Bel Lepe Reveals How AI Reduces Security Risks By Removing the Human Element

In this episode of Cyber Sentries, host John Richards is joined by Bel Lepe, Co-founder and CEO of Cerby, to explore how removing the human factor through automation can dramatically decrease an organization's attack surface. John and Bel dive into the transformative potential of AI in identity and access management, especially for applications that don't support modern security protocols.

Bel shares his insights on the current state of identity security and how Cerby is tackling the challenge of securing disconnected apps at scale. He explains how generative AI enables Cerby to build and maintain integrations for thousands of apps without relying on standards. The discussion also touches on emerging trends in identity, including the fragmentation of identity across multiple platforms and the growing threat of AI-powered impersonation attacks.

Questions we answer in this episode:

• How can AI reduce security risks by removing the human element?
• What are the key challenges in securing apps that don't support modern identity protocols?
• How will the rise of AI shape the future of identity security?

Key Takeaways:

• The majority of security incidents are caused by human error
• AI allows custom integrations to be built at scale without relying on standards
• Multi-factor authentication is crucial for protecting against emerging threats

Whether you're a security professional looking to stay ahead of the curve or a business leader seeking to understand the impact of AI on your organization's security posture, this episode is packed with valuable insights. Tune in to learn how AI is revolutionizing identity and access management and what you can do to safeguard your organization in the face of evolving threats.

Links & Notes

• Learn more about Cerby
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (01:03) - Meet Bel Lepe
• (02:42) - Validating the Problem
• (04:07) - The Problem
• (06:32) - Their Approach
• (08:24) - Scaling
• (10:38) - Looking to the Future
• (15:32) - The Future of Identity
• (22:25) - Building Better Awareness
• (23:46) - Wrap Up

Securing the Digital Future with Former Fortune 500 CISO Tim Youngblood

John Richards welcomes Timothy Youngblood, a four-time Fortune 500 CISO and current CISO in Residence at Astrix Security, to discuss the evolving landscape of cybersecurity leadership. With experience at Dell, Kimberly Clark, McDonald's, and T-Mobile, Tim brings unique insights into how security leadership must adapt to emerging threats while maintaining operational effectiveness.

The conversation explores Tim's journey from Dell's first CISO to handling security across diverse industries. John and Tim delve into fascinating security incidents, including a notable McFlurry API DDoS attack at McDonald's, demonstrating how modern security challenges can emerge from unexpected places. The discussion shifts to the critical topic of non-human identity attacks and the growing importance of managing machine identities in cloud environments. Tim shares his perspective on how AI is reshaping security practices and why education remains fundamental to effective security programs.

Questions we answer in this episode:

• How do companies integrate security during acquisitions and mergers?
• What unique challenges do global companies face in cybersecurity?
• How should organizations approach non-human identity security?

Key Takeaways:

• Security leadership requires strong business acumen alongside technical expertise
• Education and culture-building are crucial for successful security programs
• The scale of non-human identities poses a major security blind spot for many organizations

This episode offers invaluable insights for security professionals navigating complex organizational challenges while adapting to emerging threats. Whether you're a seasoned CISO or aspiring security leader, Tim's practical experiences and strategic approaches provide actionable wisdom for building robust security programs in any environment.

Links & Notes

• Securing Non-human Identities
• Find Tim on LinkedIn
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:12) - Meet Tim Youngblood
• (08:07) - Challenges
• (11:03) - Change Management
• (11:37) - Transitioning to Next Role
• (16:21) - McDonald’s
• (19:57) - Flexibility
• (21:50) - Handling New Challenges
• (26:11) - Non-Human Identity Attacks
• (33:55) - Wrap Up

Open Source AI: Transparency, Sovereignty, and Who Controls the Data

In this episode of Cyber Sentries, host John Richards is joined by JJ Asghar, an Open Source Champion and Developer Advocate at IBM. They explore the importance of open source in the AI world, how transparency can allow for AI sovereignty, and why we should care about who controls the data.

JJ shares his journey into the AI space at IBM and his strong opinions formed from working on open source AI projects. The discussion delves into the differences between mainstream closed-source AI models and the emerging open-source alternatives, highlighting the privacy and trust aspects that are becoming increasingly important, especially outside the United States.

Questions we answer in this episode:

• How does open source fit into the recent surge of AI?
• What are the benefits of open-source AI models compared to closed-source ones?
• Why is AI sovereignty important, and how does it relate to open source?

The conversation covers the challenges of building and running AI models, the compute resources required, and how open-source approaches can provide more transparency and control. JJ explains the concept of AI sovereignty, where countries and organizations want to run AI within their borders and under their own rules and restrictions. This brings up issues of hardware accessibility and the lifecycle of AI models.

Key Takeaways:

• Open-source AI allows for greater transparency and trust compared to closed-source models
• AI sovereignty is becoming increasingly important for countries with strict privacy laws
• The lifecycle of AI involves training, fine-tuning, and inferencing, each with different compute requirements

While open source offers many benefits, the discussion also touches on the challenges, such as the potential for model poisoning and the current lack of genealogy in AI models. Despite these hurdles, open source remains a powerful force in the AI world, with the potential to provide more eyes on the code and faster problem resolution.

This episode offers valuable insights into the complex world of AI, the role of open source, and the importance of data control and transparency. Whether you're a developer, a security professional, or simply interested in the future of AI, this conversation provides a thought-provoking look at the challenges and opportunities ahead.

Links & Notes

• IBM's open source foundational model Granite
• Granite Foundation Models Paper
• Hugging Face
• IBM's coding assistance project
• InstructLab
• Crew AI
• AI Sovereignty Paper
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (00:55) - Meet JJ Asghar
• (03:17) - Working with AI
• (04:29) - AI and Open Source
• (10:31) - Approach
• (14:38) - Sovereignty
• (18:20) - Inferencing
• (20:47) - Black Box Situation
• (30:10) - Weighing the Differences
• (35:09) - Timeline
• (40:39) - Finding JJ
• (42:06) - Communities
• (44:49) - Wrap Up