cybersecurity

The Critical Domain of LLM Cybersecurity

/ bugejajoseph / Leave a comment

Organizations worldwide are adopting Large Language Models (LLMs) at an accelerated pace, confronting unprecedented security challenges. These sophisticated systems introduce fundamental vulnerabilities that circumvent conventional security architectures — notably the inability to isolate control and data planes, their non-deterministic outputs, and susceptibility to hallucinations. According to the OWASP’s LLM AI Cybersecurity & Governance Checklist, these characteristics substantially transform an organization’s threat landscape beyond traditional parameters.

Establishing robust LLM defense frameworks requires a comprehensive security approach. The OWASP checklist outlines specific defensive measures for LLM implementation including “resilience-first” approaches that emphasize threat modeling, AI asset inventory, and specialized security training. It recommends AI red team exercises to identify vulnerabilities before exploitation and warns organizations about “Shadow AI”— the risk of employees using unapproved AI tools that bypass standard security protocols.

With the EU AI Act and evolving regulatory frameworks, compliance requirements for AI systems are becoming increasingly rigorous. Organizations that methodically integrate LLM security protocols with established frameworks such as MITRE ATT&CK and MITRE ATLAS gain strategic advantages in identifying, evaluating, and mitigating AI-specific threats while leveraging these technologies’ transformative potential. The strategic imperative is establishing comprehensive security protocols before adversaries exploit existing vulnerabilities.

Read more: “OWASP Top 10 for LLM Applications Cybersecurity & Governance Checklist

5 Key Metrics to Enhance Cybersecurity Posture

/ bugejajoseph / Leave a comment

In cybersecurity, the right metrics help assess and improve an organization’s security posture. These five are especially effective at distinguishing strong programs from those at risk:

  1. Mean Time to Respond/Recover (MTTR). Speed matters. Top teams reduce MTTR through automation and regular incident response drills. The faster a threat is contained, the less damage it causes.
  2. Vulnerability Resolution Rate. The question is not how many vulnerabilities you fix — it is whether you are addressing the right ones. Smart security leaders prioritize based on business impact, not just severity scores.
  3. Security Awareness Engagement. When security becomes part of your culture, the metrics shift from “completion rates” to active participation. I have seen organizations transform their security posture when they started tracking how often employees report suspicious activities rather than just training attendance.
  4. Phishing Resilience. The most revealing metric is not your click rate — it is how that rate changes as your simulations become increasingly sophisticated. Organizations making real progress show declining click rates even as attacks grow more convincing.
  5. Patch Management Efficiency. Strong teams balance rapid patching with system stability, achieving high compliance without disrupting operations.

These metrics offer a clearer lens into actual security posture. What key indicators are driving your strategic decisions, and what innovative methods are you using to measure what truly safeguards your organization? I would love to hear your experiences.

Digital Deception: The Rise of AI Voice Cloning Scams

/ bugejajoseph / Leave a comment

Advancements in AI have revolutionized various sectors, but they have also introduced sophisticated tools for scammers. One alarming development is AI voice cloning, where fraudsters replicate voices using minimal audio samples, often sourced from social media. This capability empowers scammers to impersonate trusted contacts, such as family members, and fabricate urgent, emotionally charged scenarios to solicit funds or sensitive personal information.

The efficacy of these scams is deeply rooted in the exploitation of what might be termed an ‘uncanny valley of auditory trust.’ The synthesized voice, while superficially convincing and capable of triggering emotional recognition, may contain subtle inconsistencies perceptible only upon meticulous scrutiny. However, when individuals are subjected to heightened emotional distress — a state often deliberately induced by the scammer — their cognitive defenses are compromised, rendering them more susceptible to manipulation. This interplay of near-perfect replication and emotional vulnerability creates a potent vector for deception, underscoring the insidious nature of AI-enabled fraud.

To protect yourself from such scams, consider the following strategies:

  • Establish Verification Methods: Create a family code word or question known only to close members to verify identities during unexpected calls.
  • Exercise Caution: Be skeptical of unsolicited requests for money or sensitive information, even if they seem to come from trusted sources.
  • Limit Personal Information Sharing: Be mindful of the content you share publicly online, as scammers can use this information for impersonation.

