The Critical Domain of LLM Cybersecurity

May 15, 2025 / bugejajoseph / Leave a comment

Organizations worldwide are adopting Large Language Models (LLMs) at an accelerated pace, confronting unprecedented security challenges. These sophisticated systems introduce fundamental vulnerabilities that circumvent conventional security architectures — notably the inability to isolate control and data planes, their non-deterministic outputs, and susceptibility to hallucinations. According to the OWASP’s LLM AI Cybersecurity & Governance Checklist, these characteristics substantially transform an organization’s threat landscape beyond traditional parameters.

Establishing robust LLM defense frameworks requires a comprehensive security approach. The OWASP checklist outlines specific defensive measures for LLM implementation including “resilience-first” approaches that emphasize threat modeling, AI asset inventory, and specialized security training. It recommends AI red team exercises to identify vulnerabilities before exploitation and warns organizations about “Shadow AI”— the risk of employees using unapproved AI tools that bypass standard security protocols.

With the EU AI Act and evolving regulatory frameworks, compliance requirements for AI systems are becoming increasingly rigorous. Organizations that methodically integrate LLM security protocols with established frameworks such as MITRE ATT&CK and MITRE ATLAS gain strategic advantages in identifying, evaluating, and mitigating AI-specific threats while leveraging these technologies’ transformative potential. The strategic imperative is establishing comprehensive security protocols before adversaries exploit existing vulnerabilities.

5 Key Metrics to Enhance Cybersecurity Posture

April 21, 2025May 15, 2025 / bugejajoseph / Leave a comment

In cybersecurity, the right metrics help assess and improve an organization’s security posture. These five are especially effective at distinguishing strong programs from those at risk:

Mean Time to Respond/Recover (MTTR). Speed matters. Top teams reduce MTTR through automation and regular incident response drills. The faster a threat is contained, the less damage it causes.
Vulnerability Resolution Rate. The question is not how many vulnerabilities you fix — it is whether you are addressing the right ones. Smart security leaders prioritize based on business impact, not just severity scores.
Security Awareness Engagement. When security becomes part of your culture, the metrics shift from “completion rates” to active participation. I have seen organizations transform their security posture when they started tracking how often employees report suspicious activities rather than just training attendance.
Phishing Resilience. The most revealing metric is not your click rate — it is how that rate changes as your simulations become increasingly sophisticated. Organizations making real progress show declining click rates even as attacks grow more convincing.
Patch Management Efficiency. Strong teams balance rapid patching with system stability, achieving high compliance without disrupting operations.

These metrics offer a clearer lens into actual security posture. What key indicators are driving your strategic decisions, and what innovative methods are you using to measure what truly safeguards your organization? I would love to hear your experiences.

Digital Deception: The Rise of AI Voice Cloning Scams

March 16, 2025March 16, 2025 / bugejajoseph / Leave a comment

Advancements in AI have revolutionized various sectors, but they have also introduced sophisticated tools for scammers. One alarming development is AI voice cloning, where fraudsters replicate voices using minimal audio samples, often sourced from social media. This capability empowers scammers to impersonate trusted contacts, such as family members, and fabricate urgent, emotionally charged scenarios to solicit funds or sensitive personal information.

The efficacy of these scams is deeply rooted in the exploitation of what might be termed an ‘uncanny valley of auditory trust.’ The synthesized voice, while superficially convincing and capable of triggering emotional recognition, may contain subtle inconsistencies perceptible only upon meticulous scrutiny. However, when individuals are subjected to heightened emotional distress — a state often deliberately induced by the scammer — their cognitive defenses are compromised, rendering them more susceptible to manipulation. This interplay of near-perfect replication and emotional vulnerability creates a potent vector for deception, underscoring the insidious nature of AI-enabled fraud.

To protect yourself from such scams, consider the following strategies:

Establish Verification Methods: Create a family code word or question known only to close members to verify identities during unexpected calls.
Exercise Caution: Be skeptical of unsolicited requests for money or sensitive information, even if they seem to come from trusted sources.
Limit Personal Information Sharing: Be mindful of the content you share publicly online, as scammers can use this information for impersonation.

