We all dream. Every night. Whether we remember them or not. And maybe — just maybe — those dreams aren’t random, ridiculous, or irrelevant. Maybe they’re trying to tell us something we’re too distracted, too busy, or too burned out to hear while we’re awake. Here to help us decode the language of dreams is Dr. Bonnie Buckner — founder of the International Institute for Dreaming and Imagery®, executive coach, faculty director at GWU’s Center for Excellence in Public Leadership, and author of The Secret Mind: Unlock the Power of Your Dreams to Transform Your Life . She’s spent her career teaching people how to use dreaming and imagery for personal growth, leadership, and creative breakthroughs . We explore: Why your dreams are worth paying attention to (even the weird ones) The science and strategy behind using dreams for personal development How feelings and subconscious wisdom can point to answers What to do if you don’t remember your dreams Why slowing down might be the key to speeding up your clarity Because what if the clarity you're chasing isn't out there — it's already in you, waiting for you to slow down, shut off, and tune in? Connect with Bonnie: Website: https://bonniebuckner.com/ Book: https://bonniebuckner.com/the-secret-mind/ IG: https://www.instagram.com/dreamwithiidi/ Related Podcast Episodes: How To Rewire Patterns That No Longer Serve You with Judy Wilkins-Smith | 323 The Icelandic Art of Intuition with Hrund Gunnsteinsdóttir | 307 The Astrology Advantage with Tali Edut of The AstroTwins | 301 Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music Learn more about your ad choices. Visit megaphone.fm/adchoices…
Player FM - Internet Radio Done Right
Checked 2d ago
اضافه شده در twenty-six هفته پیش
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Daily Deals
پادکست هایی که ارزش شنیدن دارند
حمایت شده
Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin and Marco Ciappelli
Manage episode 469142267 series 3649986
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Delinea
On LinkedIn | https://www.linkedin.com/in/josephcarson/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.
The Dynamics of Engagement
The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.
Insights on Ransomware Realities
Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance.
The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.
Ethical and Strategic Considerations in Cybersecurity
The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.
Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model.
Global Trends and Local Challenges
The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.
Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.
Final Thoughts: Building a Safer Digital World
The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.
This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
569 قسمت
اشتراک گذاریManage episode 469142267 series 3649986
محتوای ارائه شده توسط ITSPmagazine and Sean Martin. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط ITSPmagazine and Sean Martin یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Delinea
On LinkedIn | https://www.linkedin.com/in/josephcarson/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.
The Dynamics of Engagement
The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.
Insights on Ransomware Realities
Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance.
The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.
Ethical and Strategic Considerations in Cybersecurity
The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.
Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model.
Global Trends and Local Challenges
The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.
Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.
Final Thoughts: Building a Safer Digital World
The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.
This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
569 قسمت
همه قسمت ها
×
1 From Gatekeeper to Growth Partner: How Modern CISOs Build Trust, Drive Innovation, and Shape AI-Enabled Business Security | A Conversation with Legendary CISO, Andy Ellis | Redefining CyberSecurity… 40:08
⬥ GUEST ⬥ Andy Ellis , Legendary CISO [ https://howtociso.com ] | On LinkedIn: https://www.linkedin.com/in/csoandy/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ In this episode of Redefining CyberSecurity , host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today’s SaaS-powered, AI-enabled business environment. Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don’t know how to contextualize what security means to their business goals. Often, security professionals aren’t equipped to communicate with executives or boards in a way that builds shared understanding. That’s where advisors like Andy step in: not to provide a playbook, but to help translate and align. One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline. The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping. Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation. From his “First 91 Days” guide for CISOs to his book 1% Leadership , Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter. Whether you’re a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/ Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/ Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc ⬥KEYWORDS⬥ andy ellis, sean martin, ciso, ai, sas, shadow it, vibe coding, patch management, political capital, leadership, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast…
1 When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore? | A Black Hat USA 2025 Recap | A Musing On the Future of Cybersecurity with Sean Martin and TAPE3 |… 6:27
