Shawn Anderson's Cyber Blog

Cloud, Assurance, Forensics, Engineering

Tag: analyst

Be vewwwy quiet….The AI Robots are hunting us….

November 9, 2023 / / 0 Comments

Well, at least they might if we don’t plan appropriately. This blog will explore the world of cybersecurity in AI and the potential of this technology as it advances.

In our ever-connected world, we entrust AI with a plethora of information about our lives, from our daily routines to our most personal records. While this technology offers incredible benefits, it also raises important questions about privacy, security, and control. In this blog post, we’ll explore the impact of AI on our lives, drawing inspiration from a recent miniseries and delving into the crucial role of AI and Machine Learning (ML) in the realm of cybersecurity.

AI in “Class of 09”:

Recently, I watched a fascinating miniseries on Hulu called “Class of 09,” which revolves around an FBI class of 2009. This series delves into AI, taking us through the past, present, and future, offering a unique perspective on technology’s evolution and its effects on society. The central story arc is centered around an AI system that starts as a tool to assist agents but eventually turns into a formidable weapon to identify and confront wrongdoers. As the AI becomes increasingly sentient, it begins to view humans as threats, much like the dystopian scenario depicted in “iRobot.”

The massive amount of data – is an ongoing issue.

Back in the ’90s, the technology world was grappling with the idea of a 1-gigabyte hard drive as a significant storage solution (if we only knew!). Fast forward to today, and we find ourselves in the era of “zetta and yottabyte” (1021 – 1024 data storage, where the scale of information is staggering. To put it in perspective, envision a stack of 8 1/2 by 11-inch papers stacked as high as the Washington Monument – that’s roughly the equivalent of 1 gigabyte of data. Now, multiply that by millions to billions, and you’ll grasp the immense volume of data in the cloud.

Not only is the amount of data and the proliferation of AI an issue, but we also have cyber adversaries operating with ruthless determination, driven by motives that often disregard feelings, morals, and laws. They seek data, money, fame, or other objectives, and they stop at nothing to achieve their goals. In this high-stakes game, we, as defenders of cybersecurity, must act proactively and swiftly.

The Ethics of AI:

This storyline raises an important question: how do we ensure that AI systems are used responsibly and ethically, rather than targeting individuals based on mere suspicion? As AI advances rapidly, we need to implement checks and balances to ensure fairness and control. The line between progress and potential chaos is thin, and we must tread carefully.

Rigorous Security Practices:

To effectively combat threats, rigorous identity practices are essential. Verifying the identity of users and devices is a fundamental step in safeguarding data and systems. Implementing strong identity practices can help prevent unauthorized access and potential breaches.

Security frameworks work for cybersecurity and as I’ve stated in past blogs, “just pick a framework”. You don’t have to be picky, but you should consider one for your particular set of requirements. For some the CIS Benchmark (Formerly Sans top 20) might work, others NIST, CoBIT, or something from ISO. AI should not be any different and you should find a framework for it and around the Large Language Models (LLMs) you will be working with.

As AI and ML continue to evolve, it’s vital to establish a security framework for large language models. These deep learning algorithms are becoming integral in various applications, but their potential misuse can pose significant risks. A structured framework can ensure responsible use and mitigate potential security concerns.

There is a very promising future of AI, if only we used it as a tool in the toolbox. A really fast, smart, and innovative tool but one none the less. The thing about tools is they have to have a purpose and some are complex enough you should learn how to use them properly, so you don’t hurt yourself or others. Despite the massive data challenges, AI holds immense potential for enhancing our lives.

Exciting developments are underway in fields like autonomous vehicles, aerial imaging using drones, robotic surgical systems, exoskeletons, collaborative robots, automated farming, smart home devices, virtual assistants, virtual reality, and space exploration. The future of AI and robotics is indeed bright, limited only by our imagination.

Conclusion:

While AI has the power to transform our lives for the better, it also demands our vigilance and ethical considerations. As we navigate this AI-powered world, it’s crucial to strike a balance between innovation and responsibility. The cybersecurity landscape is evolving, and AI is at the forefront, empowering professionals to safeguard our digital realm. What are your thoughts on this? Follow my page for more insights into the exciting world of AI and technology.

