Growing up in a military family, Tristen Epps moved around a lot. But no matter where he was living, Friday nights were sacred. He got to dress up, go to a restaurant, not order from a kids menu, and feel like he was getting to know the place he was living — for now. At home, when his mom taught him to scramble an egg, he was mesmerized by the alchemy; one simple ingredient could transform into so many things. It's that wonder and curiosity that transformed him into the leader, visionary, and Top Chef winner he is today. He joined Tinfoil Swans at the Food & Wine Classic in Aspen to talk about his mission to “un-colonize colonized food,” the freedom he feels cooking in Air Jordans, why it's important to him to celebrate oxtails with Michelin-level finesse, and his belief that cooking has power to correct history. Sponsor: Old Fitzgerald® Kentucky Straight Bourbon Whiskey. Bardstown, KY. 50% Alc./Vol. Think Wisely. Drink Wisely. Learn more about your ad choices. Visit podcastchoices.com/adchoices…
Player FM - Internet Radio Done Right
Checked 1d ago
اضافه شده در twenty-two هفته پیش
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Daily Deals
پادکست هایی که ارزش شنیدن دارند
حمایت شده
Building Resilient Software: Secure by Design, Transparency, and Governance Remain Key Elements | A Conversation with Chris Hughes | Redefining CyberSecurity with Sean Martin
Manage episode 469142327 series 3649986
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Guest: Chris Hughes, President / Co-Founder, Aquia
On LinkedIn | https://www.linkedin.com/in/resilientcyber/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin connects with Chris Hughes, a seasoned author and consultant in cybersecurity. The primary focus is on the intricacies of vulnerability management and software supply chain security, particularly in an era where software pervades every aspect of modern life.
Chris Hughes emphasizes the paramount importance of understanding what is in the software we consume. Software Bill of Materials (SBOM) has emerged as a focal point, akin to ingredient lists in the food industry, highlighting the need for transparency. Hughes argues that transparency is not just about knowing the components; it extends to understanding the risks associated with those components. He illustrates his point by referencing infamous incidents like the Log4j vulnerability, which unveiled the critical gaps in our knowledge of software components.
The conversation also shifts towards the broader challenges in software supply chain security. Hughes discusses the government's push for self-attestation and the role of third-party validators in ensuring software security. While acknowledging the complexities and potential bottlenecks, he underscores the necessity for a balanced approach that combines self-attestation with external validation to foster a secure software ecosystem.
Additionally, Hughes addresses the concept of Secure by Design, advocating for practices that embed security into the software development lifecycle right from the outset. He notes the historical context of this concept, which dates back to the Ware Report, and argues for its relevance even today. Secure by Design entails building security measures inherently into products, thereby reducing the need for perpetual patching and vulnerability management.
Internal risk management within organizations also gets spotlighted. Hughes insists that organizations should maintain an inventory of the software and components they use internally, evaluate their risks, and contribute to the open-source communities they rely on. This comprehensive approach not only helps in mitigating risks but also fosters a resilient and sustainable software ecosystem.
On the topic of platform engineering, Hughes shares his insights on its potential to streamline software development processes and enhance security through standardization and governance. However, he is candid about the challenges, particularly the need to balance standardization with the diverse preferences of development teams.
As the discussion wraps up, Hughes and Martin underline the importance of focusing on contextual risk assessment in vulnerability management, rather than merely responding to static severity scores. Hughes' advocacy for a more nuanced approach to security, balancing immediate risk mitigation with longer-term strategic planning, offers listeners a thoughtful perspective on managing cybersecurity challenges.
Top Questions Addressed
- How can organizations ensure transparency and security in their software supply chains?
- What strategies can be implemented to address the challenges of vulnerability management?
- How can platform engineering and internal governance improve software security within organizations?
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
NCF Whitepaper: https://tag-app-delivery.cncf.io/whitepapers/platforms/
CNCF Platform Maturity Model: https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/
Secure-by-Design at Google: What is the website URL for Secure-by-Design at Google?
https://research.google/pubs/secure-by-design-at-google/
Software Transparency: Supply Chain Security in an Era of a Software-Driven Society (Book): https://a.co/d/0bNaPmF
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem: https://a.co/d/6xs5saH
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
566 قسمت
اشتراک گذاریManage episode 469142327 series 3649986
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Guest: Chris Hughes, President / Co-Founder, Aquia
On LinkedIn | https://www.linkedin.com/in/resilientcyber/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin connects with Chris Hughes, a seasoned author and consultant in cybersecurity. The primary focus is on the intricacies of vulnerability management and software supply chain security, particularly in an era where software pervades every aspect of modern life.
Chris Hughes emphasizes the paramount importance of understanding what is in the software we consume. Software Bill of Materials (SBOM) has emerged as a focal point, akin to ingredient lists in the food industry, highlighting the need for transparency. Hughes argues that transparency is not just about knowing the components; it extends to understanding the risks associated with those components. He illustrates his point by referencing infamous incidents like the Log4j vulnerability, which unveiled the critical gaps in our knowledge of software components.
The conversation also shifts towards the broader challenges in software supply chain security. Hughes discusses the government's push for self-attestation and the role of third-party validators in ensuring software security. While acknowledging the complexities and potential bottlenecks, he underscores the necessity for a balanced approach that combines self-attestation with external validation to foster a secure software ecosystem.
Additionally, Hughes addresses the concept of Secure by Design, advocating for practices that embed security into the software development lifecycle right from the outset. He notes the historical context of this concept, which dates back to the Ware Report, and argues for its relevance even today. Secure by Design entails building security measures inherently into products, thereby reducing the need for perpetual patching and vulnerability management.
Internal risk management within organizations also gets spotlighted. Hughes insists that organizations should maintain an inventory of the software and components they use internally, evaluate their risks, and contribute to the open-source communities they rely on. This comprehensive approach not only helps in mitigating risks but also fosters a resilient and sustainable software ecosystem.
On the topic of platform engineering, Hughes shares his insights on its potential to streamline software development processes and enhance security through standardization and governance. However, he is candid about the challenges, particularly the need to balance standardization with the diverse preferences of development teams.
As the discussion wraps up, Hughes and Martin underline the importance of focusing on contextual risk assessment in vulnerability management, rather than merely responding to static severity scores. Hughes' advocacy for a more nuanced approach to security, balancing immediate risk mitigation with longer-term strategic planning, offers listeners a thoughtful perspective on managing cybersecurity challenges.
Top Questions Addressed
- How can organizations ensure transparency and security in their software supply chains?
- What strategies can be implemented to address the challenges of vulnerability management?
- How can platform engineering and internal governance improve software security within organizations?
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
NCF Whitepaper: https://tag-app-delivery.cncf.io/whitepapers/platforms/
CNCF Platform Maturity Model: https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/
Secure-by-Design at Google: What is the website URL for Secure-by-Design at Google?
https://research.google/pubs/secure-by-design-at-google/
Software Transparency: Supply Chain Security in an Era of a Software-Driven Society (Book): https://a.co/d/0bNaPmF
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem: https://a.co/d/6xs5saH
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
566 قسمت
همه قسمت ها
×
1 Black Hat 2025: More Buzzwords, Same Breaches? | What’s Heating Up Before Black Hat 2025: Top Trends Set to Shake Up this Year’s Hacker Conference | An ITSPmagazine Webinar: On Location Coverage… 1:00:22
1:00:22 
پخش در آینده 
پخش در آینده 
لیست ها 
پسندیدن 
دوست داشته شد1:00:22
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدIn this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025. Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what’s scheduled. Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.” Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls. Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware. Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern. This episode is not just about placing bets on buzzwords. It’s about uncovering what’s real, what’s noise, and what still needs fixing—no matter how long we’ve been talking about it. ___________ Guests: Leslie Kesselring , Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/ “This year, it’s the news cycle—not the sessions—that’s driving what media cover at Black Hat.” Daniel Cuthbert , Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/ “Why are we still finding bugs older than the people presenting the research?” Richard Stiennon , Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/ “The urge to consolidate tools is driven by procurement—not by what defenders actually need.” Michael Parisi , Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/ “Responsible AI use isn’t a policy—it’s something we have to actually implement.” Rupesh Chokshi , SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/ “The business side is racing to deploy AI—but security still hasn’t caught up.” Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 BlackCloak: https://itspm.ag/itspbcweb Akamai: https://itspm.ag/akamailbwc DropzoneAI: https://itspm.ag/dropzoneai-641 Stellar Cyber: https://itspm.ag/stellar-9dj3 ___________ Resources Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25 ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS sean martin, marco ciappelli, leslie kesselring, daniel cuthbert, richard stiennon, michael parisi, rupesh chokshi, blackhat2025, event coverage, on location, conference…
1 Making Honeypots Useful Again: Identity Security, Deception, and the Art of Detection | A Conversation with Sean Metcalf | Redefining CyberSecurity with Sean Martin 31:48
⬥ GUEST ⬥ Sean Metcalf , Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity. While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker’s need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious. One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective. He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn’t be able to move around your environment without tripping over something that alerts the defender. Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively. Whether you’re running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/ Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normal Article: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activity Article: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Hiring for the Present Is Hurting the Future of Cybersecurity: Why “Entry-Level” Rarely Means Entry | A Conversation with John Salomon | Redefining CyberSecurity with Sean Martin 41:38
⬥ GUEST ⬥ John Salomon , Board Member, Cybersecurity Advisors Network (CyAN) | On LinkedIn: https://www.linkedin.com/in/johnsalomon/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ The cybersecurity industry keeps repeating a familiar line: there’s a shortage of talent. But what if the real issue isn’t the number of people—but the lack of access, mentorship, and investment in human potential? In this episode of Redefining CyberSecurity , Sean Martin speaks with John Salomon, an independent cybersecurity consultant and a contributor to the Cybersecurity Advisors Network (CyAN), about how the hiring structure in our industry may be the problem—not the solution. Together, they explore why entry-level roles rarely provide an actual point of entry, and how hiring practices have been shaped more by finance and compliance than by people development. Salomon draws on decades of experience to outline the problem: security is often treated as a pure cost center, so training and mentorship are deprioritized. Early-career professionals are expected to be “job-ready” from day one, and organizations rarely account for the long-term payoff of investing in apprenticeships or junior hires. He also points to the silent collapse of informal mentorship that once defined the field. Leaders used to take risks on new talent. Now, hiring decisions are driven by headcount limitations and performance metrics that leave no room for experimentation or learning through failure. The conversation shifts toward action. Business and security leaders need to reframe cybersecurity as a growth enabler and start viewing mentorship as a risk mitigation tool. Investing in new talent not only strengthens your team—it supports the stability of the industry as a whole. And it’s not just on companies. Universities and student organizations must create more opportunities for experiential learning and interdisciplinary collaboration. Leaders can support these efforts with time, not just budget, by showing up and sharing what they’ve learned. Whether you’re a CISO, founder, or just getting started, this episode challenges the idea that “mentorship is nice to have” and shows how it’s a cornerstone of sustainable cybersecurity. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Post: https://www.linkedin.com/posts/activity-7332679935557300224-1lBv/ ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 OT Emergency Preparedness: When Disaster Recovery Meets Real-World Safety | A Conversation with Tobias Halmans | Redefining CyberSecurity with Sean Martin 49:51
