The Shifting Privacy Left Podcast

This week, I welcome Jared Coseglia, co-founder and CEO at TRU Staffing Partners, a contract staffing & executive placement search firm that represents talent across 3 core industry verticals: data privacy, eDiscovery, & cybersecurity. We discuss the current and future state of the contracting market for privacy engineering rols and the market drivers that affect hiring. You’ll learn about the hiring trends and the allure of 'part-time impact,' 'part-time perpetual,' and 'secondee' contract work. Jared illustrates the challenges that hiring managers face with a 'Do-it-Yourself' staffing process; and he shares his predictions about the job market for privacy engineers over the next 2 years. Jared comes to the conversation with a lot of data that supports his predictions and sage advice for privacy engineering hiring managers and job seekers. Topics Covered: Resources Mentioned: "State of the Privacy Job Market Q3 2023”TRU Insights Guest Info: LinkedInTRU Staffing PartnersTRU Staffing Data Privacy Staffing solutionsOpen Privacy Positions Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guests are Mathew Mytka and Alja Isakovoić, Co-Founders of Tethix, a company that builds products that embed ethics into the fabric of your organization. We discuss Matt and Alja’s core mission to bring ethical tech to the world, and Tethix’s services that work with your Agile development processes. You’ll learn about Tethix’s solution to address 'The Intent to Action Gap,' and what Elemental Ethics can provide organizations beyond other ethics frameworks. We discuss ways to become a proactive Responsible Firekeeper, rather than remaining a reactive Firefighter, and how ETHOS, Tethix's suite of apps can help organizations embody and embed ethics into everyday practice. TOPICS COVERED: RESOURCES MENTIONED: "Day in the Life of a Responsible Firekeeper"ResponsibleTech.Work FrameworkPathfinders NewmoonsletterGUEST INFO: LinkedInLinkedInTethix’s Website Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Isabel Barberá, Co-founder, AI Advisor, and Privacy Engineer at Rhite , a consulting firm specializing in responsible and trustworthy AI and privacy engineering, and creator of The Privacy Library Of Threats 4 Artificial Intelligence Framework and card game. In our conversation, we discuss: Isabel’s work with privacy-by-design, privacy engineering, privacy threat modeling, and building trustworthy AI; and info about Rhite’s forthcoming Self-Assessment Open-Source framework for AI maturity, SARAI®. As we wrap up the episode, Isabel shares details about PLOT4ai, her AI threat modeling framework and card game created based on a library of threats for artificial intelligence. Topics Covered: Resources Mentioned: Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai)PLOT4ai's Github Threat Repository"Threat Modeling Generative AI Systems with PLOT4ai”Self-Assessment for Responsible AI (SARAI®)LINDDUN Privacy Threat Model Framework"S2E19: Privacy Threat Modeling - Mitigating Privacy Threats in Software with Kim Wuyts (KU Leuven)”"Data Privacy: a runbook for engineers"Guest Info: Isabel's LinkedIn ProfileRhite’s Website Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, I sat down with Vaibhav Antil ('Vee'), Co-founder & CEO at Privado, a privacy tech platform that's leverages privacy code scanning & data mapping to bridge the privacy engineering gap. Vee shares his personal journey into privacy, where he started out in Product Management and saw need for privacy automation in DevOps. We discuss obstacles created by the rapid pace of engineering teams and a lack of a shared vocabulary with Legal / GRC. You'll learn how code scanning enables privacy teams to move swiftly and avoid blocking engineering. We then discuss the future of privacy engineering, its growth trends, and the need for cross-team collaboration. We highlight the importance of making privacy-by-design programmatic and discuss ways to scale up privacy reviews without stifling product innovation. Topics Covered: Privado Resources Mentioned: "Technical Privacy Masterclass" (led by Nishant Bhajaria)Introduction to Privacy Code ScanningCode Scanning Approach to Data MappingPrivado's Privacy Engineering CommunityPlay Store Data Safety Report BuilderGuest Info: LinkedInPrivado's website Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Rebecca Balebako, Founder and Principal Consultant at Balebako Privacy Engineer, where she enables data-driven organizations to build the privacy features that their customers love. In our conversation, we discuss all things privacy red teaming, including: how to disambiguate adversarial privacy tests from other software development tests; the importance of privacy-by-infrastructure; why privacy maturity influences the benefits received from investing in privacy red teaming; and why any database that identifies vulnerable populations should consider adversarial privacy as a form of protection. We also discuss the 23andMe security incident that took place in October 2023 and affected over 1 mil Ashkenazi Jews (a genealogical ethnic group). Rebecca brings to light how Privacy Red Teaming and privacy threat modeling may have prevented this incident. As we wrap up the episode, Rebecca gives her advice to Engineering Managers looking to set up a Privacy Red Team and shares