• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Rob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the potential of AI models and their impact on various aspects of technology and society and digs into the importance of improving model interaction by allowing more thoughtful and refined responses.

We also discuss how AI can be a superpower, enabling rapid prototyping and idea generation. The discussion concludes with considerations for safeguarding AI models, including transparency, explainability, and potential regulations.

Takeaways:

• Scaling pen testing can be challenging, and maintaining quality becomes difficult as the team grows. Bug bounty programs have been a net positive for businesses, providing valuable insights and incentivizing innovative research.
• Attack surface management plays a crucial role in identifying vulnerabilities and continuously monitoring an organization's security posture.
• Social engineering attacks, such as SIM swapping and phishing, require a multi-faceted defense strategy that includes technical controls, policies, and user education.
• AI has the potential to augment human intelligence and improve efficiency and effectiveness in cybersecurity. Improving model interaction by allowing more thoughtful and refined responses can enhance the user experience. Algorithms can be used to delegate tasks and improve performance, leading to better results in complex tasks.
• AI is an inflection point in technology, comparable to the internet and the industrial revolution. Can be game-changing to automate time-consuming tasks, freeing up human resources for more strategic work.
• Autocomplete and code generation tools like Copilot can significantly speed up coding and reduce errors. AI can be a superpower, enabling rapid prototyping, idea generation, and creative tasks.
• Safeguarding AI models requires transparency, explainability, and consideration of potential biases. Regulations may be necessary to ensure responsible use of AI, but they should not stifle innovation. Global adoption of AI should be encouraged to prevent technological disparities between countries.

Links:

• Rob Ragan's Theoradical.ai
• Testing LLM Algorithms While AI Tests Us — Testing LLM Algorithms While AI Tests Us
• LLM Testing Findings Templates — This collection of open-source templates is designed to facilitate the reporting and documentation of vulnerabilities and opportunities for usability improvement in LLM integrations and applications.
• Rob Ragan on Twitter
• Rob Ragan on LinkedIn
• Bishop Fox Labs

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.

Links:

• Kymberlee Price on LinkedIn
• BlueHat Seattle Closing Remarks - YouTube
• Keynote: Defenders Assemble - Kymberlee Price
• BlueHat | Microsoft

Links:

• Vinnie Liu on LinkedIn
• Vinnie Liu at MS BlueHat v8
• Anti-Drone Tools Tested: From Shotguns To Superdrones

Links:

• Six Buckets of Product Security
• Outcomes > Bugs

Links:

• Assetnote
• Shubs Shah: Hacking on Bug Bounties for Four Years
• High frequency security: 120 days, 120 bugs
• h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
• H2C Smuggling in the Wild