Great Security Debate

Doorbells Ring Hollow

Mon, 23 Feb 2026 09:00:00 -0400

What on earth were Ring and Amazon thinking when they aired their Super Bowl advert that previewed a “there’s nowhere you can hide” type of dystopian future masked as a way to find your lost dog? With cameras everywhere, are we safer or just more exposed? When camera data is deleted, is it really gone (spoiler alert: not necessarily), and more. Are we approaching the new location of the “creepy line” or as a society are we content to trade privacy for security? And what happens when the glasses with cameras become more pervasive? Are we all on cam all the time whether we like it or not?

Show notes:

Ring Super Bowl Advert - https://www.nytimes.com/2026/02/19/business/ring-super-bowl-ad-privacy.html
Decoder Podcast - Let’s talk about Ring, lost dogs, and the surveillance state - https://youtu.be/QQjW68B7s8g
Ring and Flock cancel partnership - https://techcrunch.com/2026/02/13/amazons-ring-cancels-partnership-with-flock-a-network-of-ai-cameras-used-by-ice-feds-and-police/
Savanna Guthrie Nest Video Retrieval - https://www.theverge.com/tech/877235/nancy-guthrie-google-nest-cam-video-storage
Apple San Bernardino Matter - https://epic.org/documents/apple-v-fbi-2/
DJI robot vacuum cameras accessible via Internet - https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt
Unifi protect cameras - https://geni.us/isNyY2
Zuck in court to testify on social media addiction - https://apnews.com/article/mark-zuckerberg-trial-testimony-instagram-c8cbaa32ccbf4933ec3a7beebd6cf34b
Glassholes are back - and forbidden in court - https://www.cbsnews.com/news/meta-trial-mark-zuckerberg-ai-glasses/
Movie recommendation - Happy Gilmore - https://geni.us/v96XEgb
Meta/Facebook studies on addictiveness of social media - https://www.cnn.com/2026/02/23/tech/facebook-researchers-study-addictive-features
LinkedIn/Microsoft Verification data being shared with many others, including Persona -= https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Complacency in the Loop

Mon, 09 Feb 2026 11:00:00 -0400

AI is growing in use within information security, but are we ready to trust it to do all the things we hope it can, and do so automatically without doing harm? Context is king, and training to that level is only possible when you give all your experience to the AI. What are the tradeoffs to doing so? What happens when we depend on AI and forget (or worse, never learn) the underpinnings of what makes the AI system work (remember the calculator debates of the 1980s?). And does the end justify the means when it comes to AI use? And what is that “ends” anyway? Efficiency, automation, knowledge? Erik, Dan, and Brian discuss it all in this week’s Great Security Debate!

