Open Source AI: Transparency, Sovereignty, and Who Controls the Data

In this episode of Cyber Sentries, host John Richards is joined by JJ Asghar, an Open Source Champion and Developer Advocate at IBM. They explore the importance of open source in the AI world, how transparency can allow for AI sovereignty, and why we should care about who controls the data.

JJ shares his journey into the AI space at IBM and his strong opinions formed from working on open source AI projects. The discussion delves into the differences between mainstream closed-source AI models and the emerging open-source alternatives, highlighting the privacy and trust aspects that are becoming increasingly important, especially outside the United States.

Questions we answer in this episode:

• How does open source fit into the recent surge of AI?
• What are the benefits of open-source AI models compared to closed-source ones?
• Why is AI sovereignty important, and how does it relate to open source?

The conversation covers the challenges of building and running AI models, the compute resources required, and how open-source approaches can provide more transparency and control. JJ explains the concept of AI sovereignty, where countries and organizations want to run AI within their borders and under their own rules and restrictions. This brings up issues of hardware accessibility and the lifecycle of AI models.

Key Takeaways:

• Open-source AI allows for greater transparency and trust compared to closed-source models
• AI sovereignty is becoming increasingly important for countries with strict privacy laws
• The lifecycle of AI involves training, fine-tuning, and inferencing, each with different compute requirements

While open source offers many benefits, the discussion also touches on the challenges, such as the potential for model poisoning and the current lack of genealogy in AI models. Despite these hurdles, open source remains a powerful force in the AI world, with the potential to provide more eyes on the code and faster problem resolution.

This episode offers valuable insights into the complex world of AI, the role of open source, and the importance of data control and transparency. Whether you're a developer, a security professional, or simply interested in the future of AI, this conversation provides a thought-provoking look at the challenges and opportunities ahead.

Links & Notes

• IBM's open source foundational model Granite
• Granite Foundation Models Paper
• Hugging Face
• IBM's coding assistance project
• InstructLab
• Crew AI
• AI Sovereignty Paper
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (00:55) - Meet JJ Asghar
• (03:17) - Working with AI
• (04:29) - AI and Open Source
• (10:31) - Approach
• (14:38) - Sovereignty
• (18:20) - Inferencing
• (20:47) - Black Box Situation
• (30:10) - Weighing the Differences
• (35:09) - Timeline
• (40:39) - Finding JJ
• (42:06) - Communities
• (44:49) - Wrap Up

Decoding Zero Trust Security for Cloud Native Environments

In this episode of Cyber Sentries, John Richards welcomes Zack Butcher, Founding Engineer at Tetrate, to explore the critical components of zero trust security for cloud native and microservice environments. Zack, with deep expertise from his time at Google and work with NIST, shares practical insights on achieving a zero trust posture.

John and Zack dive into the fundamental mindset shift required for zero trust - moving from implicit to explicit trust. They break down the five key policy checks that define runtime zero trust, and how these controls can enable identity-based segmentation. Zack illuminates how this approach allows organizations to boost assurance while strategically relaxing painful network-level constraints.

Questions we answer in this episode:
• What does Zero Trust really mean in practice?
• How can organizations adopt a Zero Trust mindset?
• What role does a service mesh play in Zero Trust?

Key Takeaways:
• Zero Trust requires making all trust explicit
• 5 key runtime policy checks define a Zero Trust posture
• Identity-based policies boost assurance and agility

Whether you're wrestling with Zero Trust definitions, microservice security, or cloud native challenges, this episode delivers a wealth of battle-tested wisdom. Zack's clear explanations and examples, combined with John's knack for extracting practical takeaways, make this a must-listen for anyone navigating the complex world of cloud native security.

