In this episode of the mnemonic security podcast, we take a closer look at a tension that remains invisible to most of us, yet is very real: the quiet conflict unfolding within our critical infrastructure.This topic gave us the perfect excuse to once again invite one of our favorite guests, for the fourth time, Joe Slowik. Joe brings over 15 years of experience in cyber threat intelligence (CTI), detection engineering, and incident response, with expertise in industrial control systems (ICS), operational technology (OT), and critical infrastructure environments. He currently serves as Director of Cybersecurity Alerting Strategy at Dataminr.In his conversation with Robby, Joe explores the threats posed by Volt Typhoon, a state-sponsored Chinese cyber operation known for targeting critical infrastructure, primarily in the United States. They discuss the origins and activities of the group, recent operations, and Joe also shares his research into what this group has the potential to achieve based on their current operations and proven capabilities.The discussion also covers Joe’s broader research into China’s cyber eco-system and how it has evolved, including the country’s extensive network of research institutions, companies, and lesser known contractors. Joe also shares his observations about current trends in the OT industry, insights into his upcoming areas of research within OT, and his perspective on where the field is heading.Send us a text
--------
40:06
--------
40:06
Prompt Engineering
In this episode, Robby welcomes Dan Cleary, Co-founder and CEO of PromptHub, an organisation focused on enhancing LLM-based applications. He’s also one of the organisers behind the Prompt Engineering Conference, the world’s first event exclusively dedicated to prompt engineering, taking place in London on October 16th.They discuss prompt engineering and management, what to expect from the upcoming conference, and what this emerging field means for enterprise AI and security.Cleary also shares why centralised prompt management matters, how AI’s role in enterprise adoption is evolving, and what security professionals should explore to stay ahead.Send us a text
--------
26:26
--------
26:26
State of the Union: Agentic AI
Everyone’s talking about Agentic AI, but beyond the buzz, what’s actually happening on the ground? The mnemonic security podcast is continuing to dive into the world of Agentic AI in our latest episode, recorded live at Sikkerhetsfestivalen.For this episode, Robby is joined by fellow podcaster (CloudFirst Podcast and KI til Kaffen) Marius Sandbu. They look at real-world implementations of agent-based systems, particularly what’s been done in Norway. And try to answer the question: are we ahead, behind, or just cautious?They also discuss lessons learned from local projects, the current state of the global ecosystem, and what it really takes to make Agentic AI useful; diving into integration concepts like MCP and RAG, and how they’re being applied in practice.Send us a text
--------
56:03
--------
56:03
Autonomous cyberattacks
Brian Singer, a PhD candidate at Carnegie Mellon University, joins Robby to talk about his research on creating autonomous attackers and defenders for networks. In their conversation, they discuss how Brian and his team made a system that uses LLMs to autonomously attack networks.Singer and his team recently got a lot of attention after using this system to successfully recreate the Equifax cyber-attack from 2017, one of the largest data breaches in U.S. history, in a virtualised cloud environment. In turn, showing how LLMs can be taught to plan and execute sophisticated cyberattacks without a human involved.They also talk about how LLMs are unlocking new capabilities for defenders, where he is seeing a lot of opportunity, and how he thinks security will be developing the next three to five years. Send us a text
--------
34:47
--------
34:47
Pig Butchering
Trust is one of the most powerful and dangerous currencies that we have. Whether it's a phishing email, a romance scam or a human trafficking operation, the criminals behind it exploit some of the same dynamics; mainly that trust can be earned by playing to our emotions.This is particularity true when it comes to this episode’s topic; the global crime of "pig butchering". The scam involves luring victims into fake romantic relationships, convincing them to invest in cryptocurrency schemes, and then stealing their money through fake investment platforms. It’s worth to add that the term is a violent term for a violent crime, and that financial grooming might be more fitting description.This week’s guest, Erin West, spent 26 years as a district attorney, and the last few years she’s been exclusively working on these kinds of scams. She’s been featured in the Wall Street Journal about her work, testified before Congress and started her own non-profit (Operation Shamrock) focusing on educating about and disrupting transnational organised crime.Erin explains how Chinese organised crime uses high-tech methods, including cryptocurrency, to defraud victims of their life savings, the link to human trafficking, and the surprising scale of it all.Send us a text
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
South Africa