Skip to main content
Crucial Tech

Crucial Tech

By Lou Covey

Unraveling the technology that affects us all but that few of us understand, in a format to give you a basic understanding in the time it takes to drive to and from the grocery store.
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Episode 8.8 - Red teaming AI

Crucial TechMar 25, 2024

00:00
21:06
Episode 8.8 - Red teaming AI

Episode 8.8 - Red teaming AI

We have written several articles at Cyber Protection Magazine under the title of Defense Against the AI arts and this interview today falls into that category. The company’s name is Enkrypt and the CEO is a nice guy named Sahil Agarwal. What the company does, among other things is it provides a red-team service for companies integrating a new AI, either homegrown or third party, and tells the company if the AI has any security holes or other common flaws.

Also check out the book review, mentioned in the intro


Mar 25, 202421:06
TikTok: Hoist on its own petard

TikTok: Hoist on its own petard

A very, special episode providing some perspective, without offering an opinion on the legislation, about the TikTok controversy,

The debate over the appropriateness of the Congressional action against TikTok can be debated for a long time and probably will until the Senate takes action—which could be weeks. What is less debatable is TikTok’s, and pretty much all of the social media industry’s contribution to the situation. In essence, social media has been hoist on its own petard.


Mar 15, 202408:40
Episode 8.7: Arming insurance companies for cyberbattle

Episode 8.7: Arming insurance companies for cyberbattle

With the exception of people in insurance, nobody like to talk about insurance. That's why, three years ago, few people felt sorry for the insurance industry as it reeled from claims due to multiple natural disasters, rising costs of automobile repairs and, more specifically, data breaches.

Last year, however, was a banner year for cyber insurance while cyber criminals took the financial hit. The size of the global cyber insurance market is predicted to see rapid growth the total market size increasing $20 billion (U.S.) by 2025. That turnaround is largely due to insurance companies requiring heavy prerequisites for cyber awareness, basic cyber hygiene an mandatory, ongoing audits.

One of those companies is Upfort, providing a variety of services to the insurance industry to vet potential clients and make sure they stay secure through training, unique firewalls, and red teaming services. We talked to their CEO XingXin about how companies like his are turning the tables on criminals and making insurance affordable.



Mar 06, 202424:55
Episode 8.6 -- Bad month for cyber criminals.

Episode 8.6 -- Bad month for cyber criminals.

It has been a bad month for cybercrime. Yes, attacks are on the way up. Yes, they are still extorting money and causing infrastructure chaos. But there is a massive, shadow-busting spotlight on them right where they live and defense technology is advanced enough that they are hearing footfalls of law enforcement behind them.

Recently a faked call from "President Joe Biden" to New Hampshire Democrats urged them not to vote in the state’s primary. It only took a few weeks using AI-detection tools to not only identify what company provided the technology but also the user himself.

For today’s episode, we followed this theme and called one of our favorite technologists, Vijay Balasubramaniyan, CEO of Pindrop, whose technology can reliably identify AI-generated video and audio tech. Vijay would not confirm whether his product was used in this investigation.

You will hear him demur that “we can’t comment on an active investigation.” But he said it in such a way that I’m pretty sure it was. Also, he was interviewed for articles in Wired where he said his tool identified the call as a fake with a factor “north of 99 percent.” Independent researchers at first claimed that number was hard to believe, but after running their own tests grudgingly admitted, “Yeah, that's pretty close.”

BTW, this episode is sponsored by Safety National Insurance


Feb 24, 202427:09
Episode 8.5 -- FIDO, PCI fighting the good fight for security with payment cards

Episode 8.5 -- FIDO, PCI fighting the good fight for security with payment cards

Biometric multi-factor authentication is all the rage in security. And yet it is also the cause of terror for security-minded folk. For every breakthrough we get a news story about how it has caused harm.

Some systems can’t identify people of color as well as it can caucasian people, which has been a problem of photographic technology for decades. Police using the systems have ended up surveilling if not arresting the wrong people. Using DNA to get an AI to develop a suspect’s face has similar weaknesses.

Most recently in Southeast Asia, thieves set up a video call employing deep fake videos to pose as a CFO and financial team and get an employee to transfer $25 million to the thief’s account. In Thailand and Vietnam, hackers stole biometric data to drain accounts in local banks.

