers for the.

Speaker B:

The whole GN actually.

Speaker B:

So usually BSIDES has a committee responsible for evaluating these talks.

Speaker B:

And they created this different activities main track or two or three simultaneously track.

Speaker B:

And sometimes they have a village and there’s a very, very nice to participating this kind of conference.

Speaker B:

And because it’s opportunity to know more about this culture behind of the cyber security about the hacking, offensive security, defensive security, identity, whatever.

Speaker B:

Many things about cyber security actually.

Speaker B:

So it’s a very cool.

Speaker A:

Yeah, absolutely.

Speaker A:

I think Jack Daniels was kind of, you know behind the Original Las Vegas 1.

Speaker A:

Absolutely.

Speaker B:

He keep in participating the leadership.

Speaker B:

Actually when you decide to create a specifically for example BSIDES in your city or your state, you just submit to the info@the BSides.org if I’m wrong.

Speaker B:

So usually the Jack came to you and talk discuss to you about what is beside what is the future behind of BSides.

Speaker B:

What kind of things you need to organize your proper B sides and what is the.

Speaker B:

Let’s say the mandatory things that you need to create this B sides.

Speaker B:

But he’s responsible for that.

Speaker A:

Yeah, he’s.

Speaker A:

He’s he’s awesome.

Speaker A:

It’s a shame that he’s got nothing as involved these days but, but you know, it’s great that he’s still involved in BSides and I think it’s also great for, for the audience, you know, if you’re sort of thinking of some conferences are typically out of reach price wise or location wise, you know, maybe a site travel to and I think the BSIDE is a great way to find local events that are more affordable as well.

Speaker A:

And if you’re kind of interested in getting into the speaking kind of area, B size is also a great place to start off with.

Speaker A:

And there’s lots of people, you know, mentors that kind of get involved as well to help, you know, new, new speakers in the process.

Speaker A:

Thanks for the, you know, the overview.

Speaker A:

I think it’s great for the audience who, who may not be familiar with BSides.

Speaker A:

So back to the main.

Speaker A:

The main theme of today’s episode is all around the latest identity threats and some of the hot trends that you’ve seen and some of what’s the hot topics that’s been discussed at you know, the events and conferences that you’ve been around the world.

Speaker A:

So in, in the identity threat labs and the research you’re doing, what are some of the hot trends you’re seeing around identity compromise?

Speaker A:

What’s, what’s the attackers using as the most common methods to gain access to credential to privilege accounts and so forth or machine identities?

Speaker B:

Yeah sure.

Speaker B:

Actually when you think about the attacker perspective, I think if you see in the last few big attacks actually in the past the attackers trying to get more let’s say the 00 days to get inside of the companies but it’s not let’s say in the past was sustainable but nowadays it’s not too sustainable because you need to be more let’s say stealth the attack when you are doing the attack.

Speaker B:

And so nowadays the things that I’m seeing in the market mainly in the cybercriminal perspective let’s say is as I said is about let’s say the machine identity in terms of secrets, tokens, keys.

Speaker B:

Because so if we, if we see in the last previous attack, so I’m just let’s say mention a two big attacks in Brazil focus on financial sector.

Speaker B:

So they using the same idea of attack.

Speaker B:

So basically the attacker or the criminals they paid for credentials to get inside of the environment.

Speaker B:

And the other thing is when they get inside of the environment of this victim and the company so they, they can move laterally to get some let’s say keys, secrets and even certificate because they need to authenticate between two different applications, you know, to doing a kind of fraudulent process.

Speaker B:

So it’s, it’s totally focused on that because you know, it’s more let’s say forable way that criminals can, you know, pay for that.

Speaker B:

Because in the past they needed to pay for, you know, the zero day.

Speaker B:

Sometimes it’s not, let’s say when they get inside of the environment they should trying to get more like you know, escalate privilege or trying to do those type of things.

Speaker B:

But once they was detected they it was complicated to get an another, another different zero day.

Speaker B:

So nowadays they just paid less than the past.

Speaker B:

They just pay for or through credentials, you know, as you said and they have the access to this privilege account because sometimes for let’s say just an example like developer, they need to access for example VS Code and VS Code requires the administration access.

Speaker B:

So if this user has the privilege access because of this application, let’s say for example VS Code or even the others, let’s say SAP for example applications for the ATR team or for the financial team or whatever.

