AI and LLMs are transformative, and continue to enrich and permeate our digital lives, the importance of planning incident response and detection specific to these platforms for security teams cannot be overstated. Speaking to my network of security professionals, the prospect of malicious actors exploiting vulnerabilities in production AI systems sends a shiver down even the most seasoned of security professional’s spines. It was from these conversations I decided to venture into the nuances of detecting incidents around AI platforms, providing guidance on what to look for and how to respond, this isn’t using AI in incident response, but responding to incidents with AI (LLMs), the former is a topic for a future blog, maybe. [Read More . . .]

In my last post, I detailed the importance of securing the model development pipeline, highlighting the unique challenges posed by the complex nature of AI development. Today, we delve into another crucial aspect of AI security that isn’t in the OWASP Top 10 for Large Language Models but I feel is important to understand, inexplicitability, a factor that can compromise the integrity and reliability of AI models. inexplicitability : Noun. [Read More . . .]

In my previous blog post, I wrote about the risks of Model Inversion Attacks and ways to mitigate them. In today’s post, I will focus on another aspect of AI security: securing the model development pipeline. The model development pipeline is a series of processes that transforms raw data into a trained machine learning model. This pipeline typically includes several stages, such as data collection, preprocessing, feature engineering, model selection, training, validation, and deployment. [Read More . . .]

Last time I discussed Training Data Poisoning, a threat to AI systems that involves manipulating the training data used by Language Learning Models (LLMs). Today’s blog post I will explore another significant risk which can expose sensitive data, Model Inversion Attacks. This attack method focuses on exploiting the information contained within LLMs themselves to infer sensitive data about individual users or entire datasets. Model inversion attacks rely on a simple premise, since an LLM has been trained on specific data, it should be possible to extract information from the model that could reveal details about the underlying dataset. [Read More . . .]

In my previous post, I wrote about Prompt Injection, a manipulation technique that exploits the way LLMs process user-provided inputs. In this post, we’ll delve into another critical threat: Training Data Poisoning. What is Training Data Poisoning? Training Data Poisoning refers to the act of intentionally manipulating the training data used by LLMs to influence their behavior and output. This can be done by introducing misleading, biased, or malicious information into the training dataset. [Read More . . .]

Large Language Models (LLMs) are begin integrated into more and more software applications and changing the way we interact with technology. Having spent many years in cyber security I looked at Machine Learning a long time ago and began to question, so what is new here, it’s software, it’s data, what makes it different and why did I need to approach it differently from other software?

One of areas I have spent a lot of time researching over the past 5 months is in building cybersecurity machine learning models for a personal project, when using uncensored models it is a completly different ball game on what is achievable.

Continuing from the previous blog post, today’s post takes us to Identity and Access Management (IAM) roles for ECS/EKS Tasks. Keeping the principle of least privilege in mind, it is important to understand the difference between Task Roles and Service Roles in securing your containerized workloads. Too many times I have seen the right permissions used for Service Roles and the assumption is thats the permissions set, yet root permissions is then used for tasks.

Securing Container Images: Best Practices for a Robust Containerized Environment

Throughout 2024 my blog posts will mainly draw upon my security engineering and architecture experience, sharing best practices I have used and how I have conquered challenges in AWS over the past 10+ years.

Throughout my journey in different organisations over the past two decades, one constant remains: the pivotal role of organisational culture in cybersecurity. Despite all the technical controls, it’s the human element that often dictates the success or vulnerability of each organisation’s cyber defences.

Penetration testing is a critical part of any robust cybersecurity strategy. However, a successful penetration test relies not only on the skills of the testing team but also on effective collaboration with the security operations team. Providing the right information to your security operations team before a penetration test can prevent false alerts, streamline investigations, and enhance the overall effectiveness of the testing process.

Being in a leadership role in information security requries bringing together a level of technical understanding, strategic thinking, leadership, business skills and communication abilities. This can be a lot to manage all at once, as well as projects and the security hot topic of the day. One way to manage all of this is through good organsiation strategies, over many engagements with clients I have tried different methods, these are the ones which I use today to help me stay organised and strike a balance across competing priorities.

The ability to communicate effectively with a diverse array of stakeholders, from your own security team to C-level executives is extremely if not the one of the most important aspect of leadership in security.

As I prepare to embark on my next assignment, I thought I would share how the initial fortnight in a CISO role is vital for understanding your team, establishing relationships, and setting the stage for long-term success. As an independent consultant, my strategies might be dramatically condensed compared to when you are assuming the role for a longer term as a permanent team member.

As an independent consultant, I gain a unique insight working with many different organisations. I have seen my fair share of management trends come and go, some seek to revolutionise and transform the way teams work in cybersecurity, while others fail to plan far enough ahead, because you know cybersecurity changes so quickly and todays priority may not be tomorrows. This was recently raised during one of my catchup sessions with a mentee, a number of challenges have arisen as their organisation goes through some leadership changes.

Building a successful and resilient global organisation requires more than just internal controls. With opportunities come risks, and managing third-party risks has become a pressing concern for organisations across industries.

Artificial intelligence (AI) and Machine Learning (ML) are transforming the cybersecurity landscape. These technologies, characterised by their ability to learn from data and predict outcomes, offer vast potential in combatting cyber threats. Nevertheless, they also introduce new vulnerabilities that need to be addressed by security leaders.

As a security leader one of the most vital aspects of my leadership roles has been not just dealing with the technical intricacies and cybersecurity as a product but also creating, leading and moulding highly effective teams..

The task of managing cybersecurity risks in supply chain management is an imperative for businesses. Supply chain processes involve a complex web of suppliers, manufacturers, distributors, retailers, and service providers, all interconnected through digital transactions. This web is open to cyber threats, which can potentially have a substantial impact on businesses.

Take a moment to reflect on your typical day.

You wake up, perhaps groggily fumbling for the phone beside your bed, thumbing through notifications and catching up on the news from last night. Maybe you then order a flat white from your favourite local café via an app, or video call a loved one overseas before settling into your emails for the day. It’s all so second nature, isn’t it?

Securing our businesses from invisible invaders is imperative, requiring orchestration of defence akin to a symphony, with each resource playing its part to perfection. The challenges of implementing robust security operations include scarcity of skilled personnel, insufficient resources, a reactive approach to threats, and over-reliance on tools to fill gaps, the failure of which can lead to catastrophic financial, reputational, and regulatory consequences.

In the heart of the French Alps, where innovation, adrenaline, and nature converge, I witness alpinists gearing up for their mountain adventures every weekend. Ropes, mountain bikes, and mountain running shoes dominate the scene, while skis and snowboards take over during winter. As a technology enthusiast, I am always intrigued by the gadgets people bring along, ranging from performance trackers to emergency beacons. My focus turned to the workings of beacons in the mountains, connecting with satellites and radio repeaters. The CEO of one of my clients participates in an annual multi-day cross mountain running event in the Alps, where his progress can be tracked online, stage by stage.

Digital business operations continue to rapidly expand and the threat landscape concurrently evolves in complexity and sophistication along with that growth. Cybercriminals are perpetually seeking out vulnerabilities to exploit, and the onus is on businesses to adopt proactive defence strategies to keep one step ahead. Among the most effective tools in our cybersecurity repertoire to help us do this is threat intelligence.

In software and systems development, the incorporation of security measures from the outset of a project is an imperative. The notion of ‘secure by design’ is achieved through a multitude of processes and methodologies, of which threat modelling is a crucial part.