We will become Obsolete

Hey there,

Quick shout out to say thank you for reading and following along. If you’ve read a single word I’ve written during my 1st newsletter attempt or via content I share on Linkedin, Twitter, or Email - thank you 🙏🏻

I know the world is competing for your time & attention and that’s why I’m shifting gears here (adapting in real time). So far I’ve shared some personal, foundational stories with you that have been my life and part of my journey so far (I’ll continue to share), but starting today, I’m thrilled to bring you something actionable also - #TransformSmarter. 👇

Adapt Faster - #AF5

I was at a cyber training & development event this past week for a major technology distributor in Austin. There were 50ish other partners similar to me soaking up the knowledge coming from the CISO on stage. We were all there for the same reason - to adapt faster than the guy or gal sitting next to us 🙃.

There was a talk about the average tenure of a CISO, maybe you’ve heard this before, I know I had - it’s 12 - 18 months on average.

That’s it. A CISO has 12 - 18 months to make a positive impact to the organization. That’s crazy. Either something happens (bad) or nothing happens (also bad) or the CISO gets a better offer (movin’ up in the world).

Ironically enough, at an event hosted by a technology distributor who sells partners on how to sell cybersecurity while the CISO is on stage presenting, they were hit with a ransomware attack - I’m dead serious, can’t make this stuff up (I won’t say your name don’t be mad, how could I not write about this?).

I hope the CISO remains, I like him. Shout out to the team, I know they’re working hard to recover.

But this got me thinking; you and I will be obsolete…

New versions of us are released every year (day?), much like software, devices, cars, homes, everything. I’m not talking about age, although eventually that will make all of us obsolete one day. I’m talking about skills, mindset, focus, and adaptability.

A buddy just called me and asked for help with AI, ChatGPT specifically - “what’s the secret? My team doesn’t see the value and they don’t get it.”

I could tell you about it all day long, I could show you many use cases, I could teach you prompts. It may be helpful, but if your mind is already made up about something (AI is bad) then you won’t truly adapt.

It’s clear that AI is going to be a part of the convo from now on (at least in the background listening).

Here’s what I want you to do, try at LEAST one new prompt per week and tell me about it, right here in the comments (don’t use sensitive company data). I’ll do the same; let’s hold each other accountable and adapt faster together.

I’ll go first (see the comments).

Also, I’ll share some resources with you; prompt hub & other newsletters I’m sub’d to.

Transform Smarter (new)

This idea’s been burning inside my head as of late and I’m thrilled to share this new segment. Each week, in addition to Adapting Faster (story), we’re going to get into practice (action) and spotlight (not sponsored) amazing technology platforms.

DISCLAIMER: not sponsored, however I’m a vendor agnostic, humanly biased Cybersecurity Advisor by trade. If you’d like to support me, visit catchadvisors.com and talk to me face-to-face (for real, but yes it might be an AI clone of me).

There has been a growing concern about Generative AI in cybersecurity, not just in the news, but also something I’ve been hearing directly from clients. There are really two main concerns here:

1. Data loss as end users upload sensitive documents or intellectual property into their prompts - data loss prevention (DLP).

2. Malicious AI applications; we've had malicious apps for a while now, but it's being accelerated by a stream of new AI Apps & Google Chrome plugins - falls under the category SaaS Security Posture Management (SSPM).

We'll address #1 next week, but let's explore #2 today.

For example, Spin.ai, a vendor partner of Catch Advisors, revealed to us a story about Last Pass and their Chrome extension. Five to six months prior to the public announcement of the now-famous Last Pass breaches on Aug. 22 and Dec. 22, Spin.ai detected anomalies and malicious behavior via the Chrome plugin on Aug. 9th 2022 🤔 and again on Sep. 1st - Oct 22nd 😯. They showed a history of the plugin going from a neutral score of 55-58 to a negative score of 35 in a matter of months...then...we all know what happened next.

Spin.ai recently struck a partnership with Google for…Secure Enterprise Browsing - we get a new acronym! “SEB” 🙃

The way their SaaS Security Posture Management works is by monitoring Chrome plugin behavior based on HTTP GET and POST commands, among other indicators. They give plugins a score from 0-100. A score of 70+ is considered relatively secure, 50-60 is neutral, and below 50 is negative. They provide best practices and recommendations, but ultimately, it's up to the organization to decide what level of risk they are comfortable with, in addition to allow/deny policies.

Imagine being able to automatically deny plugins based on their dynamic risk factor. Regardless of reputation or level of trust we have, its clear to see that you can go from being the #1 trusted password manager to being deleted across hundreds of thousands of chrome browsers overnight (wishful thinking).

Did I mention this post is brought to you by Keeper? 🙃

❌ If you’d like to learn more about Spin.ai you can always visit them directly 🙁 ✅ Otherwise I can introduce you after a brief chat (solution design) - catchadvisors.com/talkcyber 🙌

p.s. special thanks to Daniel and Mark for contributing - check out Daniel’s newsletter, Unsupervised Learning for Security, AI, & Tech

p.p.s. I caved and signed up for Twitter Blue - catch me over there.

Midjourney art by Scarlett

/imagine desolate landscape obsolete devices no humans in sight but human remains exist futuristic dark --ar 3:2