Speaker B:

So they require to use administrator access in this specific application.

Speaker B:

So that is the reason that because of the attackers are paying less for the, the let’s say the employees to get some, you know, inside that threat the environment.

Speaker B:

So that’s the things that I’m seeing for the previous attack is not about, you know, zero day or something like this.

Speaker B:

It’s just about, you know, I will pay for some access and then I’m getting inside.

Speaker B:

Because if the, let’s say the blue team detect me is not me the attacker, it will be the, the employee, you know.

Speaker A:

Absolutely.

Speaker A:

It’s, you know, if you’re under the disguise of an existing authenticated credential of an employee, it’s really hard to really understand about is that employee actually, you know, doing the work and you know, you know, hard to, you know, be able to detect that it is an attacker, you know, abusing those credentials.

Speaker A:

Sometimes you get us into where if organizations are doing some more indebted intelligence types of activities such as monitoring the applications that uses at what times a day and having additional security controls in place when there’s some suspicious activities.

Speaker A:

Sometimes that puts a little bit of, you know, challenges in front of the attackers.

Speaker A:

Meaning that if they start using applications that employee doesn’t use or accessing at times a day that they don’t typically access those applications, then you can challenge them with additional security controls.

Speaker A:

But unfortunately many organizations they don’t have MFA everywhere on all devices and all kind of types of privilege elevations or application elevations.

Speaker A:

They tend to only have the front door.

Speaker A:

And if the attackers are good at social engineering and phishing, they’ll find ways to bypass it.

Speaker B:

Is it interesting to mention that?

Speaker B:

Because I was discussing with last week at the put a data first event was we are.

Speaker B:

We were talking about the threat detections and this kind of things.

Speaker B:

And it’s interesting because many is in parallel of this event.

Speaker B:

I was not in parallel but two weeks, one week before I was participating in other events that we call authenticate which is focused on authentic authentications process.

Speaker B:

So I saw many companies selling this kind of yubikey let’s say IDO key point credentials is.

Speaker B:

Yeah, exactly.

Speaker A:

But it’s.

Speaker B:

It’s for me like if you compare like okay we have a system to access and you putting the MFA as you mentioned right now.

Speaker B:

And if you.

Speaker B:

If you think about like let me try to the authentication process for more physical authentications just to you know, injecting things.

Speaker B:

So it’s for me some something I’m feel sometimes like more old thing, you know.

Speaker B:

Like do you remember when you talk about the malware in the past?

Speaker B:

Yeah, exactly.

Speaker B:

So like okay, if you’re trying to put in some hours in some companies just inputting the light say the pen drive.

Speaker B:

You remember this kind of attack few years ago just putting this pen drive in front of the company, putting that and wait for someone that can pick up this up and put in the laptop.

Speaker B:

Okay, let me see what we can find here.

Speaker B:

So it’s a kind of technique old using by the attacker.

Speaker B:

But nowadays like you know, based on the event.

Speaker B:

So I saw many companies selling this kind of authentication fee like sound interesting to see about.

Speaker B:

Okay, we are looking to the AI process identity AI but on the other hand we now having this kind of third factor of authentication using this.

Speaker B:

It’s not third factor actually.

Speaker B:

So you’re using this for validate.

Speaker A:

You know but interesting it’s additional thing that something you additionally have, you know, in the past.

Speaker A:

You know MFA has been traditionally kind of using it as an additional app on the phone.

Speaker A:

But this is an additional kind of, you know token that you have to have that is fido to credentials.

Speaker B:

But you’re thinking for the attacker perspective.

Speaker B:

For example, if I’m attacker just I’m supposing so I just can buy whatever let’s say pen drive I want.

Speaker B:

This is so small like okay, just this is the actually is a kind of extension to using for charge things.

Speaker B:

It’s not exactly a pen drive but if it was more bigger than.

Speaker B:

Than this one here I just sending to the.

Speaker B:

Let’s say agents, not agents but they store and print it whatever name I want.

Speaker B:

Like for example Segura brand I can pull in this.

Speaker B:

You know like this is Segura for access key.

Speaker A:

Yeah, tons of bad usb.

Speaker A:

I’ve got lots of so you know, ever since events.