At Black Hat USA 2025, artificial intelligence wasn’t the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift. In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick’s keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability. We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight. Using Mikko Hyppönen’s “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever. If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success , measure it accurately, and prove it when challenged? Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it? ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ ✦ Resources Article: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore? https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/ The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/ Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli : https://youtu.be/13xP-LEwtEA Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25 Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage ITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies : https://www.itspmagazine.studio/ ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber | Reflections from Black Hat USA 2025 | A Musing On the Future of Cybersecurity with Sean Martin and… 11:44
Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that’s how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud. In this episode of The Future of Cybersecurity Newsletter , I take you behind the scenes to unpack the themes driving this year’s announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren’t) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away. We dig into why operational relevance, clarity, and proof points matter more than ever. If you can’t explain what your AI does, what data it uses, and how it’s secured, you’re already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources. And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions. Whether you’re building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle. ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ ✦ Resources Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli : https://youtu.be/13xP-LEwtEA ITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies : https://www.itspmagazine.studio/ ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Citations: Available in the full article ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 Black Hat 2025: More Buzzwords, Same Breaches? | What’s Heating Up Before Black Hat 2025: Top Trends Set to Shake Up this Year’s Hacker Conference | An ITSPmagazine Webinar: On Location Coverage… 1:00:22
1:00:22 
پخش در آینده 
پخش در آینده 
لیست ها 
پسندیدن 
دوست داشته شد1:00:22
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدIn this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025. Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what’s scheduled. Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.” Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls. Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware. Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern. This episode is not just about placing bets on buzzwords. It’s about uncovering what’s real, what’s noise, and what still needs fixing—no matter how long we’ve been talking about it. ___________ Guests: Leslie Kesselring , Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/ “This year, it’s the news cycle—not the sessions—that’s driving what media cover at Black Hat.” Daniel Cuthbert , Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/ “Why are we still finding bugs older than the people presenting the research?” Richard Stiennon , Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/ “The urge to consolidate tools is driven by procurement—not by what defenders actually need.” Michael Parisi , Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/ “Responsible AI use isn’t a policy—it’s something we have to actually implement.” Rupesh Chokshi , SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/ “The business side is racing to deploy AI—but security still hasn’t caught up.” Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 BlackCloak: https://itspm.ag/itspbcweb Akamai: https://itspm.ag/akamailbwc DropzoneAI: https://itspm.ag/dropzoneai-641 Stellar Cyber: https://itspm.ag/stellar-9dj3 ___________ Resources Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25 ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS sean martin, marco ciappelli, leslie kesselring, daniel cuthbert, richard stiennon, michael parisi, rupesh chokshi, blackhat2025, event coverage, on location, conference…
1 Making Honeypots Useful Again: Identity Security, Deception, and the Art of Detection | A Conversation with Sean Metcalf | Redefining CyberSecurity with Sean Martin 31:48
⬥ GUEST ⬥ Sean Metcalf , Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity. While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker’s need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious. One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective. He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn’t be able to move around your environment without tripping over something that alerts the defender. Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively. Whether you’re running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/ Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normal Article: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activity Article: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Hiring for the Present Is Hurting the Future of Cybersecurity: Why “Entry-Level” Rarely Means Entry | A Conversation with John Salomon | Redefining CyberSecurity with Sean Martin 41:38