Links & Notes

• Zack on LinkedIn
• Security Strategies for Microservices-based Application Systems (Sidebar has the A-D publications)
• A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments
• Tetrate Academy
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:01) - Meet Zack
• (04:55) - Reflecting on the Journey
• (05:46) - Deep on Security Aspect
• (09:52) - Zero Trust and Definitions
• (15:35) - Consensus
• (18:09) - Availability and Assurance
• (22:28) - Driving Growth
• (25:44) - How AI Can Be Used for Security
• (30:07) - Links and Finding Zack
• (30:36) - Wrap Up

Decoding the Language of Machines: AI's Potential to Revolutionize Cloud Security

In this episode of Cyber Sentries, host John Richards is joined by Murali Balcha, founder and CTO at Trilio, to explore how AI could transform cloud security by understanding the unique language of machines. Balcha brings over 20 years of experience in IT, particularly in storage systems, to the conversation.

Harnessing AI for Proactive Security
John and Murali dive into the potential of AI to enhance cloud security by analyzing the vast amounts of data generated by IT systems. By treating system logs as a language that AI can learn, models could be trained to identify threats and anomalies in real-time, even detecting zero-day attacks that traditional rule-based systems might miss. This shift towards proactive, AI-driven security could significantly reduce the time between a threat emerging and its detection.

Questions we answer in this episode:

• How can AI be applied to cloud security?
• What advantages does AI offer over traditional rule-based security systems?
• How can AI models be trained to understand the unique language of machines?

Key Takeaways:

• AI has the potential to revolutionize cloud security by learning the language of machines
• AI models can identify threats and anomalies in real-time, even detecting zero-day attacks
• Shifting towards proactive, AI-driven security could significantly enhance threat detection and response times

This episode offers valuable insights into the cutting-edge applications of AI in cloud security. Listeners will gain a deeper understanding of how machine learning can be harnessed to protect their systems and data, as well as a glimpse into the future of proactive, intelligent security solutions.

Links & Notes

• Check out Murali’s blog
• Find Murali on LinkedIn
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:56) - Meet Murali Balcha
• (03:29) - AI’s Evolution
• (06:06) - Transferring Data
• (14:43) - How Trillio’s Looking at AI
• (23:36) - Wrap Up

Ori Bendet Shares Insights on AppSec and Managing AI Risks

In this episode of Cyber Sentries, John Richards is joined by Ori Bendet, VP of Product Management at Checkmarx, a leader in application security. They explore the critical role of application security in today's digital landscape and discuss strategies for managing the risks and opportunities presented by the rapid adoption of AI in software development.

Ori shares his journey into the cybersecurity industry and offers advice for those transitioning into the field. He emphasizes the importance of focusing on areas that are business-critical, such as application security, as more companies become software-driven. Ori also discusses the shift in application security from finding every vulnerability to prioritizing the most critical risks, given the accelerated pace of development and deployment.

Questions we answer in this episode:
• How can organizations effectively prioritize application security risks?
• What are the key challenges and opportunities presented by AI in software development?
• How should security teams adapt their practices to manage AI-generated code?

The conversation delves into the disruptive impact of AI on software development and the new types of risks it introduces, such as AI hallucination, data poisoning, and prompt injection. Ori stresses the importance of a layered approach to securing AI-generated code and the need for organizations to assess their specific use cases and risks before defining policies and tools.

Key Takeaways:
• Application security is critical as companies become increasingly software-driven.
• Focus on prioritizing the most critical risks rather than trying to find every vulnerability.
• Adopt a layered approach to securing AI-generated code and keep the human in the loop.

This episode offers valuable insights for anyone looking to understand the evolving landscape of application security and the impact of AI on software development. Ori's expertise and practical advice make this a must-listen for security professionals, developers, and business leaders alike.

Links & Notes

• Check out Checkmarx
• The Stanford Research on Secure Code Generated by GenAI Solutions
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:56) - Meet Ori Bendet
• (02:31) - Advice When Thrust Into Cyber Security
• (04:34) - Application Security
• (07:37) - Opportunities for Growth
• (09:58) - Shift to Business Risk
• (12:28) - Making Assessment
• (16:08) - Core Cybersecurity Principals
• (20:31) - Restrictions Needed?
• (23:17) - Using AI in Checkmarx
• (27:57) - Give Them What Matters Most
• (29:40) - Wrap Up

Kubernetes, AI, and Edge Computing: A Powerful Combination

In this episode of Cyber Sentries, John Richards is joined by Saad Malik, CTO and co-founder of SpectroCloud, to explore the intersection of Kubernetes, AI, and edge computing. Saad shares his insights on how these technologies are transforming various industries and the challenges organizations face when implementing them at scale.