Speaker A:

The WI fi.

Speaker A:

Yeah, the events and everything.

Speaker A:

So ever since the Wi Fi cactus and the bad USBs I’ve got so many of them.

Speaker B:

And not only that, not only that, but I can using this like tell the people this is a new way for using Segura for Pam solution.

Speaker B:

You know, like so you know what I mean?

Speaker B:

So okay, this is a kind of feature for customer, not a for enterprise company, just for personal user.

Speaker B:

Let’s say you can use in like a personal vault to authenticate your own applications or your LinkedIn, your Instagram or Twitter, whatever or ads and just putting the brand.

Speaker B:

So like I can distribute this in the different events and I can using this as a malware.

Speaker B:

You know, like not new but old becoming.

Speaker B:

Becoming a new attack vector is we’re.

Speaker A:

Adding an additional attack vector by bringing in that kind of reinforcement techniques.

Speaker A:

I have a question.

Speaker A:

One of the things that came up what I was doing in the last month, October was Cybersecurity Awareness Month.

Speaker A:

There was lots of activities, lots of awareness training.

Speaker A:

Lots of organizations had lots of events.

Speaker A:

They really kind of re educate their employees.

Speaker A:

And one of the hot topics that came up during the Cybersecurity Awareness month was around the use of info stealer malware and also session cookie and token theft.

Speaker A:

Can you explain a little bit about what you’ve seen around where the initial attackers, they gain access to an employee’s credentials and then all of a sudden that employee is using a browser, you know, to access lots of different applications because everything’s not based, everything’s cloud based.

Speaker A:

And they’re you know accessing those applications and then the authentication will do an authorization.

Speaker A:

And then in that browser it stores either a clear text password, you know, they’ve just saved it as a password in the browser.

Speaker A:

And most do not have a security turned on.

Speaker A:

And then also they store a lot of the cookies which stores the tokens and the sessions and then simply attacker either just jumps onto that session, copies the cookie and puts it in their own browser.

Speaker A:

What’s been the trends around that?

Speaker A:

I think, you know, I’ve seen a lot of trends around organizations creating much more, let’s say secure browsers.

Speaker A:

Will you know make sure that the sessions are one time use only or they’re locked or you can’t you know, replicate or break into them.

Speaker A:

Has that been something you’ve seen in topic in the last couple of months?

Speaker B:

Yeah, definitely.

Speaker B:

You’re right.

Speaker B:

Mainly because of the.

Speaker B:

The.

Speaker B:

The attack vector as I mentioned about the social engineering.

Speaker B:

I think this is the more trending that I’m seeing in the events and not only about the.

Speaker B:

The conversation with the people but about talks.

Speaker B:

So because of the AI mainly the attacker are they are you know increasing the way that they can explore the companies using AI to let’s say the econ science step is more.

Speaker B:

They are increasing.

Speaker B:

Let’s say they improved.

Speaker B:

That’s the good word improvement.

Speaker B:

They are improving a lot the way that I can.

Speaker B:

They can get in the.

Speaker B:

The activity curiosity of the employees.

Speaker B:

So that’s the main training.

Speaker B:

Let’s say that I can you know mention it with the audience because like in the end of the day the way that attack used to collect anything is always the same as you said, you know, using the social engineer to collecting cookies and to using this cookies to access the session and to you know, motivate the user to clicking in the URLs or something like this to download other things because of that is super, super important if you are listening right now is to have remote layers of protection in your organization even in the firewall on the board of the.

Speaker B:

Let’s say the board of your company or even if these applications in the cloud as I mentioned, like the waf you have more than one layer to protect your identities your company at all.

Speaker B:

So that’s the key.

Speaker B:

But the main vector that attach can get inside is to using the social engineering strategy.

Speaker B:

So I’m seeing a lot of even for example in this side sport that will happen in the end of November.

Speaker B:

I received I think four or five talks focus on software engineer techniques and mainly how the attackers are creating new things using AI even for you know, text or video.

Speaker B:

So that’s I think is the big you know trend for.

Speaker B:they will increasing for the:Speaker A:

Absolutely.

Speaker A:

I’ve seen it heavily, you know, targeting languages I laughed at.

Speaker A:

I saw a comment by Ken Monroe recently on social media.

Speaker A:

If an email looks perfect from him it’s probably most likely social engineered.

