The role of the Chief Information Security Officer (CISO) is more critical and demanding than ever, placing leaders in a persistent high-stress environment. This podcast delves into the unique pressures faced by CISOs and cybersecurity professionals, including the immense responsibility and potential for blame, resource constraints, excessive workload, and the relentless "always-on" nature of the job. We explore the significant mental health impacts, such as anxiety, burnout, and the psychological toll of managing data breaches, which can include feelings of violation and loss of control. More than just identifying the challenges, this podcast offers insights and strategies for building resilience and fostering well-being, drawing on experiences from security leaders. Learn how supportive organizational culture and leadership, prioritizing well-being, building strong teams, and effective stress management techniques are crucial for not only personal health but also for maintaining optimal professional performance and sustaining a vital career in cybersecurity leadership. Join us to understand how to thrive, not just survive, in the CISO's crucible. www.securitycareers.help/the-cisos-crucible-how-organizational-culture-and-leadership-shape-well-being-and-tenure www.cisomarketplace.services…

The digital transformation journey in critical infrastructure organizations and other sectors like healthcare is increasingly connecting operational technology (OT) and integrating Internet of Things (IoT) devices. While this convergence of OT and IT creates efficiencies, it also introduces new vulnerabilities and expands the attack surface for cybersecurity threats. Cyber actors are actively exploiting internet-accessible OT assets against critical infrastructure, and these cyberattacks are growing in size, sophistication, and prevalence. Securing OT presents additional complexities compared to traditional IT security, partly due to differences in priorities (Availability, Integrity, Confidentiality in OT versus Confidentiality, Integrity, Availability in IT) and the mix of old and new technology used. Threats can range from insider risks and nation-state attacks to ransomware. In healthcare, integrating IoT devices offers benefits but exposes patients to unique cybersecurity threats, where compromising devices like implantable devices could cause harm The lines between physical security and cybersecurity have become blurred, as physical security systems are increasingly connected and cyber-physical systems bridge the digital and physical realms10. Siloed security functions, treating physical and cyber security separately, mean security leaders lack a holistic view of threats, creating blind spots and hindering rapid identification, prevention, mitigation, and response to complex threats. For example, an unsecured IoT device can serve as a backdoor into enterprise networks, allow unauthorized physical access, or disrupt operations by hijacking physical systems, as seen in the casino fish tank hack. Addressing these challenges requires a shift towards integrated security functions and a holistic approach that aligns physical and cybersecurity efforts. This includes unified risk assessments, enhancing visibility of unmanaged devices, implementing specific security measures like segmentation and hardening, employing robust authentication and secure design principles, establishing continuous monitoring, and developing comprehensive incident response plans, guided by frameworks such as the NIST Cybersecurity Framework, IEC 62443, and C2M2. Leveraging AI and machine learning can further enhance threat detection and anomaly detection. Ultimately, effective integrated security protects cyber-physical infrastructure and enhances resilience against hybrid threats. www.securitycareers.help/securing-the-converged-frontier-why-integrated-security-is-paramount-in-the-age-of-iot-and-ot www.secureiotoffice.world/securing-the-smart-office-why-integrated-security-is-no-longer-optional 25% off - ' LAUNCH ' https://securecheck.tools https://policyquest.diy…

Delve into the essential and intricate application of Zero Trust (ZT) principles within Operational Technology (OT) and Industrial Control Systems (ICS) environments. This episode explores the unique challenges of securing critical infrastructure, where safety, reliability, and availability are primary objectives, and legacy systems, unique protocols, and often unencrypted communications present distinct complexities compared to traditional IT security models. We'll discuss how the increasing convergence of IT and OT, driven by digital transformation, is reshaping the threat landscape and exposing previously isolated systems. Learn about the tailored roadmap for implementing Zero Trust in these vital sectors, employing a systematic five-step process: defining Protect Surfaces, mapping operational flows, building a Zero Trust Architecture (ZTA), creating policies, and ongoing monitoring and maintenance. Discover how established frameworks like the ISA/IEC 62443 Zone and Conduit Model and the SANS Top 5 Critical Controls for OT/ICS integrate with and are fortified by a Zero Trust approach to enhance security and resilience in the face of evolving threats. www.securitycareers.help/securing-the-industrial-heartbeat-why-zero-trust-is-imperative-and-different-for-ot-ics…

Explore the emerging practice of bundling cyber insurance with security products and services, a strategy aimed at enhancing cyber resilience by incentivizing policyholders to adopt proactive security measures from the outset. This episode delves into the potential benefits, such as encouraging better cyber hygiene, aligning the long-term goals of insurers and policyholders to reduce incident frequency and impact, improving risk mitigation, providing deeper risk insights through real-time data, offering guidance on effective security controls, and making security more accessible and affordable for SMEs and SLTTs. We also examine the significant concerns and barriers preventing wider adoption. These include historical worries about insolvency, potential impairment of risk assessment and pricing, the risk of discriminatory practices in partnering with security vendors, and inherent conflicts of interest in business-to-business relationships between insurers and service providers. A major hurdle is the complex and varied regulatory landscape across different states, where differing interpretations of anti-inducement, anti-rebating, and anti-bundling laws create uncertainty and a "chilling effect" that hinders innovation and widespread implementation. Discover why navigating these concerns requires careful oversight and regulation to balance cybersecurity effectiveness with market choice www.securitycareers.help/a-cisos-guide-leveraging-cyber-insurance-for-enhanced-resilience-across-the-enterprise www.breached.company/beyond-the-breach-how-cyber-insurance-can-drive-proactive-cybersecurity https://cyberinsurancecalc.com…

In the ever-evolving digital landscape, security teams face the immense challenge of evaluating over a hundred million newly observed domains registered each year. This episode dives into how analytical methods are providing crucial insights into domain intelligence threats. We explore techniques like domain attribute analysis to identify patterns used by threat actors, risk scoring to quantify the likelihood of a domain being malicious, and DGA detection to uncover domains generated by automated systems used in malware and botnets. We also discuss the importance of keyword and topic analysis for identifying domains used in credential harvesting, malware delivery, and scams, and how analyzing new TLDs and likeness to high-profile events helps spot emerging threats and deceptive tactics like typosquatting. Furthermore, we touch upon analyzing webpage attributes to understand attack infrastructure and using anomaly detection to investigate spikes in domain registrations. Ultimately, building a shared knowledge base and fostering community collaboration by sharing insights and observed techniques is essential for strengthening our collective defenses against external threats and making the internet safer. This episode draws insights from an analysis comparing 106 million newly observed domains from 2024 against a large reference set of known malicious domains. breached.company/decoding-the-digital-deluge-how-domain-intelligence-informs-cybersecurity-defenses-in-2024 https://policyquest.diy -> Coupon 15% off -> 'podcast'…

Explore the complex and rapidly evolving landscape of US state data privacy laws, drawing on insights from recent legislative developments across states like California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, and Texas, plus Washington's focused health data act. We break down the core consumer rights becoming standard nationwide – including the right to access, delete, correct, and opt out of data sales, targeted advertising, and certain profiling. Learn about the heightened focus on sensitive data, such as health information and data from children and teens, often requiring explicit opt-in consent. We discuss key differences like scope thresholds, variations in the definition of "sale", and the emergence of mandatory universal opt-out signals. Understand the differing enforcement approaches by state Attorneys General, the role of cure periods (and their sunsetting in many states), and the limited private rights of action. This episode helps untangle the intricate patchwork, highlights the practical implications for businesses implementing compliance systems, and touches on how consumer expectations and trust are shaped by these new regulations. www.compliancehub.wiki/navigating-the-patchwork-an-in-depth-look-at-u-s-state-comprehensive-privacy-laws/ https://globalcompliancemap.com/ https://generatepolicy.com/…