⬥ GUEST ⬥ John Salomon , Board Member, Cybersecurity Advisors Network (CyAN) | On LinkedIn: https://www.linkedin.com/in/johnsalomon/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ The cybersecurity industry keeps repeating a familiar line: there’s a shortage of talent. But what if the real issue isn’t the number of people—but the lack of access, mentorship, and investment in human potential? In this episode of Redefining CyberSecurity , Sean Martin speaks with John Salomon, an independent cybersecurity consultant and a contributor to the Cybersecurity Advisors Network (CyAN), about how the hiring structure in our industry may be the problem—not the solution. Together, they explore why entry-level roles rarely provide an actual point of entry, and how hiring practices have been shaped more by finance and compliance than by people development. Salomon draws on decades of experience to outline the problem: security is often treated as a pure cost center, so training and mentorship are deprioritized. Early-career professionals are expected to be “job-ready” from day one, and organizations rarely account for the long-term payoff of investing in apprenticeships or junior hires. He also points to the silent collapse of informal mentorship that once defined the field. Leaders used to take risks on new talent. Now, hiring decisions are driven by headcount limitations and performance metrics that leave no room for experimentation or learning through failure. The conversation shifts toward action. Business and security leaders need to reframe cybersecurity as a growth enabler and start viewing mentorship as a risk mitigation tool. Investing in new talent not only strengthens your team—it supports the stability of the industry as a whole. And it’s not just on companies. Universities and student organizations must create more opportunities for experiential learning and interdisciplinary collaboration. Leaders can support these efforts with time, not just budget, by showing up and sharing what they’ve learned. Whether you’re a CISO, founder, or just getting started, this episode challenges the idea that “mentorship is nice to have” and shows how it’s a cornerstone of sustainable cybersecurity. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Post: https://www.linkedin.com/posts/activity-7332679935557300224-1lBv/ ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 OT Emergency Preparedness: When Disaster Recovery Meets Real-World Safety | A Conversation with Tobias Halmans | Redefining CyberSecurity with Sean Martin 49:51
⬥ GUEST ⬥ Tobias Halmans , OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication. OT engineers don’t think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins. Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world’s metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements. Perhaps most importantly, Tobias stresses that business continuity planning for OT can’t just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy. Whether you’re a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don’t fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1 ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 When AI Looks First: How Agentic Systems Are Reshaping Cybersecurity Operations | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 4:32
Before a power crew rolls out to check a transformer, sensors on the grid have often already flagged the problem. Before your smart dishwasher starts its cycle, it might wait for off-peak energy rates. And in the world of autonomous vehicles, lightweight systems constantly scan road conditions before a decision ever reaches the car’s central processor. These aren’t the heroes of their respective systems. They’re the scouts, the context-builders: automated agents that make the entire operation more efficient, timely, and scalable. Cybersecurity is beginning to follow the same path. In an era of relentless digital noise and limited human capacity, AI agents are being deployed to look first, think fast, and flag what matters before security teams ever engage. But these aren’t the cartoonish “AI firefighters” some might suggest. They’re logical engines operating at scale: pruning data, enriching signals, simulating outcomes, and preparing workflows with precision. "AI agents are redefining how security teams operate, especially when time and talent are limited," says Kumar Saurabh , CEO of AirMDR. "These agents do more than filter noise. They interpret signals, build context, and prepare response actions before a human ever gets involved." This shift from reactive firefighting to proactive triage is happening across cybersecurity domains. In detection, AI agents monitor user behavior and flag anomalies in real time, often initiating mitigation actions like isolating compromised devices before escalation is needed. In prevention, they simulate attacker behaviors and pressure-test systems, flagging unseen vulnerabilities and attack paths. In response, they compile investigation-ready case files that allow human analysts to jump straight into action. "Low-latency, on-device AI agents can operate closer to the data source, better enabling anomaly detection, threat triaging, and mitigation in milliseconds," explains Shomron Jacob , Head of Applied Machine Learning and Platform at Iterate.ai. "This not only accelerates response but also frees up human analysts to focus on complex, high-impact investigations." Fred Wilmot , Co-Founder and CEO of Detecteam, points out that agentic systems are advancing limited expertise by amplifying professionals in multiple ways. "Large foundation models are driving faster response, greater context and more continuous optimization in places like SOC process and tools, threat hunting, detection engineering and threat intelligence operationalization," Wilmot explains. "We’re seeing the dawn of a new way to understand data, behavior and process, while optimizing how we ask the question efficiently, confirm the answer is correct and improve the next answer from the data interaction our agents just had." Still, real-world challenges persist. Costs for tokens and computing power can quickly outstrip the immediate benefit of agentic approaches at scale. Organizations leaning on smaller, customized models may see greater returns but must invest in AI engineering practices to truly realize this advantage. "Companies have to get comfortable with the time and energy required to produce incremental gains," Wilmot adds, "but the incentive to innovate from zero to one in minutes should outweigh the cost of standing still." Analysts at Forrester have noted that while the buzz around so-called agentic AI is real, these systems are only as effective as the context and guardrails they operate