Speaker A:

If it has grammar errors in it, it’s most likely a human response and I quite laughed at that because let’s say we go one year back and we talked about social engineering and cybersecurity Awareness month a year ago.

Speaker A:

And it’s really for the audience, it’s important that cybersecurity warn us month is a kind of, it should be a check like to go and assess your security.

Speaker A:

It’s not that you just do security one month of the year.

Speaker A:

Every month is cybersecurity.

Speaker A:

October is just a time where you might reevaluate or kind of measure how you’re doing.

Speaker A:

But if we kind of compare from last year to this year, it was quite interesting because last year you still look for errors, look for the mistakes and messages, you know.

Speaker A:

And then this year because of AI’s involvement in social engineering and phishing, even in the Estonian language, which is really complex and it used to take humans to do the malicious translations.

Speaker A:

Now it’s automatically done with AI to perfection.

Speaker A:

They are so authentic looking that even professionals like myself, I will have to look two times or three times, you know, an email to determine is, is something up here.

Speaker A:

You know, sometimes it’s now it’s too good written by a human.

Speaker A:

Most likely there would be mistakes in it.

Speaker A:

Especially you know, myself, you know, I’ve got, you know, slight dyslexia as well.

Speaker A:

So I always change words and letters around and so I would expect errors to be there.

Speaker A:

Now I train the AI model to, to also be Dixie dyslexic as well, which is always interesting in order to create the errors.

Speaker A:

But what’s, what are your thoughts around, you know, you know, the, the trends of AI attacks, exploit identities and use social engineering.

Speaker A:

Have you seen what about talks around how to use AI to help us detect them as well, you know, both the defensive and offensive capabilities.

Speaker B:

Actually I’m seeing in many events.

Speaker B:

I was discussing last week as well in this event called Put It Data first just to put in the audience to just understand.

Speaker B:

This event was happened last week.

Speaker B:

Last week, yep.

Speaker B:

In Las Vegas and I was participating in many roundtables.

Speaker B:

We discussed many things related to the AI.

Speaker B:

So one of the topics was about, you know, threat detections and another one was about, you know, zero trust using AI.

Speaker B:

Threat detection is an AI identity access management using AI and DevOps CI CD pipeline using AI.

Speaker B:

So coming to your questions about, you know, threat detections.

Speaker B:

So the thing that we discuss with different, you know, leaders of the industry.

Speaker B:

So I’m saying for the defensive perspective, actually the companies they are trying even for the enterprise perspective or the let’s say the vendors perspective perspective they trying to, let’s Say collecting bunch of logs let’s say for soc teams or CM and they try to work in more in intelligence way and more productively.

Speaker B:

You know, this is the.

Speaker B:

And I’m seeing not only that but if I remember two weeks ago I was in speaking at BSides New York and in this event specifically I was talking with one company, they created this soc or let’s say AI soc.

Speaker B:

It’s just to understand first to learn more about how the attacker are, you know, explore environments they you know, teaching this AI to work more proactively, you know, related to this specifically events that they received for the companies.

Speaker B:

They try to connecting with many vendors for example for the IDRs, XDRs, whatever or you know, firewalls, IPS, IDSS and you know, different layers of security.

Speaker B:

When you have like or even cloud, for example, cloud trader from AWS for example when you have kind of incidents that happened or they trying to you know, putting the relationship between those logs and they try to teach the AI module to bring to you this kind of possibility kind of attack.

Speaker B:

So this is the defensive perspective, the thing that I’m seeing events on the other hand for the offensive perspective, talking about the red teamers or penetration testers.

Speaker B:

The thing that I’m seeing is they are trying to manipulate the AI in terms of okay, how I can, you know, induce the AI to bring the, the correct answer or the wrong answer, how I can bypass the AI.

Speaker B:

This is the thing that I’m seeing the events both trendings, I mean or the, the let’s say for the penetration testing perspective, the offensive security perspective.

Speaker B:

The people are trying to you know, integrate many, you know, tools using AI to, to be more fast in the results.

Speaker A:

So it seems a lot, a lot of the, you know, both the defensive and offensive is the right orchestration and sort.

Speaker A:

It’s like, it’s like you know, interoperability.

Speaker B:

It is what it is.

