Skip to content

Insight and analysis of technology and business strategy

Thoughts on Texas Cyber Summit 2023

Joey Jablonski Photo Joey Jablonski date icon
Tags: ,

Last week I had the privilege of attending the 2023 Texas Cyber Summit. Dozens of speakers delivered over 180 hours of sessions on emerging cyber threats, tools, hunting, techniques and methodologies. I was honored to speak on the topic of Defending Analytical Models from Bias.

Texas Cyber Summit brings together industry, government, academia - all critical components to the advancement of cyber capabilities to address emerging threats and growing sophistication from adversaries. What was really exciting to see this year was day 3, where the sponsors provided free passes to students from highschool to college that are pursuing education in the cyber domain. Meeting them, hearing about their excitement and getting to listen to them ask questions in every session made the third day something special.

As with every year in cyber, our tools, threats and techniques advance in capability. This year saw an acceleration in both the threat and response landscapes. Both moved quickly to balance out advancements, often leveraging the same capabilities in different ways with diverging motives.

  • Artificial Intelligence (AI) - AI is an exciting and terrifying advancement to the cyber community. AI brings new capabilities to understand diverse datasets, find threats and investigate incidents. AI simultaneously lowers the bar for an adversary to build new tools, craft compelling phishing emails and impersonate targets with impunity. The community is moving quickly to address the new threats being introduced by this two pronged dynamic.
    • I have long worked at this overlap of cyber and analytics. It has often been a small sliver in an otherwise giant venn diagram. But with the excitement and rapid adoption of AI, we are seeing that sliver grow rapidly, with cyber practitioners looking very favorably on how these tools augment their roles and multiply their impact.
  • Software Engineering as a Must-Have Skill - Many cyber practitioners have software engineering skills. However, they are far from the required skill to be hired today into many cyber and infosec organizations. This is rapidly changing. As our applications become more complex, organizations are undergoing their own digital transformation. As a result, technology teams continue to expand in scope. This demands that cyber teams meet or exceed the knowledge and skills of the teams they support. Cyber practitioners need to develop strong software engineering skills and apply them in their role, both to build defensive capabilities and advise application teams on proper security hygiene during development, deployment and operations.
  • Underground Market Sophistication - The underground (often referred to as the dark web) market for tools, methods, credentials and money laundering is significantly lowering the barrier to entry for new adversaries and accelerating the time from data loss to full compromise of enterprise environments. The availability of tools coupled with the ability to apply Generative AI (GenAI) to tool evolution has significantly increased the risk for all organizations. This will continue to be a challenge for even the most sophisticated organizations as they see an increase in threats and decrease in dwell times. 
  • Removal of the Language Barrier - The language barrier is gone. The simple ability to read an email and determine if it is a phishing attack is no more. The large uptick of ChatGPT and derivatives has made crafting compelling and impactful emails possible for all attackers, regardless of location or primary language. Education of users will be that much more important to ensure they understand the risk of actions, and no longer rely on bad grammar as a primary indicator.
  • User Training and Education - Following from the above, the need to educate users is increasing as threats from AI increase. Users continue to create the largest threat to the organization and our investment in training them on threats, actions and behaviors pay off through decreased risk to the organization. Inject creativity into this process, have users lead the training, gamify the activities and think about how security training can weave in with other corporate events to reinforce the importance next to adjacent corporate initiatives.
  • Model Supply Chain - I have spoken before about the risk posed in our supply chain for analytical models and tools. With the rapid adoption of AI and machine learning (ML) we are seeing rapid adoption of open source tooling without fully assessing the risks and building mitigating controls. Many organizations are finding that the default installation of many open source tools for model testing, training and management fall below their organizational standards. Organizations must invest ahead of the curve to build awareness and knowledge of the risk posed by AI tools in their environment.

See you all in 2024 at the Texas Cyber Summit!
Joey Jablonski Photo Joey Jablonski

Joey Jablonski is VP of Global Solutions at Pythian, he leads strategic engagements assisting customers in developing their data strategy, defining and executing on data governance programs and building analytical models to power the modern data-driven organization. Prior to Pythian, Joey was VP of Product at Manifold, where he brought a product mind-set to all engagements—allowing for delivery of value quickly in any project and building over time through adoption of new data-centric capabilities in an organization. Joey led engagements across industries including retail, high tech, pharmaceuticals and the federal government. Before Manifold, Joey held executive leadership positions at Northwestern Mutual, iHeartMedia and Cloud Technology Partners. He brings 20+ years of experience in software engineering, high performance computing, cyber security, data governance and data engineering.

Pythian Blogs

  • There are no suggestions because the search field is empty.

Tell us how we can help!
dba-cloud-services
Upcoming-Events-banner