As AI continues to advance, I find myself reflecting on the importance of strengthening genuine human connections — recognizing the unique nuances of communication that only humans share — as one of our strongest defenses against AI-driven deception. Research suggests that humans still possess an intuitive ability to sense when something is “off” in AI-generated content, even if they cannot consciously pinpoint the issue. This “digital intuition” may become an increasingly valuable skill, highlighting that our most effective defense may not only lie in technological safeguards but also in cultivating digital discernment through awareness and practice, especially in an age when our senses can no longer be fully trusted.

References:

https://edition.cnn.com/2024/09/18/tech/ai-voice-cloning-scam-warning/index.html

https://farmonaut.com/usa/wichita-alert-ai-voice-cloning-scams-on-the-rise-how-to-protect-your-personal-information/

https://www.wired.com/story/you-need-to-create-a-secret-passphrase-with-your-family

https://helpcenter.trendmicro.com/en-us/article/tmka-19303

The Modern Security Engineer’s Toolkit

/ bugejajoseph / Leave a comment

Traditional security teams were once seen as roadblocks – the infamous “department of no.” Today, we embrace the “shift left” philosophy, embedding security early in the development process. This represents a fundamental mindset shift: security is not an afterthought, but an integral part of the entire development lifecycle. By shifting security upstream, we detect vulnerabilities earlier, reduce costs, and build more resilient systems from the ground up.

In my journey from conducting manual security reviews to orchestrating automated security pipelines, I have seen this evolution firsthand. The most effective security engineers today do not just identify vulnerabilities — they collaborate with development teams to integrate security into the foundation of every project, fostering a culture of continuous improvement.

The Modern Security Engineer’s Toolkit

Success in today’s security landscape requires a strategic blend of skills and tools:

  • Cloud & Infrastructure Security: A deep understanding of cloud security across major platforms (AWS, Azure, GCP) is essential, along with expertise in securing containerized environments (e.g., Kubernetes, Docker). This is more than just checking boxes; it is about architecting secure, scalable systems that can adapt to the dynamic nature of cloud-native environments. Infrastructure as Code (IaC) tools like Terraform have also become integral in automating cloud infrastructure deployment while ensuring consistency and security. By defining infrastructure using code, teams can apply security best practices directly in the deployment process and version control, reducing human error, and increasing the security of cloud environments.
  • Automation & Integration: Security must be seamlessly integrated into CI/CD pipelines. Manual processes are no longer scalable in rapid development cycles. Leveraging IaC tools to automate secure cloud infrastructure provisioning is a key part of this, ensuring consistency and security throughout the infrastructure lifecycle. Beyond infrastructure, automating tasks such as vulnerability scanning (e.g., using tools like Snyk), compliance checks, and threat intelligence feeds within the CI/CD pipeline vastly improves security posture. For example, automated container scanning can detect vulnerabilities early, reducing production risks. This comprehensive approach to automation, from infrastructure deployment to application release, strengthens security at every stage.
  • Incident Response: When incidents occur, calm precision is essential. Modern security engineers do not just react to threats; they build proactive, automated systems for swift detection, response, and recovery. Technologies like SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms streamline incident response, enabling faster mitigation and reduced impact. Furthermore, AI-powered threat detection and machine learning are transforming how we identify and respond to attacks, helping to detect anomalies, predict potential threats, and automate responses at scale.

Beyond Technical Excellence

While technical skills are crucial, soft skills can make you stand out as an exceptional security engineer. I have observed brilliant engineers struggle to effectively communicate with stakeholders, which can hinder progress. The ability to translate complex technical security concepts into business value is invaluable — especially when working with non-technical teams or executives.

Charting Your Path

For those looking to thrive in security engineering:

  1. Master the fundamentals of cloud-native security, including securing microservices, containerized workloads, and multi-cloud environments.
  2. Develop a strong automation mindset, seeking ways to integrate security into every step of the development process.
  3. Cultivate strong communication skills to bridge the gap between technical and business teams.
  4. Engage with the security community to stay on top of the latest threats, tools, and best practices.
  5. Pursue hands-on projects to test and refine your skills, whether through internships, personal projects, or contributing to open-source security initiatives.