Speaker B:

Yeah, it is what it is.

Speaker A:

So bring everything together, make sense of the information so we can make decisions and you know, change our tactics as quickly as possible.

Speaker A:

So it’s accelerating the campaigns to being almost to real time attacks and real time defense.

Speaker A:

I really enjoyed it was a talk I watched Elisa Knight, who’s awesome.

Speaker A:

I always really enjoy watching her speak and I’ve known her for many years and I was watching her doing a keynote that was talking about you know, the trends.

Speaker A:

She talked heavily around API security and that was one of the big topics around bola, around broken object Layer authentication and that was really interesting talk and I think it’s a really hot topic as well because it’s simply just another, let’s say, version of a machine or non human identity.

Speaker A:

You know, it’s there to run in the background.

Speaker A:

But it was really interesting because she made the reference about we’re becoming almost like observers to both the defense and attacks.

Speaker A:

So we sit back and we can watch the, you know, AI defense and AI offense, you know, basically attack each other and we become observers or you know, let’s say adjusters in the, in the policies or in the techniques in order to either improve or you know, or go faster.

Speaker A:

So it’s a really interesting talk and I thought that was very, very insightful.

Speaker A:

But absolutely.

Speaker A:

I think when we get into the AI side, you know, the automation orchestration, it’s, it’s impressive to see how fast that’s, that’s moving to the point where it really is accelerating.

Speaker A:

And I think no organization can sit back and, and kind of just not be involved in it.

Speaker A:

And it reminds me back in the summer here in Estonia there’s a camp that’s called Cyber Wizards Camp, which is a girls camp at this basin.

Speaker A:

So if anyone out there and in the audience has, has kids or daughters specifically, then Estonia has a Cyber Wizards camp that runs in the be August that you can send your daughter to and they will learn all about cybersecurity, hacking, cracking passwords, defensive and also one of the things was around compromising AI, you know, jailbreaking it, getting it to real veil information.

Speaker A:

And it’s really insightful because you know, we really need the next generation of talent in order to know how we defend against AI when it’s not being secured and not being protected.

Speaker A:

And I think that’s one of the things is that as organizations are starting to use AI for the defensive side, we have to really understand is that it becomes another attack factor as well.

Speaker A:

And you have to put the right security in place.

Speaker A:

So do you have any recommendations, you know, anyone is, you know, in the process, you know, of using AI to secure the organizations, what do you recommend they should be doing in order to secure AI so it doesn’t get jailbroken, it doesn’t get compromised.

Speaker A:

What’s some of the best practices out there?

Speaker B:

Actually this is an interesting point because this is, was like hot and fighting discussions.

Speaker B:

One of the events about what kind of data I can put in AI.

Speaker B:

You know, like this is one of the, our discussions about AI for identity access management.

Speaker B:

So I was on the round table and I heard three or four guys talking.

Speaker B:

I don’t put my Identity access in the AI, you know, like because it’s the user, internal user is a privilege, is a group of rules, bunch of rules, role of groups, you know, permissions.

Speaker B:

So that’s interesting.

Speaker B:

But on the other hand, like if you need to implement in your identity access management and if you, if you buy a tool, so probably this tool use an AI, but what kind of AI they are using.

Speaker B:

You know what I mean?

Speaker B:

So that’s a kind of trick thing here.

Speaker B:

Can you trust it?

Speaker A:

Can you trust it?

Speaker A:

Yes.

Speaker A:

Do you know where it’s been stored?

Speaker A:

Do you have.

Speaker B:

Yeah, exactly.

Speaker A:

Legal rights?

Speaker A:

Because a big hot topic this year is data sovereignty and you know, compliance.

Speaker A:

And if you’re you know, implementing and you don’t have a proper risk assessment of the AI model, then it’ll be a hard challenge to you know, be, be compliant and also protect data sovereignty as well.

Speaker A:

I think that’s a big topic that I’ve also seen on the top trends as well.

Speaker B:

Yeah.

Speaker B:

One of the things that I can recommend to the audience, let’s say is you need to think about always about the 0 trust, not about 2 are both a three piece.

Speaker B:

I think this is the only way to improve your security portion whatever tool you’re using.

Speaker B:

Because I’m talking about AI like a tool because in the end of the day the AI will be another tool to help you to improve your work, you know, to working more fast.