⬥ GUEST ⬥ Tobias Halmans , OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication. OT engineers don’t think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins. Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world’s metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements. Perhaps most importantly, Tobias stresses that business continuity planning for OT can’t just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy. Whether you’re a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don’t fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1 ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 When AI Looks First: How Agentic Systems Are Reshaping Cybersecurity Operations | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 4:32
Before a power crew rolls out to check a transformer, sensors on the grid have often already flagged the problem. Before your smart dishwasher starts its cycle, it might wait for off-peak energy rates. And in the world of autonomous vehicles, lightweight systems constantly scan road conditions before a decision ever reaches the car’s central processor. These aren’t the heroes of their respective systems. They’re the scouts, the context-builders: automated agents that make the entire operation more efficient, timely, and scalable. Cybersecurity is beginning to follow the same path. In an era of relentless digital noise and limited human capacity, AI agents are being deployed to look first, think fast, and flag what matters before security teams ever engage. But these aren’t the cartoonish “AI firefighters” some might suggest. They’re logical engines operating at scale: pruning data, enriching signals, simulating outcomes, and preparing workflows with precision. "AI agents are redefining how security teams operate, especially when time and talent are limited," says Kumar Saurabh , CEO of AirMDR. "These agents do more than filter noise. They interpret signals, build context, and prepare response actions before a human ever gets involved." This shift from reactive firefighting to proactive triage is happening across cybersecurity domains. In detection, AI agents monitor user behavior and flag anomalies in real time, often initiating mitigation actions like isolating compromised devices before escalation is needed. In prevention, they simulate attacker behaviors and pressure-test systems, flagging unseen vulnerabilities and attack paths. In response, they compile investigation-ready case files that allow human analysts to jump straight into action. "Low-latency, on-device AI agents can operate closer to the data source, better enabling anomaly detection, threat triaging, and mitigation in milliseconds," explains Shomron Jacob , Head of Applied Machine Learning and Platform at Iterate.ai. "This not only accelerates response but also frees up human analysts to focus on complex, high-impact investigations." Fred Wilmot , Co-Founder and CEO of Detecteam, points out that agentic systems are advancing limited expertise by amplifying professionals in multiple ways. "Large foundation models are driving faster response, greater context and more continuous optimization in places like SOC process and tools, threat hunting, detection engineering and threat intelligence operationalization," Wilmot explains. "We’re seeing the dawn of a new way to understand data, behavior and process, while optimizing how we ask the question efficiently, confirm the answer is correct and improve the next answer from the data interaction our agents just had." Still, real-world challenges persist. Costs for tokens and computing power can quickly outstrip the immediate benefit of agentic approaches at scale. Organizations leaning on smaller, customized models may see greater returns but must invest in AI engineering practices to truly realize this advantage. "Companies have to get comfortable with the time and energy required to produce incremental gains," Wilmot adds, "but the incentive to innovate from zero to one in minutes should outweigh the cost of standing still." Analysts at Forrester have noted that while the buzz around so-called agentic AI is real, these systems are only as effective as the context and guardrails they operate within. The power of agentic systems lies in how well they stay grounded in real data, well-defined scopes, and human oversight. ¹ ² While approaches differ, the business case is clear. AI agents can reduce toil, speed up analysis, and extend the reach of small teams. As Saurabh observes, AI agents that handle triage and enrichment in minutes can significantly reduce investigation times and allow analysts to focus on the incidents that truly require human judgment. As organizations wrestle with a growing attack surface and shrinking response windows, the real value of AI agents might not lie in what they replace , but in what they prepare . Rob Allen , Chief Product Officer at ThreatLocker, points out, "AI can help you detect faster. But Zero Trust stops malware before it ever runs. It’s not about guessing smarter; it’s about not having to guess at all." While AI speeds detection and response, attackers are also using AI to evade defenses, making it vital to pair smart automation with architectures that deny threats by default and only allow what’s explicitly needed. These agents are the eyes ahead, the hands that set the table, and increasingly the reason why the real work can begin faster and smarter than ever before. References 1. Forrester. (2024, February 8). Cybersecurity’s latest buzzword has arrived: What agentic AI is — and isn’t . Forrester Blogs. https://www.forrester.com/blogs/cybersecuritys-latest-buzzword-has-arrived-what-agentic-ai-is-and-isnt/ (cc: Allie Mellen and Rowan Curran ) 2. Forrester. (2024, March 13). The battle for grounding has begun . Forrester Blogs. https://www.forrester.com/blogs/the-battle-for-grounding-has-begun/ (cc: Ted Schadler ) ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 From Feed to Foresight: Cyber Threat Intelligence as a Leadership Signal | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 6:39
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team. From Risk Reduction to Opportunity Ryan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization’s resources and builds a stronger industry front against emerging threats. Real Business Context Tod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations. Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead. More Than Defense The discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most. Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge. ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 Agentic AI to the Rescue? From Billable Hours to Bots: The New Legal Workflow | A Conversation with Frida Torkelsen and Maged Helmy | Redefining CyberSecurity with Sean Martin 44:16
⬥ GUESTS ⬥ Frida Torkelsen , PhD | AI Solution Architect at Newcode.ai | On LinkedIn: https://www.linkedin.com/in/frida-h-torkelsen/ Maged Helmy , PhD | Assoc. Professor - AI at University of South-Eastern Norway and Founder & CEO of Newcode.ai | On LinkedIn: https://www.linkedin.com/in/magedhelmy/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Agentic AI is rapidly moving from theoretical promise to practical implementation, and few sectors are feeling this shift as acutely as the legal industry. In this episode of Redefining CyberSecurity, Sean Martin is joined by Frida Torkelsen, a Solution Architect, and Maged Helmy, a professor of AI, to explore how law firms and in-house counsel are applying AI agents to reduce costs, improve efficiency, and unlock strategic capabilities—while navigating critical privacy and security concerns. Frida explains how large firms are seeking to extract value from their troves of historical legal data through bespoke AI agents designed to automate workflows and improve institutional knowledge sharing. Smaller firms, on the other hand, benefit by building narrow, purpose-driven agents that automate core functions and give them a tactical edge. This democratization of capability—fueled by faster iteration and reduced development cost—could be a strategic win for niche firms that are disciplined in their focus. Maged emphasizes the architectural shift AI agents introduce. Unlike static queries to large language models with fixed knowledge, agents access tools, data, and live systems to execute tasks dynamically. This expands the use case potential—but also the risk. Because agentic systems operate probabilistically, consistent outputs aren’t guaranteed, and testing becomes more about evaluating outcomes across a range of inputs than expecting deterministic results. Security risk looms large. Maged shares how a single oversight in permissions allowed an agent to make system-wide changes that corrupted his environment. Frida cautions against over-permissive access, noting that agents tapping into shared calendars or HR databases must respect internal boundaries and compliance obligations. Both guests agree that human-in-the-loop validation is essential, especially in environments with strict data governance needs. Law firms must reassess both internal information architecture and team readiness before implementing agentic systems. Start with a clear understanding of the business problem, validate access scopes, and track outcomes for accuracy, speed, and cost. Legal tech teams are forming around these efforts, but success will depend on whether these roles stay grounded in solving specific legal problems—not chasing the latest AI trend. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Newsletter: The Law's Great Recalibration: Inside the Tech-Driven Puzzle of Legal Firm Transformation: https://www.linkedin.com/pulse/laws-great-recalibration-inside-tech-driven-puzzle-sean-martin-cissp-clnoe/ ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Inside the DARPA AI Cyber Challenge: Securing Tomorrow’s Critical Infrastructure Through AI and Healthy Competition | An RSAC Conference 2025 Conversation with Andrew Carney | On Location Coverage… 27:35
During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge. Inside Northbridge: The Stakes Are Real Northbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It’s not just a walkthrough — it’s a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn’t theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today. The AI Cyber Challenge: Pairing Generative AI with Cyber Reasoning The AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite. Building Toward DEFCON Finals and Beyond The journey doesn’t end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors. From Competition to Collaboration Carney and Fisher stress that the ultimate victory isn’t in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors. The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on. ___________ Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ______________________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 Akamai: https://itspm.ag/akamailbwc BlackCloak: https://itspm.ag/itspbcweb SandboxAQ: https://itspm.ag/sandboxaq-j2en Archer: https://itspm.ag/rsaarchweb Dropzone AI: https://itspm.ag/dropzoneai-641 ISACA: https://itspm.ag/isaca-96808 ObjectFirst: https://itspm.ag/object-first-2gjl Edera: https://itspm.ag/edera-434868 ___________ Resources The DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpa Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25 ___________ KEYWORDS andrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference ______________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
1 Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin 35:52
⬥GUEST⬥ Izar Tarandach , Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥EPISODE NOTES⬥ In this episode of Redefining CyberSecurity , host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding. Vibe coding, as discussed by Izar and Sean, isn’t just about AI-assisted development—it’s about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It’s being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles. Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what’s being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale. One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today’s coding models function like junior developers—they may produce working code, but they’re also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right. Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it’s more of a one-way zone than a true jam session between human and machine. Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don’t trust blindly. Review it, test it, threat model it, and hold it to the same standards. Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMS Security Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrong Webinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Building and Securing Intelligent Workflows: Why Your AI Strategy Needs Agentic AI Threat Modeling and a Zero Trust Mindset | A Conversation with Ken Huang | Redefining CyberSecurity with Sean Martin 43:10