As AI continues to advance, I find myself reflecting on the importance of strengthening genuine human connections — recognizing the unique nuances of communication that only humans share — as one of our strongest defenses against AI-driven deception. Research suggests that humans still possess an intuitive ability to sense when something is “off” in AI-generated content, even if they cannot consciously pinpoint the issue. This “digital intuition” may become an increasingly valuable skill, highlighting that our most effective defense may not only lie in technological safeguards but also in cultivating digital discernment through awareness and practice, especially in an age when our senses can no longer be fully trusted.

References:

https://edition.cnn.com/2024/09/18/tech/ai-voice-cloning-scam-warning/index.html

https://farmonaut.com/usa/wichita-alert-ai-voice-cloning-scams-on-the-rise-how-to-protect-your-personal-information/

https://www.wired.com/story/you-need-to-create-a-secret-passphrase-with-your-family

https://helpcenter.trendmicro.com/en-us/article/tmka-19303

NIST Announces the End of RSA and ECDSA

November 26, 2024November 26, 2024 / bugejajoseph / Leave a comment

In a significant shift for cyber security, NIST has announced the deprecation of RSA, ECDSA, and EdDSA encryption algorithms by 2030, with a full disallowance by 2035. This transition, outlined in the NIST IR 8547 document (currently in draft), is driven by the growing quantum threat and sets a clear timeline for organizations to update their cryptographic systems.

While there may be no cryptographically relevant quantum computers yet that currently threaten levels of security, these long-standing public-key algorithms remain vulnerable to Shor’s Algorithm on such future quantum systems. On the other hand, NIST-approved symmetric primitives providing at least 128 bits of security are unaffected by this change.

NIST has posted a transition schedule for post-quantum cryptography (PQC), outlining key milestones to help organizations adopt quantum-resistant algorithms. Three PQC standards to strengthen modern public-key cryptography infrastructure for the quantum era include ML-KEM, ML-DSA, and SLH-DSA.

The proposed timeline is expected to significantly influence the industry, with global attention now also on the European Union’s position on PQC, as many await its stance before proceeding with full-scale implementations.

To learn more, read the full NIST IR 8547 draft here.

Understanding Stream Ciphers with LFSRs

October 13, 2024October 13, 2024 / bugejajoseph / Leave a comment

Last week, I delivered a lecture at the University of Malta on stream ciphers, building on our previous session on pseudorandom number generation. We had previously covered PRNGs and CSPRNGs, providing the foundation for understanding secure encryption methods, leading to our discussion on Linear Feedback Shift Registers (LFSRs) and their role in stream ciphers.

LFSRs are simple yet powerful tools in cryptography. They generate sequences based on their current state and a feedback mechanism, making them useful in stream ciphers due to minimal hardware needs and long outputs. LFSRs consist of a series of flip-flops connected in a chain, with the output of some flip-flops XORed and fed back into the input. This feedback loop creates a pseudorandom sequence of bits, which can be used as a keystream for encryption.

Students explored how LFSRs create cryptographic bitstreams, essential for understanding more advanced systems. Below is a Python code snippet of a basic 4-bit LFSR, illustrating how its state evolves and new bits are generated through feedback.

state = 0b1001 for i in range(20): print("{:04b}".format(state)) newbit = (state ^ (state >> 1)) & 1 state = (state >> 1) | (newbit << 3)

Delving into the RSA Cryptosystem and Beyond

November 30, 2023 / bugejajoseph / Leave a comment

In my recent lectures (10 and 11) on Applied Cryptography, I delved into Public Key Cryptography (PKC) with a particular emphasis on the RSA cryptosystem. Initiating with an examination of fundamental number theory, I introduced essential components such as the Extended Euclidean Algorithm, Euler’s Totient Function, and Fermat’s Little Theorem. Utilizing the whiteboard, I also explained through simple examples the Miller-Rabin primality test and the Square and Multiply algorithm.

Building upon this foundation, I then delved into the RSA cryptosystem and why and how it works. In a practical application, I leveraged the Python’s PyCryptodome library to demonstrate RSA encryption, incorporating also the Optimal Asymmetric Encryption Padding (OAEP) for secure session key exchange with AES. Close to the end of lecture, I also harnessed the power of SageMath to delve into mathematical attacks on RSA.