Speaker B:

So if you put in whatever tool in your inside of your circle of environment, your silo.

Speaker B:

So like you need to have the zero trust future or methodology implemented in your company in terms of okay, you need to use in this 3p basis process people and product.

Speaker B:

So you need to be established the you know, process first one you need to is in terms of you know, compliance regulations, whatever.

Speaker B:

And you need to communicate the user the second pillar and you can go to the third pillar which is the tool the product in terms of AI.

Speaker B:

So what kind of information you can share with this product you need to looking back and okay, what is the process?

Speaker B:

What is the people?

Speaker B:

And okay, this product in terms of AI.

Speaker B:

So that’s the three pillars again three piece.

Speaker B:

So I think this is would be my recommendations for the audience how we can use an AI in the right way.

Speaker B:

So like you need to think about zero trust because again okay, you can think maybe okay, I, I want to pay for example the ChatGPT or Gemini or whatever to however you paid for.

Speaker B:

Let’s say Microsoft for teams and they offer you the compiling copilot.

Speaker B:

So you’re Putting your data in copilot like okay, so the AI are inside of this another product, it’s called Microsoft or if you’re using Gemini, so you’re putting the AI inside of you another product which is the Google.

Speaker B:

So like if you have the three, the first pillar which is process established can working, you know, let’s say trying to work more correctly.

Speaker B:

You know, in the end of the day like we never, we will have.

Speaker B:

We never have like 100% safe.

Speaker B:

So you need to think about, about that.

Speaker A:

So perfect system.

Speaker A:

We just have to, we have to have what’s our appetite.

Speaker A:

I always say what’s your appetite for risk?

Speaker A:

How much risk are you willing to accept and.

Speaker A:

And take on?

Speaker A:

And it reminds me I actually of a talk recently I saw Chris Wiseau Bull who’s a big advocate for secure by design, which is also from the big stances from CISA as well.

Speaker A:

And I think you know, secure by design is definitely something we should be always kind of advocating for and just brings back it as you’re talking about zero trust.

Speaker A:

I think when you’re using AI and AI models it should be zero trust by design as well.

Speaker A:

Yeah, it should be something we should be looking at.

Speaker A:

Let’s not assume that all the security has been met.

Speaker A:

Let’s do you know, zero trust by design, which means the principle of least privilege.

Speaker A:

It means that you’re using just in time privileges so that that agentic AI should not have persistent privilege would be one of the kind of biggest risks you could put in place.

Speaker A:

It’s just like you know, giving a service account a default credential and never changing it.

Speaker A:

That’s what you’re facing if you don’t put the right controls in place.

Speaker B:

Yeah.

Speaker A:

So let’s bring it right back.

Speaker A:

One of the things I’d like to go back on is that I know you’re organizing one of the first B sides Portal Porto.

Speaker A:

So can you tell us a bit about what’s happening when it is if the audience kind of wants to attend, they’re local in the area.

Speaker A:

Tell us a little bit about more what what to expect at BSIDES Porto.

Speaker B:

Yeah, for sure.

Speaker B:

Actually the will be the first edition in person at Bsides Portal.

Speaker B:

So I become the organizer this year.

Speaker B:

So we had actually two editions virtually in the middle of Pandemic, if I’m not wrong, was another organizer.

Speaker B:

So when I received the opportunity to organize this event this year, I was stuck with the J with Jack and I decided to rebr building everything.

Speaker B:

As you can see my background here.

Speaker B:

So I create this logo and I decided to create more Portugal identity by the way, using the color the bridge, which is in Porto, between Porto and Villanova de Gaia, which is another city, you know, next to Porto.

Speaker B:o organize event next year in:Speaker B:

However, when I announced it, so the community came to me and they said Felipe, we need it, we need to do this year.

Speaker B:

So I said okay, let do this, let, let do this, let’s make this happen.

Speaker B:

And you know, in the end of the day.

Speaker B:

So I have very nice people around me.

Speaker B:

They did, they helped me to organize this event.

Speaker B:

We create a website.

Speaker B:

We, we.

Speaker B:

We got amazing sponsors to supporting the community.

Speaker B:

Because again, this is very interesting to mention the audience.

Speaker B:

So BSides is a no proof initiative.

Speaker B:

Like it’s just the community created for the community to is by community to community.