Show Notes

Report on reasons Israel didn’t catch oct 7 attacks - https://www.npr.org/2025/03/05/nx-s1-5318591/israel-shin-bet-security-failure-october-7-attack
Shin Bet Report - Source Doc (Hebrew) - https://www.documentcloud.org/documents/25551448-yqry-tkhqyr-shyrvt-hbytkhvn-hklly-710/#document/p1
Waymo hits student on bicycle - https://www.theverge.com/2024/2/7/24065063/waymo-driverless-car-strikes-bicyclist-san-francisco-injuries
Waymo violates school bus rules - https://www.cbsnews.com/news/waymo-recall-3000-vehicles-software-school-bus/
Podcast Recommendation - Agentic Dan - https://distillingsecurity.com/episode-64-agentic-dan/
TV Recommendation - Pluribus - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlza
Trust Issues in AI -
“I bought this Tesla before Elon went crazy” magnet - https://geni.us/DXQYk
OpenAI adds ads - https://apnews.com/article/chatgpt-ads-openai-advertising-83812a066375a805fa2e29b28fc77da1
Satya Nadella AI Internal Memo - https://africa.businessinsider.com/news/nadellas-message-to-microsoft-execs-get-on-board-with-the-ai-grind-or-get-out/sq0fe52
FDA AI Rules - https://www.fda.gov/regulatory-information/search-fda-guidance-documents/considerations-use-artificial-intelligence-support-regulatory-decision-making-drug-and-biological
Utah AI Prescriptions - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122
Movie Recommendation: Terminator - https://geni.us/59025
Book Recommendation: The Cuckoos Egg - https://geni.us/hYE9
Book Recommendation: AI 2041 - https://geni.us/5dtV54h
Anthropic Super Bowl Ad - Scott Galloway on why Anthropic's Super Bowl ad got to Sam ... - Fortune
China facial recognition payments - https://www.chowhound.com/2073279/grocery-store-facial-recognition-china-smile-to-pay/
Movie Recommendation: Sneakers - https://geni.us/P7SB
The Dawn of the Post Literate Society - https://jmarriott.substack.com/p/the-dawn-of-the-post-literate-society-aa1
Leading Causes of Death in the US, 2023 - https://www.cdc.gov/nchs/fastats/leading-causes-of-death.htm
Automated car sex in backseat - https://dailydot.com/driverless-car-sex-autonomous
Podcast Recommendation: The Final Act - https://distillingsecurity.com/new-podcast-coming-soon-the-final-act/
Calculators and Children - https://www.linkedin.com/pulse/crunching-numbers-debate-over-calculator-use-math-education-church-sg6te/
Podcast Recommendation: Mentorcore - https://distillingsecurity.com/tag/mentorcore/

WOPR Was Right

Mon, 12 Jan 2026 16:15:00 -0400

Recently and over the past few years, world events may have included cybersecurity components in their enactment. So, Brian, Erik, and Dan started talking about the role of security in critical infrastructure protection, asking questions about the ethics and thresholds for government and corporate roles in cyber retaliation, whether we as security practitioners have a role (or an obligation, or even a liability) to close vulnerabilities that can be used in primary or retaliatory scenarios. How much of human nature makes cyber retaliation a foregone conclusion, or can we find ways to reduce the need or use or availability of ways in via the technology. From Stuxnet to Iran to Caracas, using cybersecurity is a prevalent vector of retaliation, but does it always have to be that way? Or will it end with WOPR’s recognition that the only way to win the game is not to play at all?

It’s hard to talk about modern cybersecurity and not bring in current events, and even harder to keep it from turning political. We tried very hard to do a good job in the latter as we talked about the former.

Thanks for being part of the debate!

Show Notes:

Caracas Invasion - https://abcnews.go.com/International/explosions-heard-venezuelas-capital-city-caracas/story?id=128861598
Stuxnet Explained - https://www.csoonline.com/article/562691/stuxnet-explained-the-first-known-cyberweapon.html
Book Recommendation: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon - https://geni.us/swbN
San Bernardino vs Apple - https://epic.org/documents/apple-v-fbi-2/
Movie Recommendation: Real Genius - https://geni.us/abYUYT
Book Recommendation: The Creature from Jekyll Island: A Second Look at the Federal Reserve - https://geni.us/SL21a
CIA Triad - https://cybersecuritynews.com/cia-triad-confidentiality-integrity-availability/
Book Recommendation: Atomic Habits - https://geni.us/Nn2GSYr
Michigan Council of Women in Technology -https://mcwt.org
Critical Infrastructure (Sectors) - https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors
Shadowbrokers - https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/
AI Prescriptions (Utah) - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122
Japanese Omoiyari - https://www.linkedin.com/posts/herman-singh-b669357_in-japan-it-is-a-recognized-cultural-practice-activity-7408365447953272834-1op9?utm_source=share&utm_medium=member_desktop&rcm=ACoAAABlrqMBKb13DctlHfhW1OWtb-yWqdfUjnE
GSD Episode on Japanese Parking Culture - https://distillingsecurity.com/episode-65-signs-signs-everywhere-a-sign/
Book Recommendation: Plato’s Republic - https://geni.us/vLBu4
Movie Recommendation: Angela’s Christmas - https://geni.us/Vn9n
Movie Recommendation: Die Hard - https://geni.us/eMASs
Movie Recommendation: Wargames - https://geni.us/L2R5Ij
TV Recommendation: West Wing - Proportional Response - https://geni.us/9mU1k4
Movie Recommendation: Goldeneye - https://geni.us/0dO0b

Signs, Signs. Everywhere A Sign.