In my upcoming lecture, I will introduce also Elliptic Curve Cryptography (ECC). ECC is an alternative to the RSA. It is based on a different trapdoor one-way function than RSA, and is used for digital signatures in cryptocurrencies, as well as one-way encryption of emails, data and software. While the RSA key generation involves the selection of two large prime numbers, ECC key generation essentially involves choosing a random elliptic curve over a finite field.

If you have a project or initiative you would like to collaborate on, or if there is a specific area where our expertise aligns, do not hesitate to get in touch.

My First Lecture at the University of Malta

September 27, 2023September 27, 2023 / bugejajoseph / Leave a comment

Snapshot of the title slide captured prior to the lesson.

I initiated the Applied Cryptography course at the University of Malta on Monday evening. As a cyber security professional and academic with a strong commitment to the field of information security, I am genuinely excited to be leading this specialized academic course this year.

Throughout the introductory lecture, I delved into the foundational concepts of cryptology, emphasizing its profound relevance within contemporary security applications. The pedagogical discourse traversed a diverse spectrum of topics, encompassing cryptographic mechanisms, the examination of classical substitution ciphers and their formal representations, a concise introduction to cryptanalysis, and more.

I am excited to be a part of this journey and look forward to the next lecture in this course on Monday!

The Evolution of Cybersecurity: NIST Cybersecurity Framework 2.0

August 20, 2023August 17, 2023 / bugejajoseph / Leave a comment

Photo by Tima Miroshnichenko on Pexels.com

The National Institute of Standards and Technology (NIST) reached a significant milestone on August 8, 2023, with the release of the draft for NIST Cybersecurity Framework (CSF) 2.0. This step marks a positive advancement since its inception in 2014. The CSF is a cornerstone in reducing cybersecurity risks, offering comprehensive guidance to organizations in comprehending, evaluating, prioritizing, and communicating these risks, along with actionable measures to mitigate them.

CSF 2.0 extends its influence, delivering invaluable cybersecurity insights to organizations of diverse sizes and industries. A pivotal change is evident in the revised title, which omits the term “Critical Infrastructure” (previously named “Framework for Improving Critical Infrastructure Cybersecurity”), highlighting its broader applicability.

At the core of CSF 2.0 lies an intensified emphasis on the indispensable role of governance in the realm of cybersecurity. Acknowledging its foundational significance, strong governance emerges as the bedrock of an effective cybersecurity program. By positioning governance as the cornerstone, the framework guides organizations in steering the other five functions—identify, protect, detect, respond, and recover—aligned with their mission and stakeholder expectations.

A compelling highlight of the draft pertains to the criticality of supply chain risk management. It underscores the imperative need for holistic risk management programs that address the vulnerabilities associated with suppliers. Additionally, a clarion call for proactive third-party risk monitoring resonates throughout the document, underscoring the importance of a vigilant stance.

In an era characterized by dynamic cyber threats, the adoption of advanced frameworks becomes an inescapable imperative. The integration of NIST CSF 2.0 into our strategic cybersecurity approach is paramount. Furthermore, forging alliances with industry leaders amplifies our collective efforts in fortifying our digital defenses against the ceaselessly evolving landscape of digital threats.

In conclusion, NIST Cybersecurity Framework 2.0 signifies a monumental stride towards bolstering our digital resilience. By embracing its principles and fostering collaborative partnerships, we equip ourselves to navigate the complex challenges posed by the digital age.

The Diamond Model of Intrusion Analysis

July 22, 2023July 18, 2023 / bugejajoseph / Leave a comment

In the world of cyber security, effectively processing data and turning it into actionable intelligence is crucial. While the Cyber Kill Chain® and the MITRE ATT&CK Framework are commonly used methodologies, there is perhaps a lesser-known alternative called the Diamond Model of Intrusion Analysis. Developed in 2013 by renowned cyber security professionals, Sergio Caltagirone, Andrew Pendergast, and Christopher Betz, this model is an indispensable resource for cyber security professionals. It offers a simple yet powerful way to analyze and document intrusion incidents.