Speaker B:

Actually that’s the future behind of BSides.

Speaker B:

So we announced it actually last.

Speaker B:

Last week, this weekend.

Speaker B:

Basically the speakers we have many people from the Europe, mainly in the US as well.

Speaker B:

We have people speaking locally.

Speaker B:

Like we have for example Teresa, which is the leader of Oas Laria, which is the city here in Portugal.

Speaker B:

And we have for example, we have the speakers which very known guy that works at Symantec is Kennedy West.

Speaker B:

If not probably I can mention the name wrong, but it’s Kennedy from Switzerland.

Speaker B:

And we have Teresa, we have Dimitrios, which is the guy from Microsoft.

Speaker B:

A very nice talk about exploitation.

Speaker B:

We have a Sergey, which is the guy that lives here in Portugal.

Speaker B:

We’re talking about AI exploitation as AI.

Speaker B:

We have Brazilian guy called Milton is the guy.

Speaker B:

We talk about Brad Teamers techniques and they will bring it the very low level, let’s say high technical presentations.

Speaker B:

We have another local guy which calls Pedro from Beachside, which is a company very strong here in Portugal.

Speaker B:

We will have actually three workshop that happened in November 28th.

Speaker B:

The event will be November 29th and 28 in the night.

Speaker B:

We have just three workshops.

Speaker B:

Yeah, three workshops.

Speaker B:

One of these workshops will be organizing by the Andrea Batista, which is the very known guy in Portugal.

Speaker B:

He.

Speaker B:

The guy is known as a Cristiano Ronaldo of cyber here in Portugal.

Speaker B:

Very respectable guy here.

Speaker B:

I just announced the workshop in two hours finished the all possibilities to learn with the guy because he’s very known here in Portugal.

Speaker B:

And we have another guy, another two besides organizer that will, you know, bring the workshop.

Speaker B:

One is Castro Pereira.

Speaker B:

The guy lives in Poland, but he came to besides Porto.

Speaker B:

He’s besides Krakow organizer and another one is.

Speaker B:

What is the name of the lady is Katie.

Speaker B:

Katie Fitzgerald Gerald.

Speaker B:

She is one of the B sides Chicago organizer.

Speaker B:

So I’m super happy because the mix of speakers is in Portugal, U.S. poland, Switzerland and and and about the attendees.

Speaker B:

We have attendees for Netherlands, France, uk We have actually two others organizing from UK and another lady from the US that came to our event.

Speaker B:

So like it’s.

Speaker B:

It’s local event but it’s.

Speaker B:

It’s an international event because of the attendees.

Speaker B:

This is.

Speaker A:

Go ahead.

Speaker B:

We have actually two different things for bside sport just for the others knows like one is more entrepreneur activities.

Speaker B:

It’s very.

Speaker B:

The idea is to not only bring talks technically but like how we can help in the community.

Speaker B:

Number one we running the startup village which is the village responsible for helping people and how they can create their own company how they can you know putting this their company in the incubator.

Speaker B:

So we’ll be the whole day doing activities with one incubator that will be responsible for running this startup Village.

Speaker B:

This is one of new that we bring it to the besides portal and the second one is about a specific tier of sponsors and we will have one company which is the hiring space.

Speaker B:

So probably Joey, you heard a lot of people come to you and ask you okay Joey how I can get inside of cyber security, how I get a job.

Speaker B:

So this is another way that I can help in the community.

Speaker B:

I will bring companies inside of the event participating event, putting the booth in the event they can offer jobs for the community.

Speaker B:

So this is the.

Speaker B:

The.

Speaker B:

The other things.

Speaker A:

That’s one thing I’ve always recommended you know for anyone who’s looking to get into security industry that you know the B size is a great way to network and find yeah opportunities because that’s.

Speaker A:

I always recommend you know students and universities and interns who’s kind of like you know looking to expand that the B sides is a good opportunity for them to go and you know and talk to companies and talk to professionals and learn what’s the best entryway.

Speaker A:

So I’ll definitely make sure that in the show notes we’ll have the link to the BSIDES portal registration and more information and details.

Speaker A:

Felipe, it’s always been awesome having you on.

Speaker A:

I really enjoy.

Speaker A:

We’re definitely kind of getting an insights into what the B size events is and what’s there for the community.

