Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: 2025-05-24 - Get Political (With Jake Williams)
Release Date: February 26, 2025

Introduction

In this engaging and candid episode of "Talkin' About [Infosec] News," the team from Black Hills Information Security delves into the intersection of information security and politics. Featuring special guest Jake Williams, the discussion navigates through controversial topics such as government efficiency, data breaches, AI advancements, and the ethical implications surrounding them. The hosts balance technical insights with lively banter, ensuring a comprehensive exploration of the current infosec landscape.

Setting the Stage: Ground Rules and Initial Banter

Corey kicks off the episode by establishing the podcast's ground rules, emphasizing the presence of a swear jar where each profanity costs $5 donated to the Electronic Frontier Foundation (EFF). This playful yet purposeful introduction sets the tone for a spirited conversation.

• Corey (02:06): "We have the swear jar, which is every swear costs $5 to be donated to the EFF."

Jake Williams and John Strand engage in light-hearted banter about appearances and studio settings, demonstrating the hosts' camaraderie and setting up a relaxed atmosphere despite the episode's intensive topics.

• Jake Williams (00:33): "I just want the camera to have a make me look younger button. It just works."

Government Efficiency and Security Controls

John Strand shares his experiences from the Department of the Interior, highlighting inefficiencies and the prevalence of uninformed internet usage in the early 2000s. This segues into a critical discussion on the importance of governance, risk, and compliance (GRC) within government entities.

• John Strand (07:19): "When I started working at Department of Interior... it really bothered me. A very high percentage of people were surfing the Internet for the entire day."

Ralph emphasizes the necessity of security controls, arguing that removing "red tape" often equates to dismantling essential safeguards.

• Ralph (13:15): "Another word for red tape is controls. And every control... is intended to prevent a particular failure."

The DOGE Incident: Breaches and Clearances

The conversation shifts to the recent DOGE incident, where Jake Williams expresses concern over DOGE's handling of sensitive data and the subsequent breaches. The hosts dissect the implications of compromised security clearances and the broader impact on government data integrity.

• Jake Williams (09:09): "DOGE is a bigger threat to information systems than foreign adversaries."

John Strand and Ralph discuss the rigorous processes involved in obtaining security clearances and the alarming ease with which DOGE purportedly bypassed these measures, raising questions about data integrity and system security.

• John Strand (15:36): "When you get a clearance, it doesn't unilaterally mean that you automatically get access to absolutely everything."

AI and Model Distillation: Ethical and Security Implications

The hosts delve into the realm of artificial intelligence, particularly focusing on OpenAI's monitoring activities and the concept of model distillation. Jake Williams explains how model distillation can pose security threats by enabling the replication of AI models through extensive data queries.

• Jake Williams (42:44): "Model distillation is a fine-tuning technique... it's something that happens a lot."

Corey and Ralph debate the privacy concerns surrounding AI, questioning whether OpenAI's monitoring of ChatGPT users, especially those linked to foreign entities, constitutes a breach of privacy and ethical standards.

• Corey (39:08): "If you think the US government uses SQL, you're in for it."

Apple's Advanced Data Protection vs. UK Regulations

Joff introduces the topic of Apple's Advanced Data Protection, an end-to-end encryption feature for iCloud services. The discussion highlights the UK's recent demand for backdoor access, prompting Apple to disable this feature within the country.

• Joff (49:49): "Apple said, okay, we're just going to disable it in the United Kingdom."

Corey and Ralph explore the broader implications of governments enforcing access to encrypted data, debating the balance between national security and individual privacy.

• Corey (51:15): "It means the government is allowed to snoop on you basically."

DEFCON and the Chris Hadnagy Controversy

The podcast addresses the fallout from DEFCON's decision to remove Chris Hadnagy from the conference roster due to alleged code of conduct violations. Ralph and John Strand express their support for Hadnagy, criticizing DEFCON's handling of the situation and emphasizing the importance of respectful discourse within the infosec community.

• Ralph (55:39): "DEFCON produced something like 700 pages of documents..."

John Strand urges the community to maintain civility and refrain from ad hominem attacks, advocating for evidence-based discussions over personal vendettas.

• John Strand (57:57): "Please be nice to each other. Please be respectful of each other..."

AI Privacy Concerns and Open Source Models

The hosts return to the topic of AI, debating the merits and drawbacks of open-source AI models versus proprietary systems like OpenAI's ChatGPT. Ralph argues that open-source models lack transparency since the original training data isn't available for audit, making it challenging to ensure data integrity.

• Ralph (46:09): "We don't have the original source data. We only have the actual parameters and what weights."

Jake Williams and Joff discuss the practical difficulties in reverse-engineering proprietary models and the potential security risks associated with unauthorized AI model replication.

• Jake Williams (42:44): "And it's something that happens a lot. It's been happening, probably more than it's ever been reported."

Notable Quotes

• Corey (05:22): "That's social engineering for you."
• Jake Williams (09:09): "DOGE is a bigger threat to information systems than foreign adversaries."
• John Strand (15:36): "When you get a clearance, it doesn't unilaterally mean that you automatically get access to absolutely everything."
• Ralph (13:15): "Another word for red tape is controls."
• John Strand (27:00): "So security isn't just we're going to get hacked, our data is going to be leaked. It's more things might just stop working in general."

Conclusions and Final Thoughts

As the episode winds down, the hosts reflect on the importance of maintaining ethical standards, robust security controls, and effective communication within the infosec community. John Strand emphasizes the need for civility and evidence-based discussions, especially when addressing politically charged topics. Jake Williams urges professionals to engage with policymakers to advocate for better security practices, underscoring the collective responsibility to safeguard data integrity and privacy.

• John Strand (60:58): "Please be nice to each other. Please keep it civil."
• Jake Williams (36:48): "We're being practical, not political, being completely practical."

The episode concludes with a unanimous call for the community to remain calm, focused, and respectful, despite the challenging and "spicy" nature of the discussions.

Closing Remarks

This episode of "Talkin' About [Infosec] News" offers a robust examination of the intricate relationship between information security and political dynamics. Through insightful dialogue and expert opinions, the Black Hills Information Security team and Jake Williams provide listeners with a deeper understanding of the current challenges and ethical considerations in the infosec realm.