The last example demonstrates the need for industrywide cooperation in establishing safeguards. The theft was facilitated by the banks using their facial ID recognition software, not that has been developed to industry standards or even state-of-the-art software from companies like Apple.

Two organizations have taken the lead in securing the use of biometrics in payment cards (credit, debit, and gift): The PCI (Payment Card Industry) Security Standards Council and the Fast Identification Online (FIDO) group. Both are separate but have worked together for about a decade. We talked with Dennis Gamiello, executive VP for identity products and innovation at Mastercard, about their involvement with FIDO and what it means for all of us.

Feb 17, 202427:18
Episode 8.4 - Making your personal medical data safe
Feb 07, 202425:10
Episode 8.3 - Centific is fixing AI before it becomes Skynet

Episode 8.3 - Centific is fixing AI before it becomes Skynet

Sam Altman, CEO of OpenAI has infamously said the goal of AI companies is to build AI without concern for application or safety. The safety stuff can be figured out later, he thinks. Luckily there are multiple industries popping up to take care of the application and safety issues concurrently with AI development. Companies like Centific are prt of that effort making sure the data used in training AIs is "clean." In other words, it is both accurate and safe. That's a tough job, according to CEO Venkat Rangapuram, but doable.
This interview was conducted in October and my apologies for the delay. If it is true that we have a certain number of things to finish before we die, then I am so far behind I may live forever.
Jan 24, 202418:18
Episode 8.2 --The most dangerous people on the Internet: Our take

Episode 8.2 --The most dangerous people on the Internet: Our take

Every year, Wired Magazine publishes an article naming the most dangerous people on the internet and, quite frankly, who gets chosen is fairly obvious, but not altogether accurate. At least that is what we think at Cyber Protection Magazine. So this year, we took our shot at naming the most dangerous people. Give a listen and tell us what you think.

Jan 17, 202423:51
Episode 8.1 -- Harri Hursti makes me feel stupid about elections

Episode 8.1 -- Harri Hursti makes me feel stupid about elections

Harri Hursti is an internationally recognized expert on election security and was a focal point in two HBO specials on the subject: Hacking Democracy (2006) and Kill Chain: The Cyber Wars Against America's Elections. So when we decided to do a special issue on election security at Cyber Protection Magazine this year, getting an interview with him was high on our priority list. We didn't expect it to happen so early, but it's a great start.

Hursti runs the Voting Village program at DefCon every year in Las Vegas, under the sponsorship of the Election Integrity Foundation

In this longer-than-normal interview we got deep into whether the world's elections are secure (they aren't but it is getting better), what companies are producing secure technology for voting (they aren't), and how good intentions make voting insecure. Forget the coffee, get an adult drink and listen.

This is also the first episode of many this year to be sponsored by Safety National Insurance, providing protection for large organizations. Visit www.safetynational.com for more details.

Jan 04, 202447:33
Episode 7.29 - Would you bet your job on that post?

Episode 7.29 - Would you bet your job on that post?

In a world awash in AI-generated, intentional misinformation and urban myths, would you bet your job on the reliability of the information you want to share? You might be betting someone's life on it.
Disinformation (intentional misinformation) has become a major support for both sides of all conflicts in the world. Once called propaganda, technology, mostly social media, has turned state-controlled information into a virtually immortal beast that can end up turning on its creator.
Dec 04, 202321:32
Episode 7.28 -- Privacy Not Included, in pretty much anything

Episode 7.28 -- Privacy Not Included, in pretty much anything

Two years ago we interviewed Jen Caltrider, head of Mozilla foundation's Privacy Not Included group and got an earful about how bad Meta's privacy was in its products. This year we caught up to Jen and she said they are still bad, but in two years they've been surpassed by Amazon and Google. Before you head out to buy those IoT gifts for Christmas, you might want to listen to this podcast and then check out the site.