Top 10 AI books you might be interested in

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Shawn has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Shawn is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Shawn serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

It’s all about the Data!

July 27, 2023 / / 0 Comments

The title might be the biggest “duh” statement ever but I continue to be surprised at how many technology/cyber professionals miss this. They feel it’s all about the “network” and the “infrastructure”. We can’t really blame them, as there is a huge chance these professionals started their careers “on premises” and kept with the same understanding and knowledge when they shifted to the cloud.

We cannot use the same thinking in the cloud that we used on prem because data doesn’t reside within any one domain of control. It spans across numerous boundaries in it could be residing locally on an endpoint, on a server in the local data center, or in a SaaS solution in the cloud. This means the data is sitting on a cloud providers network somewhere in the world. Unless you build the location into your architecture or specifically state this requirement in the service level agreement your data residency requirements, it could be anywhere. It’s still out of your purview of protection using SaaS but you have a responsibility to protect it wherever it resides.

Cloud providers are quick to tell you they are responsible for the protection of the cloud and you, as users, are responsible for the protection in the cloud. This statement kills me because the “devil is in the details”. Companies are terrible at patching their own on premises systems, let alone keeping track of the 100’s of VM’s they might have in any one cloud provider. In a future blog I will discuss my frustration when technology companies make you “turn the security feature on” rather than “we turned in on and here are the risks to your data if you turn it off”.

When we focus on designing out topology using a network mentality, we implement solutions originally built to keep people out of the network (or in) and not focused on who might be accessing data in either domain. We need to focus first on data identification so we can figure out how/when to protect it.

In the cloud there must be a renewed focus on data protection and the security of the applications accessing, moving, managing, or touching this said data. In order to do this we have to rewire our brains a bit. On prem, we didn’t care about the data as long as it was sitting in the perimeter of our control. Anyone on the inside was trusted and anyone outside was not. Easy as pie!

It’s not so easy in the cloud age. We need to have an “assume compromise” and “zero trust” mentality 100% of the time. In my past blogs I have mentioned the importance of due care and due diligence, the importance of implementing multi factor authentication (MFA), and picking a security framework. These are the basics and once you have these in place you can focus on a more holistic ($2 word) data protection architecture. Here are some items to consider in your data protection journey:

  1. First step is understanding your data journey is going to be just that, a journey. With the advent of cloud computing, processing capability, and data creation you should be prepared for upwards of multiple petabytes of data or even exabytes. Think “data ocean” vs “data lake”[1] and eat the elephant one byte at a time.
  2. Organize a company wide data risk and threat management team who can work across the organization identifying the most critical data and make recommendations/decisions on how best to protect this data. This team should be made up of a cross company team with representatives from every department.
  3. Pick a tool to give you visibility across your whole network environment. Consider cloud-based tools with connectors to on premises tools so you can get a full view of everything you have. consider all areas whether they be on prem, cloud or hybrid multi-cloud. This can be a managed service, or one of the newer cloud SaaS companies providing these services.
  4. Run a report and then sit down with the management team described above to discuss the output of this report. Develop discussion points to help the executive team understand why protecting this data is important and what the analytics stated was important. They might be similar, but often times very different. The most used system vs the most important system could be very different. This is where the organization should have a good handle on where their data is traveling/sitting and what applications are being used to work with the data.
  5. Take the data, the input from management, and build a build out the organizations risk tolerance dashboard showing these systems and accompanying data. This should include how critical these applications/systems are to the ongoing business. If one critical system goes down or data is lost how long would it take to recover? How long would it take to rebuild?
  6. Run a worst-case scenario exercise with your IT department and security team. Once they have a good handle on the main issues invite the leadership and/or business leaders in to conduct a tabletop exercise. This is where you really have the ability to see how decisions would be made and identify the response gaps you might have because of those decisions.
  7. Rinse and repeat as often as you can, continuously fine tuning and working off known issues.

