"Third parties are a common entry point for cyber attacks. This is something you really want to make sure you have under control."

Notable Moments

[00:01:15] Third-party due diligence and security reviews.

[00:03:25] How regulatory requirements like HIPAA, PCI DSS, GDPR shape due diligence.

[00:05:28] Ongoing monitoring and review expectations.

[00:06:19] Physical access risks: background checks for on-site vendor personnel.

[00:07:44] Company's responsibility to vet vendors, especially as AI evolves.

[00:09:42] What documentation to request and how to evaluate red flags.

[00:12:27] Common red flags: incomplete training, high-severity pen-test findings, litigation.

[00:17:07] Dawn-Marie's "core four" steps for starting a third-party review program.

In this episode Dawn-Marie Dalsass, Compliance and Risk Management Director at Redox, discusses the truth behind third-party security. Our conversation exposes the hidden gaps organizations overlook and the simple first steps that make all the difference. Take a listen to hear common red flags, documentation to request, review frequency, financial and operational considerations, and the surprising basics every organization should verify before engaging a vendor.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Cybersecurity is a shared responsibility. One organization's defense can strengthen an entire community."

Notable Moments

00:01:00 – What an ISAC is and how it began

00:02:40 – How Health ISAC has grown globally

00:04:44 – Top threats facing healthcare today

00:09:25 – AI's role in both defense and attacks

00:13:45 – Impact of the Cybersecurity Information Sharing Act

00:18:03 – Why information sharing builds community trust

00:19:28 – Government collaboration challenges

00:23:49 – Final proactive cybersecurity advice

Errol Weiss, Chief Security Officer of Health ISAC, joins Jody Mayberry and Megan McCloud to explore how collaboration fuels cybersecurity resilience in healthcare. They discuss evolving threats like ransomware and AI-driven attacks, the importance of information-sharing networks, and how global cooperation keeps patient data safe.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"We're not trying to avoid AI because of the scary security issues; we're trying to deploy it securely so we can unlock its true potential."

Notable Moments

01:09 – Rene Brandel on why he began hacking Y Combinator AI agents to find security gaps.

02:30 – How quickly AI systems can be breached without strong security oversight.

03:51 – The risk of cross-user data access and violating HIPAA's minimum necessary standard.

07:05 – Understanding permissions creep and why AI agents should be treated like individual users.

10:23 – How malicious actors can use code execution capabilities to manipulate AI systems.

13:44 – Sandboxing AI agents and why "don't roll your own security" is the new rule.

15:23 – Three areas of AI procurement to prioritize: authentication, capabilities, and integration.

18:11 – Why traditional pen tests miss AI-specific threats and the need for continuous testing.

21:21 – Meghan reflects on the speed of AI advancement and the importance of security champions.

Rene Brandel, CEO of Casco and a Y Combinator founder, shares his team's findings after testing AI agents from leading startups. He reveals how quickly AI systems can be exploited through prompt injection, permissions creep, and code execution flaws. Our conversation explores why healthcare must treat AI as a regulated entity, not a novelty. The episode dives into sandboxing solutions, authentication strategies, and how to build a new generation of AI security champions.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"There aren't that many things that really are impossible. We just have to set aside boundaries and figure out how to make them real."

Episode Highlights

[02:53] Bob on managing creativity and building environments where big ideas thrive

[05:27] Disney embedding safety and security into their culture

[10:20] Brainstorming approach for tackling "impossible" challenges

[17:03] Balancing creativity and connection in remote work

[28:25] Cross-disciplinary collaboration sparking new ideas

[31:09] Tackling massive projects with limited resources

[46:48] Internal marketing to gain buy-in for creative and security initiatives

[50:00] Building a culture of information security

Former Walt Disney Imagineering President Bob Weis joins Jody, Meghan, and Matt to explore the surprising parallels between Imagineering and healthcare security. They discuss building a culture of safety, leveraging creativity through charrettes, sparking innovation in remote teams, and gaining buy-in for security as a shared responsibility.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"If we can scale AI for better use, it can make the world a better place rather than just your daily personal life."