Mon, 29 Dec 2025 09:00:00 -0400

Rules are made and policies are established. But the “how” of implementing and meeting those regulations or policies will be very context specific. In this episode of the Great Security Debate, Dan, Erik, and Brian cover a number of key policies and requirements and some different ways to think about implementing them and how the specific situation, company, risk will affect the way you meet the rule. From driving a car to incident response and everything in between. We debate the need to look back at old rules and see if they all still make sense (a great programme called Kill Stupid Rules), and flexibility in control implementation to meet evolving business needs, to move quickly, and keeping the whole picture of the business, customer, and employees in mind.

Thanks for Listening!

Show Notes:

Passing on the right in Michigan: https://legislature.mi.gov/Laws/MCL?objectName=MCL-257-637
Overtake time in Triathlon: https://www.triathlete.com/training/race-tips/9-race-rules-didnt-know-breaking/
Reflex Security (Agentic Tabletop Exercises and Training): https://reflexsecurity.io
Kill Stupid Rules: https://www.wsb.com/blog/employee-retention-secret/
GM Dress Code Change (2020): https://gmauthority.com/blog/2020/06/how-general-motors-ceo-mary-barra-changed-the-companys-dress-code-for-the-better/
Silly State Rules: https://www.buzzfeed.com/rhiannacampbell/weird-old-american-laws-you-wont-believe
Sex in Full Self Driving Cars (Clean): https://www.cbc.ca/news/science/sex-distracted-driving-1.3562029
Movie Recommendation - The Usual Suspects: https://geni.us/wVrLOCB
John Bingham, COO, Speak by Design: https://www.speakbydesign.com/about-us
Movie Recommendation - Gremlins: https://geni.us/qE6NAC
Movie Recommendation -Die Hard: https://geni.us/eMASs
Movie Recommendation - Love Actually: https://geni.us/yj8Fqh

Agentic Dan

Mon, 15 Dec 2025 09:00:00 -0400

We are back for another Great Security Debate.

In this episode: we discuss the potential role of agentic AI in security, from true “copilot” to automated decider of things, and whether LLMs are just a really cool search engine. Brian, Erik, and Dan also debate the means and extent to which we could replace ourselves with agents and what the inhibitors and risks are (spoiler alert: trust and survival of that agent after employment were big factors), and how do we train those agents of all the steps our brains take to make the decisions that the humans make, and do so without polluting it with aspirational versions of ourselves (think: Instagram vs Reality). And it all leads to a parenting lesson by Brian and an automotive process lesson by Erik? It’s quite a debate.

Thanks for listening! We might do one more episode in 2026, but if not have a wonderful holidays and a happy new year!

Here’s the quote that Brian references at the end of the episode by Tolstoy:

Patience is waiting. Not passively waiting. That is laziness. But to Keep going when the going is hard and slow - that is patience. The two most powerful warriors are patience and time. The value lies not in reducing "power" (computational energy) but in leveraging that processing power to achieve outcomes that are difficult, slow, or impossible for humans to manage alone.

Thanks for listening!

Show Notes:

Reflex Security - https://reflexsecurity.io
Movie Recommendation: Multiplicity - https://geni.us/7vgKO
Plaid Privacy Policy - https://plaid.com/legal/
Prompts.ai - https://www.prompts.ai/en
Music Recommendation: Take On Me - A-ha - https://www.youtube.com/watch?v=djV11Xbc914
Book Recommendation: The Toyota Way - Book - https://geni.us/3LcpM
Book Recommendation: Six Sigma - https://geni.us/CS8ql
Book Recommendation: Matricide - https://geni.us/Xfn2MB
Book Recommendation: The Lorax - https://geni.us/Fy8X4b
Perplexity - https://www.perplexity.ai
TV Recommendation - Pluribus (Apple TV+) - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlza

Give a Sh!t Posture Management

Mon, 17 Nov 2025 09:00:00 -0400

On this weeks’ Debate, Brian brings a truckload of acronyms for more single panes of glass to help us consolidate our various single panes of glass, Erik may actually be Brian (or maybe Brian is Erik), and Dan confirms he still (and likely always will) spend the rest of his days living in the house he just built deep in the Trough of Disillusionment.