Tune in to explore the rapidly evolving cyber threat landscape of 2024 from Huntress 2025 global Cyber Threat Report, where attackers standardized sophisticated techniques across businesses of all sizes. We dissect the significant shifts in ransomware strategies, including the fragmentation of major groups following takedowns like LockBit, Dharma, Hive, and Phobos. Discover how agile affiliate networks like RansomHub and INC/Lynx emerged, offering high payouts and dominating the landscape. Learn about the pivot from traditional encryption to data theft and extortion as a cost-saving tactic due to improved defenses. We'll also break down the most impactful vulnerabilities exploited, including the critical ConnectWise ScreenConnect flaws (CVE-2024-1709 & CVE-2024-1708) that spurred a major campaign, the zero-day CrushFTP vulnerability (CVE-2024-4040), and the continued exploitation of the older ProxyShell Exchange vulnerability (CVE-2021-31207). Finally, we'll cover the pervasive use of abused tools like RATs, RMM software, malicious scripts, LOLBins, and sophisticated phishing techniques that defined attacker methodologies throughout the year. This episode provides crucial insights for defenders navigating this complex and challenging environment breached.company/navigating-the-new-frontier-key-cyber-threats-exploits-and-tools-of-2024…

Delve into the complex and rapidly transforming world of cyber threats. This episode examines notorious ransomware groups like Black Basta, LockBit, BlackCat/ALPHV, Phobos/8Base, Medusa, and Clop, exploring their Ransomware-as-a-Service (RaaS) models and distinctive tactics, techniques, and procedures (TTPs). We also discuss state-sponsored cyber warfare, such as the activities of Iran's APT42 and its impact on critical infrastructure, hacking groups like Scattered Spider, and the individual hacker USDoD, as well as significant law enforcement disruptions like Operation Cronos against LockBit and the arrests of key figures behind Phobos and 8Base. We'll touch upon the emerging challenges of AI-enabled crime and the continuous escalation in the scale and sophistication of cyberattacks. breached.company/global-cybercrime-crackdown-major-law-enforcement-operations-of-2024-2025…

In this episode, we dive into the recent developments shaping the cybersecurity landscape as of May 2025. We discuss major incidents like the significant breach of the LockBit ransomware gang, which exposed sensitive data including negotiation messages and user credentials. We'll also explore the growing sophistication of financial cyberattacks, highlighted by the uncovering of the "industrial-scale" FreeDrain cryptocurrency phishing operation targeting digital wallets with sophisticated methods. The episode examines landmark legal actions, such as Meta's $168 million victory against spyware firm NSO Group, signaling a pushback against surveillance abuses. We explore the evolving role of AI, which offers speed in threat detection but also introduces risks from vulnerabilities in AI-generated code and "shadow AI". Finally, we look at how governments and corporations are responding with new initiatives to bolster defenses, including the UK's Cyber Resilience programs, CISA's advisories for critical infrastructure, and corporate innovations like HPE's Secure Gateway for small businesses and Microsoft's patching of critical cloud vulnerabilities. Join us as we unpack these challenges and responses in a dynamic digital world. www.compliancehub.wiki/cybersecurity-frontlines-recent-breaches-legal-battles-and-the-double-edged-sword-of-ai…

Join us for a deep dive into the Global Threat Landscape Report 2025 by FortiGuard Labs. This episode explores the dramatic escalation in cyberattacks, revealing how adversaries are moving faster than ever, leveraging automation, commoditized tools, and AI to gain advantage. We'll shed light on the surge in automated reconnaissance, the evolving darknet ecosystem where credentials and corporate access are traded, and how AI is supercharging cybercrime through tools like FraudGPT and deepfakes. Discover the trends in exploitation volumes targeting exposed systems and IoT devices, the stealthy nature of post-exploitation tactics including lateral movement and C2, and the persistent challenges in securing cloud environments plagued by misconfigurations and identity compromise. We'll also break down the changing adversary landscape, from fragmented ransomware groups and the rise of RaaS on the darknet to the dangerous convergence of hacktivism and ransomware and the ongoing operations of state-sponsored actors. Finally, we'll discuss the critical need for organizations to shift from reactive defense to proactive Continuous Threat Exposure Management (CTEM) to counter this accelerating threat. breached.company/navigating-the-accelerating-threat-landscape-proactive-defense-in-the-era-of-adversary-acceleration…

This podcast delves into the critical insights found within the 2025 Cybersecurity Attacks Playbooks, exploring the diverse and evolving threat landscape organizations face. We examine playbooks covering threats from AI-enhanced phishing and advanced ransomware to the complexities of supply chain compromises, zero-day exploits, and AI-powered malware. We also discuss emerging threats like deepfake social engineering, quantum computing vulnerabilities, and securing IoT devices. Each episode breaks down the essential stages outlined in the playbooks for specific attacks: Preparation to build foundational defenses, Detection to identify threat indicators, Analysis to understand the attack's scope and methods, Containment/Eradication tailored to the specific threat vector, and Recovery to restore operations and resilience. Gain a deeper understanding of modern attack vectors like credential stuffing, fileless malware, rogue access points, SQL injection, steganography-based data exfiltration, and cache poisoning, as well as network attacks like homograph attacks, Denial-of-Service (DoS), and watering hole attacks, and complex infiltrations like island hopping and Advanced Persistent Threats (APTs). Tune in to learn how the playbooks guide organizations through detection, response, and the vital Lessons Learned process to continuously improve their cybersecurity posture. www.securitycareers.help/navigating-the-2025-threat-landscape-preparing-for-and-responding-to-advanced-cyber-attacks…

In this episode, we dive deep into the findings of the State of Pentesting Report 2025 to explore the real state of cybersecurity. Organizations may feel confident, but pentesting consistently reveals hidden, exploitable vulnerabilities that automated scanners miss. We'll uncover the most significant risks identified through human-led pentests, from common web and mobile application flaws like Server Security Misconfiguration and Missing Access Control to the rapidly emerging and uniquely challenging security issues in AI and Large Language Models (LLMs). Learn why AI/LLM tests have a significantly higher proportion of serious findings and the specific threats like Insecure Output Handling, Prompt Injection, and Unbounded Consumption. More critically, we'll address the disconnect between perceived security and reality by examining why less than half of all findings ever get resolved and how even serious vulnerabilities often remain open for months or years, far exceeding targeted SLAs. We'll explore the factors influencing this remediation struggle, including criticality, pentest type, organizational size, industry, and internal processes. Tune in to understand the critical need for a programmatic approach to offensive security and the challenges teams face in fixing what pentesters find. www.securitycareers.help/beyond-the-scan-the-hidden-reality-of-unfixed-security-risks-revealed-by-pentesting-data…

In the dynamic world of cybersecurity, professionals face constant challenges that demand adherence to strict ethical and legal guidelines. This episode delves into the key ethical and legal considerations, such as protecting individual privacy, ensuring robust data protection, maintaining confidentiality, and complying with relevant laws and regulations like GDPR and CCPA. We discuss responsible practices like vulnerability disclosure and the ethical use of cybersecurity tools. Given the ever-evolving landscape of cybersecurity threats and technologies, staying updated is not optional; it's an imperative for success. Join us as we explore why continuous education and professional development are essential strategies for cybersecurity professionals to navigate this complex terrain, adapt to emerging trends, maintain expertise, and uphold trust. https://cisomarketplace.services/careers www.securitycareers.help/building-cyber-warriors-the-imperative-of-the-evolving-cyber-professional…

