The Future of Cyber Regulation in the New Administration – Ilona Cohen, Jenn Gile – ESW #395
Full Audio
View Show IndexSegments
1. The Future of Cyber Regulation in the New Administration – Ilona Cohen – ESW #395
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB).
In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation.
Guest
Ilona is HackerOne’s Chief Legal and Policy Officer, where she manages the public policy portfolio, oversees all legal matters, and provides strategic leadership to the company. Cohen transitioned to the tech industry after serving in the Obama White House, first as a senior lawyer to President Obama and then as General Counsel of the White House Office of Management and Budget (OMB). At OMB, Ilona was an integral part of designing and implementing the Administration’s technology and cybersecurity initiatives. Cohen has a broad range of experience and has served in other senior roles in the tech industry, the Executive Branch, and the U.S. Senate. She started her legal career in private practice at the law firm WilmerHale.
Hosts
2. Is Shift Left Just Starting to Catch On? And Other AppSec Trends & Insights – Jenn Gile – ESW #395
'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends.
Segment Resources:
Guest
Jenn Gile is director of Product Marketing at Endor Labs, and a seasoned application security and DevOps marketer and community builder. She writes prolifically on tech topics including open source, Zero Trust, Layer 7 traffic management, compliance, and WebAssembly. She is the author of NGINX’s ebook Taking Kubernetes from Test to Production and Endor Labs’ Implementing Software Supply Chain Security. With a background in learning and development, Jenn prioritizes education-based marketing programs that provide intrinsic value to the community.
Hosts
3. AI Security Concerns: Real Threats or Distractions? Also – unhinged security teams! – ESW #395
In the enterprise security news,
- Change Healthcare’s HIPAA fine is vanishingly small
- How worried should we be about the threat of AI models?
- What about the threat of DeepSeek?
- And the threat of employees entering sensitive data into GenAI prompts?
- The myth of trillion-dollar cybercrime losses are alive and well!
- Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity
- Thanks to the UK for letting everyone know about end-to-end encryption for iCloud!
- What is the most UNHINGED thing you've ever seen a security team push on employees?
All that and more, on this episode of Enterprise Security Weekly.
Hosts
- 1. FINES: UHG Increases Change Healthcare Data Breach Victim Count to 190 Million
"The maximum financial penalty for a HIPAA violation set by the HITECH Act is $1.5 million, and adjusted for inflation is just over $2.1 million."
Do WHAT? If this was the EU, UHG would be getting hit with a $1B+ fine. I had no idea that HIPAA fines had so little bite. Why bother even fine - it's less than 10% of the ransom they paid the attackers!
- 2. THREAT OR DISTRACTION?: Harmonic Security – From Payrolls to Patents: The Spectrum of Data Leaked into GenAI Copy
"8.5% of prompts into GenAI include sensitive data"
Okay, and what percentage go into Google searches? Into Dropbox? What percentage of what Grammarly sees is sensitive data? How about that Dictionary.com Chrome extension?
Our data goes into a LOT of services that are controlled or managed by other organizations. It seems like a distraction to hyperfocus on Generative AI services just because they're new.
- 3. THREAT OR DISTRACTION: Open Source AI Models: Big Risks for Malicious Code, Vulns
TL;DR
- models themselves are not dangerous, it's how they're packaged
- use safetensor, not pickle
- 4. THREAT OR DISTRACTION: DeepSeek app, safe to use?
Is everything you're typing into the DeepSeek app, API, or website going directly to folks in China?
Yeah, I think it is safe to assume so.
Is that worse than your data going to Meta? Or Google? Or some startup with zero reputation that you just started using because it looked cool?
That's a tougher question.
We're bad at assessing risk, especially in the moment, without comparisons, and with all our geopolitical biases present. Does this analysis of the DeepSeek app look bad or inappropriate?
I'd argue most of us aren't equipped to answer that question. How often do we view analysis like this? How does this compare to all the other apps on our employees' devices? All these GenAI apps request camera permissions, because there's always a "tell me what I'm seeing" or "translate this sign" use case.
- 5. MYTHS AND LIES: The cost of cybercrime to reach over $12tn by 2025
There's a new source for overinflated claims of losses to cybercrime.
It also has no methodology and makes no effort to provide details on how the number was estimated.
Show your work or GTFO with these bajillion numbers.
- 1. SURVEY: What is the most unhinged thing you’ve seen a security team push on people trying to be productive?
- 2. NEW FEATURES: Kagi Privacy Pass
- 3. OLD FEATURES: The UK and Why You Might Want to Use Advanced Data Protection for your iCloud data
Been around since 2022, but most people are just finding out about it because of the UK's demand for a back door into ALL Apple users' data, globally.