Nov 22, 202330:50
Episode 7.27 - Deep fake acceptance increasing but at what cost?
Nov 17, 202330:35
Episode 7.26 -- Update your software, but pay no attention to the statistics

Episode 7.26 -- Update your software, but pay no attention to the statistics

The bulk of this episode is about the importance of updating your software no matter how painful it is, and we learn some valuable information about the FREE services of Trackd from its CEO Mike Starr that will help you do that with minimum fuss.

But the REAL reason I did this interview is that in their pitch to me and in Mike's interview, they used some statistics about the problem of cybercrime and its effects that are not based on truth. They've just been repeated over and over again.

That is an inherent problem in technology companies in particular: nobody checks their "facts" and, eventually, the customers learn that the vendors don't know what they are talking about, which kills sales. That is at the heart of the SEC lawsuit against SolarWinds. What the company thought their services and tools could do was not accurate. They weren't trying to fool the customers, but they did fool themselves.

For the next few months, I'll be digging into the theme of "Lies, damn lies, and statistics" in this podcast and on Cyber Protection Magazine. This is the first shot. That's why people like me exist...and there aren't many of us left, which explains why mis/disinformation is so widespread.

Nov 02, 202325:27
Episode 7.25: Linkedin account hijacked? It's not hopeless

Episode 7.25: Linkedin account hijacked? It's not hopeless

Instances of LinkedIn users having their accounts hijacked are a familiar occurrence on social media. Reddit has multiple discussions about the nightmare of trying to restore access to this crucial business tool. So when a friend called me in a panic about having it happen to him, I knew it would be a great opportunity to test out the advice I give to others who have been hit.

It isn't easy. It requires patience. And you need all the help you can get from friends. But it can be done.

Oct 25, 202333:25
Episode 7.24 -- MGM Grand Breach, Social Engineering, and how to protect yourself

Episode 7.24 -- MGM Grand Breach, Social Engineering, and how to protect yourself

The breach of the Las Vegas casinos in August has been the subject of a lot of news and commentary, but one thing that hasn't been discussed is what went on in the 15-minute call to the help desk. This interview with Ryan Healey-Ogden of Click Armor, and Bojan Simic of HYPR takes two completely different takes on that conversation and what can be done to prevent similar breaches.
Oct 13, 202348:15
Episode 7.23 - Defense against the AI Arts
Sep 29, 202346:43
Episode 7.22 -- Canada in the crosshairs for cyber attack

Episode 7.22 -- Canada in the crosshairs for cyber attack

An August report from the Canadian Centre for Cyber Security said over the next two years, Canada is going to face significant threats from state-supported cyberattacks from Russia, China and North Korea.

Canada? What the heck did Canada do to earn the ire of those folks. Canadians are arguably the nicest people in the world. So we called up our favorite Canadian “cybersleuth”, Ian Thornton-Trump, Cyjax’s CISO. to get the skinny.

Sep 13, 202328:50
Episode 7.21 - Security is dependent on your access to the internet

Episode 7.21 - Security is dependent on your access to the internet

Most people don't think about accessibility when it comes to the internet. We think of ramps and braille signs and audiobooks. But physical and developmental issues are much more complex than being able to get into a restaurant, especially when it comes to security. I talked with Justin Merhoff, chief of security for Deque (pronounced Dee-cue) Systems in Virginia about the need to make software and digital systems usable for all people, not just most people. And there is an action item for all you in the audience. The National Institute for Science and Technology is working on the first draft of NIST SP 800-50, a standard for cybersecurity and privacy learning, but this draft contains virtually nothing related to people with physical and learning disabilities. If you or people you care about fit that category, now is your chance to give feedback for that standard≥ Go to the site and download the form for comments. Make your voice heard now.


Sep 09, 202328:58
Episode 7.20 -- There's a hard wind coming for cybersecurity companies
Aug 25, 202349:15
Episode 7.19 - ETSI is doing the heavy lifting on AI protections

Episode 7.19 - ETSI is doing the heavy lifting on AI protections

As generative AI (GAI) platforms become more commonplace, concern over their security issues is growing. As with any digital product, security relies on four arenas. User responsibility, corporate accountability, government regulation and industry standards. The first two are unreliable because users feel put out by having to protect themselves and corporations don’t like to spend money on security upfront. That leads to the third arena, legislation produced by people who don’t know the difference between a thumb drive and a thumbtack.