What started out as a chat about some new technologies in the space turned into a treatise on the state of leadership and the future talent pipeline’s need for more curiosity (and why we think they are starved of the opportunity to learn to be curious). Along the way we talk about what motivates organisations to do security right from the get go vs leaving it alone based on difficulty to remediate, and the risk balances of both (think: productivity vs security). Throw in a little “binary opinions have dragged us into the mire” and you’ve got a full episode of The Great Security Debate.

We also drop some hints about a new show coming from The Distilling Security network in 2026 called The Final Act which will bring guests in the later stages of their careers about the urgency of our careers in security and tech, what they want to leave behind as legacy, and what they are doing to prepare their orgs for their eventual departure. Add on how they have and will give back to the community, and what their successors want to see done before this first generation of security and tech leaders hit the road.

Please subscribe and leave a comment. If you’d like to sponsor the network, please email sponsors@distillingsecurity.com

Thanks for listening!

Show Notes:

What is Data Security Posture Management (DSPM) - https://www.ibm.com/think/topics/data-security-posture-management
What is Identity Security Posture Management (ISPM) - https://www.sentinelone.com/cybersecurity-101/identity-security/identity-security-posture-management-ispm/
What is an Institutional Review Board (IRB) - https://www.hhs.gov/ohrp/education-and-outreach/online-education/human-research-protection-training/lesson-3-what-are-irbs/index.html
Lucy pulls the football (hand egg) away from Charlie Brown - https://www.youtube.com/watch?v=9dsm7K1Xkn4
Healthy foods are more costly - https://www.cnbc.com/2023/12/27/healthy-foods-are-often-more-expensive-heres-why.html
Why Ford cancelled the Bronco after OJ - https://www.slashgear.com/1560204/reason-ford-bronco-discontinued-after-oj-simpson-trial-explained/
Not enough data - GSD Episode 62 [Audio] - https://podcasts.apple.com/us/podcast/the-100-years-ai-flood/id1513770103?i=1000735045511
Not enough data - GSD Episode 62 [Video] -
Book Recommendation - Anxious Generation by Jonathan Haidt - https://geni.us/lDrdn3
Book Recommendation - The Coddling of the American Mind by Jonathan Haidt - https://geni.us/Xqary2V
Ford has 5000 skilled mechanic jobs they can’t fill - https://fortune.com/2025/11/12/ford-ceo-manufacturing-jobs-trade-schools-we-are-in-trouble-in-our-country/

The 100 Years AI Flood

Mon, 03 Nov 2025 09:00:00 -0400

The Great Security Debate is *back*! It’s been a busy year, but it’s time to get this show back on the air (and maybe on the road). Dan takes a break from the rat race, Erik took over the world, and Brian uses Elmer’s Glue to splice his network cables.

Topics in the show this week:

AWS and Microsoft make the best cases for business continuity plans, the AI
Is public cloud reliable enough? Should we all move back to local data centres? How can we reliably assess that risk?
Want an AI Data Centre on your town? NIMBY vs Innovation!

We will be back every 2 weeks on Mondays. Subscribe on YouTube at https://youtube.com/@greatsecuritydebate to see our smiling faces as you watch, or in your favourite podcast application to listen on your commute or with your whole family around the radio.