Notable Moments:

[01:27] Marina explains her AI project with indigenous communities in New Zealand

[03:26] Researching AI responses in abortion counseling

[07:43] Ten weeks in Namibia studying environmental science and conservation

[10:46] Using machine learning to study tree pod dynamics and herbivore consumption

[12:24] Expanding AI research into plant growth and climate variability

[13:25] Marina's perspective on scaling AI to make the world better

In this bonus episode, Jody and Meghan talk with Redox intern Marina Frayre about her innovative work at the intersection of AI, healthcare, and environmental science. From empowering indigenous communities in New Zealand to studying conservation in Namibia, Marina shares how AI can both protect ecosystems and influence patient care. She emphasizes the importance of cultural respect, accuracy, and using technology to create meaningful global impact.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"DEF CON is one of those places where you walk in expecting to learn one thing and walk out realizing the possibilities are far greater than you imagined."

Notable Moments

[02:24] – Trevor explains what DEF CON is and why it's unique.

[04:36] – The rise of inclusivity and community groups like WISP and Diana Initiative.

[06:55] – Villages and Capture the Flag competitions explained.

[09:22] – A boat inside the Maritime Hacking Village surprises attendees.

[10:32] – The AI Cyber Challenge: DARPA and ARPA-H host a $4M competition.

[15:23] – Kubernetes workshops bring practical, take-home lessons.

[15:48] – Attacking AI image classifiers sparks conversations about healthcare.

[21:36] – Matt shares why exposure to diverse ideas at DEF CON benefits the Redox team.

Trevor Wilson, Staff Security Engineer at Redox, shares his experiences at DEF CON 2025. Trevor highlights the inclusive community, hands-on villages, and thought-provoking workshops. From hacking drones and boats to exploring vulnerabilities in AI models used in healthcare, the discussion reveals how DEF CON inspires curiosity and broadens security perspectives.

Episode Resources

https://aicyberchallenge.com/ - Main Site

https://archive.aicyberchallenge.com/ - Open Source Repos

https://defcon.org/

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Hospitals don't just store data. They safeguard stories, care plans, and lives. When ransomware hits, it's not just a system crash, it's a trust collapse."

Notable Moments

• 00:01:10 – What ransomware is and how it's evolved
• 00:04:15 – How the Colonial Pipeline and Vegas attacks sparked Jeffrey's interest
• 00:07:10 – Why healthcare is a prime target
• 00:10:00 – How Jeffrey built a ransomware database of 800+ healthcare entities
• 00:16:00 – Rise of ransomware-as-a-service (RaaS) and competition between threat actors
• 00:20:20 – Most targeted entities: hospitals, clinics, specialized care
• 00:24:20 – Real-life consequences: delays in patient care, increased mortality risk
• 00:28:00 – The looming threat of AI-trained malicious models

In this episode, Jody, Meghan, and Matt are joined by security researcher Jeffrey Bell to discuss the ways ransomware is increasingly crippling hospitals. They explore how healthcare has become one of the most targeted industries, why ransomware is shifting from encryption to data exfiltration, and how threat actors now operate like businesses complete with affiliate models, revenue sharing, and even training. Jeffrey shares how he built a comprehensive subcategorized database of healthcare-related ransomware attacks and offers insight into why specialized care and hospitals are becoming prime targets. The group discusses real-world consequences, from system shutdowns to patient deaths, and emphasizes the need for proactive community defense and cross-sector collaboration.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Security isn't proprietary. Sharing what works makes us all safer."

Notable Moments

01:29 – Rise in ransomware and the case for collaboration

03:41 – Why reinvention puts you at risk

05:12 – The danger of building relationships mid-crisis

08:10 – Balancing information sharing and confidentiality

09:26 – How groups like HISAC facilitate secure collaboration

12:24 – Learning from incidents you haven't experienced

18:06 – Building networks at all levels, not just CISOs

21:46 – Advice for making the first outreach

23:31 – Using your current network to grow your reach

With healthcare breaches escalating, the team explores why proactive collaboration among CISOs and security teams is essential. Matt Mock highlights the benefits of forming external relationships before incidents occur, from faster responses to shared resources. Meghan McLeod emphasizes that security collaboration isn't limited to leaders—any team member can contribute through platforms like HISAC or direct outreach. The episode outlines tactical strategies to prioritize relationship-building and shares the value of structured, ongoing communication across the healthcare security space.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

Meghan McLeod mmcleod@redoxengine.com