key resources. Topics Covered: Resources Mentioned: "S1E7: Privacy Engineers: The Next Generation" with Lorrie Cranor (CMU)Red Teaming ResourcesGuest Info: LinkedInBalebako Privacy Engineer's website Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Steve Hickman, the founder of Epistimis, a privacy-first process design tooling startup that evaluate rules and enables the fixing of privacy issues before they ever take effect. In our conversation, we discuss: why the biggest impediment to protecting and respecting privacy within organizations is the lack of a common language; why we need a common Privacy Ontology in addition to a Privacy Taxonomy; Epistimis' ontological approach and how it leverages semantic modeling for privacy rules checking; and, examples of how Epistimis Privacy Design Process tooling complements privacy tech solutions on the market, not compete with them. Topics Covered: Resources Mentioned: Data is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive DataGuest Info: LinkedInEmailEpistimis Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week's guest is Shashank Tiwari, a seasoned engineer and product leader who started with algorithmic systems of Wall Street before becoming Co-founder & CEO of Uno.ai, a pathbreaking autonomous security company. He started with algorithmic systems on Wall Street and then transitioned to building Silicon Valley startups, including previous stints at Nutanix, Elementum, Medallia, & StackRox. In this conversation, we discuss ML/AI, large language models (LLMs), temporal knowledge graphs, causal discovery inference models, and the Generative AI design & architectural choices that affect privacy. Topics Covered: Resources Mentioned: S2E29: Synthetic Data in AI: Challenges, Techniques & Use Cases with Andrew Clark and Sid Mangalik (Monitaur.ai)Guest Info: LinkedInUno.ai Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week I welcome Dr. Andrew Clark, Co-founder & CTO of Monitaur, a trusted domain expert on the topic of machine learning, auditing and assurance; and Sid Mangalik, Research Scientist at Monitaur and PhD student at Stony Brook University. I discovered Andrew and Sid's new podcast show, The AI Fundamentalists Podcast. I very much enjoyed their lively episode on Synthetic Data & AI, and am delighted to introduce them to my audience of privacy engineers. In our conversation, we explore why data scientists must stress test their model validations, especially for consequential systems that affect human safety and reliability. In fact, we have much to learn from the aerospace engineering field who has been using ML/AI since the 1960s. We discuss the best and worst use cases for using synthetic data'; problems with LLM-generated synthetic data; what can go wrong when your AI models lack diversity; how to build fair, performant systems; & synthetic data techniques for use with AI. Topics Covered: Resources Mentioned: PodchaserThe AI Fundamentalists PodcastMonitaurGuest Info: Andrew on LinkedInSid on LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, I welcome Jutta Williams, Head of Privacy & Assurance at Reddit, Co-founder of Humane Intelligence and BiasBounty.ai, Privacy & Responsible AI Evangelist, and Startup Board Advisor. With a long history of accomplishments in privacy engineering, Jutta has a unique perspective on the growing field. In our conversation, we discuss her transition from security engineering to privacy engineering; how privacy cultures differ across social media companies where she's worked: Google, Facebook, Twitter, and now Reddit; the overlap of the privacy engineering & responsible AI; how her non-profit, Humane Intelligence, supports AI model owners; her experience launching the largest Generative AI Red Teaming challenge ever at DEF CON; and, how a curious knowledge-enhancing approach to privacy will create engagement and allow for fun. Topics Covered: Resources Mentioned: DEF CON Generative Red Team ChallengeHumane IntelligenceBias Buccaneers Challenge Guest Info: LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

Today, I welcome Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent). Simone is a Professor of Computer Science at Karlstad University with over 30 years of privacy & security research experience. Victor is a post-doc researcher at Chalmers University's Security & Privacy Lab, focusing on privacy, data protection, and technology ethics. Together, they share their privacy decision-making classification scheme and research across two dimensions: (1) the type of privacy decisions: privacy permissions, privacy preference settings, consent to processing, or rejection to processing; and (2) the level of decision automation: manual, semi-automated, or fully-automated. Each type of privacy decision plays a critical role in users' ability to control the disclosure and processing of their personal data. They emphasize the significance of tailored recommendations to help users make informed decisions and discuss the potential of on-the-fly privacy decisions. We wrap up with organizations' approaches to achieving usable and transparent privacy across various technologies, including web, mobile, and IoT. Topics Covered: Resources Mentioned: "Automating Privacy Decisions – where to draw the line?"CyberSecIT"Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms"Consent