For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI).  It is not too long ago since Eoin last visited the podcast, (only 7 months,)  but lots has happened in the world of AI since. During the episode, he talks about some of the most significant changes and developments he’s seen the last months, how models are getting smarter, smaller and more...

Data Brokers and Data Removal Services What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies? To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a service that automates user personal data removal from data brokers. Darius shares from his research on data brokers and their business models,...

For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security. Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set of security topics ranging from telling the risk story and categorising risk, to darknet monitoring and infiltration, and using chatbots for...

Ethical social engineering Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed? Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and hands-on experience working as an ethical hacker specialising in social engineering. In her conversation with Robby, she shares what goes through...

How will AI impact the next generation of people working with computer science? This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos.  Athena was recently...

How does cybersecurity play a part in ensuring food security? As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production. During her conversation with Robby, she shares some of her major research findings, and how data, automation, IoT and AI play an important role in food...

Conflictual coexistence Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security.  He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), including being Chief Security Officer at Altinn, the Norwegian authorities' solution for reporting and dialogue with business and industry. In his...

To join Robby for this episode on Russian cybercrime and ransomware, we’re welcoming Sam Flockhart, Cyber Threat Intelligence Manager at Santander UK. Sam has a background in military intelligence from the British army, where he has spent a large part of his career looking at Russian influence in Eastern Europe. Including experience from the British army’s support mission to Ukraine. Sam goes through his presentation “From Russia with ransomware” presented at FS-ISAC EMEA Summit last month....

Metaverses Have you been to the metaverse yet? And are you among the 78% that believe the metaverse will provide a significant value to their organisation in the future? To join Robby for this episode, we’re welcoming Julia Hermann, Senior Technology and Innovation Manager at Giesecke+Devrient, where she works on identifying opportunities in the metaverse. Julia shares what companies are utilising metaverses well, and where she sees the most opportunities in enterprise, commercial and...

Defending EVE Online How does combatting botting, hacking, and fraud in a virtual game relate to fighting real cybercrime? To share his take on this, Maksym Gryshchenko joins us to share how he works as a Security analyst at CCP Games, a leading game developer based in Iceland, and the developers behind the sci-fi role-playing game EVE Online. EVE Online is known for having an immensely complex market economy system for the game's internal industry and trade between players, and Maks...

Last year, threat researchers all over the world got a sneak peek into the inner workings of the Russian defence contractor NTC Vulkan.  The Vulkan files leak provided an interesting behind the scenes look at Russian cyber capabilities and scalability, and the ways state sponsored organisation work.  Joe Slowik, managing threat intelligence at the cybersecurity company Huntress, joins Robby to talk about how he worked through the hundreds of pages of data from the leak, and what he learned...

Cryptology is fundamental for the way the internet works today. But what exactly is modern cryptology, and what are the most common areas in which it’s being used? To guide us through this complex area, Robby’s joined by Bor de Kock, PhD. in Cryptology and Assistant Professor at NTNU. They talk about some of the main challenges to cryptology these days, encryption security and its limitations, and how Bor expects quantum computing to affect cryptology. Bor also shares what makes him both...

Physical penetration testing | ISACA series For this episode that is part of our ISACA series, we’re joined by Rob Shapland, Ethical Hacker/Head of Cyber Innovation at Falanx Cyber. Rob talks about what he’s learned from his 15 years of testing physical and cyber security for his clients, including more than 200 building intrusions assignments. He explains how these kind of testing assignments work, what usually does work – and what happened the one time he actually didn’t get in. Robby and...

Artificial intelligence (AI) and machine learning (ML) models have already become incorporated into many facets of our lives. In this episode, we discuss what happens if these models are attacked. How can the models that AI and ML are built upon be attacked? And how can we defend them? Eoin Wickens, Senior Adversarial ML Researcher at HiddenLayer, an organisation doing security for AI and ML, joins Robby to talk about this often overlooked aspect of AI. During the episode, they also discuss...