See you on the 17th with more debates! And some entirely new shows coming from Distilling Security very soon, too. Subscribe to the newsletter on our website https://distillingsecurity.com to hear all about them

Links to mentioned articles and topics:

AWS Outage - 20 October 2025 - https://www.bbc.com/news/articles/cev1en9077ro
Microsoft Azure Outage - https://www.wsj.com/tech/microsoft-hit-with-azure-365-outage-b3ac0724
37Signals move from AWS to Data Centre - https://world.hey.com/dhh/our-cloud-exit-savings-will-now-top-ten-million-over-five-years-c7d9b5bd
100 Years Flood - usgs.gov - https://www.usgs.gov/water-science-school/science/100-year-flood
Great Flood of 1937 - https://www.weather.gov/lmk/flood_37
Impact of Jaguar Land Rover Incident - https://www.bbc.com/news/articles/c0qpl0v3gnzo
CDK Attack and Outage - https://www.industryweek.com/technology-and-iiot/article/55091142/major-cybersecurity-breach-affects-auto-manufacturers
Russian grain blockade against Ukraine - https://www.cfr.org/article/how-ukraine-overcame-russias-grain-blockade
Saline, Michigan OpenAI Data Centre & Pushback - https://apnews.com/article/openai-inc-joi-harris-data-management-and-storage-microsoft-corp-oracle-corp-f25196fca5865ed79d94c972249a272c
Racine, Wisconsin Foxconn and Microsoft site failures - https://racinecountyeye.com/2025/10/08/microsoft-abandon-1st-caledonia/
Racine, Wisconsin What happened to FoxConn? https://www.nbcchicago.com/news/local/what-happened-to-foxconn-a-look-at-the-1-2-billion-spent-and-where-it-all-went/3759518/
Gartner Hype Cycle - https://www.gartner.com/en/research/methodologies/gartner-hype-cycle

Risky Risks: Live from the GTS Security Summit

Mon, 12 May 2025 09:00:00 -0400

The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk!

Takeaways:

The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges.
In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders.
The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency.
Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor.
Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations.
Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

Fantasy Hacker League

Mon, 21 Oct 2024 09:00:00 -0400

In this episode of The Great Security Debate, Dan, Brian and Erik invent (and copyright) the idea of a Fantasy Hacker League then dig into more serious discussions on deception technology, asset discovery challenges, and resource management. The conversation also delves into the impact of budget constraints on security projects, the mental toll on cybersecurity professionals, and the evolving role of CISOs in digital transformation. Issues such as job stress, burnout, and role mismatches among security leaders are addressed, alongside strategic insights on integrating security within broader business operations.

00:00 Introduction to the Great Security Debate

00:39 Humorous Take on Hacker Recruitment

03:16 Fantasy Hacker League Concept

09:18 Microsoft's Honeypot Strategy

22:58 Challenges in Security Budgets and Resources

31:03 The Reality of Full-Time Positions

31:31 Introverts vs. Extroverts in Leadership

32:06 The Challenges of Being a CISO

33:53 Work-Life Balance and Stress

37:04 The Role of Security in Business

39:36 The Future of Security Leadership

41:00 Adapting to Economic Constraints

59:28 The Importance of Enjoying Your Work

01:00:26 Conclusion and Farewell

Free Disaster Recovery Tests!

Tue, 03 Sep 2024 09:00:00 -0400

Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emphasizing the lessons learned, the debate also explores the challenges of disaster recovery, business continuity, and balancing risk in an increasingly complex digital landscape. Tune in as the hosts delve into the ramifications of over-consolidation, the implications of vendor lock-in, and the importance of maintaining a culture of quality and robust testing.

00:00 Introduction to the Great Security Debate

00:37 Layers of Technology and Finger Pointing

01:23 Disaster Recovery and Business Continuity

02:34 Market Leaders and Single Points of Failure

08:25 The Complexity of Software and Manufacturing Analogies

14:27 Kernel Access and Security Implications

23:29 BitLocker Keys and Recovery Challenges

28:05 Daily Text File Sharing

28:21 Transitioning BitLocker Management

28:45 Risk Profiles and Encryption Decisions

31:47 Team Collaboration and Lessons Learned

33:38 CrowdStrike Incident Analysis

36:18 The Importance of Response and Culture

44:10 Balancing Speed and Safety in Software

51:41 Closing Remarks and Future Plans

To Insure or Not To Insure: It’s Not Even a Question

Mon, 01 Jul 2024 10:00:00 -0400

This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns.

