Joe Basques and I were having a conversation about the state of the tech world and decided to hit the record button. There was a lot of ground covered in 20+ minutes.
First off, it's that time of year when publications do stories about what can be expected in the next year, which means journalists get swamped with pitches from companies about their executives' predictions. Most of them aren't worth considering but I will still respond. We talk about what we are looking for at the magazine.
Next, dysinformation. You may wonder what that is. That's what I call the subject that includes disinformation and misinformation. We will do a special issue on the subject in December, so if you have something to say, now's the time to get it in.
Finally, we often hear from companies that they can't afford to do marketing. In truth, it can be expensive, that's why Cyber Protection Magazine will launch a new affordable sponsorship program for 2026. You will be surprised at how affordable it really is.
The genesis of this podcast was a convoluted pitch that was three steps removed from the client. A marketing company working for the client hired a PR agency to distribute a press release, who then farmed out the pitching to a freelancer. I tried to get some clarity on the pitch from the freelancer and it became apparent that she had never talked with the client. Luckily, I had already met with the CEO of the client company a couple of times so I bypassed the rep and went directly to the source. She explained she had never heard of the rep or the agency she seemed to work for.
All of this culminated in a story about how the cyber training industry, AKA human risk management, was trying to change and expand the scope of training so it would actually work... and how they are working against themselves.
Proxies are the largely hidden lubricant of the internet. They both protect us and make us vulnerable. The AWS and Microsoft Azure outages in the past few weeks were examples of what happens when proxies are correctly maintained. But as they protect our privacy they also protect the identities of bad actors luring us with their own malware. We talked with Sarah Ralston, CPO of Proxyware about how they are turning the tables on the bad guys.
The journalism industry is in trouble and has been for most of the 21st century. But the advent of AI generated content has made professional journalists absolutely crucial not just to democracies but to business success.
One of the most prolific and successful technology journalists is Bolaji Ojo. He has headed editorial efforts for the EETimes, AspenCore Media, the recently closed Ojo-Yoshida Report and the now-defunct EBN. Some of those titles may be foreign to people in the cybersecurity world, but not to executives in the electronics world that cybersecurity rests upon.
This brief conversation is packed with information that most people don’t think about including how technology impacts all industries, expanding scope of coverage. Traditional ad revenue has shifted to platforms like Google and Met allowing companiesto reach customers directly, but this now creates credibility challenges for companies. AI-generated content is causing markets to distrust marketing message more than ever before. That has established the need for experienced journalists to provide context, analysis, and trusted perspectives.
Ojo describes how his new ventures are getting financial support from companies like Microchip, NXP, Infineon, Siemens, ST Microelectronics not to drive sales but to establish credibility. The challenge is justifying sponsorship to CFOs/boards vs. SEO.
The value proposition of tech journalism, he said, is providing context and "what it means and offering trusted, independent analysis and future insights.
This episode may be the most important we’ve had this year. It provides a roadmap to effective marketing for cybersecurity companies in the near future.
Our expanded coverage of the viability of the AI industry, and how it could affect the cybersecurity industry, continues with this episode. We've blown out our time limit of 30 minutes because we are talking with three entrepreneurs with less dependence on AI as a product feature. We talk with Tony Garcia, CISO of Infineo; Luigi Caramico, CEO of the innovative encryption company DataKrypto; and Chris Schueler, CEO of Cyderes, an automated MSSP. TL;DL they are all sanguine about the success or failure of AI.
Full story can be found at CPM
We've been having a lively debate at Cyber Protection Magazine about the potential, dangers, and chances AI is going to survive in its current form. Co-editor Patrick Boch likes to say I'm something of a Luddite about it, and it's true (Luddites were not against technology, but were adamant about protecting workers using it). I like to say that Patrick is overly optimistic. But, then, He's a lot younger than me, so optimism comes more easily to him. Plus, he's not living in the dystopian hell-hole that the US has become. Lucky dog.
That being said, this is the first of several discussion Patrick and I will be having on this subject, along with several other interviews and articles to come.
I was attending the AI Infra Summit recently and was handed a book with an interesting title : AI Made Easy for Parents and was intrigued by the title. It is an easy read, but ultimately disappointing, at least from an educator's view.
More often than not, when I'm interviewing a corporate leader about the news they are presenting to me, I find a bit of news in their own content that they didn't see, That was the case when I interviewed Mike Wiacek, founder and CTO of Stairwell. The company is in a very competitive market with almost 250 companies dedicated to identifying malware before it can mess up your system, The report was about the rise of malware variants in the world, but their own report showed that, at least this year, the technology niche they are in is actually knocking that number down. He was surprised, but it made for a good discussion.
When it comes to the implementation of AI in a corporation, the question is not if or when. It’s more like, “How much if a disaster are we willing to accept?” A whole new industry niche is arising to help companies determine just how mediocre and unsafe they want to be. Tumeryk is one of those companies helping provide that insight.