Speaker A:

What’s the latest trends in the identity threats and what you’ve been seeing at some of the events around and also kind of what’s your involvement in giving back the community a great event in Bsides Porto which is you know, it’s always great.

Speaker A:

You know one is we consume a lot but when you contribute back it definitely makes the world a safer place.

Speaker A:

So, so many thanks and it’s.

Speaker A:

I applaud you for.

Speaker A:

For the hard work that you put into to bringing and putting those events together.

Speaker A:

Because they are hard.

Speaker A:

Yeah.

Speaker A:

Is it is challenging.

Speaker B:

Yeah.

Speaker B:

Yeah.

Speaker A:

Anything you would like to leave the audience with.

Speaker A:

Stay connected.

Speaker A:

If they, if they have questions, what’s the best way to reach out for you?

Speaker B:

They can find me one.

Speaker B:

You know LinkedIn is Philippe Pierce F I L I P I Pierce or P I R E S and the same is the same name for Twitter and they can find me as well on Instagram.

Speaker B:

I’m using a lot of my Instagram to helping the people in the community which is Philippiers docsec and they can find me there.

Speaker B:

Yeah.

Speaker B:

So all those my activities I put in these three main social medias let’s say and if they are interesting to read the more information about Identity Threat Labs and the articles that have been published there they can find in the labs docs to go to doc blog.

Speaker B:

The all technical articles are there and yes, thank you Joey for inviting me to talk again.

Speaker B:

It’s always a pleasure to be here with you.

Speaker B:

You’re my friend.

Speaker B:

You’re my friend, you know like.

Speaker A:

Absolutely.

Speaker B:

It’s like.

Speaker B:

Like a talk with my friend in the table.

Speaker B:

So that’s.

Speaker B:

That’s interesting.

Speaker B:

It’s amazing.

Speaker B:

Thank you.

Speaker A:

At some point in time we’ll do this in person.

Speaker A:

We’ll have you know.

Speaker A:

Yeah, absolutely.

Speaker A:

Many thanks for joining me again.

Speaker A:

It’s always a pleasure having you on and yeah, absolutely looking forward when we can have a.

Speaker A:

And next catch up in person.

Speaker A:

So for the audience I hopefully, you know this has been very educational and very informative for you.

Speaker A:

You know we’re really bringing you know the amazing guests like Philippe to really educate you, share what’s happening in the world, share how you can be involved as well.

Speaker A:

Maybe you know, you’re interested in starting up your own B sides event if there is none local to you.

Speaker A:

Definitely Philippe, you know would be able, you know as a good person to.

Speaker A:

To go to and.

Speaker A:

And learn about.

Speaker B:

That’s.

Speaker B:

That’s interesting.

Speaker B:

Sorry for.

Speaker B:

For interrupt you like.

Speaker B:

I I would like to just talk with few people.

Speaker B:

Few people know about that but I can announce here at the.

Speaker B:

Let’s say the spoiler officially by the way we didn’t announce at LinkedIn or whatever, social media, but I can talk to you and I can announce.

Speaker B:

So we, I, I have a friend of mine which called Emerson.

Speaker B:

Emerson Wendy, which lives in Porto Alegre, south of Brazil.

Speaker B:

Hugo Andesu, by the way, my city, I’m from there.

Speaker B:

And so we organized next year B sites.

Speaker B:n July, in the end of July in:Speaker B:

So we didn’t announce, but we have a logo, we have a commitment with the BSIDES team.

Speaker B:

So we probably announce in the next few weeks.

Speaker B:

But this is a spoiler for the podcast here.

Speaker A:

Fantastic.

Speaker A:

So you heard it first here.

Speaker A:

Excellent.

Speaker A:

So for everyone, you’re getting the insights inside scoop of what’s happening in the near future.

Speaker A:

So Philippe, again, many thanks for the audience, you know, stay safe, take care, tune in every two weeks, you know, for the Security by Default podcast.

Speaker A:

Really kind of bringing security, you know, for everybody.

Speaker A:

So insights, knowledge, leadership, ideas, trends and hot topics.

Speaker A:

Share with your friends, share with your colleagues and let’s make sure the world is a safer place.

Speaker A:

So everyone stay safe, take care on until the next time.

Posted by

in