Join us as we delve into the complex and pervasive world of cyber risk, exploring the threats, vulnerabilities, and far-reaching consequences for organizations today. Drawing on insights from experts, we'll discuss how cyber attacks can lead to outcomes ranging from regulatory fines and reputational loss to the complete failure of a business. Go beyond the headlines of data breaches and understand the full "iceberg impact" of cyber losses, including significant uninsurable costs like reputational damage, loss of customers, stock devaluation, and devaluation of intellectual property that often exceed the direct financial costs. We'll explore how attacks threaten critical corporate data, intellectual property, and customer details, potentially causing financial loss and damage to market value, share price, and competitive advantage. The conversation will touch upon the challenges posed by mobile devices, social media, and supply chain vulnerabilities, and the critical need for organizations to accurately assess their cyber risk exposure, identify their "crown jewels" of critical data, and prepare for inevitable incidents through robust incident management and layered defenses. www.securitycareers.help/the-iceberg-impact-navigating-the-full-scope-of-cyber-risk-in-the-digital-age www.compliancehub.wiki/cyber-risk-through-a-compliance-lens-navigating-the-regulatory-landscape…

Multi-Agent Systems (MAS), characterized by multiple autonomous agents coordinating to achieve shared goals, introduce additional complexity and expand the attack surface compared to single-agent systems. This episode delves into the unique security challenges presented by MAS, drawing on the OWASP Agentic Security Initiative's MAESTRO (Multi-Agent Environment, Security, Threat, Risk, and Outcome) framework. We explore how MAESTRO provides a layered and architectural methodology for structured threat modeling in MAS. The framework breaks down MAS security into seven distinct architectural layers, each with specific concerns, from the Foundation Model to the Agent Ecosystem. Crucially, we examine the cross-layer risks and emergent behaviors unique to MAS environments, highlighting how vulnerabilities don't just exist within layers but manifest through complex interactions between them. Furthermore, we discuss the key agentic factors—Non-Determinism, Autonomy, Agent Identity Management, and Agent-to-Agent Communication—that MAESTRO emphasizes as significantly contributing to these threat scenarios and amplifying risks across layers. Tune in to understand how applying MAESTRO helps uncover and mitigate these multifaceted security challenges in real-world MAS deployments, as detailed in the OWASP Multi-Agentic system Threat Modelling Guide. www.hackernoob.tips/navigating-the-labyrinth-structured-threat-modeling-in-multi-agent-systems-with-the-owasp-maestro-framework www.securitycareers.help/securing-the-autonomous-frontier-a-cisos-guide-to-protecting-multi-agent-systems-and-building-a-specialized-team…

In today's complex threat landscape, adversaries are constantly evolving their tactics to evade traditional defenses. Behavioral threat hunting offers a proactive methodology to identify cyber threats that have infiltrated systems undetected and disrupt them before they cause significant damage, ultimately reducing attacker "dwell time". This episode delves into the fundamental requirements for establishing effective threat hunting capabilities, covering the crucial technological prerequisites like achieving sufficient visibility and storage for deep data analysis, and the necessity of a robust analysis platform. We also explore the essential personnel prerequisites, highlighting the need for skilled staffing, diverse team knowledge, and specific technical and analytical skill sets, while acknowledging the persistent challenge of skills shortages. Beyond tech and talent, we discuss the importance of foundational elements like emulation and validation, adopting a formal methodology such as the Threat Hunting Cycle, and utilizing centralized management and metrics tools to ensure consistent, repeatable, and valuable hunts. Finally, we uncover how effective threat hunting integrates with and enhances broader security operations and incident response, by improving security posture, closing visibility gaps, developing new automated detection capabilities from discovered unknown threats, and providing crucial documentation and support for incident response engagements. Join us as we explore how proactive hunting transforms security operations from reactive defense to strategic resilience. www.securitycareers.help/unmasking-the-unseen-why-behavioral-threat-hunting-is-essential-for-modern-security-operations…

AI agents, programs designed to autonomously collect data and take actions toward specific objectives using LLMs and external tools, are rapidly becoming widespread in applications from customer service to finance. While built on LLMs, they introduce new risks by integrating tools like APIs and databases, significantly expanding their attack surface to include classic software vulnerabilities like SQL injection, remote code execution, and broken access control, in addition to inherent LLM risks like prompt injection. Our sources demonstrate that these vulnerabilities are largely framework-agnostic, stemming from insecure designs and misconfigurations rather than flaws in frameworks like CrewAI or AutoGen. Given the autonomous nature and expanded capabilities of agents, the potential impact of compromises escalates from data leakage to infrastructure takeover. This episode dives into the complex threats targeting AI agents and highlights why a layered, defense-in-depth strategy is essential, combining safeguards like Prompt Hardening, Content Filtering, Tool Input Sanitization, Tool Vulnerability Scanning, and Code Executor Sandboxing, because no single mitigation is sufficient to address the diverse attack vectors. www.securitycareers.help/securing-the-autonomous-frontier-layered-defenses-for-ai-agent-deployments/ https://www.hackernoob.tips/exploring-the-attack-surface-our-guide-to-ai-agent-exploitation/ https://vibehack.dev/ https://devsecops.vibehack.dev…

Drawing on open-source information and eight years of collected data, the CSIS Aerospace Security Project's 2025 Space Threat Assessment explores the key developments in foreign counterspace weapons and the evolving security landscape in Earth orbit. This assessment highlights how space is becoming a more dangerous place and is increasingly woven into both peacetime and wartime activities. The report categorizes counterspace weapons into four main types: kinetic, non-kinetic, electronic, and cyber operations. While the past year saw few headline-grabbing kinetic tests, concerns persist, notably regarding Russia's pursuit of a nuclear anti-satellite capability designed to target satellites orbiting Earth, which the United States and international partners remain concerned about. www.myprivacy.blog/space-threats-and-the-unseen-impact-a-privacy-perspective-on-the-2025-assessment www.compliancehub.wiki/navigating-the-orbital-minefield-compliance-challenges-in-the-2025-space-threat-landscape/…

This episode explores the costs associated with implementing essential cyber hygiene as outlined by the CIS Critical Security Controls Implementation Group 1 (IG1). We delve into the different approaches enterprises can take – utilizing on-premises tools, leveraging Cloud Service Providers (CSPs), or partnering with Managed Service Providers (MSPs). Drawing on the guide's research, we discuss the types of tools and policies needed for the 10 areas of cyber defense, explore budgeting considerations for different enterprise sizes, and highlight how IG1 Safeguards can provide significant protection against common threats for a relatively low cost. Learn how to make informed and prioritized decisions to secure your enterprise, whether through owned infrastructure, outsourced services, or a hybrid approach. www.securitycareers.help/the-price-of-protection-making-cis-ig1-cyber-hygiene-achievable-and-affordable https://baseline.compliancehub.wiki…