within. The power of agentic systems lies in how well they stay grounded in real data, well-defined scopes, and human oversight. ¹ ² While approaches differ, the business case is clear. AI agents can reduce toil, speed up analysis, and extend the reach of small teams. As Saurabh observes, AI agents that handle triage and enrichment in minutes can significantly reduce investigation times and allow analysts to focus on the incidents that truly require human judgment. As organizations wrestle with a growing attack surface and shrinking response windows, the real value of AI agents might not lie in what they replace , but in what they prepare . Rob Allen , Chief Product Officer at ThreatLocker, points out, "AI can help you detect faster. But Zero Trust stops malware before it ever runs. It’s not about guessing smarter; it’s about not having to guess at all." While AI speeds detection and response, attackers are also using AI to evade defenses, making it vital to pair smart automation with architectures that deny threats by default and only allow what’s explicitly needed. These agents are the eyes ahead, the hands that set the table, and increasingly the reason why the real work can begin faster and smarter than ever before. References 1. Forrester. (2024, February 8). Cybersecurity’s latest buzzword has arrived: What agentic AI is — and isn’t . Forrester Blogs. https://www.forrester.com/blogs/cybersecuritys-latest-buzzword-has-arrived-what-agentic-ai-is-and-isnt/ (cc: Allie Mellen and Rowan Curran ) 2. Forrester. (2024, March 13). The battle for grounding has begun . Forrester Blogs. https://www.forrester.com/blogs/the-battle-for-grounding-has-begun/ (cc: Ted Schadler ) ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 From Feed to Foresight: Cyber Threat Intelligence as a Leadership Signal | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 6:39
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team. From Risk Reduction to Opportunity Ryan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization’s resources and builds a stronger industry front against emerging threats. Real Business Context Tod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations. Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead. More Than Defense The discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most. Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge. ________ This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is a life-long musician and the host of the Music Evolves Podcast ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast ; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast . These shows are all part of ITSPmagazine —which he co-founded with his good friend Marco Ciappelli , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website .…
1 Agentic AI to the Rescue? From Billable Hours to Bots: The New Legal Workflow | A Conversation with Frida Torkelsen and Maged Helmy | Redefining CyberSecurity with Sean Martin 44:16
⬥ GUESTS ⬥ Frida Torkelsen , PhD | AI Solution Architect at Newcode.ai | On LinkedIn: https://www.linkedin.com/in/frida-h-torkelsen/ Maged Helmy , PhD | Assoc. Professor - AI at University of South-Eastern Norway and Founder & CEO of Newcode.ai | On LinkedIn: https://www.linkedin.com/in/magedhelmy/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ EPISODE NOTES ⬥ Agentic AI is rapidly moving from theoretical promise to practical implementation, and few sectors are feeling this shift as acutely as the legal industry. In this episode of Redefining CyberSecurity, Sean Martin is joined by Frida Torkelsen, a Solution Architect, and Maged Helmy, a professor of AI, to explore how law firms and in-house counsel are applying AI agents to reduce costs, improve efficiency, and unlock strategic capabilities—while navigating critical privacy and security concerns. Frida explains how large firms are seeking to extract value from their troves of historical legal data through bespoke AI agents designed to automate workflows and improve institutional knowledge sharing. Smaller firms, on the other hand, benefit by building narrow, purpose-driven agents that automate core functions and give them a tactical edge. This democratization of capability—fueled by faster iteration and reduced development cost—could be a strategic win for niche firms that are disciplined in their focus. Maged emphasizes the architectural shift AI agents introduce. Unlike static queries to large language models with fixed knowledge, agents access tools, data, and live systems to execute tasks dynamically. This expands the use case potential—but also the risk. Because agentic systems operate probabilistically, consistent outputs aren’t guaranteed, and testing becomes more about evaluating outcomes across a range of inputs than expecting deterministic results. Security risk looms large. Maged shares how a single oversight in permissions allowed an agent to make system-wide changes that corrupted his environment. Frida cautions against over-permissive access, noting that agents tapping into shared calendars or HR databases must respect internal boundaries and compliance obligations. Both guests agree that human-in-the-loop validation is essential, especially in environments with strict data governance needs. Law firms must reassess both internal information architecture and team readiness before implementing agentic systems. Start with a clear understanding of the business problem, validate access scopes, and track outcomes for accuracy, speed, and cost. Legal tech teams are forming around these efforts, but success will depend on whether these roles stay grounded in solving specific legal problems—not chasing the latest AI trend. ⬥ SPONSORS ⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥ RESOURCES ⬥ Newsletter: The Law's Great Recalibration: Inside the Tech-Driven Puzzle of Legal Firm Transformation: https://www.linkedin.com/pulse/laws-great-recalibration-inside-tech-driven-puzzle-sean-martin-cissp-clnoe/ ⬥ ADDITIONAL INFORMATION ⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Inside the DARPA AI Cyber Challenge: Securing Tomorrow’s Critical Infrastructure Through AI and Healthy Competition | An RSAC Conference 2025 Conversation with Andrew Carney | On Location Coverage… 27:35