⬥GUEST⬥ Ken Huang , Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥EPISODE NOTES⬥ In this episode of Redefining CyberSecurity , host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice . The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows. Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges. Practical Applications and Emerging Use Cases Ken outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce’s AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention. Implications for Development and Security Teams Development teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement. Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed. The Call for Collaboration and Mindset Shift Agentic AI isn’t just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7 BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259 BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMR More books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GN Video Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=false Podcast: The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Detection vs. Noise: What MITRE ATT&CK Evaluations Reveal About Your Security Tools | A Conversation with Allie Mellen | Redefining CyberSecurity with Sean Martin 36:06
⬥GUEST⬥ Allie Mellen , Principal Analyst, Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies. The Role of MITRE ATT&CK Evaluations MITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps. Mellen emphasizes that MITRE’s evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs. Alert Volume and the Cost of Security Data One key insight from this year’s evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess. Forrester’s analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints. The Shift Toward Detection and Response Engineering Mellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise. Detection and response should also be tightly integrated. Forrester’s research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads. Vendor Claims and the Reality of Security Tools While many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE’s raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice. For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs. For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/ Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/ ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | A Conversation with Sarah Fluchs | Redefining CyberSecurity with Sean Martin 44:10
⬥GUEST⬥ Sarah Fluchs , CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ The European Commission’s Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity , host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers. A Broad Scope: More Than Just Industrial Automation Unlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA’s requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products. The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support. What the CRA Requires The CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to: Ensure products are free from known, exploitable vulnerabilities at the time of release. Implement security by design, considering cybersecurity from the earliest stages of product development. Provide security patches for the product’s defined lifecycle, with a minimum of five years unless justified otherwise. Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks. Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users. Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change. Compliance Challenges: No Detailed Checklist Yet One of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA’s security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty. To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products. The Impact on Critical Infrastructure and Industrial Systems While the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on. Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains. A Security Milestone: Holding Manufacturers Accountable The CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU. Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards. For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy. The Bottom Line The Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency. Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/ Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdf A list of Sarah's blog posts to get your CRA knowledge up to speed: 1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd73 2️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c 3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d209 4️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd8900 5️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52 ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
1 Hackers, Policy, and the Future of Cybersecurity: Inside The Hackers’ Almanack from DEF CON and the Franklin Project | A Conversation with Jake Braun | Redefining CyberSecurity with Sean Martin 40:32
⬥GUEST⬥ Jake Braun , Acting Principal Deputy National Cyber Director, The White House | On LinkedIn: https://www.linkedin.com/in/jake-braun-77372539/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ Cybersecurity is often framed as a battle between attackers and defenders, but what happens when hackers take on a different role—one of informing policy, protecting critical infrastructure, and even saving lives? That’s the focus of the latest Redefining Cybersecurity podcast episode, where host Sean Martin speaks with Jake Braun, former Acting Principal Deputy National Cyber Director at the White House and current Executive Director of the Cyber Policy Initiative at the University of Chicago. Braun discusses The Hackers’ Almanack , a project developed in partnership with DEF CON and the Franklin Project to document key cybersecurity findings that policymakers, industry leaders, and technologists should be aware of. This initiative captures some of the most pressing security challenges emerging from DEF CON’s research community and translates them into actionable insights that could drive meaningful policy change. DEF CON, The Hackers’ Almanack, and the Franklin Project DEF CON, one of the world’s largest hacker conferences, brings together tens of thousands of security researchers each year. While the event is known for its groundbreaking technical discoveries, Braun explains that too often, these findings fail to make their way into the hands of policymakers who need them most. That’s why The Hackers’ Almanack was created—to serve as a bridge between the security research community and decision-makers who shape regulations and national security strategies. This effort is an extension of the Franklin Project, named after Benjamin Franklin, who embodied the intersection of science and civics. The initiative includes not only The Hackers’ Almanack but also a volunteer-driven cybersecurity support network for under-resourced water utilities, a critical infrastructure sector under increasing attack. Ransomware: Hackers Filling the Gaps Where Governments Have Struggled One of the most striking sections of The Hackers’ Almanack examines the state of ransomware. Despite significant government efforts to disrupt ransomware groups, attacks remain as damaging as ever. Braun highlights the work of security researcher Vangelis Stykas, who successfully infiltrated ransomware gangs—not to attack them, but to gather intelligence and warn potential victims before they were hit. While governments have long opposed private-sector hacking in retaliation against cybercriminals, Braun raises an important question: Should independent security researchers be allowed to operate in this space if they can help prevent attacks? This isn’t just about hacktivism—it’s about whether traditional methods of law enforcement and national security are enough to combat the ransomware crisis. AI Security: No Standards, No Rules, Just Chaos Artificial intelligence is dominating conversations in cybersecurity, but according to Braun, the industry still hasn’t figured out how to secure AI effectively. DEF CON’s AI Village, which has been studying AI security for years, made a bold statement: AI red teaming, as it exists today, lacks clear definitions and standards. Companies are selling AI security assessments with no universally accepted benchmarks, leaving buyers to wonder what they’re really getting. Braun argues that industry leaders, academia, and government must quickly come together to define what AI security actually means. Are we testing AI applications? The algorithms? The data sets? Without clarity, AI red teaming risks becoming little more than a marketing term, rather than a meaningful security practice. Biohacking: The Blurry Line Between Innovation and Bioterrorism Perhaps the most controversial section of The Hackers’ Almanack explores biohacking and its potential risks. Researchers at the Four Thieves Vinegar Collective demonstrated how AI and 3D printing could allow individuals to manufacture vaccines and medical devices at home—at a fraction of the cost of commercial options. While this raises exciting possibilities for healthcare accessibility, it also raises serious regulatory and ethical concerns. Current laws classify unauthorized vaccine production as bioterrorism, but Braun questions whether that definition should evolve. If underserved communities have no access to life-saving treatments, should they be allowed to manufacture their own? And if so, how can regulators ensure safety without stifling innovation? A Call to Action The Hackers’ Almanack isn’t just a technical report—it’s a call for governments, industry leaders, and the security community to rethink how we approach cybersecurity, technology policy, and even healthcare. Braun and his team at the Franklin Project are actively recruiting volunteers, particularly those with cybersecurity expertise, to help protect vulnerable infrastructure like water utilities. For policymakers, the message is clear: Pay attention to what the hacker community is discovering. These findings aren’t theoretical—they impact national security, public safety, and technological advancement in ways that require immediate action. Want to learn more? Listen to the full episode and explore The Hackers’ Almanack to see how cybersecurity research is shaping the future. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ The DEF CON 32 Hackers' Almanack: https://thehackersalmanack.com/defcon32-hackers-almanack DEF CON Franklin Project: https://defconfranklin.com/ | On LinkedIn: https://www.linkedin.com/company/def-con-franklin/ DEF CON: https://defcon.org/ Cyber Policy Initiative: https://harris.uchicago.edu/research-impact/initiatives-partnerships/cyber-policy-initiative ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
1 The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros | Redefining CyberSecurity with Sean Martin 46:45
⬥GUESTS⬥ Sandy Dunn , Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State University | On Linkedin: https://www.linkedin.com/in/sandydunnciso/ Rock Lambros, CEO and founder of RockCyber | On LinkedIn | https://www.linkedin.com/in/rocklambros/ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin View This Show's Sponsors ⬥EPISODE NOTES⬥ The rise of large language models (LLMs) has reshaped industries, bringing both opportunities and risks. The latest OWASP Top 10 for LLMs aims to help organizations understand and mitigate these risks. In a recent episode of Redefining Cybersecurity , host Sean Martin sat down with Sandy Dunn and Rock Lambros to discuss the latest updates to this essential security framework. The OWASP Top 10 for LLMs: What It Is and Why It Matters OWASP has long been a trusted source for security best practices, and its LLM-specific Top 10 is designed to guide organizations in identifying and addressing key vulnerabilities in AI-driven applications. This initiative has rapidly gained traction, becoming a reference point for AI security governance, testing, and implementation. Organizations developing or integrating AI solutions are now evaluating their security posture against this list, ensuring safer deployment of LLM technologies. Key Updates for 2025 The 2025 iteration of the OWASP Top 10 for LLMs introduces refinements and new focus areas based on industry feedback. Some categories have been consolidated for clarity, while new risks have been added to reflect emerging threats. • System Prompt Leakage (New) – Attackers may manipulate LLMs to extract system prompts, potentially revealing sensitive operational instructions and security mechanisms. • Vector and Embedding Risks (New) – Security concerns around vector databases and embeddings, which can lead to unauthorized data exposure or manipulation. Other notable changes include reordering certain risks based on real-world impact. Prompt Injection remains the top concern, while Sensitive Information Disclosure and Supply Chain Vulnerabilities have been elevated in priority. The Challenge of AI Security Unlike traditional software vulnerabilities, LLMs introduce non-deterministic behavior, making security testing more complex. Jailbreaking attacks —where adversaries bypass system safeguards through manipulative prompts—remain a persistent issue. Prompt injection attacks, where unauthorized instructions are inserted to manipulate output, are also difficult to fully eliminate. As Dunn explains, “There’s no absolute fix. It’s an architecture issue. Until we fundamentally redesign how we build LLMs, there will always be risk.” Beyond Compliance: A Holistic Approach to AI Security Both Dunn and Lambros emphasize that organizations need to integrate AI security into their overall IT and cybersecurity strategy, rather than treating it as a separate issue. AI governance, supply chain integrity, and operational resilience must all be considered. Lambros highlights the importance of risk management over rigid compliance : “Organizations have to balance innovation with security. You don’t have to lock everything down, but you need to understand where your vulnerabilities are and how they impact your business.” Real-World Impact and Adoption The OWASP Top 10 for LLMs has already been widely adopted, with companies incorporating it into their security frameworks. It has been translated into multiple languages and is serving as a global benchmark for AI security best practices. Additionally, initiatives like HackerPrompt 2.0 are helping security professionals stress-test AI models in real-world scenarios. OWASP is also facilitating industry collaboration through working groups on AI governance, threat intelligence, and agentic AI security. How to Get Involved For those interested in contributing, OWASP provides open-access resources and welcomes participants to its AI security initiatives. Anyone can join the discussion, whether as an observer or an active contributor. As AI becomes more ingrained in business and society, frameworks like the OWASP Top 10 for LLMs are essential for guiding responsible innovation. To learn more, listen to the full episode and explore OWASP’s latest AI security resources. