Cybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUS

Cybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUS

Author: Jim Love February 28, 2026 Duration: 48:54
Cybersecurity Today
NewsTechnology

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today

In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails.

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

00:00 Sponsor Message
00:24 Weekend Edition Intro
00:32 Meet Carey Frey
02:07 Carey's Cyber Origin Story
03:47 Telus Security Two Hats
06:22 Identity's Broken Legacy
08:43 Why PKI Didn't Win
11:25 Passkeys Missed Moment
14:10 SSO Tokens Surprise
19:50 Session Theft Reality
23:18 Agentic AI Stakes
24:17 Building Identity Playbook
25:24 Identity Maturity Model
25:49 Fixing OAuth and SAML
27:00 Industry Call to Action
27:37 Where to Find the Handbook
28:06 Not a Vendor Pitch
30:13 Agentic AI Identity Gaps
31:30 Auto Browse Threat Scenario
33:12 Lethal Trifecta Explained
34:31 Ephemeral Agents and Forensics
37:08 Supply Chain Agent Malware
38:20 Crypto Roots of Trust
39:35 Proof Tokens and Reauth
40:17 Delegation Guardrails
42:34 Regulation or Market Forces
44:25 Practical Risk Decisions
46:20 Wrap Up and Next Resources
48:00 Sponsor and Closing Credits


Every morning, Jim Love sifts through the noise of the digital world to bring you a clear, concise briefing on what actually matters. Cybersecurity Today isn't about fearmongering; it's about practical awareness. You'll hear straightforward analysis of the most recent attacks targeting companies, from sophisticated ransomware campaigns to stealthy data theft. Jim breaks down the implications of major breach disclosures, explaining not just what was stolen, but how it happened and who is affected. The focus remains on actionable intelligence-concrete steps and strategic thinking that can help protect your organization's data and infrastructure. This daily podcast serves as an essential filter for IT professionals, business leaders, and anyone responsible for digital assets, transforming complex threats into understandable insights. Tune in for a grounded perspective on navigating an online landscape where the risks are constantly evolving, and the need for clear, timely information has never been greater.
Author: Language: English Episodes: 100

Official website RSS
linkedin
Cybersecurity Today
Podcast Episodes
Emerging AI Threats and Innovations in Cybersecurity [not-audio_url] [/not-audio_url]

Duration: 15:29
In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and th…
OpenClaw, MoltBot, Clawdbot - From Bad to Worse [not-audio_url] [/not-audio_url]

Duration: 11:50
In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the…
Critical Cybersecurity Updates: Fortinet, Docker, and Android Malware [not-audio_url] [/not-audio_url]

Duration: 10:24
In this episode of Cybersecurity Today, Jim Love covers major vulnerabilities and security threats, including the exposure of over 3 million Fortinet devices, a critical flaw in Docker's AI assistant, and a sophisticated…
The Rise of Actionable AI Agents: Navigating the Security Landscape [not-audio_url] [/not-audio_url]

Duration: 14:53
In this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of…
What's App Privacy Lawsuit [not-audio_url] [/not-audio_url]

Duration: 13:11
Cybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against Wha…
AWS Flaw Could Have Put Every Account At Risk [not-audio_url] [/not-audio_url]

Duration: 11:56
Cybersecurity Today: Critical Fortinet Flaws, Windows 11 Issues, and Major Cloud Security Near Miss In today's episode of Cybersecurity Today, host David Shipley covers several pressing cybersecurity topics including the…

«12345678910»