Unlocking the Potential of Kubernetes and AI

Throughout the episode, John and Saad discuss the growing adoption of Kubernetes and AI across different environments, from public and private clouds to data centers and edge locations. Saad explains how SpectroCloud's platform simplifies the management of Kubernetes clusters, enabling organizations to leverage the unique capabilities of each environment while maintaining consistency and security.

Questions we answer in this episode:

• How can organizations manage Kubernetes across diverse environments?
• What are the primary use cases for edge computing?
• How can developers scale up their Kubernetes deployments faster?

Key Takeaways:

• Templating Kubernetes configurations and integrations simplifies management at scale.
• Edge computing enables data pre-processing, unique experiences, and robotics applications.
• AI operations (AIOps) can provide actionable insights and automate Kubernetes management.

The conversation also touches on the cultural shift required to embrace AI-driven automation in Kubernetes management. Saad suggests that organizations will gradually adopt these technologies as they gain confidence in the recommendations and actions taken by AI systems.

This episode offers valuable insights for anyone interested in the future of Kubernetes, AI, and edge computing. Whether you're a developer, platform engineer, or IT decision-maker, you'll come away with a better understanding of how these technologies can be leveraged to drive innovation and efficiency in your organization.

Links & Notes

• Learn more about SpectroCloud
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (00:57) - Saad Malik and Spectral Cloud
• (02:33) - Environments
• (04:29) - Spread
• (06:06) - Edge Adoption
• (08:47) - AI Adoption
• (12:06) - Scaling Up Faster
• (15:36) - Security
• (18:20) - Integrating AI
• (23:44) - Ownership Models
• (25:32) - Wrap Up

Unlocking the Power of AI in DevSecOps

In this episode of Cyber Sentries, host John Richards sits down with John Bush, solutions architect at GitLab, to explore how artificial intelligence is transforming the day-to-day lives of developers. Bush, who has been coding since childhood, shares his insights on how AI is becoming embedded into every aspect of the DevSecOps pipeline, from writing code to identifying and remediating security vulnerabilities.

John and Bush dive deep into GitLab's AI-powered features, collectively known as Duo, which are sprinkled throughout the software development process. They discuss how these features enhance productivity, automate monotonous tasks, and provide valuable insights to both developers and business users alike. Bush also sheds light on the importance of human oversight in the AI-assisted development process, emphasizing the need for thorough code reviews and security scans.

Questions we answer in this episode:

• How is AI changing the daily work of developers?
• What are some real-world use cases for AI in the DevSecOps pipeline?
• How can organizations ensure the security and reliability of AI-generated code?

Key Takeaways:

• AI is becoming an integral part of the entire software development lifecycle
• Developers must still carefully review and vet AI-generated code before deployment
• GitLab's AI gateway allows routing requests to the most appropriate AI models

Bush provides a fascinating look at the evolution of DevSecOps, stressing the importance of considering security throughout the development process rather than as an afterthought. He explains how GitLab's AI-powered features, such as vulnerability scanning and automated remediation, help developers efficiently identify and fix security issues early on, saving time and resources in the long run.

This episode is a must-listen for anyone interested in the cutting-edge intersection of AI and DevSecOps. Whether you're a seasoned developer, a security professional, or simply curious about the future of software development, you'll come away with valuable insights and a clearer understanding of how AI is revolutionizing the industry.Episode Notes

Links & Notes

• Find John Bush on LinkedIn
• Find John Bush on X
• Try GitLab Duo
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:58) - About John Bush
• (03:58) - Moving to GitLab
• (05:30) - Solution Architects
• (06:40) - Duos AI Solutions
• (10:26) - Context
• (12:17) - Switching Models
• (13:58) - Best Practices
• (17:51) - Policy Capability
• (22:37) - Remediate the Vulnerabilities
• (23:59) - Dev Sec Ops in This Ecosystem
• (26:21) - Organization Approaches
• (28:55) - Level of Knowledge Required
• (31:09) - Finding John
• (32:14) - Wrap Up

On this episode, Paladin Cloud’s CEO and co-founder Dan Deeney steps into John Richards’ shoes to play host! He welcomes cybersecurity veteran Mike Crowe to the show. With over 30 years of experience as CIO of Colgate-Palmolive, Mike provides unique insight into the evolution of threats, strategies for defense, and trends that keep CISO’s up at night.