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ OWASP GenAI: https://genai.owasp.org/ Link to the 2025 version of the Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/ Getting Involved: https://genai.owasp.org/contribute/ OWASP LLM & Gen AI Security Summit at RSAC 2025: https://genai.owasp.org/event/rsa-conference-2025/ AI Threat Mind Map: https://github.com/subzer0girl2/AI-Threat-Mind-Map Guide for Preparing and Responding to Deepfake Events: https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/ AI Security Solution Cheat Sheet Q1-2025: https://genai.owasp.org/resource/ai-security-solution-cheat-sheet-q1-2025/ HackAPrompt 2.0: https://www.hackaprompt.com/ ⬥ADDITIONAL INFORMATION⬥ ✨ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Are you interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
1 Shadow IT: Securing Your Organization in a World of Unapproved Apps | A Zero Trust World Conversation with Ryan Bowman | On Location Coverage with Sean Martin and Marco Ciappelli 23:34
Zero Trust World 2025 , hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions. In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT . Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman’s session aims to shed light on this issue and equip attendees with strategies to address it effectively. Understanding Shadow IT and Its Risks Bowman explains that Shadow IT is more than just an inconvenience—it’s a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts. One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss. Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls. Zero Trust as a Mindset A recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it’s a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange. This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies. Practical Strategies to Combat Shadow IT Bowman’s session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into: • Identifying and monitoring unauthorized applications within their organization • Implementing policies and security controls that balance security with user needs • Enhancing employee engagement and education to prevent unauthorized technology use • Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiency Bowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability. Why This Session Matters With organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman’s session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency. Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity. For those interested in staying ahead of security challenges, attending Bowman’s session on The Dangers of Shadow IT is a must. Guest: Ryan Bowman , VP of Solutions Engineering, ThreatLocker [ @ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ This Episode’s Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Register for Zero Trust World 2025: https://itspm.ag/threat5mu1 ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 The Ultimate 2025 Tech & Cybersecurity Event Guide: Where to Be | On Location Coverage with Sean Martin and Marco Ciappelli 11:39
ITSPmagazine is gearing up for another year of in-depth event coverage, bringing insights from industry leaders, innovators, and companies making an impact in cybersecurity, technology, and society. Sean Martin and Marco Ciappelli outline their plans for 2025, emphasizing a mix of established conferences and new opportunities to highlight emerging discussions. Key Industry Events The year’s schedule includes cornerstone cybersecurity conferences such as RSA Conference in San Francisco, Infosecurity Europe in London, and Black Hat in Las Vegas . These events serve as major platforms for discussing industry trends, launching new products, and showcasing research. Through editorial coverage, interviews, and discussions, ITSP Magazine provides perspectives from keynote speakers, panelists, and organizations shaping the field. Expanding Coverage Beyond Cybersecurity Beyond security-focused events, the team is covering NAMM 2025 , a leading music and technology conference, and Legal Week in New York , where legal, policy, and AI discussions intersect. Other major tech gatherings include CES, VivaTech, and KIMS, broadening the conversation to industries influencing the digital landscape. For companies looking to share their stories at these events, ITSP Magazine is offering sponsorship opportunities and editorial coverage. Stay tuned for updates, and catch ITSP Magazine on location throughout the year. Learn about Event Briefings: https://www.itspmagazine.com/event-coverage-briefings Learn about the Event Coverage Sponsorship Bundle: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli This Episode’s Sponsor: HITRUST: https://itspm.ag/itsphitweb Resources The Business Newsletter: https://www.itspmagazine.com/campaigns/view-campaign/4GZV4Nk80T4jGaFCG6wZZXFhO1wa91_1AeZOznFKw-qJhYFt14gJ1lyUvtlfhpABey1BbwWbzLzj-wkwtsauLPtoWbDsmyr- RSA Conference 2025: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Black Hat USA 2025: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas Infosecurity Europe 2025: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverage All of our planned On Location event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 Cyber Threat Research, Hands-On Labs, and a Challenge You Can’t Afford to Miss | A Zero Trust World Conversation with Kieran Human | On Location Coverage with Sean Martin and Marco Ciappelli 23:33
Zero Trust World 2025 , hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year’s event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education. The Growth of Zero Trust World Now in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company’s own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations. What to Expect: Hands-On Learning and Key Discussions One of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker’s perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems. For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there’s something to gain from these hands-on labs. High-Profile Speakers and Industry Insights Beyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices. One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon. Networking, Certification, and More Zero Trust World isn’t just about education—it’s also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience. A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise. A Unique Capture the Flag Challenge For those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event’s commitment to real-world application of cybersecurity techniques. Join the Conversation With so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways. Whether you’re looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you’re attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security. Guest: Kieran Human , Special Projects Engineer, ThreatLocker [ @ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ This Episode’s Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Register for Zero Trust World 2025: https://itspm.ag/threat5mu1 ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital Threats | A Conversation with Fahad Mughal | Redefining CyberSecurity with Sean Martin 52:43
Guest: Fahad Mughal , Senior Cyber Solutions Architect - Security On LinkedIn | https://www.linkedin.com/in/fahadmughal/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes Modern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure. The Growing Role of Cybersecurity in Railways Railway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure. Critical OT Systems in Railways Mughal highlights key OT components in railways that require cybersecurity protection: • Signaling Systems : These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions. • Interlocking Systems : These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase. • Onboard OT Systems : Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls. • SCADA Systems : Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network. • Safety-Critical Systems : Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents. The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators. Real-World Cyber Threats in Railways Mughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity: • 2023 Poland Attack : Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols. • 2021 Iran Railway Incident : Hackers breached Iran’s railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust. • 2016 San Francisco Muni Ransomware Attack : A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident. These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure. Cybersecurity Standards and Best Practices for Railways ( links to resources below ) To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards: • IEC 62443 : A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels . • TS 50701 : A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems. • EN 50126 (RAMS Standard) : A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations. Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks. Looking Ahead: Strengthening Railway Cybersecurity As railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design. He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks. The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it’s not a question of if railway cyber incidents will happen, but when. To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources The LinkedIn Post that inspired this conversation: https://www.linkedin.com/feed/update/urn:li:activity:7264434413965328384/ IEC 62443: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards CENELEC TS 50701: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/ EN 50126: https://www.en-standard.eu/bs-en-50126-1-2017-railway-applications-the-specification-and-demonstration-of-reliability-availability-maintainability-and-safety-rams-generic-rams-process/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Establishing a New Standard for Cybersecurity Professionals Worldwide: Addressing Trust, Standards, and Risk for the CISO Role | CISO Circuit Series with Heather Hinton | Michael Piacente and Sean… 41:44
About the CISO Circuit Series Sean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin . ____________________________ Guests: Heather Hinton , CISO-in-Residence, Professional Association of CISOs On LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin Michael Piacente , Managing Partner and Cofounder of Hitch Partners On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente ____________________________ This Episode’s Sponsors Imperva | https://itspm.ag/imperva277117988 LevelBlue | https://itspm.ag/levelblue266f6c ThreatLocker | https://itspm.ag/threatlocker-r974 ___________________________ Episode Notes In this episode of the CISO Circuit Series , part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton , seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally. This episode addressed three critical questions shaping the modern CISO role: How can CISOs build trust within their organizations? What is PAC doing to elevate cybersecurity as a recognized profession? How can CISOs prepare for increasing scrutiny and legal risks? Building Trust: A CISO’s Key Responsibility Heather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO’s success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives. The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one. Elevating Cybersecurity as a Recognized Profession Michael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series , emphasizes PAC’s role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC’s ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers. This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC’s advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats. Preparing for Legal Risks and Industry Challenges The conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence. Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society. Looking Ahead With goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals. For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org . ____________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring an ITSPmagazine Channel or telling your promotional story to the Redefining CyberSecurity audience? 👉 https://www.itspmagazine.com/advertise…
R
Redefining CyberSecurity
1 From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity… 43:32