During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge. Inside Northbridge: The Stakes Are Real Northbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It’s not just a walkthrough — it’s a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn’t theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today. The AI Cyber Challenge: Pairing Generative AI with Cyber Reasoning The AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite. Building Toward DEFCON Finals and Beyond The journey doesn’t end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors. From Competition to Collaboration Carney and Fisher stress that the ultimate victory isn’t in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors. The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on. ___________ Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ______________________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 Akamai: https://itspm.ag/akamailbwc BlackCloak: https://itspm.ag/itspbcweb SandboxAQ: https://itspm.ag/sandboxaq-j2en Archer: https://itspm.ag/rsaarchweb Dropzone AI: https://itspm.ag/dropzoneai-641 ISACA: https://itspm.ag/isaca-96808 ObjectFirst: https://itspm.ag/object-first-2gjl Edera: https://itspm.ag/edera-434868 ___________ Resources The DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpa Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25 ___________ KEYWORDS andrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference ______________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
1 Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin 35:52
⬥GUEST⬥ Izar Tarandach , Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥EPISODE NOTES⬥ In this episode of Redefining CyberSecurity , host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding. Vibe coding, as discussed by Izar and Sean, isn’t just about AI-assisted development—it’s about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It’s being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles. Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what’s being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale. One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today’s coding models function like junior developers—they may produce working code, but they’re also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right. Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it’s more of a one-way zone than a true jam session between human and machine. Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don’t trust blindly. Review it, test it, threat model it, and hold it to the same standards. Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMS Security Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrong Webinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Building and Securing Intelligent Workflows: Why Your AI Strategy Needs Agentic AI Threat Modeling and a Zero Trust Mindset | A Conversation with Ken Huang | Redefining CyberSecurity with Sean Martin 43:10
⬥GUEST⬥ Ken Huang , Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥EPISODE NOTES⬥ In this episode of Redefining CyberSecurity , host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice . The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows. Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges. Practical Applications and Emerging Use Cases Ken outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce’s AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention. Implications for Development and Security Teams Development teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement. Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed. The Call for Collaboration and Mindset Shift Agentic AI isn’t just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7 BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259 BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMR More books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GN Video Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=false Podcast: The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 Detection vs. Noise: What MITRE ATT&CK Evaluations Reveal About Your Security Tools | A Conversation with Allie Mellen | Redefining CyberSecurity with Sean Martin 36:06
⬥GUEST⬥ Allie Mellen , Principal Analyst, Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies. The Role of MITRE ATT&CK Evaluations MITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps. Mellen emphasizes that MITRE’s evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs. Alert Volume and the Cost of Security Data One key insight from this year’s evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess. Forrester’s analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints. The Shift Toward Detection and Response Engineering Mellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise. Detection and response should also be tightly integrated. Forrester’s research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads. Vendor Claims and the Reality of Security Tools While many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE’s raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice. For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs. For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/ Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/ ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with a podcast ad placement? Learn more: 👉 https://itspm.ag/podadplc…
1 The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | A Conversation with Sarah Fluchs | Redefining CyberSecurity with Sean Martin 44:10