The first of September began with a bang. I've got a lot to write and talk about, but barely had time to do this much. There is an AI infrastructure conference coming next week, along with a special issue on AI economics. But companies really need to start learning how to tell a story all over again. Generative AI and marketese is killing a lot of really good technology. Listen in and find out how to fix that.
A few weeks ago I talked with Paul Valente, CEO of VISO TRUST. In the excitement of Agentic AI adoption, a massive security hole has opened and Valente's goal is plugging that hole. Our conversation adds a needed reality check to the AI euphoria/
I got a pitch from Reality Defender (deepfake video detection) about a partnership with ValidSoft (deepfake voice) last week. We don’t generally cover partnership agreements because, well, we get a handful every week and they just aren’t news. But the pitch threw out a few statistics that seemed a bit off. After some research, I found out how off they were.
See, fraud can be divided into two types: Criminal fraud, which companies like these are dedicated to stopping, and legally protected fraud like advertising and political speech (First Amendment and all that). As far as impacts go, the latter is much more dangerous and prevalent, but security companies can’t relly do anything about that. And that is what I discussed with Reality Defender CEO, Ben Colman discussed.
Key Takeaways and Links
Deepfake fraud attempts are low in percentage but high in potential impact, especially for high-value clients in regulated industries
There's a critical need for national regulation to address AI-generated content on consumer platforms, as current measures are insufficient.
Reality Defender and Validsoft claim to lead in deepfake detection, focusing on inference-based and provenance-based approaches respectively
The "David Act" (Deepfake Audio Video Image Detection Act) has been proposed to require platforms to flag AI-generated content.
We are starting out the 11th season of Crucial Tech is a bang. I am completing an article on a significant security hole in AI agents that shows how the tech industry makes security an afterthought every, damn, time. One of the companies pitching a solution is Teleport, which manages identity access and I had a friendly but contentious conversation about it with their CEO, Ev Kontsevoy who insisted that identity is NOT a security issue. OK, then.
Today ends the 10th season of Crucial Tech, 250+ episodes over six years and not a single repeat subject. Today we look at an aspect of cyber insurance not yet discussed as far as we can find: Why do so few cybersecurity companies carry cyber insurance? We bring in our friend and benefactor, Spencer Timmel from Safety National Insurance, to get that answer.
We are taking a few weeks off before launching into season 11. Send any ideas for new episodes to Cyber Protection Magazine.
If you are one of the smart people who have a subscription to Cyber Protection Magazine you will soon receive our next special issue focused on the rise of non-human identities (NHI) and their impact on society. If not, you get just this podcast with a hint of what is in the issue.
We talk with Mike Towers, Chief Security & Trust Officer at Veza, about the meteoric increase of NHI. As a bonus, we also look into the theft of $90 million in cryptocurrency by the Israeli hacktivist group Predatory Sparrow. This represents a new area of asymmetric warfare.
This episode of Crucial Tech iis a bit different. It’s about technology public relations, rather than specifically about a product or service.
Tech PR has a problem. Search Engine Optimization (SEO) already damaged the ability of practitioners to connect with members of the press and large language models (LLM) are destroying their ability to tell a compelling story to the press and customers.
We sat down with one of the last great practitioners of tech PR, Beth Trier, to talk about how she is dealing with the degradation of the industry. Our 30-minute discussion was illuminating. She agreed that SEO and LLM have had significant impacts on the declline and how she and her team are making every effort to maintain professional and effective practices. She also points out that the fragmentation of the press adds significant complexity to their work. We also discuss the nature of “earned media” and how few people really understand what that means.
We wrap up with ways press and public relations can work better together to do the crucial job of providing ethical and independent coverage of what is happening in the industries they support.
Make sure you tak the poll on Spotify.
I haven't been shy about rejecting the hype behind the coming of Q-day -- the day that a quantum computer exists that can break modern encryption. But I've always felt that the most powerful encryption available could somehow be bypassed. Talking with Crick Waters, CEO of Patero, my fears have been realized. And yet I am encourages.
And we talk again with Spencer Timmel, head of cyber security insurance company Safety National, on the affect of mergers and acquisitions on security
This week is a short one and a two-fer. ABC fired a long-time reporter for expressing an opinion on social media. One might be tempted to call it censorship and bowing to our weak and failing leader. But I understand the reason and took some time to explain it.
But on a more positive note, I talked with Spencer Timmel of Safety National Insurance about the current retreat of the US government from securing the internet. He provides a refreshing idea that it might not be so bad.
Yes, AI is a problem in the hands of bad actors, especially when they use bots to automate brute force attacks on identity. There are also a ton of companies dedicated to protecting your identity to keep the bad guys from impersonating you and those you care about. One of those companies is Ping (no, not the guys that make the golf clubs). In a continuation of our series on bots, we talk with Peter Barker, chief product officer for Ping and what they are doing about AI-based attacks.
A few weeks ago I posted what was supposed to be an interview with Dale Hoak, CISO for RegScale, on understanding Zero Trust. Unfortunately, the audio was of yet another interview that I have to repost on a different subject. That's what comes from having to wrangle 50 hours of fecordings from the RSAC Conference along with follow ups/.
So, I promise, this is the right one.