Join us as we dive into Google Threat Intelligence Group's (GTIG) comprehensive analysis of zero-day exploitation in 2024. Drawing directly from the latest research, this episode explores the 75 zero-day vulnerabilities tracked in the wild. While the overall number saw a slight decrease from 2023, the analysis reveals a steady upward trend over the past four years. Discover the significant shift towards targeting enterprise-focused technologies, which jumped to 44% of tracked zero-days in 2024, up from 37% in 2023. We examine why security and networking products have become high-value targets, making up over 60% of enterprise exploitation, and the implications for defenders. Learn about the continued targeting of end-user platforms like desktop operating systems, especially Microsoft Windows, which saw an increase in exploitation, contrasting with decreased exploitation observed in browsers and mobile devices. We also break down who is driving this exploitation, with espionage actors (government-backed and commercial surveillance vendors) leading the charge, accounting for over 50% of attributed vulnerabilities. Hear about the persistent activity of PRC-backed groups targeting security technologies and the notable rise of North Korean actors mixing espionage and financial motives. Finally, we touch on the most frequently exploited vulnerability types and what vendors and defenders can do to counter these evolving threats. This episode provides a detailed look into the complex and changing world of zero-day exploitation in 2024, offering insights beyond just the numbers. breached.company/technical-brief-a-deep-dive-into-2024-zero-day-exploitation-trends…

Join us as we unpack the critical insights from the Verizon 2025 Data Breach Investigations Report. This episode dives deep into the report's most prominent themes, highlighting the ever-increasing involvement of third parties in data breaches and the persistent influence of the human element, which was involved in 60% of breaches this year. We explore the prevalent incident patterns including System Intrusion, often involving ransomware, Basic Web Application Attacks, largely driven by stolen credentials, and Social Engineering, where phishing and pretexting remain key techniques, now joined by emerging threats like prompt bombing. Drawing on data collected from November 1, 2023, to October 31, 2024, we discuss how attackers exploit vulnerabilities, how different industries and organizations of all sizes are targeted, and the importance of frameworks like VERIS for understanding the threat landscape. Tune in to gain actionable insights directly supported by the data and analysis from the DBIR sources. breached.company/navigating-the-modern-threat-landscape-key-insights-from-the-verizon-dbir-2025…

Explore the complex and widespread cybersecurity threat landscape currently facing the European Union. This episode delves into the findings of recent reports, highlighting how geopolitical tensions and the rapid pace of digitisation are fueling a surge in malicious cyber activity. We discuss the substantial threat level assessed for the EU, meaning direct targeting and serious disruptions are realistic possibilities [previous turn]. You'll learn about the most reported attacks, including Denial-of-Service (DoS/DDoS/RDoS) and ransomware, and how threats against data are also prevalent. We break down the key threat actors – from financially motivated cybercriminals and well-funded state-nexus groups focused on espionage and disruption, to increasingly unpredictable hacktivists driven by geopolitical events. Discover how threats are evolving, including the shift in ransomware tactics, the rise of hacker-for-hire services, the use of AI in creating fake content and misinformation, and the persistent danger posed by the exploitation of unpatched vulnerabilities and sophisticated supply chain attacks. We also look at which sectors are most targeted, including public administration and transport, and peer into the future to understand how emerging technologies like AI and quantum computing will shape the threat landscape towards 2030. www.compliancehub.wiki/understanding-the-evolving-cybersecurity-threat-landscape-in-the-eu-an-in-depth-analysis-for-compliance/ https://gdpriso.com/ https://baseline.compliancehub.wiki/…

Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. This episode explores the recommendations and considerations for incorporating cybersecurity incident response throughout an organization’s cybersecurity risk management activities, as described by the new NIST Special Publication (SP) 800-61 Revision 3. We'll discuss how NIST SP 800-61r3, a CSF 2.0 Community Profile, uses the NIST Cybersecurity Framework (CSF) 2.0 Functions to provide a common language and structure for these efforts. Learn how the Govern, Identify, and Protect functions support preparation activities, while the Detect, Respond, and Recover functions cover the incident response itself. We'll also highlight the crucial role of continuous improvement, feeding lessons learned back into the overall strategy. This guidance aims to help organizations prepare for incidents, reduce their number and impact, and improve the efficiency and effectiveness of detection, response, and recovery activities. This episode is intended for cybersecurity program leadership, cybersecurity personnel, and others responsible for handling cybersecurity incidents www.compliancehub.wiki/beyond-reaction-integrating-incident-response-into-your-cybersecurity-risk-management-strategy-with-nist-sp-800-61r3 https://irmaturityassessment.com https://cyberinsurancecalc.com…

Achieving cyber resilience is a complex and dynamic journey with no one-size-fits-all solution. This episode explores how organizations can significantly improve their cyber resilience posture by leveraging the shared experiences, insights, and front-line practices of their peers and the wider ecosystem. Drawing on insights from the Cyber Resilience Compass initiative, we discuss why sharing what works in practice is essential for building collective knowledge in the field. You'll hear how participating in consultations and workshops, engaging in information-sharing networks like ISACs and CERTs, collaborating with external parties, and learning from real-world case studies can provide vital inspiration and direction. Discover how this collaborative approach helps organizations identify effective strategies, shape their resilience roadmaps, make well-informed decisions, and transition towards a more consistent and future-ready approach, ultimately enhancing the resilience of the entire ecosystem. breached.company/navigating-the-digital-storm-why-shared-experiences-are-your-compass-to-cyber-resilience…

Join us as we delve into the European Data Protection Board's (EDPB) 2024 Annual Report to understand how they championed data protection in a year marked by significant technological and regulatory shifts. This episode will cover the key milestones and priorities outlined in the EDPB's 2024-2027 Strategy, designed to strengthen, modernise, and harmonise data protection across Europe www.compliancehub.wiki/edpb-2024-navigating-the-complexities-of-data-protection-in-a-rapidly-evolving-digital-landscape…

Join us as we delve into the key findings of the FBI's 2024 Internet Crime Complaint Center (IC3) Annual Report. This year marks the 25th anniversary of IC3, which serves as the primary destination for the public to report cyber-enabled crime and fraud. The report reveals a staggering new record for losses reported to IC3, totaling $16.6 billion in 2024. This represents a 33 percent increase from 2023. We'll explore the most impactful crime types by reported loss, including Investment fraud ($6.57 billion), Business Email Compromise ($2.77 billion), and Tech Support scams ($1.46 billion), which are collectively responsible for the bulk of reported losses. A major factor contributing to these losses is the increasing use of cryptocurrency, which served as a descriptor in 149,686 complaints and was associated with $9.3 billion in losses in 2024, a 66% increase in losses. We'll also examine the significant impact on different age groups, noting that individuals over the age of 60 suffered the most losses ($4.885 billion) and submitted the most complaints (147,127). For this age group, Investment fraud ($1.834 billion) and Tech Support scams ($982 million) resulted in the highest reported losses, and cryptocurrency was referenced in 33,369 complaints with over $2.8 billion in losses. The episode will also touch upon the IC3's core functions including collection, analysis, public awareness, and referrals, its role in partnering with law enforcement and the private sector, and notable efforts like the IC3 Recovery Asset Team which assists in freezing funds for victims of fraudulent transactions, demonstrating a 66% success rate in 2024, and Operation Level Up, which successfully notified victims of cryptocurrency investment fraud, resulting in estimated savings breached.company/the-2024-ic3-report-record-cybercrime-losses-highlight-escalating-digital-threats…

Navigate the complex cybersecurity landscape of Q2 and Summer 2025 as we delve into the escalating convergence of AI-driven cyberattacks, the persistent vulnerabilities of the expanding Internet of Things (IoT), and the challenges of establishing robust security and governance frameworks. Based on recent Q1 2025 incident data and expert projections, this episode explores the weaponization of AI in phishing, malware, and social engineering, the continued exploitation of poorly secured IoT devices, and the evolving tactics of ransomware and state-sponsored actors. We'll also discuss the crucial need for proactive defense, AI-augmented security, and adaptation to a fragmenting global regulatory environment. breached.company/strategic-cybersecurity-outlook-ai-iot-and-threat-actor-convergence-in-q2-summer-2025…