That put a lot of the load on industry standards and one of the most active is the European Telecommunications Standard Institute (ETSI). Cyber Protection Magazine’s (CPM) editors Lou Covey and Patrick Boch sat down with Scott Cadzow, chair of ETSI’s Specification Group for Securing Artificial Intelligence about the progress and problems of standardizing safe GAI.

Aug 08, 202340:13
Episode 7. 18--Ethics in an AI platform? Shut the front door!
Jul 31, 202329:27
Episode 7.17 - Generative AI as a defense against cyber attacks

Episode 7.17 - Generative AI as a defense against cyber attacks

Most of the discussion about generative AI is either focused on how good or bad it is, without ever discussing that it is JUST a tool. We talked with Anurag Gurtu, chief product officer of StrikeReady, about how the technology can enhance, not replace human involvement.

Jul 21, 202321:02
Episode 7.16 -- Perspective: Things are getting better

Episode 7.16 -- Perspective: Things are getting better

It's hard to stay positive about the state of the world as long as you listen to everyone complain about it. One truth overrides that for me: Nothing is as bad as it seems nor as good as some people might tell you. The trick is to focus on the goal. When you see progress... anywhere... take heart.

Jul 07, 202316:50
Episode 7.15 - VR Headsets: Boondoggle or Breakthrough?

Episode 7.15 - VR Headsets: Boondoggle or Breakthrough?

The team at Cyber Protection Magazine doesn't just look at cybersecurity technology. Sometimes we just argue about tech in general. Chief editor Lou Covey and co-founder Patrick Boch have been talking about the Apple Vision Pro headset since it was first announced and still don't agree on it, but we thought the discussion would help others make up their mind on whether to invest $3500 now or wait until the price comes down, So we recorded our last discussion.

Jun 30, 202330:04
Episode 7.14 -- Taking a step toward stopping AI fraud with Pindrop

Episode 7.14 -- Taking a step toward stopping AI fraud with Pindrop

Generative AI is BIG business. Maybe too big. In the rush to commercialize and cash in on billions of dollars of investment, Big Tech is letting security slip through the cracks again. Adversaries are weaponizing AI to supercharge phishing attacks, destabilize governments and blackmail innocent people. This episode is the first entry in a months-long series of storeis, podcasts, videos and panels on "Defense Against the AI Arts (with Apologies to Harry Potter". Our first subject Vijay Balasubramaniyan, CEO of Pindrop.

Jun 16, 202322:56
Episode 7:13 -- How companies can assure customers their data is safe

Episode 7:13 -- How companies can assure customers their data is safe

Telesign is part of a growing security niche market dedicated to providing the infrastructure companies need to keep customer data safe. We talked with company CMO Kristi Melani about how the industry needs to educated not just corporations but the users in what is available to them.

Jun 01, 202326:17
Episode 7.12 -- Data for All by John K. Thompson: A book review

Episode 7.12 -- Data for All by John K. Thompson: A book review

This episode is our very first book review. I edited Data for All late last year and had my eyes open to both the massive amount of customer data collected by almost every corporation in the world, and the amount of digital waste produced by the effort. There is also a mini-review of Not with a Bug, but with a Sticker. These are two books that if you read them (and they are both easy reading) will make you sound like an expert in AI and data science in any gathering of people. That may not be a good thing but I enjoy it.


May 09, 202324:30
Episode 7:11 -- Rohit Ghai on the promise and problem of generative AI

Episode 7:11 -- Rohit Ghai on the promise and problem of generative AI

#GenerativeAI was front and center at the RSA Conference 2023 in San Francisco. Companies were either promoting it as a means of improving security or warning against it as a security weakness. It was even the keynote on Tuesday by RSA CEO Rohit Ghai, who took a neutral position that leaned positive on its potential.

But as he spoke, for the most part, glowingly about the AI age we are entering there were some questions that arose. So we contacted him through his PR agency and he graciously accepted an interview appointment to answer those questions. Our focus was, primarily, on the ethical use of generative AI and the failure of the tech industry to live up to its own stated ethics. The conversation was frank and illuminating.