O Matic Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, I welcome philosopher, author, & AI ethics expert, Reid Blackman, Ph.D., to discuss Ethical AI. Reid authored the book, "Ethical Machines," and is the CEO & Founder of Virtue Consultants, a digital ethical risk consultancy. His extensive background in philosophy & ethics, coupled with his engagement with orgs like AWS, U.S. Bank, the FBI, & NASA, offers a unique perspective on the challenges & misconceptions surrounding AI ethics. In our conversation, we discuss 'passive privacy' & 'active privacy' and the need for individuals to exercise control over their data. Reid explains how the quest to train data for ML/AI can lead to privacy violations, particularly for BigTech companies. We touch on many concepts in the AI space including: automated decision making vs. keeping "humans in the loop;" combating AI ethics fatigue; and advice for technical staff involved in AI product development. Reid stresses the importance of protecting privacy, educating users, & deciding whether to utilize external APIs or on-prem servers. We end by highlighting his HBR article - "Generative AI-xiety" - and discuss the 4 primary areas of ethical concern for LLMs: Topics Covered: Resources Mentioned: Ethical MachinesEthical MachinesGuest Info: LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, we're chatting with Engin Bozdag, Senior Staff Privacy Architect at Uber, and Stefano Bennati, Privacy Engineer at HERE Technologies. Today, we explore their recent IWPE'23 talk, "Can Location Data Truly be Anonymized: a risk-based approach to location data anonymization" and discuss the technical & business challenges to obtain anonymization. We also discuss the role of Privacy Engineers, how to choose a career path, and the importance of embedding privacy into product development & DevPrivOps; collaborating with cross-functional teams; & staying up-to-date with emerging trends. Topics Covered: Resources Mentioned: IAPP Defining Privacy Engineering InfographicEU AI ActEthics Guidelines for Trustworthy AIPrivacy Engineering SuperheroesFTC Investigates OpenAI over Data Leak and ChatGPT’s Inaccuracy Guest Info: Follow EnginFollow Stefano Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Elias Grünewald, Privacy Engineering Research Associate at Technical University, Berlin, where he focuses on cloud-native privacy engineering, transparency, accountability, distributed systems, & privacy regulation. In this conversation, we discuss the challenge of designing privacy into modern cloud architectures; how shifting left into DevPrivOps can embed privacy within agile development methods; how to blend privacy engineering & cloud engineering; the Hawk DevOps Framework; and what the Shared Responsibilities Model for cloud lacks. Topics Covered: Read Elias' papers, talks, & projects: Cloud Native Privacy Engineering through DevPrivOpsHawk: DevOps-driven Transparency and Accountability in Cloud Native Systems CPDP Talk: Privacy Engineering for Transparency & Accountability TILT: A GDPR-Aligned Transparency Information Language & Toolkit for Practical Privacy EngineeringTOUCAN Guest Info: LinkedInTU Berlin Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, my guest is George Ratcliffe, Head of the Privacy GRC & Cryptography Executive Search Practice at recruitment firm, Stott & May. In this conversation, we discuss the current market climate & hiring trends for technical privacy roles; the need for higher technical capabilities across the industry; pay ranges within different technical privacy roles; and George’s tips and tools for applicants interested in, entering, and/or transitioning into the privacy industry. Topics Covered: Resources Mentioned: S2E11: Lessons Learned as a Privacy Engineering Manager with Menotti Minutillo (ex-Twitter & Uber)IAPP Defining Privacy Engineering Infographic BlindLevels Guest Info: George on LinkedInStott & May Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Buzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

Get ready for an eye-opening conversation with Sanjay Saini, the founder and CEO of Privaini, a groundbreaking privacy tech company. Sanjay's journey is not only impressive due to his role in creating high-performance teams that have built entirely new product categories, but also for the invaluable lessons he learned from his grandfather about the pillars of successful companies - trust and human connections. In our discussion, Sanjay shares how Privaini is raising the privacy bar by constructing the world's largest repository of company privacy policies and practices. It's a fascinating dive into the future of privacy risk management. Imagine being able to gain full coverage of your external privacy risks with continuous monitoring. Wouldn't that revolutionize your approach to risk management? That's exactly what Privaini is doing! Sanjay explains how Privaini utilizes AI to analyze, standardize, and derive meaningful "privacy views" and insights from vast volumes of publicly-available data. Listen in to understand how Privaini's innovative approach is helping companies gain visibility into their entire business network to make quicker, more informed decisions. Topics Covered: Guest Info: LinkedInPrivaini Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Tom Kemp: author; entrepreneur; former