The first four months of 2025 witnessed an alarming surge in global cybersecurity incidents, with ransomware attacks reaching unprecedented levels. Join us as we dissect the key trends, including the evolution of ransomware tactics like double extortion, the increasing sophistication of social engineering fueled by AI and deepfakes, and the persistent exploitation of software vulnerabilities. We'll delve into major incidents like the crippling attack on Change Healthcare and the record-breaking Bybit cryptocurrency theft, highlighting the most targeted sectors such as healthcare, education, government, and manufacturing. Finally, we'll examine how organizations, law enforcement, and the evolving global regulatory environment, with key legislation like the EU's NIS2 and DORA, are grappling with this escalating cyber threat. breached.company/global-cybersecurity-incident-review-january-april-2025…

This podcast delves into the NIST Privacy Framework 1.1, a voluntary tool developed to help organizations identify and manage privacy risk while fostering innovation and protecting individuals' privacy. We explore its three core components: Core, Organizational Profiles, and Tiers, and how they enable organizations to understand, assess, prioritize, and communicate their privacy activities. Learn how to use this framework to build customer trust, meet compliance obligations, and facilitate dialogue about privacy practices. www.compliancehub.wiki/navigating-the-complex-world-of-privacy-with-the-nist-privacy-framework-1-1…

Dive into the dynamic world of offensive cybersecurity with insights from leading experts and real-world scenarios. We explore the critical role of techniques like penetration testing, adversary simulation, and red team exercises in proactively identifying vulnerabilities and strengthening defenses against evolving cyber threats. Understand how adopting an adversarial mindset and employing continuous assessment methodologies are essential for navigating today's complex threat landscape and building a resilient security posture. www.securitycareers.help/dont-just-scan-test-choosing-the-right-penetration-testing-partner https://cisomarketplace.services https://generatepolicy.com…

Explore the rapidly evolving landscape where artificial intelligence intersects with criminality and societal risks. Drawing on expert research, this podcast delves into the transformative potential of AI-enabled crime, from sophisticated financial fraud using deepfakes to the generation of child sexual abuse material, and the challenges this poses for law enforcement. We also examine the critical need for robust AI incident reporting mechanisms, as proposed with standardized key components for documenting AI-related harms and near misses. Join us as we unpack the threats, the defenses, and the policy reforms necessary to navigate this complex new frontier. breached.company/navigating-the-ai-frontier-confronting-ai-enabled-crime-through-robust-incident-reporting https://airiskassess.com https://cisomarketplace.services…

We delve into the urgent need for organizations to prepare for the era of quantum computing, which threatens to break today's standard encryption methods. We examine the "harvest now, break later" (HNDL) threat, where malicious actors are already collecting encrypted data for future decryption by quantum computers. Drawing upon information from sources like NIST and expert analysis, we discuss the development and standardization of quantum-resistant cryptographic algorithms such as CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA). We provide CISOs and cybersecurity professionals with key strategic considerations for a successful quantum-safe transition, including conducting a comprehensive cryptographic inventory and quantum risk assessment (QRA), prioritizing systems for migration, engaging with vendors, and fostering crypto agility. Join us as we navigate the challenges and opportunities of this critical cybersecurity revolution and help you take the necessary quantum leap to secure your future. www.securitycareers.help/the-quantum-clock-is-ticking-your-guide-to-navigating-the-post-quantum-cryptography-era https://quantumsecurity.ai https://risk.quantumsecurity.ai/…

Explore the escalating threats posed by artificial intelligence incidents, sophisticated disinformation campaigns like the Doppelgänger network targeting nations from France to Israel, and the cyber espionage activities of threat actors such as UAC-0050 and UAC-0006 as revealed by Intrinsec's analysis. We delve into the tactics, infrastructure, and narratives employed in these digital battlegrounds, drawing insights directly from recent intelligence reports. Understand the key components of AI incident reporting, the disinformation narratives amplified across different countries, and the evolving techniques of cyber intrusion sets targeting critical infrastructure and institutions. Join us as we unpack the complex landscape of AI risks, influence operations, and cyber warfare. breached.company/the-unseen-frontlines-navigating-the-intertwined-threats-of-ai-incidents-disinformation-and-cyber-espionage…

This podcast we are exploring the critical cybersecurity challenges facing today's interconnected urban environments. We delve into the evolving threats arising from smart city infrastructure and the Internet of Things (IoT), including ransomware attacks on critical infrastructure, the expanded attack surface created by interconnected devices, and strategies for building cyber resilience. Join us as we discuss best practices for municipalities, the importance of public trust, and the role of AI in both cyberattacks and defense. Stay informed and learn how we can collectively protect the future of our smart cities. www.securitycareers.help/navigating-the-cyber-threat-landscape-of-smart-cities https://cybersafe.city https://risk.secureiotoffice.world https://risk.secureiot.house…

Is your attack surface spiraling out of control with multi-cloud, SaaS, and third-party integrations? Join us as we delve into how AI-powered automation is becoming critical for modern Attack Surface Management (ASM). We'll explore the challenges organizations face in achieving comprehensive visibility and how AI provides viable solutions for enhanced asset discovery, proactive threat detection, intelligent risk prioritization, and faster incident response. Learn how AI acts as a force multiplier in cybersecurity, enabling a shift from reactive to proactive defense against evolving cyber threats. www.securitycareers.help/why-ai-powered-attack-surface-management-is-your-new-strategic-imperative https://risk.quantumsecurity.ai/ https://airiskassess.com/…

Welcome to Deep Dive, where we tackle complex topics head-on. In this episode, we delve into the fascinating and increasingly concerning world of deepfakes: AI-generated audio and visual content designed to deceive. We'll explore the technology behind deepfakes, from face-swapping to voice cloning the threats they pose to individuals, organizations, and even democratic processes and the ongoing efforts to detect and mitigate this emerging challenge. Join us as we break down the science fiction of today into the cybersecurity reality of tomorrow. www.myprivacy.blog/the-deepfake-dilemma-navigating-the-age-of-ai-generated-deception…

In a world increasingly shaped by digital interactions and artificial intelligence, online scams are becoming more sophisticated and pervasive. Scam Savvy delves into the tactics employed by fraudsters, from exploiting emotions in charity and romance scams to leveraging AI for deepfakes and personalized phishing attacks. We unmask these deceptive practices and equip you with the knowledge to protect yourself in the evolving landscape of online crime. www.scamwatchhq.com/navigating-the-digital-deception-understanding-and-avoiding-online-scams-in-the-age-of-ai https://identityrisk.myprivacy.blog…

This podcast dives into the critical world of vulnerability disclosure programs (VDPs), exploring how organizations and security researchers work together to identify and address security weaknesses. We'll examine the core principles that underpin effective VDPs, including establishing clear reporting channels and defined scopes, the importance of timely responses and good-faith engagement, and the crucial role of safe harbor provisions. We'll also delve into modern best practices such as automation in triage, integration with security workflows, adherence to coordinated vulnerability disclosure (CVD) norms, and the benefits of transparency in building community trust. Join us to understand how VDPs are becoming a strategic necessity for cyber resilience, fostering a collaborative security ecosystem. www.hackernoob.tips/diving-deep-a-researchers-guide-to-navigating-vulnerability-disclosure-programs www.securitycareers.help/establishing-a-vulnerability-disclosure-program-a-cisos-perspective https://irmaturityassessment.com https://cyberinsurancecalc.com…