The Diamond Model is composed of four features: adversary, infrastructure, capability, and victim. The adversary represents individuals, groups, or organizations that exploit vulnerabilities to achieve their goals. Capability encompasses the tools, techniques, and methods used by adversaries, while infrastructure refers to communication systems like IP addresses and domain names. Victims can be individuals, organizations, or specific assets such as target email addresses. In addition, it delineates supplementary meta-features that bolster higher-level constructs, while also incorporating measurement, testability, and repeatability to deliver a more encompassing scientific approach to analysis.

Despite its unassuming appearance, the Diamond Model possesses the ability to swiftly navigate intricate and multifaceted details. The dynamics of a threat actor exist in a perpetual state of flux, as attackers continuously modify their infrastructure and capabilities. Moreover, when integrated with the Cyber Kill Chain® and other frameworks, it contributes to the establishment of a comprehensive cyber security framework. This integration facilitates a deeper understanding of threats and strengthens incident response capabilities, empowering a more proactive defense posture.

An example of using the Diamond Model in practice is found here.

Essential Skills for Effective Threat Hunting

July 8, 2023July 5, 2023 / bugejajoseph / Leave a comment

In today’s cyber security landscape, where cyber threats continue to evolve in sophistication, organizations must adopt proactive approaches to safeguard their networks and sensitive data. Threat hunting, a human-driven and iterative process, has emerged as a crucial aspect of cyber security. This article aims to highlight the essential skill set required to become a successful threat hunter.

Threat hunting tends to operate under the assumption that adversaries have already breached an organization’s defenses and are hiding within the corporate network. Unlike traditional security measures that tend to rely solely on automated detection tools and known indicators of compromise (IoCs), threat hunting leverages human analytical capabilities to identify subtle signs of intrusion that automated systems may miss.

A successful threat hunter requires a diverse skill set to navigate the complexities of modern cyber threats effectively. Here are some essential skills for aspiring threat hunters:

Cyber threat intelligence. Understanding cyber threat intelligence is foundational for any threat hunter. It involves gathering, analyzing, and interpreting information about potential threats and threat actors. This knowledge provides valuable insights into advanced persistence threats, various malware types, and the motivations driving threat actors.
Cyber security frameworks. Familiarity with frameworks like the Cyber Kill Chain and ATT&CK is invaluable for threat hunters. The Cyber Kill Chain outlines the stages of a cyber attack, from initial reconnaissance to the exfiltration of data, helping hunters identify and disrupt attack vectors. ATT&CK provides a comprehensive knowledge base of adversary tactics and techniques, aiding in the understanding of attackers’ behavior and their methods.
Network architecture and forensics. A strong grasp of network architecture and forensic investigation is crucial for analyzing network activity, identifying anomalous behavior, and tracing the root cause of security incidents. Additionally, threat hunters must be comfortable working with extensive log data and extracting meaningful insights from them.
Coding and scripting. Proficiency in coding and scripting languages, such as Python, PowerShell, or Bash, can be highly beneficial for threat hunters. These skills allow them to automate repetitive tasks, conduct custom analysis, and develop tools to aid in their investigations.
Data science. Threat hunting often involves dealing with vast amounts of data. Data science skills enable hunters to develop algorithms, create statistical models, and perform behavioral analysis, significantly enhancing their ability to detect and respond to threats effectively.
Organizational systems. Each organization operates differently, and threat hunters need to be well-versed in their organization’s systems, tools, and incident response procedures. This knowledge allows them to discern deviations from normal activity, leading to quicker response times and more accurate threat assessments.
Collaboration and communication. Threat hunters often work in teams and collaborate with other cybersecurity professionals. Strong communication skills are essential for sharing findings, coordinating responses, and effectively conveying complex technical information to non-technical stakeholders.

Threat hunting is not a one-size-fits-all approach, but a personalized, data-driven, and iterative process tailored to an organization’s unique risk profile. Cultivating a skilled team and proactive culture bolsters defenses against dynamic cyber threats. Staying informed, collaborating, and embracing technology ensures success in securing organizations from advanced adversaries.

Joseph Bugeja

Security, Privacy, and Trust

cybersecurity