BROADCASTS.com

Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. He is the founder of the security site Liquidmatrix Security Digest & podcast as well as the host of DuoTV and the Plaintext podcast. He is currently a member of the board of directors for BSides Las Vegas. \xa0Previously he served on the board of directors for (ISC)2 as well as being a founder of BSides Toronto conference. Dave has been a DEF CON speaker operations goon for over 10 years. Lewis also serves on the advisory board for the Black Hat Sector Security Conference and the CFP review board for 44CON. \xa0He is currently working towards his graduate degree at Harvard. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.\xa0In this interview, Dave Lewis shares his highlights from his keynote presentation at SINCON 2023, the first cybersecurity conference in Singapore for the year 2023.\xa0Globalisation and supply chain attacks - He shared his thoughts on how threat actors have exploited globalisation of supply chain: that as organisations move to a cloud-based iteration \u201cfor everything\u201d and thereby extending targets of opportunities for the attackers. This means that we have extended from protecting the \u201cfour walls\u201d to an \u201cunfathomable number of walls\u201d. In particular, as we digitalise, we have to \u201cmake sure we are not outpacing security\u201d, and that we understand our fallback position if \u201cthere\u2019s a global catastrophe and we have to cut off from the rest of the world.\u201d One example is critical infrastructure, where there is \u201caccumulated security debt\u201d (e.g. deprecated applications) and where \u201cstakes are higher\u201d.\xa0Zero trust - Dave stressed that \u201czero trust\u201d is an \u201citerative process\u201d and there is \u201cno end state\u201d.\xa0Rather, it is about reducing the risks and addressing the core fundamentals from 30 years ago \u2013 managing our core users, our network segmentation, critical applications in our environment.\xa0Cybersecurity skills and resources - Dave also shared how we need \u201cmore adults at the table\u201d, that maturing our cybersecurity posture requires more senior level involvement.\xa0He also advised that we need to \u201cget away from the \u201csensationalisation\u201d of the hacker culture\u201d \u2013 that cybersecurity is not strictly the hacker sub-culture.\xa0Cyber threat landscape - Using Wannacry as an example, Dave noted that the SMBv1 vulnerability had been known but remained unfixed for 10 years. This \u201csecurity debt\u201d was an example of how we as cybersecurity practitioners tend to \u201close our focus collectively\u201d. As we are at that \u201cjuncture where we have to figure out how we are going to mature as an industry and be able to handle these risks in a coherent fashion\u201d, he predicted that \u201cwe will keep making the same mistakes for a while.\u201d \xa0Further, referencing how the ransomware have evolved since the first version by Dr Joseph Popp in 1989, he said \u201cfinancial motivation will not go away, it is just how they are going to get their money.\u201d\xa0Recorded 5th January 2023, 11.30am, VOCO hotel, Singapore.