Navigating the complex landscape of U.S. state data privacy laws can be challenging. Join us as we break down the key aspects of these regulations, including consumer rights, business obligations, data breach notification requirements, and enforcement trends. We'll explore the nuances of laws like the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and emerging legislation like the New York Privacy Act (if passed), helping businesses and consumers understand their rights and responsibilities in an ever-evolving digital world. www.compliancehub.wiki/navigating-the-maze-an-in-depth-look-at-u-s-state-data-privacy-laws https://globalcompliancemap.com https://cisomarketplace.services…

Explore the exciting future of cryptocurrency payments through the lens of cybersecurity and privacy. We delve into the potential benefits and significant risks, offering insights into best practices and the crucial role of regulation in this evolving landscape. www.myprivacy.blog/navigating-the-crypto-landscape-an-in-depth-look-at-privacy-in-the-future-of-payments www.compliancehub.wiki/navigating-the-crossroads-compliance-and-privacy-in-the-cryptocurrency-realm…

This podcast delves into the critical aspects of data privacy laws like GDPR and the Connecticut Data Privacy Law, alongside the essential Payment Card Industry Data Security Standard (PCI DSS) compliance for e-commerce success. We explore how retailers can craft clear privacy policies, manage user consent effectively, and implement stringent security measures to protect customer data and ensure secure online transactions in the evolving digital landscape. Join us for insights on building customer trust through adherence to regulations and best practices in digital retail security. www.compliancehub.wiki/navigating-the-complexities-of-compliance-in-digital-retail-a-comprehensive-guide…

Dive deep into the rapidly evolving landscape of AI-powered cyberattacks with insights from cutting-edge research, including the framework for evaluating AI cyber capabilities developed by Google DeepMind. Explore how AI is shifting the balance between offense and defense in cybersecurity, potentially lowering the cost and complexity of sophisticated attacks while demanding new strategies for protection. Join us as we unpack the key findings, potential future threats, and essential considerations for safeguarding your digital world in the age of increasingly capable AI adversaries. breached.company/the-ai-cyberattack-horizon-understanding-the-emerging-threat https://airiskassess.com https://globalcompliancemap.com…

Delve into the principles and practical applications of Zero Trust Architecture (ZTA), a modern cybersecurity paradigm that moves away from traditional perimeter-based security by embracing the core tenet of "never trust, always verify". Learn about the key components, tenets, and benefits of ZTA, as well as strategies for implementation in today's complex and distributed IT environments, including cloud, remote users, and diverse devices. https://www.zerotrustciso.com www.securitycareers.help/building-a-career-in-a-zero-trust-world-understanding-the-foundational-principles-of-modern-cybersecurity…

Explore the critical cybersecurity challenges facing the financial services industry today, from the increased risk of data breaches and sophisticated cyber attacks to emerging threats like quantum computing and client-side vulnerabilities. Drawing insights from the cutting-edge solutions featured in the CYBERTECH100, we delve into innovative technologies like AI-powered threat detection, behavioral biometrics, post-quantum cryptography, and centralized access management that are revolutionizing how financial institutions protect their assets and customers. Join us as we unpack the complexities of the digital finance landscape and discover how to stay ahead of evolving cyber risks. www.compliancehub.wiki/navigating-the-digital-maze-a-comprehensive-guide-to-e-commerce-compliance…

Navigating the complex world of healthcare cybersecurity. Join us as we delve into the HIPAA Security Rule, its purpose in safeguarding electronic Protected Health Information (ePHI), and the latest updates addressing evolving threats like AI and quantum computing. We'll break down compliance requirements, explore the impact of the HIPAA Omnibus Rule, and discuss best practices for maintaining the confidentiality, integrity, and availability of sensitive patient data. Stay informed and secure your digital healthcare landscape. www.compliancehub.wiki/mastering-hipaa-security-rule-compliance-protecting-your-digital-healthcare-landscape…

Join us for SOC Insights, the podcast dedicated to demystifying the world of the Security Operations Center. We delve into the core functions of a SOC including collection, detection, triage, investigation, and incident response. Explore essential SOC tools like SIEMs, Threat Intelligence Platforms, and Incident Management Systems. Understand the critical role of threat intelligence, the proactive practice of threat hunting and the importance of metrics for measuring SOC performance. We'll also discuss the challenges faced by SOC teams, such as alert triage, the need for skilled staff, and the integration of automation and orchestration. Whether you're a seasoned security professional or new to the field, SOC Insights provides valuable perspectives on building and operating an effective cyber defense. www.securitycareers.help/the-nerve-center-of-cyber-defense-understanding-and-building-effective-security-operations-centers…

Explore the dynamic landscape of digital forensics in the face of rapidly evolving technologies. We delve into the impact of trends like IoT, 5G networks, AI-driven attacks, advanced file systems (APFS, NTFS), cloud integration, and sophisticated anti-forensic techniques across Mac OS, network infrastructures, and Windows platforms. Join us as we unravel the challenges and emerging solutions for investigators striving to uncover digital evidence in an increasingly complex world. www.hackernoob.tips/digital-forensics-on-the-edge-navigating-emerging-technologies-across-platforms…

Delve into the critical security vulnerabilities of Artificial Intelligence, exploring the dangerous world of prompt injection, leaking, and jailbreaking as highlighted in SANS' Critical AI Security Controls and real-world adversarial misuse of generative AI like Gemini by government-backed actors. Understand how malicious actors attempt to bypass safety controls, extract sensitive information and manipulate LLMs for nefarious purposes, drawing insights from documented cases involving Iranian, PRC, North Korean, and Russian threat actors. Learn about the offensive techniques used and the ongoing challenge of securing AI systems,…

This podcast explores the multifaceted impact of artificial intelligence on the landscape of cybersecurity and military strategy. We delve into how AI is being leveraged for advanced cyber defense, including identifying vulnerabilities and accelerating incident response. while also examining the emerging cyberattack capabilities that AI can enable. Furthermore, we analyze the broader strategic risks and opportunities presented by the growing military use of AI, considering its implications for national security, international competition, and the future of conflict. www.myprivacy.blog/the-ai-revolution-in-cyber-and-strategy-a-double-edged-sword…

Join us as we delve into the critical realm of risk management for General-Purpose AI (GPAI) and foundation models. Drawing insights from the UC Berkeley Center for Long-Term Cybersecurity's profile, we explore the unique risks associated with these increasingly multi-purpose AI systems, from their large-scale impact and potential for misuse to the challenges posed by emergent behaviors We examine frameworks and best practices for identifying, analyzing, and mitigating these risks, aligning with standards like the NIST AI Risk Management Framework and considering the implications of emerging regulations This podcast is essential listening for developers, policymakers, and anyone seeking to understand and responsibly navigate the rapidly evolving landscape of advanced AI.…

Navigate the world of SOC 2 compliance specifically for SaaS companies. We break down the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) explain the difference between Type I and Type II audits, and offer best practices for achieving and maintaining your SOC 2 certification to build customer trust and gain a competitive advantage. Learn how to prepare for your audit, understand the importance of continuous monitoring, and leverage your SOC 2 report for business growth. www.compliancehub.wiki/soc-2-compliance-for-saas-companies-a-technical-deep-dive…