May 01, 202333:49
Episode 7.10--What's up with Generative AI

Episode 7.10--What's up with Generative AI

You cannot spit without hitting a news story about generative AI (AKA ChatGPT, Bard, etc.). Some of the news is good, some of it bad, and all of it fairly confusing. ⁠Cyber Protection Magazine⁠ has been digging through the detritus and find what really is good or bad about it and today we continue that with an interview with a very smart man: Dr. James Norrie, a full-time professor in the Management, Marketing, and Entrepreneurship department at York University and founder of the cybersecurity company CyberconIQ. He holds advanced degrees in cybersecurity and intelligence analysis, copyright law, and project management. And he has a very specific take on generative AI.

Apr 21, 202333:30
Episode 7.9 -- Getting to the bottom of the TikTok issue

Episode 7.9 -- Getting to the bottom of the TikTok issue

TikTok has been in the news for quite a while, but at Cyber Protection Magazine, we are pretty sure we aren't getting the whole story, so we are starting a series of articles and podcasts to get to the bottom of the issue, starting with this episode.

We talk to Ian Thornton-Trump -- raconteur, iconoclast, cyberwarrior, and CISO for Cyjax -- and he, as usual, has a lot to say. As you listen you will find that the real problem is not in the app, but in ourselves... and in bad algorithm design.

Also, this is an ad-free episode. If you want to support the work we are doing, go to Cyber Protection Magazine and donate to the cause. The button is on the bottom of the page.

Apr 14, 202327:12
Episode 7:8 - Advertising isn't what you think

Episode 7:8 - Advertising isn't what you think

You can't talk in polite company about politics or religion, but everyone can talk about how they hate advertising. And for good reason. I take a break from discussing technology to rant about what tech companies do to get you to buy their stuff, and why you don;t trust them.

Apr 07, 202314:24
Episode 7.7 -- Sextortion is a thing.  How big a thing is questionable. But it is scummy

Episode 7.7 -- Sextortion is a thing. How big a thing is questionable. But it is scummy

“Sextortion” is a popular theme in media and the news, but it may or may not be a big deal. No one can really come up with a consensus about what it is and how widespread it is. It’s even difficult to pin down whether it is a crime. We talked with Ken Kuglin from Digital Forensics Corporation, a cybersecurity firm in Ohio, about how to deal with the attacks and their free services to educate people about how to avoid or deal with sextortion.


Mar 30, 202318:51
Episode 7.6 -- Axiado seeks to crowd source a "data lake" for comprehensive cyb ersecurity
Mar 12, 202323:45
Episode 7.5 - That IRS agent that called you is a criminal
Mar 03, 202321:31
Episode 7.4 -- Avoid being a big, stationary target

Episode 7.4 -- Avoid being a big, stationary target

Being a security company that gets hit with a data breach or malware attack is embarrassing, besides the fact that it scares the hell out of your customers. But the current tech fad of "decentralization" has a pretty good lesson for anyone thinking about establishing a security operations center, virtual or otherwise. We talked with the CEO of Dispel about how they've been decentralizing security operations in infrastructure clients for years now. 

Feb 10, 202312:20
Episode 7.3 -- All things Data Privacy!
Feb 03, 202336:26
Episode 7:2 -- Diversity and Civil Rights Progress with Rockwell's Nicole Darden Ford

Episode 7:2 -- Diversity and Civil Rights Progress with Rockwell's Nicole Darden Ford

It's Martin Luther King day today, which is an important holiday for me. This interview was incredibly satisfying because it demonstrates how far we've come since Dr. King Spoke in Washington DC in 1963. We have a long way to go, but this is a celebration of what is being accomplished.

Jan 16, 202319:38
Marketing and Media: Most of what you know is wrong

Marketing and Media: Most of what you know is wrong

To kick off the new year and our seventh season, Joe Basques and I tackle the conundrum of distrust in media and why marketing doesn't work the way it's supposed to in the technology world.

Jan 10, 202329:34
Episode 6:19 - End of the Year finale with Ian Thornton-Trump

Episode 6:19 - End of the Year finale with Ian Thornton-Trump

For the second year we are publishing predictions for 2023 in Cyber Protection Magazine by asking people and organizations to submit a brief, one-paragraph statement. Our friend and Cyjax CISO sent an entire presentation. And it was fun and scary all at the same time.,So we went with it. Check out the other predictions on the magazine and let us know what you think.