The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process. A Human-Centered Approach to Security Dr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle. The Current State of Secure Development One key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively. She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought. Challenges in Adoption and Education Dr. Fulton’s research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers’ perception that security is not their responsibility, compounded by tight deadlines and organizational pressures. Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust’s promise of enhanced security and memory safety. The Future of Human-Centered Security Looking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities. The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes. By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices. ____________________________ Guests: Dr. Kelsey Fulton , Assistant Professor of Computer Science at the Colorado School of Mines Website | https://cs.mines.edu/project/fulton-kelsey/ Julie Haney , Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [ @NISTcyber ] On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ____________________________ View This Show's Sponsors Imperva | https://itspm.ag/imperva277117988 LevelBlue | https://itspm.ag/levelblue266f6c ThreatLocker | https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Kelsey Fulton Biography: https://kfulton121.github.io/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Data Security Posture Management — DSPM. What, why, when, and how: All The Insights You Need To Know | An Imperva Brand Story Conversation with Terry Ray 49:37
In this latest episode of the Imperva Brand Story on ITSP Magazine, Sean Martin and Marco Ciappelli sit down with Terry Ray, CTO for Data Security at Imperva. Together, they discuss the pressing challenges and transformative innovations shaping the future of safeguarding information. Unpacking Data Security Posture Management Terry Ray introduces Data Security Posture Management (DSPM), comparing it to inspecting a home—where identifying vulnerabilities is just as important as fixing them. He emphasizes that data security requires constant vigilance, urging organizations to develop a deep understanding of their infrastructure while staying agile against emerging threats. Moving Beyond Compliance to Real Security The conversation highlights the often-misunderstood relationship between compliance and genuine security. While meeting regulatory requirements is necessary, Terry argues that true data protection requires a broader, risk-based approach, addressing vulnerabilities in both regulated and non-regulated systems to prepare for audits and unforeseen breaches. The Power of Automation and Machine Learning Terry underscores Imperva's dedication to leveraging advanced automation, AI, and machine learning technologies to process vast data sets and detect threats proactively. By adopting innovative strategies, companies can transition from reactive to proactive measures in protecting their digital ecosystems. Fostering Collaboration and Security Awareness A standout point from the discussion is the importance of collaboration across organizational roles—from compliance officers to database managers and security teams. By fostering a culture of continuous learning and teamwork, businesses can better allocate resources and adapt to evolving security priorities. Embracing Security's Ever-Changing Nature The conversation concludes with a powerful reflection on the unpredictable nature of cybersecurity. As new threats and technologies emerge, organizations must remain adaptable, forward-thinking, and prepared for the unexpected to stay ahead in an ever-changing security landscape. Learn more about Imperva: https://itspm.ag/imperva277117988 Note: This story contains promotional content. Learn more . Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [ @Imperva ] On Linkedin | https://www.linkedin.com/in/terry-ray/ On Twitter | https://twitter.com/TerryRay_Fellow Resources Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Breaking Down the Complexities of Client-Side Threats and How to Stop Them | A c/side Brand Story Conversation with Simon Wijckmans 33:21
In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security. Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks. C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively. Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers. C/side’s offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality. With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike. Learn more about c/side: https://itspm.ag/c/side-t0g5 Note: This story contains promotional content. Learn more . Guest: Simon Wijckmans , Founder & CEO, c/side [ @csideai ] On LinkedIn | https://www.linkedin.com/in/wijckmans/ Resources Learn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-side Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Rebalancing Cyber Security: Prioritizing Response and Recovery in Governance | An Australian Cyber Conference 2024 in Melbourne Conversation with Asaf Dori and Ashwin Pal | On Location Coverage with… 28:36
Guests: Asaf Dori , Cyber Security Lead, Healthshare NSW On LinkedIn | https://www.linkedin.com/in/adori/ Ashwin Pal , Partner – Cyber Security and Privacy Services, RSM Australia On LinkedIn | https://www.linkedin.com/in/ashwin-pal-a1769a5/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes At the AISA CyberCon 2024 in Melbourne, Sean Martin sat down with Asaf Dori and Ashwin Pal to explore the often-overlooked areas of the NIST Cybersecurity Framework: response and recovery. Both guests highlighted the critical gaps organizations face in these domains and shared practical insights on addressing them. Asaf Dori, a cybersecurity professional in healthcare and a researcher at the University of Sydney, underscored the need for governance-driven awareness to improve response and recovery capabilities. His research revealed that while organizations invest heavily in prevention and detection, they frequently neglect robust recovery plans. He emphasized the importance of comprehensive disaster recovery exercises over isolated system-based approaches. By linking governance to practical outcomes, Dori argued that organizations could better align their strategies with business resilience. Ashwin Pal, a partner at RSM with 26 years of experience in IT security, brought a field perspective, pointing out how recovery strategies often fail to meet business requirements. He discussed the disconnect between IT recovery metrics, such as RPOs and RTOs, and actual business needs. Pal noted that outdated assumptions about recovery timeframes and critical systems frequently result in misaligned priorities. He advocated for direct business engagement to establish recovery strategies that support operational continuity. A key theme was the role of effective governance in fostering collaboration between IT and business stakeholders. Both speakers agreed that engaging business leaders through tabletop exercises is an essential starting point. Simulating ransomware scenarios, for instance, often exposes gaps in recovery plans, such as inaccessible continuity documents during a crisis. Such exercises, they suggested, empower CISOs to secure executive buy-in for strategic improvements. The discussion also touched on the competitive advantages of robust cybersecurity practices. Dori noted that in some industries, such as energy, cybersecurity maturity is increasingly viewed as a differentiator in securing contracts. Pal echoed this, citing examples where certifications like ISO have become prerequisites in supply chain partnerships. By reframing cybersecurity as a business enabler rather than a cost center, organizations can align their response and recovery strategies with broader operational goals. This shift requires CISOs and risk officers to lead conversations that translate technical requirements into business outcomes, emphasizing trust, resilience, and customer retention. This dialogue provides actionable insights for leaders aiming to close the response and recovery gap and position cybersecurity as a strategic asset. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Theory of Saving the World: Intervention Requests and Critical Infrastructure | An Australian Cyber Conference 2024 in Melbourne Conversation with Ravi Nayyar | On Location Coverage with Sean… 26:02
Guest: Ravi Nayyar , PhD Scholar, The University Of Sydney On LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/ At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3 Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems. The Cyber Zoo: Ravi Nayyar’s Research Focus Ravi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems. The Role of Humans in Cybersecurity At the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world. The Case for Stronger Cyber Laws Ravi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security. Global Cooperation and the Fight Against Regulatory Arbitrage The discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide. Incentivizing Secure Practices Delving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem. Closing Thoughts: Collaboration for a Safer Digital World Sean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources The theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNrifl Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Melbourne to the World: Recap, Highlights and the importance of Human Connections in a Digital Connected Society | An Australian Cyber Conference 2024 in Melbourne Conversation with Akash… 12:51
Guest: Akash Mittal , Chair, Australian Information Security Association (AISA) On LinkedIn | https://www.linkedin.com/in/akashgmittal/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Throughout the conference, one theme stood out above all: the power of community. Akash reflected on how CyberCon fosters a collective effort to strengthen Australia’s cyber resilience by uniting government, academia, and industry under one roof. From keynote presentations to impromptu hallway conversations, the conference showcased how innovation and human connection go hand in hand to address global cybersecurity challenges. The Block Party and Beyond One of the most talked-about moments was the renowned Block Party , a celebration that blurred the line between networking and friendship. Marco described it as a unique experience that left a lasting impression on attendees. Beyond the lively gatherings, the conference also stood out for its ability to create a space where meaningful connections and ideas flourished—whether on the exhibition floor, during panel discussions, or at informal meetups. Looking Ahead: The Future of CyberCon As the conference came to a close, Akash shared an exciting vision for what lies ahead. With an ethos of continuous improvement, the organizing team is committed to delivering even more impactful experiences in the years to come. Feedback from attendees will play a vital role in shaping future events, ensuring CyberCon remains at the forefront of the cybersecurity community. Highlights from the Exhibition Hall The buzzing exhibition hall served as the heart of CyberCon 2024, brimming with energy and engagement. Sean and Marco noted how sponsors and vendors played a pivotal role, sparking conversations about cutting-edge solutions and driving collaboration across sectors. The hall wasn’t just about showcasing products—it became a space for dialogue, exploration, and innovation. A Legacy of Success CyberCon 2024 was more than just a cybersecurity conference—it was a celebration of the community that makes progress possible. The dedication of volunteers and the meticulous planning behind the scenes ensured the event’s success. As Akash noted, the conference continues to evolve as a space where quality content and genuine connections take center stage. Closing Thoughts: A United Community As Sean, Marco, and Akash wrapped up their time at the Australian Cyber Conference 2024, they reflected on what made the event truly special: its people. The conversations, collaborations, and shared sense of purpose have set the stage for a brighter, more connected future in cybersecurity. Melbourne’s vibrant energy was the perfect backdrop for a conference that reminded us all that innovation is strongest when it’s rooted in community. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Beyond the Briefings: Exploring the Pulse of Cybersecurity Communities | A Black Hat Europe 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli 35:02
Guest: Steve Wylie , Vice President, Cybersecurity Market at Informa Tech [ @InformaTechHQ ] and General Manager at Black Hat [ @BlackHatEvents ] On LinkedIn | https://www.linkedin.com/in/swylie650/ On Twitter | https://twitter.com/swylie650 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes London as the Backdrop for Innovation and Culture The conversation kicked off with reflections on London’s vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city’s knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It’s this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat. Sean and Marco’s admiration for the city wasn’t just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion. Black Hat’s Expanding Global Reach Sean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat’s international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts. Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force. Celebrating Local Voices in Global Conversations One of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat’s dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events. The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive. Sean and Marco’s Chemistry: Informal Yet Insightful Beyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London’s chilly December weather. Marco’s love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions. It’s this blend of professional insight and personal charm that makes their discussions so engaging. Whether they’re debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back. Looking Ahead As the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community’s stories to light remains steadfast. Whether you’re attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all. Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Resources Learn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Bytes to Rights: The Intersection of Law and Cyber Security | An Australian Cyber Conference 2024 in Melbourne Conversation with EJ Wise | On Location Coverage with Sean Martin and Marco… 27:30