What do you really know about your vendors? And about your vendors' vendors? To talk about supply chain attacks, and how to best mitigate and meet these risks, Robby is joined by a pair with a lot of experience on this topic: Roger Ison-Haug, CISO of StormGeo, and Martin Kofoed, CEO of Improsec. Martin and Roger discuss what a supply chain attack looks like these days, how to prepare for when a compromise happens, and how to get an overview of your organization's exposure. They also...

How to succeed with bug bounties Responsible disclosure and vulnerability reporting have come a long way in recent years, and have gone from being feared and even something you took legal action against, to something that is appreciated for its value. Ioana Piroska, Bug Bounty Program Manager at Visma, joins Robby to share how Visma has succeeded with their bug bounty program. She talks about Vismas’ approach to these kind of programs, and the actual value they receive from them. Ioana and...

Influencing the board What are some of the most effective methods of gaining a board’s support, and how do you maintain this trust and improve it over time? Our guest today has worked with a lot of boards, and joins us to share his experiences providing boards with the tools to ask the right questions when it comes to cybersecurity, and conveying to them why cybersecurity is important for their organisation. Roger Ison-Haug has worked in IT for close to 30 years and is now working as the CISO...

KraftCERT trusselvurdering 2023 | In Norwegian only Our podcast guest this week is Espen Endal, previous mnemonic colleague and currently OT Security Analyst at the Norwegian energy sector CERT: KraftCERT/InfraCERT. InfraCERT is an ISAC (Information Sharing and Analysis Center) and an IRT (Incident Response Team). Mainly working to update their members about relevant vulnerabilities and threats to make them able to better detect and respond to digital attacks. They are also part of the...

Avoiding overload and managing stress in cybersecurity For today’s episode, Robby’s joined by Lisa Ventura, Cybersecurity Specialist, Author, and qualified Mental Health First Aider. After many years of experience from the industry, she’s become particularly interested in the human aspects of cybersecurity, especially when it comes to mental health issues, stress, and burnouts. During their conversation, Lisa explains how common stress and burnouts are in InfoSec and cybersecurity, and...

Asset Intelligence Imagine a scenario where your organisation discovers that a threat actor currently possesses more knowledge about your environments than you do. Let’s find a way to make sure we don’t end up there - but how? For this episode, Robby is joined by a serial entrepreneur and serial guest at the mnemonic security podcast. For the fourth time, we’re welcoming Brian Contos. Today, to discuss his latest role as Chief Strategy Officer at Sevco, a company specialising in asset...

Operationalising Threat Intelligence What can you do to get the most out of your threat intelligence initiatives? A good place to start, is picking Kyle Wilhoit’s brain. Kyle’s the Director of Threat Research at Palo Alto Network's Unit 42, and author of the book Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs. During his chat with Robby, he provides some advice on how organisations should be handling their threat...

Crypto Finance How does a crypto finance agency work with security? To answer this question, and provide insight into security in the world of crypto, we’re joined by Dr. Dominik Raub. He has more than 10 years of experience from the financial industry, a Doctor of Sciences in Cryptography, and works as CISO at Crypto Finance AG, an organisation providing crypto and blockchain services to institutional clients. Dominik talks about the threat landscape they are in, the adversaries in the...

Office IoT  Can you say for certain that you have a full overview of the IoT devices that are set up in your office environment? Smart Lighting, thermostats, locks, appliances, security cameras, sensors... perhaps even a fish tank?  To talk about the importance of securing our office IoT, and specifically our printers, Robby is joined by Quentyn Taylor, Senior Director – Information Security and Global Response at Canon. During their conversation, Quentyn shares from his vast experience...

Passwords and their managers How do you create your passwords? Do you get help from a password manager, or is your personal “system” bulletproof? Robby has invited two guests passionate about passwords, and how we manage them. Not surprisingly, they can with confidence say that our own “systems” are highly guessable, and not as unique as you might think. Our experts this episode, Cecilie Wian from the Norwegian consultancy Bouvet, and Per Thorsheim CISO and password & digital...