On episode 272 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a variety of pressing cybersecurity topics. These include the responsibilities of CISOs in avoiding legal repercussions following data breaches, highlighted by the case of Uber’s former CISO, Joe Sullivan. The hosts also delve into the impact of the recent U.S. Supreme Court decision overturning the Chevron deference doctrine on cybersecurity regulations, the risk of dynamic loading of JavaScript libraries, and the wide-reaching implications of the OpenSSH regression vulnerability. Throughout, practical advice and insightful commentary are provided on maintaining security in an ever-evolving threat landscape.

00:00 Introduction and Episode Overview
01:08 CISO’s Guide to Avoiding Jail After a Breach
03:29 Challenges and Complexities of the CISO Role
13:35 US Supreme Court Ruling and Its Impact on Cyber Regulation
20:51 Polyfill.io Issue: A Modern Supply Chain Attack?
28:54 Understanding Polyfill Confusion and Risks
29:23 Maintaining Open Source Software Health
30:04 The Need for Open Source Health Ratings
30:41 Challenges with Third-Party Code and Security
34:08 Vendor Questionnaires and False Urgency
39:50 The Regression Vulnerability in OpenSSH
41:18 Cloud Security Best Practices
48:29 Final Thoughts and Recommendations
49:52 Conclusion and Farewell