Guest: EJ Wise , Founder & Principal, WiseLaw On LinkedIn | https://www.linkedin.com/in/wiselaw3/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Against the energetic backdrop of Melbourne's CyberCon, hosted by ISA, the conversation dives into the global nature of technology's influence. The trio reflects on pressing topics such as privacy, cybersecurity, and the shifting landscape of cyber law, all while situated in one of Australia’s most tech-forward cities. EJ Wise’s Journey and Perspective EJ Wise shared her remarkable career path, starting as a member of the U.S. Air Force JAG Corps and later founding her boutique law firm in Australia in 2018. Her firsthand experience sheds light on Australia’s relatively recent introduction of comprehensive cyber laws and the ongoing need to bridge the gap between technological innovation and legislative action. Educating Consumers: A Shared Responsibility A key focus of the conversation was consumer awareness. EJ highlighted the critical need for industries to take responsibility for educating the public, much like banks have historically done with financial literacy. The discussion also touched on embedding technological literacy into early education, ensuring children grow up with a clear understanding of privacy and digital security. Technology and Ethics in Tension The group examined the ethical challenges posed by advancing technologies, especially regarding surveillance and data privacy. From facial recognition in retail spaces to the increasing capabilities of modern devices to monitor user behavior, the conversation drew thought-provoking parallels between these innovations and the history of advertising practices. The ethical implications of such technologies go far beyond convenience, raising questions about transparency, consent, and societal norms in the digital age. Legal Frameworks and Industry Responsibility Marco and Sean explored the evolving role of legal frameworks in holding industry players accountable for consumer safety and privacy. EJ’s insights provided a grounded perspective on how regulatory environments are adapting—or struggling to adapt—to these challenges. The discussion underscored a growing trend: companies must not only comply with existing laws but also anticipate and mitigate the societal impacts of their technologies. Encouraging Dialogue and Reflection Throughout the episode, the importance of open dialogue and introspection emerged as a recurring theme. By examining how technology shapes society and law, the discussion encouraged listeners to reflect on their digital habits and the privacy trade-offs they make in their daily lives. Conclusion While the conversation didn’t provide all the answers, it illuminated the complexities of the interplay between technology, law, and society. EJ, Marco, and Sean left listeners with an invitation to remain curious, question norms, and consider their role in shaping a more ethically aware digital future. This episode captures the spirit of CyberCon 2024—sparking ideas, inspiring debate, and reinforcing the need for thoughtful engagement with the challenges of our hybrid analog-digital society. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Stranger Danger, Phishing, Instinct, and Technology: How AI and Awareness Are Shaping Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Benji Zorella and Rebecca… 30:08
Guests: Benji Zorella , eLearning Instructional Designer, CyberCX On LinkedIn | https://www.linkedin.com/in/benjiz/ Rebecca Caldwell , Phishing Content Specialist, Phriendly Phishing On LinkedIn | https://www.linkedin.com/in/bec-j-caldwell/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Kicking off the episode, Sean Martin and Marco Ciappelli highlight the uniquely local flavor of the conference. With Benji and Bec calling Melbourne home, the guests reflect on the value of attending such a prominent event in their backyard while drawing on their experiences as hosts of their own cybersecurity podcast. Unmasking Phishing in the Digital Age Phishing takes center stage as Benji and Bec share stories and insights about the dangers lurking behind cleverly crafted scams. Sean Martin draws a clever comparison between traditional fishing methods and the digital phishing tactics cybercriminals use today—hooking victims by exploiting their trust and curiosity. Benji drives the conversation deeper, explaining how a person's digital footprint—especially in an age of AI-driven tools like deepfakes—can be weaponized for deception. The guests underscore the importance of remaining vigilant and minimizing the personal information we leave online, turning our digital habits into our best line of defense. Cybersecurity Education: The First Line of Defense Shifting gears, the group emphasizes the need to move beyond relying solely on tech-driven safeguards and focus on building a culture of cybersecurity awareness within organizations. Bec Caldwell shares actionable strategies, likening cybersecurity education to learning how to drive—starting small and gradually building confidence in spotting risks. Empowering employees to question suspicious contexts fosters not just better security, but a collaborative culture of accountability. AI: Friend or Foe? The role of AI emerges as a hot topic, sparking a discussion about its dual impact on cybersecurity. While AI enables sophisticated phishing attacks, it also holds the potential to strengthen defenses. The panel imagines AI tools evolving to provide real-time security nudges, similar to how cars alert drivers to potential hazards. It’s a balancing act, as AI must be wielded thoughtfully to enhance—not replace—human vigilance. The Human Factor in Cybersecurity Throughout the conversation, one message resonates: the enduring power of human intuition. Benji recounts a gripping story of a CEO who thwarted a highly advanced phishing attempt with a simple, old-school phone verification. This moment reinforces the idea that while tech can improve security measures, the human touch remains irreplaceable. Future-Proofing Cybersecurity As the episode winds down, the group reflects on thought-provoking audience questions from the conference. From AI’s impact on CISO responsibilities to how generational shifts in digital communication shape cybersecurity strategies, the guests underscore the need for adaptability as both technology and society evolve. A Final Call to Action Marco Ciappelli and Sean Martin wrap up with a clear takeaway for their listeners: stay curious, ask questions, and embrace skepticism online. The key to navigating today’s cyber landscape is a mix of awareness, education, and the occasional gut check—because even in a tech-driven world, the human element is our greatest asset. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Bytes with Bec and Benji podcast: https://www.phriendlyphishing.com/resources/podcasts Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Building Cyber Resilience Through Global Innovation, Local Community Feedback, and Regional Partnerships | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story… 17:42
This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront. Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974 Note: This story contains promotional content. Learn more . Guests: Jade Wilkie , Account Executive APAC, ThreatLocker [ @ThreatLocker ] On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/ Resources Essential Eight: https://itspm.ag/threatq55q Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin… 26:49
Guest: Joseph Carson , Chief Security Scientist (CSS) & Advisory CISO, Delinea On LinkedIn | https://www.linkedin.com/in/josephcarson/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies. The Dynamics of Engagement The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable. Insights on Ransomware Realities Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance. The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats. Ethical and Strategic Considerations in Cybersecurity The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles. Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model. Global Trends and Local Challenges The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures. Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally. Final Thoughts: Building a Safer Digital World The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security. This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location… 27:07
Guest: Ahmad Salehi Shahraki , Lecturer (Assistant Professor) in Cybersecurity, La Trobe University On LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure. Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain. Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies. Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual’s age for accessing a service without revealing personal data—a critical step toward minimizing data exposure. The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models. The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad’s research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond. Listeners are encouraged to follow Ahmad’s work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Brand Story with Robert Booker,… 1:00:06
1:00:06 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:00:06
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدThe HITRUST CyberInsurance Webinar unveiled an innovative approach to acquiring cyber insurance, highlighting a streamlined process designed to benefit organizations of all sizes and sectors. Gathering insights from industry leaders including Sean Martin, Josh Ladeau, Sidney Prasse, Robert Booker, and Blake Sutherland, the discussion centered around the HITRUST Shared Risk Facility and its value proposition for organizations seeking robust cyber insurance coverage. Josh Ladeau, CEO of Trium, emphasized the importance of reducing volatility in the insurance market. He pointed out the challenges organizations face with traditional insurance processes, including cumbersome questionnaires and inconsistent underwriting requirements. By leveraging HITRUST certifications, the Shared Risk Facility offers a consistent, transparent, and efficient pathway for obtaining coverage, ensuring organizations can focus more on their core operations rather than administrative burdens. Sidney Prasse, a cyber specialist at McGill and Partners, highlighted the comprehensive nature of HITRUST certifications, which provide a high level of assurance and a robust framework for organizations. Prasse elaborated on the return on investment (ROI) that organizations gain from this streamlined approach, not only in terms of competitive premiums but also through time and resource efficiencies. Robert Booker, Chief Strategy Officer at HITRUST, elaborated on the rigorous processes involved in HITRUST certifications. He explained that these certifications require organizations to demonstrate their security maturity comprehensively, which in turn provides insurers with verified, reliable data. This reliability and transparency in security posture are critical, as they enhance the trust between insurers and insureds, making the underwriting process smoother and more accurate. Blake Sutherland, EVP of Market Engagement at HITRUST, emphasized the importance of proactive engagement between IT security teams and finance or risk management teams within organizations. He noted that the HITRUST approach helps bridge gaps between these departments, ensuring a unified and effective strategy towards obtaining and maintaining cyber insurance coverage. The webinar underscored that the HITRUST Shared Risk Facility is not just about easier and more efficient insurance processes; it also represents a strategic advantage in the market. Organizations that are HITRUST certified can differentiate themselves, demonstrating a high level of security and compliance that can be pivotal in securing business contracts. This differentiation is particularly crucial as businesses increasingly rely on third-party attestation to verify their security measures. Ultimately, the HITRUST CyberInsurance Webinar showcased how strategic partnerships and innovative approaches can transform the traditional cyber insurance landscape, providing organizations with the tools they need to effectively manage risk and achieve better overall security. Learn more about HITRUST: https://itspm.ag/itsphitweb Note: This story contains promotional content. Learn more . Guests: Blake Sutherland , EVP Market Adoption, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/ Robert Booker , Chief Strategy Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/robertbooker/ Sidney Prasse , Partner, McGill & Partners On LinkedIn | https://www.linkedin.com/in/sidney-prasse-297894aa/ Josh Ladeau , CEO, Trium Cyber Resources Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships (Session): Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Building a Sustainable, Predictable Cyber Insurance Market | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A McGill and Partners Short Brand Innovation Story with Ryan Griffin 7:08