Insurance policies, force majeure, and government regulations get some quality discussion and debate time, revealing fears and misconceptions about standardised security controls vs. adaptive security practices. And last up: the practicality and pitfalls of self-insurance, government intervention, and the need for standardised security terminology.

Show Links:

Help support the podcast: https://ko-fi.com/distillingsecurity

Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Thanks for listening!

00:00 Introduction to the Great Security Debate

00:30 The Role of Cyber Insurance

01:49 Manual Processes and Business Continuity

03:09 Manufacturing and Supply Chain Challenges

06:11 Insurance Policies and Cybersecurity

08:00 Standardization and Government Involvement

19:14 The Complexity of Cyber Warfare

22:35 Globalization and Cybersecurity

30:33 Leadership vs. Boss Mentality

33:53 The Role of Communication in Crisis

36:51 The Cost of Compliance

40:30 Global Cybersecurity Challenges

44:22 The Complexity of Online Trust

47:56 Insurance and Cybersecurity

53:07 The Future of Cyber Insurance

01:00:15 Conclusion and Final Thoughts

Wear a Stop Sign On Your Shirt

Thu, 06 Jun 2024 07:00:00 -0400

In this episode of the Great Security Debate, Brian, Erik, and Dan dive into the latest trends in ransomware including an uptick in attacks against the hypervisor. Speaking of VMWare, we also "discuss" the way that Broadcom has handled the VMWare acquisition and why it both make sense (to them) and doesn't (to many customers).

The debate also heads into the impact of AI in cyber threats, and compare strategies for mitigating risk, such as prioritising vulnerabilities and understanding the attack landscape.

Additionally, the conversation shifts to business practices in tech acquisitions and the potential future disruptions in the market and importance of balancing security measures with user experience, and the need for adaptive, short-term security roadmaps to stay ahead in an ever-changing environment.

And break the big news about an upcoming Distilling Security in-person meet-up in Michigan in July!

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

episode-links

Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Mine Everything

Wed, 05 Jun 2024 07:00:00 -0400

Sorry about the audio on this one. We have got the tech back on track for the next episode. I promise!

Join the Great Security Debate as Brian, Erik, and Dan delve into 'pig slaughtering,' a scam involving rapport building to swindle victims out of money.

The discussion explores the intersections of security awareness, blockchain technology, and the ethical implications of digital tracking tools like chain analysis. Featuring real-world cases, including child exploitation traced through blockchain, and the broader debate on privacy versus legality in technology use. Are public blockchain transactions truly private?

And how can we balance innovative tech with ethical concerns? Tune in to hear all about it

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

Thanks for listening!

Spoiler Alert: Leave the World Behind

Tue, 04 Jun 2024 07:15:00 -0400

Join Dan, Brian, and Erik in the latest episode of The Great Security Debate as they explore the impact and implications of the movie 'Leave the World Behind.' Delving into cyber security, societal impacts of technology, and philosophical elements, this discussion touches upon vulnerability management, risk management, and the effect of constant connectivity on modern life. Tune in to hear not only their analysis of the film but also personal reflections on communication, societal changes, and practical steps for improving individual security resilience. This episode also marks the exciting announcement of the Great Security Debate becoming a part of the Distilling Security network. Don't miss out!

Help support the podcast: https://ko-fi.com/distillingsecurity

Show Notes:

episode-links

Editor note: This episode was recorded in the final days of 2023... but was lost to technology demons until now. One of those demons made it necessary to show the Zoom screen rather than our usual edited video cast. Sorry for the inconvenience and pain on your eyes.

Potpourri of Debate... Now with AI

Mon, 08 Jan 2024 10:00:00 -0400

It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three.