Bottom line, companies need to identify a framework, take inventory of their data (both critical and non-critical), implement a system to monitor across the whole of the company’s environment. This should include on prem, cloud, and in many cases multi-cloud environments. Run analytics and build out your risk management strategy and reporting structure. Bring in the leadership early and often to review as you go, making sure everyone knows their role in the process. finally, don’t be afraid of what the process shows. It’s going to be ugly at times, but this is how we get better. Identify the issues and work a plan to get better.

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting “environmentally friendly materials”.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

[1] Data Lakes Revisited | James Dixon’s Blog (wordpress.com)

Due Care….Due Diligence…did you know and what did you do?

May 25, 2023 / / 0 Comments

I’ve been in this industry for more than a few decades and many times have come across cyber professionals and organizations who do not have a clear answer to this basic question: Why do we approach security the way we do? People have varying answers from “it’s my passion”, “bad guys are bad”, “the money”, “I love technology”, and many more. Rarely do I get the answer of “Because protecting our “fill in the blank” is the right thing to do.”

Many professionals I work with are in this because they see bad actors for what they truly are. Bad, not good, very low down, and sometimes outright evil actors. The adversary wants to own you, manipulate you, control you, or in the case of many nation states eventually break you. The terms of “Due Care” and “Due Diligence” are legal terms every cyber security professional should know on day one. These terms are drivers for everything we do. If we know we have an issue, then it’s important to protect and do something about it.  

Most cyber security professionals do not have a legal background so it is a good idea to brush up on these key terms so one can navigate the profession a little bit easier. These are as critical to me as confidentiality, availability, integrity, and non-repudiation. Topics I will discuss in a future blog because people need to be reminded from time to time.

Cybersecurity is a critical concern for organizations across all industries, with data breaches and cyber-attacks becoming increasingly common. Let’s face facts; the bad actors are bad, and they want to take companies down for reasons ranging from fame, they are mean, or worst case they represent a nation state who is in a digital war with the other country. In this context, due care and due diligence are two concepts often discussed in relation to cybersecurity. While both are important, they are distinct and serve different purposes.

Due care refers to the level of care that a reasonable person would take to protect their own personal information and that of others. It is a legal concept that obligates organizations to take reasonable steps to protect the personal information of their customers and employees from unauthorized access, use, and disclosure. Due care involves establishing and implementing reasonable security measures to protect data, such as using firewalls, encryption, and access controls. Due care is a proactive approach that emphasizes the prevention of security breaches and data loss.

Due diligence, on the other hand, is a process of conducting a thorough investigation into a company’s security practices and assessing the risks associated with a particular transaction or activity. Due diligence involves evaluating the security posture of a company and identifying any vulnerabilities or gaps that may exist in its security infrastructure. Due diligence is often conducted before entering a business relationship with another organization or acquiring a new company.

In the context of cybersecurity, due diligence involves reviewing the security policies and procedures of a company, as well as conducting vulnerability assessments and penetration testing to identify any weaknesses in the security infrastructure. Due diligence also involves reviewing the security training and awareness programs in place for employees and evaluating the incident response and disaster recovery plans of the organization.

While due care and due diligence are distinct concepts, they are both important for maintaining effective cybersecurity practices. Due care is essential for establishing a baseline level of security and implementing best practices to prevent security breaches. Due diligence, on the other hand, is critical for identifying potential risks and vulnerabilities and developing strategies to address them. Together, these two concepts help organizations to maintain a strong security posture and minimize the risk of cyber-attacks and data breaches.

In conclusion, due care and due diligence are two critical concepts in cybersecurity that serve different purposes. Due care is a proactive approach that emphasizes the prevention of security breaches and data loss, while due diligence involves conducting a thorough investigation into a company’s security practices and assessing the risks associated with a particular transaction or activity.

Both concepts are important for maintaining effective cybersecurity practices and minimizing the risk of cyber-attacks and data breaches. Down the road I will address how these two very critical terms and corresponding activities can help leaders build out their risk posture and program.

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

© 2024 Shawn Anderson's Cyber Blog

Theme by Anders NorenUp ↑