During the latest Brand Story episode recorded as part of the On Location series at HITRUST Collaborate 2024, host Sean Martin speaks with Ryan Griffin from McGill Partners about the intricacies of cyber insurance. Ryan Griffin, who plays a key role at the cyber insurance brokerage firm McGill Partners, shares insights into the importance of cyber insurance for large and complex organizations. Griffin outlines how the company helps clients understand and quantify their cyber risks before negotiating with over 100 cyber insurers to secure coverage. This rigorous approach is crucial given the volatile nature of cyber risks. One of the significant challenges in the field, Griffin notes, is the counterparty risk involved in contractual relationships between large organizations. He emphasizes the necessity for businesses to carry adequate insurance coverage, akin to traditional liability insurance. Griffin reflects on the market evolution where organizations now see the value in cyber insurance, which should ideally cover rare but high-impact events. The episode also highlights the pivotal role of data in understanding and pricing cyber risks. Sean Martin brings attention to the collaboration between McGill Partners and HITRUST. HITRUST's extensive data on cybersecurity and privacy maturity provides Griffins' team with a strong foundation for tailored cyber insurance solutions. Griffin praises HITRUST’s reliable framework that has been in place since 2007-2008, saying it’s a key differentiator in the cyber insurance space. Sean Martin also notes the ongoing evolution in how organizations approach cyber insurance. Historically, the market's response to cybersecurity certifications has been lukewarm, but there is a shift towards utilizing credible, respected frameworks in insurance solutions. HITRUST certifications, such as the R2 certification, now play a crucial role in demonstrating an organization's efforts to mitigate risk and are instrumental in securing favorable insurance terms. Griffin further discusses the multifaceted stakeholders involved in procuring cyber insurance within organizations. He talks about the need for simplifying cyber risk management for different organizational roles, particularly the non-technical insurance buyers. Griffin emphasizes making the insurance process less intimidating by leveraging compliance and cybersecurity measures already in place. Ryan Griffin underscores McGill Partners' mission to create a mature and sustainable risk pool, making cyber insurance predictable and reliable for their clients. The collaboration with HITRUST showcases a tangible effort towards improving trust and efficiency in the cyber insurance market. With accurate, trustworthy data, McGill Partners is dedicated to reducing insurance barriers and ensuring organizations are well-prepared to meet their cyber risk management needs. Learn more about McGill and Partners: https://itspm.ag/mcgill-and-partners-o89w Note: This story contains promotional content. Learn more . Guest: Ryan Griffin , Partner, McGill and Partners On LinkedIn | https://www.linkedin.com/in/ryanpgriffin/ Resources Learn more and catch more stories from McGill and Partners: https://www.itspmagazine.com/directory/mcgill-and-partners Video Podcast: Introduction to HITRUST’s Cyber Insurance Facility: https://itspm.ag/hitrusp5x6 Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Irreversible Impact of Technology: The Ethical Dilemmas We Face When We Can’t Uninvent Our Creations | An Australian Cyber Conference 2024 in Melbourne Conversation with Mikko Hypponen | On… 23:59
Guest: Mikko Hypponen , Chief Research Officer (CRO) at WithSecure [ @WithSecure ] On LinkedIn | https://www.linkedin.com/in/hypponen/ On Twitter | https://twitter.com/mikko Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the AISA CyberCon 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Mikko Hypponen to discuss the irreversible nature of technology, the challenges it presents, and its impact on society. The discussion focused not on the event itself but on broader issues and ideas that shape our relationship with technological innovation. The Irreversible Nature of Innovation Mikko emphasized that once a technology is invented, it cannot be uninvented. Strong encryption was one of his key examples: it secures communication for individuals and organizations, yet it is also used by criminals to evade detection. This duality underscores the reality that every innovation carries benefits and drawbacks. Mikko noted, “Even if we wanted to get rid of strong encryption, it’s not possible. Criminals would still use it.” The conversation also touched on artificial intelligence. Mikko highlighted how innovations build on past advancements. Decades of progress in digitizing information, developing the internet, and creating cloud infrastructure have made today’s AI capabilities possible. He reflected on how large technological revolutions often take longer than anticipated to develop but eventually surpass expectations in scope. Technology as a Double-Edged Sword The group explored societal challenges posed by technology, such as the impact of social media on youth and ethical questions around ransomware. Mikko pointed to the breach of the Vastamo psychotherapy center in Finland, where hackers stole sensitive patient records and demanded ransoms from both the clinic and its patients. He argued that, in some cases, paying the ransom might result in less harm, even though it contradicts the principle of not funding criminal activity. Marco raised the issue of preparing young people for social media, comparing it to teaching a child to drive before handing over car keys. The discussion emphasized the importance of gradually introducing tools and systems while fostering understanding of their risks and responsibilities. Building on the Past Marco noted how foundational technologies, like the internet, enable further innovations. Mikko agreed, citing how AI’s rapid rise was made possible by decades of previous work. He stressed that each technological leap requires the groundwork laid by earlier developments, creating platforms for new ideas to flourish. The group also discussed the limitations of regulation. For example, cryptocurrencies, built on mathematical principles, cannot be fundamentally altered by laws. Instead, regulation can only address interactions between real-world currencies and blockchain systems. Mikko observed, “Math doesn’t care about your laws and regulations.” Closing Thoughts The conversation underscored that innovation is inherently a trade-off. Every advancement brings both opportunities and challenges, and society must navigate these complexities thoughtfully. Mikko highlighted that while the benefits of technologies like encryption, AI, and the internet are significant, they also create new risks. Sean, Marco, and Mikko’s discussion emphasized the importance of understanding and adapting to technological change. While we can’t control the pace of innovation, we can shape how it integrates into our lives and institutions. This ongoing dialogue remains essential as society continues to grapple with the implications of progress. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Human Factors in Cyber Security: Cultivating Cybersecurity Culture and Cyber Skills Gap | An Australian Cyber Conference 2024 in Melbourne Conversation with Leanne Ngo | On Location Coverage with… 25:58
Guest: Leanne Ngo , Associate Professor, La Trobe University On LinkedIn | https://www.linkedin.com/in/leanne-ngo-86979042/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During AISA Cyber Con 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Dr. Leanne Ngo to discuss cyber resilience, community impact, and the role of culture in cybersecurity. Their conversation explored the intersection of technology, education, and human connection in the pursuit of a safer and more secure society. Dr. Ngo shared her perspective on resilience, highlighting its evolving definition. While digital tools increase opportunities for connection, she emphasized that face-to-face interaction remains vital, especially for vulnerable communities. Her work in promoting cybersecurity awareness involves building trust and understanding among diverse groups, tailoring approaches to their unique needs and cultural contexts. The discussion turned to the importance of culture in cybersecurity, with Dr. Ngo describing it as a gradual process of change driven by action and integration into everyday life. She stressed that cyber awareness—often focused on knowledge—must evolve into behavioral transformation, where secure practices become second nature both at work and in personal lives. This requires understanding the subcultures within organizations and communities and adapting strategies to resonate with their specific dynamics. Sean also brought up the concept of belief as a cornerstone for driving cultural change. Dr. Ngo agreed, emphasizing that confidence and a growth mindset are essential in fostering resilience. Drawing on her experience as a mentor and educator, she described how instilling belief in individuals’ capacity to contribute to a secure society empowers them to take ownership of their role in cybersecurity. The conversation explored practical ways to bridge the gap between technical solutions and human-centered approaches. Dr. Ngo highlighted her work with the Australian government’s "Stay Safe, Act Now" campaign, which focuses on localizing cybersecurity education. By adapting materials to the values and practices of various communities—such as the South Sudanese and Cambodian populations—her initiatives create relatable and impactful messaging that goes beyond surface-level translations. Education and workforce development also emerged as key themes. Dr. Ngo underscored the importance of short, targeted training programs, like micro-credentials, in addressing the growing skills gap in cybersecurity. Such programs offer accessible pathways for individuals from all backgrounds to contribute meaningfully to the industry, supporting Australia's ambition to be the most cyber-resilient country by 2030. Closing the discussion, Dr. Ngo reinforced that cybersecurity is fundamentally about people. By fostering empathy, understanding, and a collaborative spirit, society can build resilience not just through technology but through the collective effort of individuals who care deeply about protecting one another. This belief in human potential left an enduring impression, inspiring attendees to think beyond traditional approaches and embrace the human element at the core of cybersecurity. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Data Sovereignty and Security Challenges in the APAC Region: Simplifying Security with Zero Trust and AI-Driven Solutions | An Australian Cyber Conference 2024 in Melbourne Conversation with Abbas… 24:27
Guest: Abbas Kudrati , Asia’s SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [ @Microsoft ] On LinkedIn | https://www.linkedin.com/in/akudrati/ On Twitter | https://twitter.com/askudrati Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region. Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions. The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices. Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use. Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities. The conversation concluded with a forward-looking perspective on AI’s role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Australia's Global Opportunity and Responsibility: Shaping a More Secure Region and a Safer Digital World | An Australian Cyber Conference 2024 in Melbourne Conversation with Ambassador Brendan… 16:23
Guest: Ambassador Brendan Dowling , Ambassador for Cyber Affairs and Critical Technology, DFAT On LinkedIn | https://www.linkedin.com/in/brendan-dowling-7812b4261/ AT AU Cyber Con | https://canberra2024.cyberconference.com.au/speakers/brendan-dowling Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes This conversation with Brendan Dowling gave us a glimpse into the strategies, challenges, and collaborations shaping Australia’s digital future—and reminded us all that the cyber frontier is not just a technical battlefield but a deeply human one. The Role of a Cyber Ambassador Dowling began by discussing the unique responsibilities of a Cyber Ambassador, a role that integrates cybersecurity into foreign policy at the highest levels. He emphasized how this position, once viewed as an innovative experiment, has become a strategic necessity for national security. As cyber threats grow increasingly complex and borderless, cyber diplomacy has emerged as a critical tool for fostering stability and trust on the global stage. Strengthening Global Collaboration During the discussion, Dowling highlighted the collaborative nature of Australia’s cybersecurity efforts. He explained how cooperation within government agencies and partnerships with international allies are key to staying ahead of emerging threats. These relationships enable critical information-sharing, strategic alignment, and unified responses to incidents, underscoring the interconnectedness of today’s digital ecosystem. Navigating AI and Ethical Challenges The conversation turned to artificial intelligence and its growing role in society. Dowling addressed the ethical considerations of AI development and deployment, stressing the importance of balancing innovation with responsibility. He described Australia’s approach to advocating for ethical design and policy frameworks that protect privacy and human rights while maximizing AI’s benefits. Building Resilience in Critical Infrastructure Critical infrastructure was another focal point of the discussion. Dowling acknowledged the increasing complexity of protecting vital systems, from industrial control processes to supply chains. He emphasized resilience—not only in preventing attacks but in responding swiftly and effectively when incidents occur. This approach ensures that essential services, such as energy and manufacturing, can continue to operate even under pressure. Cultural Contexts in Cybersecurity Dowling also reflected on the role of cultural differences in shaping cybersecurity strategies. He shared experiences from his international work, where addressing issues like online safety and disinformation often requires sensitivity to local norms and values. Tailoring cybersecurity approaches to diverse cultural contexts, he noted, is vital for fostering trust and collaboration across regions. Conclusion: As the conversation concluded, Dowling reaffirmed the need for continued cooperation, innovation, and cultural understanding in tackling global cyber challenges. Sean Martin and Marco Ciappelli expressed their gratitude, leaving listeners with a clear message: cybersecurity is not just a technical issue—it’s a global, ethical, and deeply human challenge that requires collective effort. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Australia's global opportunity and responsibility: shaping a more secure region and a safer digital world (Session): https://canberra2024.cyberconference.com.au/sessions/australias-global-opportunity-and-responsibility-shaping-a-more-secure-region-and-a-safer-digital-world Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano… 24:58