A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more.

Links to everything we talked about are available in the show notes.

Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

The Downfall of All Security (Sales)

Mon, 27 Nov 2023 09:00:00 -0400

It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the software providers to the VAR (resellers) in the middle to the people and techniques used to market and sell the solutions. Some of the key topics of the discussion include:

The challenges of security tool consolidation by non-security vendors
Security is not a lock-in tool, and security is not an upsell tool
Pushing changes to products without telling the customers before they happen or letting those customers have control over the change (and if they take it or not)
Security Selling with VARs & Deal Registration
What are the motivators when a product is recommended to you
You can still buy direct (and why you might want to)
The challenge of selling into the SMB
The power of the “vouch” that flies in the face of some sales methods
The importance of being genuine in sales communications (aka knock off the programmatic drip campaigns that pretend to be personal)

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

Less LLM, More Piano

Mon, 21 Aug 2023 09:00:00 -0400

This week we are debating modern AI systems, especially the commercial ones on just about everyone's lips when talking about CVs, high school term papers, and interview answers.

Large Language Models (LLMs), of which ChatGPT and Bard are two examples, are growing in prominence, but will they disrupt the technology world, or are they nothing more than just another blockchain fizzle?

In this episode:

Are these even actually "AI" models, or really just very fast processing of large data sets?
What should I (and should I not) be putting into LLMs? How does the re-teaching based on data entered impact what you should put into public LLMs?
What are some valid use cases for LLMs?
Does depending on tools like LLMs (or calculators) bring us further from core understanding of how things work? Or should we be OK with the efficiency it brings?
How does copyright fit into the LLM expectation and model, and does the legal licensing of training data dull the shine of LLMs?
Are the analyses from LLMs skewed not only by the data they chose to use for training, but also by the userbase that uses that LLM?
How are any of the "good practise" security and privacy requirements for LLM different from any other systems? Spoiler alert: not at all.

Unrelated to AI, we also talk about what happens to all the "smart" things in your house when the internet goes out? What stops working? Way more than you might think...

We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

Links:

Is OpenAI almost bankrupt?: https://www.windowscentral.com/software-apps/chatgpts-fate-hangs-in-the-balance-as-openai-reportedly-edges-closer-to-bankruptcy

Maybe not bankrupt, but has business problem: https://www.forbes.com/sites/lutzfinger/2023/08/18/is-openai-going-bankrupt-no-but-ai-models-dont-create-moats/?sh=3c8922845e22

Gartner declares LLMs at the peak of inflated expectations: https://www.gartner.com/en/newsroom/press-releases/2023-08-16-gartner-places-generative-ai-on-the-peak-of-inflated-expectations-on-the-2023-hype-cycle-for-emerging-technologies

When ChatGPT goes Bad: https://sloanreview.mit.edu/article/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai/

https://venturebeat.com/security/how-fraudgpt-presages-the-future-of-weaponized-ai/

The Circle (Movie): https://www.imdb.com/title/tt4287320/

Amazon Sidewalk, and it's privacy issues: https://www.popsci.com/technology/amazon-sidewalks-privacy-concerns/

Idiocracy (Movie): https://www.imdb.com/title/tt0387808/

Moores law is dead: https://www.technologyreview.com/2016/05/13/245938/moores-law-is-dead-now-what/

GM deletes Car Play from future EVs: https://www.theverge.com/2023/4/4/23669523/gm-apple-carplay-android-auto-ev-restrict-access

GM announces $130K EV Escalade (without CarPlay): https://www.theverge.com/2023/8/10/23827059/gm-no-carplay-android-auto-escalade-iq

Fragile Things (Book): https://amzn.to/47BWWkB

Security is Business!

Wed, 05 Jul 2023 09:00:00 -0400

It's been a minute, but we are back with another Great Security Debate!

Whether it is compliance, trust, questionnaires, we all sell something to someone and security is core to that process.