Looking Forward

The security landscape is continuously evolving, with concepts like zero-trust architectures, supply chain security, and AI-powered threat detection reshaping our approach. While the technologies will evolve, the core principle remains the same: security is a journey of continuous adaptation and learning.

Feel free to connect with me if you would like to share your experiences or insights. Our field thrives on collaboration and the exchange of knowledge.

NIST Announces the End of RSA and ECDSA

/ bugejajoseph / Leave a comment

In a significant shift for cyber security, NIST has announced the deprecation of RSA, ECDSA, and EdDSA encryption algorithms by 2030, with a full disallowance by 2035. This transition, outlined in the NIST IR 8547 document (currently in draft), is driven by the growing quantum threat and sets a clear timeline for organizations to update their cryptographic systems.

While there may be no cryptographically relevant quantum computers yet that currently threaten levels of security, these long-standing public-key algorithms remain vulnerable to Shor’s Algorithm on such future quantum systems. On the other hand, NIST-approved symmetric primitives providing at least 128 bits of security are unaffected by this change.

NIST has posted a transition schedule for post-quantum cryptography (PQC), outlining key milestones to help organizations adopt quantum-resistant algorithms. Three PQC standards to strengthen modern public-key cryptography infrastructure for the quantum era include ML-KEM, ML-DSA, and SLH-DSA.

The proposed timeline is expected to significantly influence the industry, with global attention now also on the European Union’s position on PQC, as many await its stance before proceeding with full-scale implementations.

To learn more, read the full NIST IR 8547 draft here.

Security Framework for Modern Enterprises

/ bugejajoseph / Leave a comment

Companies need a security framework that can defend against threats on multiple fronts. The framework I lay out below offers a structured strategy for protecting critical assets through five core security domains.

  • Edge Security and Access Management: At the front line, securing access is key. This includes robust authentication methods like: Zero Trust, Mobile Device Management (MDM), and Endpoint Detection and Response (EDR).
  • Network and Infrastructure Security: Building on the Edge Security and Access Management layer, this layer strengthens the perimeter with advanced tools such as Next-Gen Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), and Secure SD-WAN. These defenses keep both on-premises and cloud networks secure.
  • Data Security and Privacy: At the heart of the framework, data protection focuses on encryption, Data Rights Management (DRM), and strong backup protocols — essential for compliance and mitigating data breaches.
  • Cloud and Infrastructure Security: Modern infrastructure demands cloud-native security solutions like Cloud Security Posture Management (CSPM) and container security. Integrating DevSecOps practices ensures that security is embedded in the development pipeline.
  • Security Operations and Response: This layer unifies all defenses through advanced threat detection, incident response, and governance. SIEM/SOAR platforms and incident response playbooks empower organizations to act fast in the face of security incidents and maintain compliance.

This cohesive approach highlights the importance of each layer working together to provide a strong, adaptive security strategy for modern enterprises.

Understanding Stream Ciphers with LFSRs

/ bugejajoseph / Leave a comment

Last week, I delivered a lecture at the University of Malta on stream ciphers, building on our previous session on pseudorandom number generation. We had previously covered PRNGs and CSPRNGs, providing the foundation for understanding secure encryption methods, leading to our discussion on Linear Feedback Shift Registers (LFSRs) and their role in stream ciphers.

LFSRs are simple yet powerful tools in cryptography. They generate sequences based on their current state and a feedback mechanism, making them useful in stream ciphers due to minimal hardware needs and long outputs. LFSRs consist of a series of flip-flops connected in a chain, with the output of some flip-flops XORed and fed back into the input. This feedback loop creates a pseudorandom sequence of bits, which can be used as a keystream for encryption.

Students explored how LFSRs create cryptographic bitstreams, essential for understanding more advanced systems. Below is a Python code snippet of a basic 4-bit LFSR, illustrating how its state evolves and new bits are generated through feedback.

state = 0b1001
for i in range(20):
print("{:04b}".format(state))
newbit = (state ^ (state >> 1)) & 1
state = (state >> 1) | (newbit << 3)

Cybersecurity Compliance Frameworks

/ bugejajoseph / Leave a comment
Photo by Markus Winkler on Pexels.com

Cybersecurity is a top priority for businesses of all sizes. Cybersecurity compliance frameworks offer a structured approach to managing cybersecurity risks, improving overall security posture, and potentially meeting regulatory requirements.

