Following her keynote at ISC2 Security Congress, ISC2 Insights spoke to cybersecurity expert Alissa Knight about areas of cyber warfare including AI-originated attacks, API security and threats relating to exploiting machine-to machine interdependencies.
In Conversation with Alissa Knight
Alissa Knight is a globally recognized cybersecurity expert with more than 25 years of experience in offensive security, specializing in API penetration testing and vulnerability research. Her career began at the age of 17, when she was arrested for breaking into a government network. After the charges were dropped, Alissa was recruited by the U.S. intelligence community to work in cyber warfare, marking the start of a distinguished career encompassing national security and the private sector.
Knight is a serial entrepreneur having sold two cybersecurity startups in successful M&A transactions. Today, Knight is also an accomplished Hollywood director, and producer, specializing in cybercrime and techno-thriller television series and feature films.
In her ISC2 Security Congress keynote, Knight discussed issues including how the threat of machine-to-machine cyber warfare is not just a potential issue on the horizon, but one that is already occurring today. The speed and volume of machine-to-machine interactions and transactions is already well known in several sectors such as financial services, which has been making use of it for high-frequency trading for many years. It is therefore no surprise that the came capabilities are now being leveraged for cyberattacks and other criminal enterprises without any direct human input into the live attack.
“You have to remember that we as humans are very fallible. We make mistakes, that’s human nature. But AI doesn't sleep. It doesn't take breaks. It doesn't stop. It's just going to continue to try and break in on a 24/7 clock,” Knight said.
“I'm a big believer that the best defense is having the best offense. And so having an agentic AI break into your network, identify the vulnerabilities, exploit them and then show you how it did it [is essential] so you can fix it.”
Knight believes that cybersecurity professionals will need to take on the role of operators and supervisors, while AI does more of the heavy lifting to defending systems and data.