In this episode, the focus is on how security integrates into the core of each of our businesses or organisations. From being part of strategic planning, the reminder that perfect being the enemy of progress, to the power in being a first mover on security and privacy topics:

Compliance vs security: Is it pro forma? Do you check the SOC2 (and other) reports you get from your suppliers?
You're not a special snowflake: Why won't more orgs use standard questionnaires on supplier assessments?
There are multiple ways to solve a problem, and context is key. The process and environment may mean you don't need a technology control or a specific (prescribed) technology control.
"The business" is a term that should never be uttered again by security or technology practitioners and leaders.
There is power and business value in governance and transparency in security and privacy; build trust in your brand.
We need to move our programs a layer above the specific people. Risk is reduced by living at the process layer. Heroics are not scalable.
How can preparing for a triathlon be used to describe adherence to targets that lead to good security (and the brand value that comes with it)

Remember that you can't be "SOC2 Certified." And PFMEA is not always the answer to every question. Or is it?

We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for listening!

Jess and Jeff Invade

Mon, 24 Apr 2023 09:00:00 -0400

Welcome to a very special Great Security Debate. If it is spring, it means that the annual Forrester “Top Recommendations For Your Security Program” report has come out, and we get to visit with one of the authors, Jess Burn. But this year, we get an added extra voice in that of Jess’ Forrester colleague Jeff Pollard. Both Jess and Jeff share a ton of insight on topics from that report and a few others (see the links below for blog posts about most of them)

In this episode we cover:

How (if) CISOs have been able to become “part of the business” and help colleagues understand that in 2023 security is business.
Board reporting by CISOs and CIOs and where/how we succeed and fail.
Talent shortages in infosec: a self-created nightmare?
Consolidation in times of austerity: right or wrong for security?

Huge thanks to Jess and Jeff for joining (find their LinkedIn and Twitter in the links section). Even though Jess is legacy, we are pretty sure that Jeff will be welcomed back in 2024 with open arms.

We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes.

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Thanks for Listening!

Special Guest: Jessica Burn.

Great Security Debate

Doorbells Ring Hollow

Complacency in the Loop

WOPR Was Right

Signs, Signs. Everywhere A Sign.

Agentic Dan

Give a Sh!t Posture Management

The 100 Years AI Flood

Risky Risks: Live from the GTS Security Summit

Fantasy Hacker League

Free Disaster Recovery Tests!

To Insure or Not To Insure: It’s Not Even a Question

Wear a Stop Sign On Your Shirt

Mine Everything

Spoiler Alert: Leave the World Behind

Potpourri of Debate... Now with AI

The Downfall of All Security (Sales)

Less LLM, More Piano

Security *is* Business!

Jess and Jeff Invade

Bankplosion!

Back to Normal?

Uninsurable!

A Niche Inside a Niche Is Really Just a Quiche

Live From the Big House

No More Ads, No More Privacy Problem?

New Team, Who Dis?

Subscribe and Don't Like!

Fake It Till You Make It?

What Got You Here Won’t (Necessarily) Get You There

Program Your Program

Laws and Regs

Squality!

How Do You Sleep At Night?

Security Super Agent

From the Inside Out

Log4Jelly of the Month Club

Sweet or Suite?

The Infinite Game

Monkeys On Your Back

People, Process and Product

Stop, Collaborate and Pivot

Risks, Regulations, and Reputations

It's Personal

We'll See

Back to Basics

It Depends

Sidewalks and AirTags

Why Does My CISO Hate Me?

It All Comes Down to Relationships (Guest Debater: Jessica Burn)

Out of Office: One Year Later

The ABCs of CISOs

Our Favourite Things

The Winds of Change

Jobs (Not Woz)

Sun and Breeze

E-Phish-Ency

A Frictional Response

Who You Gonna Call?

Yippie Ki-Yay... Let's Hack the Gibson

Privacy Drone 2: This Time It's Personal

Back to School

Hold Me For Ransom

Pippen and Jordan

Gripped With Fear

In The House (Or Not)

MVP vs. TSP

Free Range Security

Privacy Drone

Security is Business!