Here is a summary of some of the most popular frameworks:

  • NIST Cybersecurity Framework (CSF): Developed by the National Institute of Standards and Technology (NIST), the NIST CSF is a voluntary framework that emphasizes six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. It provides a flexible and customizable approach that can be adapted to any organization’s specific needs. (https://www.nist.gov/cyberframework)
  • PCI DSS (Payment Card Industry Data Security Standard): This mandatory framework is enforced by the PCI Security Standards Council (PCI SSC) and applies to any organization that processes, stores or transmits cardholder data. It comprises a set of 12 core requirements, which are organized into six key control objectives. (https://www.pcisecuritystandards.org/)
  • HITRUST CSF (Health Information Trust Alliance Common Security Framework): Built on the NIST CSF foundation, HITRUST CSF specifically addresses the security needs of the healthcare industry. However, its applicability extends beyond healthcare. It incorporates HIPAA (Health Insurance Portability and Accountability Act) compliance requirements, making it a valuable tool for healthcare organizations. (https://hitrustalliance.net/hitrust-framework)
  • CIS Critical Security Controls (CIS Controls): Developed by the Center for Internet Security (CIS), CIS Controls are a prioritized set of actionable recommendations that address the most common cyber threats. Implementing these controls can significantly reduce risk and improve an organization’s overall security posture. (https://www.cisecurity.org/)
  • COBIT (Control Objectives for Information and Related Technology): This framework, developed by ISACA (Information Systems Audit and Control Association), focuses on aligning IT governance with business objectives. It provides a comprehensive framework for managing IT processes, ensuring alignment with strategic goals. (https://www.isaca.org/resources/cobit)
  • ISO 27001 (International Organization for Standardization): ISO 27001 is an internationally recognized standard that outlines the requirements for an Information Security Management System (ISMS). ISMS is a risk-based approach to managing an organization’s information security. Achieving ISO 27001 certification demonstrates that an organization has implemented best practices for information security and that its information assets are protected. (https://www.iso.org/standard/27001)

The best framework for your organization depends on several factors, including your industry, size, regulatory requirements, and security goals. Some organizations may benefit from implementing a single framework, while others may need to adopt a combination of frameworks to address their specific needs. By understanding and implementing a relevant cybersecurity compliance framework, your organization can significantly improve its security posture, reduce the risk of cyberattacks, and potentially achieve regulatory compliance.

Safeguarding the Future: My IoT Security Lecture at Lund University

/ bugejajoseph / Leave a comment

Last Thursday, I had the honor of delivering an online lecture at Lund University, focusing on IoT security. The lecture addressed the core threats targeting IoT systems and the essential security measures to protect these devices from potential harm. In an increasingly interconnected world, the critical role of IoT security cannot be overstated.

As we continue to witness the exponential growth of IoT devices, it is crucial to prioritize security measures. The potential consequences of a security breach can be catastrophic, and we must remain vigilant in safeguarding our digital assets.

It is always a pleasure to share my expertise and insights on cybersecurity and IoT to guide the next-generation. I appreciate the opportunity and eagerly await what the future has in store.

My First Lecture at the University of Malta

/ bugejajoseph / Leave a comment
Snapshot of the title slide captured prior to the lesson.

I initiated the Applied Cryptography course at the University of Malta on Monday evening. As a cyber security professional and academic with a strong commitment to the field of information security, I am genuinely excited to be leading this specialized academic course this year.

Throughout the introductory lecture, I delved into the foundational concepts of cryptology, emphasizing its profound relevance within contemporary security applications. The pedagogical discourse traversed a diverse spectrum of topics, encompassing cryptographic mechanisms, the examination of classical substitution ciphers and their formal representations, a concise introduction to cryptanalysis, and more.

I am excited to be a part of this journey and look forward to the next lecture in this course on Monday!