Dec 13, 202228:29
Episode 6.18 - Account takeover attacks are inevitable

Episode 6.18 - Account takeover attacks are inevitable

A personal bank account was hacked this week, but because I was getting regular alerts from my bank we kept the damage at a minimum. As luck would have it, I had scheduled this interview with Bruno Farinelli of Clearsale who explained how even when you do everything you can to keep your finances safe, criminals have a way to get around your protections. 

Dec 08, 202220:09
Episode 6.17 - Avoid Black Friday deals. Enjoy your time off

Episode 6.17 - Avoid Black Friday deals. Enjoy your time off

Guess what? Black Friday doesn't give you good deals and the ones you may be looking at may be scams. Take 15 minutes and get smart.

Nov 25, 202215:30
Episode 6.16 - The future of democracy, technology and media

Episode 6.16 - The future of democracy, technology and media

A few weeks ago I was on a panel at San Jose State, #yesyoucan, about the future of democracy and how it intersects with technology and media. It went over an hour, which twice longer than what I normally do, but it included Harry Hursti speaking on election security and Sari Stenfors regarding a "hopeful future." After what we've been through the past few months, it might help.

Nov 10, 202201:09:27
Episode 6.15 - As tech investors cower, Cybersecurity looks like a good bet

Episode 6.15 - As tech investors cower, Cybersecurity looks like a good bet

You've read the headlines about the stock market and the tech sector in particular. Self-proclaimed genius tech bros are hemorrhaging wealth, portfolios are crashing. But while the cybersecurity industry isn't completely unaffected, it is still attracting billions in new investment and private equity acquisitions. We talk to Brad LaPorte of Lionfish Advisors about why investments are falling in tech and why cyber is the new darling.

Nov 03, 202222:59
Episode 6.14 - Are we turning the tide on cybercrime? Depends on who you talk to
Oct 20, 202225:29
Episode 6:13 - Finally, some good news is coming

Episode 6:13 - Finally, some good news is coming

Want some good news about technology? Stay tuned

Oct 17, 202201:38
Episode 6.12 -- Quad9: Where you should start your cybersecurity program

Episode 6.12 -- Quad9: Where you should start your cybersecurity program

I was pleasantly introduced to a non-profit cybersecurity company this week. Quad9 was established 6 years ago with the goal of reducing human error as the source of breaches, which makes of more than 90 percent of all successful cyberattacks. And they do it for free. Their website (www.quad9.com) has a lot of easy to understand and use tools to block malicious actors from accessing your systems and data. Check it out.

Oct 07, 202222:32
Episode 6:11 -- Office Phishing and the three Ms with Adam Levine

Episode 6:11 -- Office Phishing and the three Ms with Adam Levine

The most innocuous things can be open invitations to criminbals to hack your data, or infiltrate your company. Adam Levine, cybersecurity podcaster and founder of Credit.com talked with Crucial Tech about "office phishing" and the "three M's" of personal cyber protection.

Sep 23, 202224:45
Episode 6:10 -- Quantum Computing: Not Just for Stealing Secrets
Sep 14, 202225:11
Episode 6.9 - Hybrid Vishing. It's such a thing.

Episode 6.9 - Hybrid Vishing. It's such a thing.

I get a new report from a different research company almost every week about the state of cybersecurity. Most of them say the same thing, but I do read them all the way through. Recently received a report from a company called HelpSystems, a cybersecurity services company that works with some pretty big name companies and they issued a report that got me yawning almost immediately. But their research subsidiaries, Agari and PhishLabs, buried a couple of items that perked up my ears so I said yes to an interview. What follows is a 30-minute discussion about the report focusing on a couple of areas, hybrid vishing, and vulnerabilities criminals are using to target Office 365 users. John Wilson, senior fellow for threat research went on to talk about which email platforms are most popular for criminals and how criminal activity using cryptocurrency is on the rise. You can get a copy of the report here.big-name

Sep 01, 202227:40
Episode 6.8 Virtru offers privacy in period trackers
Aug 24, 202224:47