Dan and Mike explore the increasingly complex threat landscape companies face today. From expanding digital footprints and geopolitical instability empowering nation-state attacks, the challenge grows for security teams. However, new tools also emerge to help lighten the load, such as automation that prioritizes risks and enables efficient remediation across global organizations.

The conversation dives into specific trends like AI and how guardrails must develop alongside new capabilities. Open source models offer both risks and opportunities when thoughtfully incorporated into private LLMs. Throughout, Mike stresses finding what you don't know through proactive testing as the best way to stay ahead of attackers.

Questions we answer in this episode:

• What are the top threats keeping CISOs up at night?
• How can security and DevOps teams better collaborate to reduce risks?

Key Takeaways:

• Continually evolve defenses as the threat landscape grows ever more complex
• Automation and integration are critical to managing overwhelming workloads
• Challenge your security assumptions through ethical offensive testing

With Mike's wealth of practical experience, this episode provides valuable strategic perspective on cybersecurity that both new and seasoned professionals can apply to strengthening their own organizations' posture. Listeners will gain insights on current realities and where the industry is heading to stay ahead of evolving dangers.

Links & Notes

• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:23) - Paladin Cloud CEO Dan Deeney Talks With Mike Crowe
• (00:51) - Meet Mike Crowe
• (02:01) - Overall Threat Landscape’s Evolution
• (03:55) - Example Threat
• (05:44) - AI
• (08:47) - Open Source
• (10:18) - Trends and Strategies in Defense
• (12:04) - Risk-Based Prioritization
• (13:40) - Remediation
• (16:55) - Ticketing Systems
• (18:38) - IntegratingTeams
• (21:57) - Emergence of a Hybrid Team
• (23:51) - Final Thoughts
• (27:20) - Wrap Up

Exploring the AI-Powered Future of Cloud Security with Thomas Johnson
On this episode of Cyber Sentries, host John Richards interviews Thomas Johnson, CTO and co-founder of Multiplayer, about how AI is transforming cloud security. As AI capabilities rapidly advance, Thomas provides insights into how engineering teams can leverage AI to enhance workflows, generate code, and convert basic sketches into functional systems.

John and Thomas dive into key questions surrounding AI ethics, choosing open source vs proprietary models, and best practices for handling sensitive data. Listen in to hear Thomas' advice for developers looking to integrate AI into their tech stacks.

Questions we answer in this episode:

• How are dev teams currently using AI like Copilot?
• What are the main differences between neural networks and other AI?
• What security risks exist with generative AI models?

Key Takeaways

• Focus on choosing the right problem and having clean, quality data.
• Open source models offer more control compared to proprietary models.
• Do not put sensitive data into generative models.

This fascinating discussion explores how AI is transforming cloud security and development workflows. Thomas provides practical insights into leveraging AI's immense potential while avoiding pitfalls. Whether you're an engineering leader or a developer new to AI, this episode offers an enlightening look at the AI-powered future of tech.
Links & Notes

• Multiplayer
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:22) - Meet Thomas Johnson
• (01:02) - AI Background
• (01:58) - Neural Networks
• (02:47) - Current Buzz
• (04:43) - Integrating AI
• (07:41) - Improving AI
• (10:57) - Think About the Problem and Data
• (12:25) - If Data Is the Problem
• (14:00) - Securities and Access
• (15:50) - RAG Model
• (17:52) - Open Source v. Proprietary
• (19:20) - Training and Inference Side
• (20:35) - Multiplayer
• (21:43) - Wrap Up