Ep. 24 Josh Lospinoso | Encryption and Backdoors Pt 1

podcast default

In this episode of the Cybrary Podcast, we sit down with Josh Lospinoso, the CSO of Shift5. Speaking with Mike Gruen, the CISO of Cybrary, and Jonathan Meyers, the Head of Infrastructure for Cybrary, they talk about a wide range of subjects including encryption and government backdoors.

Hosted by: Mike Gruen, Jonathan Meyers, Josh Lospinoso
Length: 43 minutes
Released on: June 24th, 2020
Listen to the Audio
Enjoyed this podcast?
Share it with friends now!

Mike Gruen, CISO of Cybrary and Jonathan Meyers, Head of Infrastructure of Cybrary, got the opportunity to interview Josh Lospinoso, CSO and co-founder of Shift5. Josh talks Mike and Jonathan through his experiences as a tech and a business leader.

At the very beginning of the interview, Josh shortly introduces himself. He graduated from Westpoint in 2009 with Jonathan and went to the UK to go to grad school. Later he spent eight years in the Army and co-founded Shift5 with Michael Weigand and James Correnti. Josh has a book out about C++. They talk about his C++ book, how he gets into C++ from Java, and his experiences as a writer. Josh also introduces Shift5, which offers products that defend planes, trains, and tanks from cyber attacks. Shift5’s product is similar to Wireshark but on CAN.

During the interview, Josh shares his thoughts about vehicle buses, and the data run on them and also how to protect that. Apropos of this, they talk about embedded computers, IoT, and traffic encryption. They continue their discussion by exchanging their views on backdoors, which Congress tried to put in law. Josh, Mike, and Jonathan agree that backdoors, required by law enforcement, not increase the security but decrease freedom and these backdoors can be used by malicious intents as well. They agree that there is no need for built-in backdoors, as governments can wiretap the criminals, read their mails, open locks, and safes without backdoors.

Josh is also talking about strong encryption, like TLS. The vulnerability of DNS also comes into question. The plain text DNS queries can be hijacked and intercepted. The solution would be encrypted DNS, DNS over HTTPS, like the DoH project on GitHub.

Mike talks about how cable companies did catch people who were stealing cable.