Guest: Ivano Bongiovanni , General Manager / Sr Lecturer, AusCERT / UQ On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/ At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences. Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices. Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures. The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations. Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience. Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Top 10 Skills Your Security Awareness and Culture Person Must Have (With No IT or Cyber Skills in Sight) | An Australian Cyber Conference 2024 in Melbourne Conversation with Daisy Wong | On… 27:11
Guest: Daisy Wong , Head of Security Awareness, Medibank On LinkedIn | https://www.linkedin.com/in/daisywong127/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Kicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss. Daisy’s career journey, from earning a marketing degree to becoming Medibank’s Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity. The Power of Communication and Culture in Cybersecurity Daisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today’s cyber challenges. Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort. Breaking Barriers and Building Bridges One of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background. She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams. Staying Ahead in an Evolving Threat Landscape Daisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant. While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices. In this lively episode of On Location with Marco Ciappelli , Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense. Cybersecurity isn’t just about systems and software—it’s about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Building Resilience in a Disruptive Digital Landscape while Being Green by Design: Addressing the Carbon Footprint in Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation… 16:26
Guest: Sian John , Chief Technology Officer, NCC Group On LinkedIn | https://www.linkedin.com/in/sian-john/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community. Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny. Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.' The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case. The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats. Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The present and future of Human-Centered Cybersecurity: Managing Risks and Fostering Digital Safety | An Australian Cyber Conference 2024 in Melbourne Conversation with Jinan Budge | On Location… 39:44
Guest: Jinan Budge , Vice President, Principal Analyst serving Security & Risk professionals, Forrester On LinkedIn | https://www.linkedin.com/in/jinan-budge-2898132/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The Australian Cyber Conference Melbourne 2024 is a dynamic hub of innovation, bringing together top cybersecurity professionals and thought leaders to tackle the industry’s most pressing challenges. On this On Location Recording Sean Martin and Marco Ciappelli have a conversation with Jinan Budge , Vice President at Forrester Research, focusing on the vital role of human-centered security in today’s evolving landscape. Building a Human-Centered Cybersecurity Culture One of the central themes of the discussion was the shift from traditional security awareness programs to human risk management . Jinan Budge emphasized the need to move beyond treating people as liabilities and instead design security practices that align with individual behaviors and motivations. This evolution toward human-centered cybersecurity is essential to addressing the unique risks posed by human behavior while fostering a culture of adaptability and trust. Collaboration Between Enterprises and Vendors The podcast highlighted the shared responsibility between enterprises and vendors to advance security practices. Enterprises must embrace adaptive security solutions tailored to their workforce, while vendors have a pivotal role in driving innovation and educating the market. This partnership is key to creating flexible, effective solutions that meet the needs of diverse organizations, from startups to global enterprises. Understanding the Human Element in Data Breaches Budge introduced a framework she calls the “wheel of human element breaches,” which categorizes risks such as social engineering , human error , and insider threats . This comprehensive approach pushes the conversation beyond the common narrative of phishing attacks, encouraging organizations to adopt holistic strategies that address the root causes of human-driven vulnerabilities. Education and Continuous Learning Marco Ciappelli and Jinan Budge underscored the importance of integrating cybersecurity education into early learning environments. Instilling digital safety habits at a young age helps build an instinctive understanding of cybersecurity, preparing future generations for the increasingly digital workplace. This foundation ensures smoother transitions into organizational cultures where cybersecurity is second nature. Conclusion The discussions at the Australian Cyber Conference Melbourne 2024 illuminated the industry’s growing focus on human-centered strategies and collaboration between enterprises and vendors. These efforts underscore the importance of proactively addressing human risks and integrating cybersecurity education into every level of society. Events like this continue to shape the future, offering invaluable insights and inspiration for those dedicated to advancing the field. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Transforming Cybersecurity with Essential Eight by Building Robust Security Structures with a Default Deny Approach | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A… 5:55
During AISA Cyber Con 2024 in Melbourne, Sean Martin connected with Jade Wilkie from ThreatLocker. Wilkie, who is currently an account executive and soon to assume a leadership role with the APAC sales team, discusses the significance of ThreatLocker’s presence at the event and their growth in the Australian market. With ThreatLocker’s APAC team attending for the first time, Wilkie emphasizes the importance of support on the ground as Australia has quickly become ThreatLocker’s second-largest market. ThreatLocker’s approach, centered on a default deny methodology and zero trust framework, aligns well with Australia’s Essential Eight cybersecurity framework. Wilkie highlights that this strategy not only prevents unauthorized access but also reduces noise during detection and response processes. This makes the Essential 8 a solid foundation for cybersecurity, offering a straightforward and effective structure that companies can implement. At their booth, ThreatLocker aims to raise awareness about their comprehensive offerings beyond application control, including EDR and MDR, and network control modules. Wilkie invites attendees to engage with the team to understand how ThreatLocker’s solutions can fortify their security structures. The episode teases an upcoming conversation at Zero Trust World in Orlando, where Sean Martin and Jade Wilkie will further explore the event’s takeaways and discuss emerging themes and trends in the cybersecurity space. Don’t miss out on this insightful discussion that promises to deliver valuable information for strengthening cybersecurity efforts. Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974 Note: This story contains promotional content. Learn more . Guests: Jade Wilkie , Account Executive APAC, ThreatLocker [ @ThreatLocker ] On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/ Resources Essential Eight: https://itspm.ag/threatq55q Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Balancing Technology and Human Awareness in Cyber Defense: Strategies for Families and Organizations | An Australian Cyber Conference 2024 in Melbourne Conversation with Jacqueline Jayne | On… 28:55
Guest: Jacqueline Jayne , The Independent Cybersecurity Expert On LinkedIn | https://www.linkedin.com/in/jacquelinejayne/ At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smict Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures. One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management. Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No’ to the ‘Department of K-N-O-W.’” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level. Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats. Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens. The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation. Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There’s a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It’s not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources The top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1O Keeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xG Security awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsL Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Healthcare to Cybersecurity: Leveraging Past Professions to Enhance Cybersecurity Programs | A Conversation with Gina D’Addamio | Redefining CyberSecurity with Sean Martin 44:49
Guest: Gina D’Addamio , Threat Analyst, Canadian Cyber Threat Exchange [ @CCTXCanada ] On LinkedIn | https://www.linkedin.com/in/gina-daddamio ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D’Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds. Gina D’Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing. Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case. Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX. The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S. Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry. Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person’s overall ability to fit within the team and contribute to the organization’s goals. This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D’Addamio’s story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst and https://itspm.ag/rogershxbp Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/accelerating-cybersecurity-training-and-innovation-7-minutes-on-itspmagazine-from-black-hat-sector-2024-a-rogers-cybersecure-catalyst-short-brand-innovation-story-with-rushmi-hasham-and-vasu-daggupaty ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Pre-Event Coverage | Different Hats, Shared Goals: Insights and Anticipations for Conversations and Stories from Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin… 9:32
Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this pre-event Chats on the Road episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli meet up in person and on location to discuss their excitement and expectations for the upcoming Australia Cybersecurity Conference 2024 in Melbourne. They express their enthusiasm about reuniting with the cybersecurity community and emphasize the significance of the event, which is organized by AISA and supported by notable individuals like Akash Mattel, Megan, and Abbas Kudrati. Sean and Marco share a light-hearted opening conversation about boats and travels, setting a casual tone before diving into what they look forward to at the conference. The hosts appreciate the opportunity to connect with industry leaders and attendees, emphasizing the importance of stories in operationalizing cybersecurity in business and society. Sean highlights the need to align technology with business processes while adhering to policies and laws on a global scale. On the other hand, Marco provides a broader perspective on the interaction between individuals, society, and technology, stressing the role of cybersecurity in protecting personal privacy and fostering human interaction — it turns out it's all about the intersection of technology and culture. The hosts reflect on their past experiences in the cybersecurity field, with Sean sharing an anecdote about a vintage AV hat that represents his journey at Symantec rooted in the Australia. culture. This reflection underscores the value of learning from past and present experiences to shape a better future in cybersecurity. Sean and Marco discuss the diverse sessions and interactions planned for the event, mentioning notable speakers like Joe Sullivan and Mikko Hypponen. They are particularly excited about the wide range of topics to be covered, from policy and privacy to operational strategies and the human element in cybersecurity. As they anticipate the week ahead, Sean and Marco invite listeners to engage with them during the conference. They are eager to forge new relationships and gather stories that resonate on a global scale, underscoring the event's potential for fostering meaningful connections and enhancing cybersecurity practices worldwide. Tune in to hear Sean and Marco's thoughts on what promises to be an exciting and informative week at the Australia Cybersecurity Conference 2024. Whether you're attending the event or staying tuned from afar, this episode sets the stage for the compelling conversations and insights to come. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
Daily Deals
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