Explore how artificial intelligence is transforming the core of organizational collaboration. We delve into the groundbreaking research from "The Cybernetic Teammate" study, revealing how AI-powered tools are impacting team performance, breaking down expertise silos, and even influencing social engagement in the workplace. Discover how individual AI users are matching and sometimes exceeding the output of traditional teams, and what this means for the future of work and organizational design. www.securitycareers.help/the-rise-of-the-cybernetic-teammate-how-ai-is-redefining-collaboration-in-the-modern-workplace Thank you to our sponsor: https://cyberagent.exchange…

This podcast dives deep into the 2025 Annual Threat Assessment by the U.S. Intelligence Community, analyzing the most serious threats to U.S. national security posed by major state actors like China and Russia, non-state transnational criminals and terrorists such as ISIS, and the growing trend of adversarial cooperation. We explore the nuanced intelligence, long-term strategic challenges, and evolving tactics that shape the global security landscape. breached.company/the-shifting-global-security-landscape-insights-from-the-2025-annual-threat-assessment/…

This podcast dives into the shocking findings of a live honeypot experiment that recorded over 570,000 cyber attacks in just seven days. We explore the attack trends, including brute-force attempts, stolen credentials, automated bots, and known vulnerabilities, offering valuable insights for SOC analysts, security researchers, and anyone curious about real-world cyber threats. Learn about attacker behavior, commonly exploited vulnerabilities, and actionable steps to make security teams smarter and better prepared. breached.company/the-relentless-tide-understanding-global-cyber-attacks-and-breaches…

Delve into the critical artificial intelligence trends shaping 2025, as highlighted in the statworx AI Trends Report. This podcast explores the rapid advancements in AI, the ongoing global competition for AI supremacy, the impact of European regulations like the AI Act, and the potential bursting of the AI investment bubble, offering insights for businesses and decision-makers.…

Explore the dynamic world of artificial intelligence through a global lens, examining key trends identified in India and Africa. We delve into the balance between AI innovation and regulatory frameworks. Discover how AI is being applied for public sector transformation in India, addressing accessibility and leveraging multilingual capabilities. We also critically analyze the concept of trustworthy AI from African perspectives, considering ethical implications, data justice, and the need for Afrocentric approaches that prioritize local values and community benefits over global tech interests. Join us as we navigate the complexities of AI development and deployment across diverse cultural and societal landscapes, discussing challenges like bias, governance, and the crucial pursuit of responsible and trustworthy AI for all. https://www.compliancehub.wiki/navigating-the-ai-landscape-compliance-considerations-in-india-and-africa…

Delve into the key cybercrime trends observed in 2024 by Israel National Crime Directorate (INCD), from the pervasive use of infostealers and the rise of encryption-less ransomware to the emerging threats involving AI and decentralized technologies. We analyze how cybercriminals are adapting their tactics, the impact of law enforcement actions, and what these shifts foreshadow for the cyber threat landscape in 2025. breached.company/understanding-the-2024-cyber-threat-landscape-insights-for-our-community…

This podcast delves into the findings of the European Union Serious and Organised Crime Threat Assessment (EU-SOCTA) 2025, exploring the changing DNA of serious and organised crime in Europe as it becomes increasingly nurtured online and accelerated by AI and other new technologies. We examine the destabilising impact of these criminal activities on society, the growing intersection with hybrid threats, and the key areas of concern identified by Europol, including cyber-attacks, online fraud, drug trafficking, and more. Join us as we unpack the intelligence-led analysis shaping the EU's fight against these evolving threats breached.company/understanding-the-evolving-threat-landscape-following-a-data-breach…

This podcast delves into the findings of Red Canary's 2025 Threat Detection Report, dissecting the major cybersecurity trends observed in 2024. We explore the surge in ransomware, increasingly sophisticated initial access techniques like "paste and run," the dramatic rise of identity attacks targeting cloud environments, persistent vulnerability exploitation, the proliferation of stealer malware on Windows and macOS, the emergence of state-sponsored insider threats, the consistent abuse of VPNs, the growing landscape of cloud attacks, and the dominance of stealers in Mac malware. Understand the implications of these trends and how organizations can shift their security strategies towards early detection and effective response across endpoints, identities, and cloud resources, moving beyond prevention to identify and mitigate threats before they cause significant harm. breached.company/learning-from-the-shadows-key-insights-from-the-red-canary-2025-threat-detection-report-for-breached-companies…

Are you struggling to understand and manage your organization's data security risks? Based on the latest insights, we delve into the key challenges hindering effective data protection, including gaps in risk understanding, the critical misalignment between management and staff on security strategies, the limitations of existing security tools, and the shift from reactive compliance to proactive, risk-based approaches. Join us as we unpack these issues and explore the path towards a stronger data security posture. www.securitycareers.help/bridging-the-gaps-in-the-cloud-why-understanding-and-alignment-are-key-to-effective-data-security-risk-management…

Dive into the alarming world of secrets sprawl, exploring the growing number of exposed API keys, passwords, and other sensitive credentials across development environments, collaboration tools, and cloud platforms. Based on the latest data analysis from GitGuardian's "The State of Secrets Sprawl 2025" report, we uncover the primary risk categories and attack vectors, the cascade effect of minor leaks, and the critical timelines that make rapid remediation essential. We'll also discuss the challenges organizations face, from the limitations of secrets managers and the dangers of excessive permissions to the persistent problem of unfixed exposed credentials and the overlooked risks in collaboration tools. Join us to understand the real-world impact of secrets sprawl and learn strategies for effective management and mitigation. www.securitycareers.help/the-state-of-secrets-sprawl-a-critical-risk-imperative-for-cisos www.compliancehub.wiki/secrets-sprawl-a-compliance-nightmare-leading-to-potential-privacy-fines…

This podcast breaks down the complexities of the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) framework. We delve into the fundamental differences between Level 1's basic safeguarding requirements, Level 2's alignment with NIST SP 800-171 Rev 2, and Level 3's enhanced security based on NIST SP 800-172 and government assessment. Understand the distinct security requirements, assessment processes (self-assessment vs. certification by C3PAOs or DIBCAC), and prerequisites for each level to ensure your organization can confidently navigate the CMMC landscape. www.compliancehub.wiki/navigating-cmmc-compliance-for-your-defense-contractor-website…

This podcast delves into the growing privacy vulnerabilities and cybersecurity risks inherent in the deeply interconnected systems of modern smart cities. We explore the challenges of data protection, the expanding attack surface created by IoT devices, and the governance and regulatory gaps that can leave urban environments vulnerable to exploitation. Join us as we examine the threats and discuss potential solutions for building more secure and privacy-respecting smart urban futures. www.secureiotoffice.world/the-intelligent-workspace-leveraging-iot-for-a-smarter-office www.secureiot.house/securing-your-connected-sanctuary-navigating-privacy-and-cyber-threats-in-your-smart-home…

This podcast delves into the findings of Lithuania's "National Threat Assessment 2025," dissecting the primary external state actors posing the most significant risks to its national security. We examine the multifaceted threats emanating from an increasingly aggressive Russia, Belarus with its growing dependence, and an increasingly hostile China, exploring their strategies and potential impact on Lithuania and the wider region. breached.company/unpacking-the-perils-why-lithuanias-2025-security-threats-demand-your-attention…

In an era where cyber and physical threats increasingly intersect, critical infrastructure faces unprecedented risks. This podcast delves into the crucial need for security convergence, exploring how organizations can break down security silos between IT, physical security, and operational technology (OT) to achieve a holistic and resilient defense. We examine the challenges of converging disparate security cultures and technologies, and highlight the benefits of a unified approach, including improved risk management, efficiency, and protection against hybrid threats. Drawing on expert insights and real-world examples, we explore strategies for strategic alignment, joint risk assessments, and the implementation of frameworks that foster collaboration and a stronger security posture for the foundational systems that underpin modern society. www.secureiotoffice.world/bridging-the-divide-why-converged-security-is-imperative-for-protecting-critical-infrastructure www.securitycareers.help/the-evolving-role-of-the-ciso-leading-converged-security-teams-in-a-cyber-physical-world…