Co-Founder & CEO of Centrify (now called Delinia), a leading cybersecurity cloud provider; and a Silicon Valley-based Seed Investor and Policy Advisor. Tom led campaign marketing efforts in 2020 to pass California Proposition 24, the California Privacy Rights Act, (CPRA), and is currently co-authoring the California Delete Act bill. In this conversation, we discuss chapters within Tom’s new book, Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY; how big tech is using AI to feed into the attention economy; what should go into a U.S. federal privacy law and how it should be enforced; and a comprehensive look at some of Tom’s privacy tech investments. Topics Covered: PrivacyCodeSecuvyPrivaini Resources Mentioned: The California Consumer Privacy ActThe California Delete ActGuest Info: LinkedInKemp Au VenturesContaining Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week’s guest is Jeff Jockisch, Partner at Avantis Privacy and co-host of the weekly LinkedIn Live event, Your Bytes = Your Rights, a town hall-style discussion around ownership, digital rights, and privacy. Jeff is currently a data privacy researcher at PrivacyPlan, where he focuses specifically on privacy data sets. In this conversation, we delve into current risks to location privacy; how precise location data really is; how humans can have more control over their data; and what organizations can do to protect humans’ data privacy. For access to a dataset of data resources and privacy podcasts, check out Jeff’s robust database — the Shifting Privacy Left podcast was recently added. Topics Covered: Resources Mentioned: Avantis PrivacyPrivacy PlanThreat modeling episode with Kim WuytsYour Bytes = Your Rights" LinkedIn LiveThe California Delete ActPrivacy Podcast DatabaseContaining Big TechGuest Info: LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week's guest is Kim Wuyts, Senior Postdoctoral Researcher at the DistriNet Research Group at the Department of Computer Science at KU Leuven. Kim is one of the leading minds behind the development and extension of LINDDUN, a privacy threat modeling framework that mitigates privacy threats in software systems. In this conversation, we discuss threat modeling based on the Threat Modeling Manifesto Kim co-authored; the benefits to using the LINDDUN privacy threat model framework; and how to bridge the gap between privacy-enhancing technologies (PETs) in academia and the commercial world. Topics Covered: Resources Mentioned: The Threat Modeling ManifestoLINDDUN Privacy Threat ModelSTRIDE threat modelThreat Modeling Connect CommunityElevation of Privilege card gamePlot4AI (privacy & AI threat modeling) card deckInternational Workshop on Privacy Engineering (IWPE)Guest Info: LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

I am delighted to welcome my next guest, Brad Dominy. Brad is a MacOS and iOS developer and Founder & Inventor of Neucards, a privacy-preserving app that enables secure shareable and updatable digital contacts. In this conversation, we delve into why personally managing our digital contacts has been so difficult and Brad's novel approach to securely manage our contacts, architected with privacy by design and default. Contacts have always been the “junk drawer” of digital data, where people have information that they want to keep up-to-date, but are rarely able to based on current technology. The vCard standard is outdated, but is the only standard that works across iOS, Android, and Microsoft. It is still the most commonly used contact format, but lacks any capacity for updating contacts. Once someone exchanges their contact information with you, it then falls on you to keep that up-to-date. This is why Brad created Neucards: to gain the benefits of sharing information easily, privately (with E2EE) and receiving updates across all platforms. Topics Covered: Resources Mentioned: NeucardsNeucards iOS appGuest Info: LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.

In this week’s episode, I speak with Damien Desfontaines, also known by the pseudonym “Ted”, who is the Staff Scientist at Tumult Labs, a startup leading the way on differential privacy. In Damien’s career, he has led an Anonymization Consulting Team at Google and specializes in making it easy to safely anonymize data. Damien earned his PhD and wrote his thesis at ETH Zurich, as well as his Master's Degree in Mathematical Logic and Theoretical Computer Science. Tumult Labs’ platform makes differential privacy useful by making it easy to create innovative privacy and enabling data products that can be safely shared and used widely. In this conversation, we focus our discussion on Differential Privacy techniques, including what’s next in its evolution, common vulnerabilities, and how to implement differential privacy into your platform. When it comes to protecting personal data, Tumult Labs has three stages in their approach. These are Assess, Design, and Deploy. Damien takes us on a deep dive into each with use cases provided. Topics Covered: Resources Mentioned: Tumult Labs SlackTumult LabsGuest Info: LinkedInwebsiteTwitter Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans. Shifting Privacy Left Media Where privacy engineers gather, share, & learn Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Copyright © 2022 - 2023 Principled LLC. All rights reserved.