In this episode, we delve into the alarming rise of edge device exploitation in 2024 from the Check Point Threat Intel report, where cybercriminals and nation-states alike targeted routers, firewalls, and VPN appliances to gain initial access, establish ORBs for covert operations, and leverage a surge in zero-day vulnerabilities. We explore the tactics of groups like Raptor Train and Magnet Goblin, the challenges of patching these critical devices, and the implications for network security in the evolving threat landscape. breached.company/edge-wars-unpacking-the-escalating-exploitation-of-network-perimeters-in-2024…

Navigate the complex landscape of Connected Autonomous Vehicle (CAV) cybersecurity. We delve into the critical vulnerabilities in intra- and inter-vehicle communication, explore potential attack motivations ranging from operational disruption to data theft and physical control, and discuss the significance of standards like ISO/SAE 21434 in building a secure future for autonomous mobility. Join us as we uncover the threats and solutions in the evolving world of CAV security. www.hackernoob.tips/autonomy-under-attack-a-hackers-intro-to-cav-cybersecurity www.myprivacy.blog/your-car-knows-more-than-you-think…

This podcast delves into the crucial aspects of cyber security incident response maturity. We explore how organizations can assess and improve their capabilities using tools like the detailed assessment based on 15 steps. We discuss key concepts such as criticality assessments, threat analysis, and the importance of people, process, technology, and information in preparing for, responding to, and following up on cyber security incidents. Understand how target maturity levels and weighting factors can be used to tailor your assessment and identify areas for improvement in your cyber security incident response lifecycle. https://irmaturityassessment.com breached.company/enhancing-cyber-resilience-an-in-depth-look-at-incident-response-maturity-assessments…

Join us as we explore the NIST Cybersecurity Framework (CSF) 2.0, the essential guide for organizations looking to manage and reduce cybersecurity risks. We delve into the six core Functions: Govern, Identify, Protect, Detect, Respond, and Recover, examining the key changes and updates from previous versions. Whether you're new to the CSF or looking to implement the latest version, this podcast offers insights into creating Organizational Profiles, understanding Community Profiles, and leveraging the framework to improve your overall cybersecurity posture. We'll also discuss how the NIST CSF complements other compliance frameworks and helps you build a resilient and risk-informed cybersecurity strategy www.compliancehub.wiki/the-nist-cybersecurity-framework-csf-2-0-a-comprehensive-guide-for-your-compliance-hub…

Discover how CISO Marketplace's latest innovations, GeneratePolicy.com and CyberAgent.Exchange, are transforming cybersecurity for startups and SMBs. Learn how AI-driven policy generation simplifies compliance and documentation, and how AI-powered agents automate critical security roles, enhancing efficiency and reducing costs. We delve into the key features, benefits, and target audiences for these cutting-edge solutions designed to strengthen your cybersecurity posture. www.cisomarketplace.services Visit and Vote! https://www.producthunt.com/posts/generatepolicy-com-ai-policy-generator https://www.producthunt.com/posts/cyber-agent-exchange-ai-talent-hub…

This podcast delves into the complex world of Artificial Intelligence, exploring the cybersecurity risks associated with its adoption and the evolving regulatory landscape, particularly focusing on the EU AI Act. We break down the key aspects of the AI Act, including definitions of AI systems and general-purpose AI models risk classifications and the obligations for providers and deployers. We also examine strategies for securing AI applications and managing the cybersecurity threats that arise with increased AI usage Join us as we navigate the balance between AI innovation, security, and compliance. www.compliancehub.wiki/navigating-the-technical-landscape-of-eu-ai-act-compliance…

This podcast explores the evolving cybersecurity landscape, drawing insights from the Microsoft Digital Defense Report 2024 and the ENISA Threat Landscape. We delve into the tactics of nation-state actors and cybercriminals, the growing impact of AI on both attacks and defenses, and strategies for building resilience in an increasingly complex digital world. Join us as we examine the latest threats, emerging techniques like AI-enabled social engineering and deepfakes, and the innovative solutions being developed to secure our digital future. breached.company/navigating-the-cyber-frontier-key-insights-for-a-secure-digital-future…

Explore the cutting-edge intersection of artificial intelligence and red team operations in cybersecurity. We delve into how AI is revolutionizing traditional cyber offense and defense methodologies, enhancing adaptability, fostering innovation, and pushing the boundaries of cyber operations in an era of rapidly evolving digital threats, as highlighted in "AI For Red Team Operation". Join us to understand how this fusion is shaping the future of cybersecurity strategies and tactics. www.securitycareers.help/the-ai-powered-red-team-revolutionizing-cyber-operations…

Based on the Arctic Wolf 2025 Threat Report, this podcast explores the key cybersecurity threats that organizations will face in the coming year. We delve into the prevalence of ransomware and data extortion, the ongoing challenges of business email compromise, and the persistent risks posed by intrusions. Gain insights into attacker tactics, vulnerable attack surfaces like Unsecured Remote Desktop Protocol (RDP), and actionable strategies for managing and mitigating these evolving threats. www.breached.company/deep-dive-into-the-cyber-threat-landscape-key-insights-from-the-arctic-wolf-2025-threat-report…

This episode dives into the key findings of Recorded Future's 2024 Malicious Infrastructure Report, revealing the dominant malware families like LummaC2 and AsyncRAT, the continued reign of Cobalt Strike, and the evolving tactics of threat actors, including the abuse of legitimate internet services and relay networks. We'll explore the top threats, targeted regions, and the resilience of cybercriminals in the face of law enforcement efforts, providing crucial insights for defenders navigating today's complex threat landscape. www.breached.company/unpacking-the-2024-cyber-underworld-a-technical-deep-dive-into-malicious-infrastructure…

Delve into the key findings of ThreatDown's 2025 State of Malware report, exploring the anticipated impact of agentic AI on cybercrime and the evolving ransomware landscape, including the emergence of smaller, more agile "dark horse" groups. We'll discuss how cybercriminals are leveraging AI to scale attacks and the shift towards Living Off The Land (LOTL) tactics for stealthier operations. We also examine the increasing threats from macOS stealers and sophisticated Android phishing malware, providing crucial insights into the challenges and defenses shaping the threat landscape in 2025. www.breached.company/decoding-the-2025-malware-landscape-a-technical-deep-dive…

Dive into the key findings of the Greynoise 2025 Mass Internet Exploitation Report. We dissect how attackers are reviving old vulnerabilities, the impact of home router exploits, and the speed at which new vulnerabilities are weaponized. Discover actionable defense strategies for staying ahead of mass internet exploitation. breached.company/mass-internet-exploitation-in-2024-a-technical-overview…

A deep dive into the latest trends, threat actors, and defense strategies in Operational Technology and Industrial Control Systems cybersecurity. We discuss how geopolitical tensions, ransomware, and hacktivist activities are shaping the threat landscape, and provide actionable insights to improve your organization's security posture. Learn about implementing the SANS ICS 5 Critical Controls, vulnerability management, incident response, and more to protect your critical infrastructure. breached.company/technical-brief-strengthening-ot-ics-cybersecurity-in-2024-and-beyond…