⬥GUEST⬥ Sarah Fluchs , CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ The European Commission’s Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity , host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers. A Broad Scope: More Than Just Industrial Automation Unlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA’s requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products. The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support. What the CRA Requires The CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to: Ensure products are free from known, exploitable vulnerabilities at the time of release. Implement security by design, considering cybersecurity from the earliest stages of product development. Provide security patches for the product’s defined lifecycle, with a minimum of five years unless justified otherwise. Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks. Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users. Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change. Compliance Challenges: No Detailed Checklist Yet One of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA’s security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty. To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products. The Impact on Critical Infrastructure and Industrial Systems While the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on. Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains. A Security Milestone: Holding Manufacturers Accountable The CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU. Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards. For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy. The Bottom Line The Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency. Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/ Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdf A list of Sarah's blog posts to get your CRA knowledge up to speed: 1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd73 2️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c 3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d209 4️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd8900 5️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52 ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Hackers, Policy, and the Future of Cybersecurity: Inside The Hackers’ Almanack from DEF CON and the Franklin Project | A Conversation with Jake Braun | Redefining CyberSecurity with Sean Martin 40:32
⬥GUEST⬥ Jake Braun , Acting Principal Deputy National Cyber Director, The White House | On LinkedIn: https://www.linkedin.com/in/jake-braun-77372539/ ⬥HOST⬥ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin ⬥EPISODE NOTES⬥ Cybersecurity is often framed as a battle between attackers and defenders, but what happens when hackers take on a different role—one of informing policy, protecting critical infrastructure, and even saving lives? That’s the focus of the latest Redefining Cybersecurity podcast episode, where host Sean Martin speaks with Jake Braun, former Acting Principal Deputy National Cyber Director at the White House and current Executive Director of the Cyber Policy Initiative at the University of Chicago. Braun discusses The Hackers’ Almanack , a project developed in partnership with DEF CON and the Franklin Project to document key cybersecurity findings that policymakers, industry leaders, and technologists should be aware of. This initiative captures some of the most pressing security challenges emerging from DEF CON’s research community and translates them into actionable insights that could drive meaningful policy change. DEF CON, The Hackers’ Almanack, and the Franklin Project DEF CON, one of the world’s largest hacker conferences, brings together tens of thousands of security researchers each year. While the event is known for its groundbreaking technical discoveries, Braun explains that too often, these findings fail to make their way into the hands of policymakers who need them most. That’s why The Hackers’ Almanack was created—to serve as a bridge between the security research community and decision-makers who shape regulations and national security strategies. This effort is an extension of the Franklin Project, named after Benjamin Franklin, who embodied the intersection of science and civics. The initiative includes not only The Hackers’ Almanack but also a volunteer-driven cybersecurity support network for under-resourced water utilities, a critical infrastructure sector under increasing attack. Ransomware: Hackers Filling the Gaps Where Governments Have Struggled One of the most striking sections of The Hackers’ Almanack examines the state of ransomware. Despite significant government efforts to disrupt ransomware groups, attacks remain as damaging as ever. Braun highlights the work of security researcher Vangelis Stykas, who successfully infiltrated ransomware gangs—not to attack them, but to gather intelligence and warn potential victims before they were hit. While governments have long opposed private-sector hacking in retaliation against cybercriminals, Braun raises an important question: Should independent security researchers be allowed to operate in this space if they can help prevent attacks? This isn’t just about hacktivism—it’s about whether traditional methods of law enforcement and national security are enough to combat the ransomware crisis. AI Security: No Standards, No Rules, Just Chaos Artificial intelligence is dominating conversations in cybersecurity, but according to Braun, the industry still hasn’t figured out how to secure AI effectively. DEF CON’s AI Village, which has been studying AI security for years, made a bold statement: AI red teaming, as it exists today, lacks clear definitions and standards. Companies are selling AI security assessments with no universally accepted benchmarks, leaving buyers to wonder what they’re really getting. Braun argues that industry leaders, academia, and government must quickly come together to define what AI security actually means. Are we testing AI applications? The algorithms? The data sets? Without clarity, AI red teaming risks becoming little more than a marketing term, rather than a meaningful security practice. Biohacking: The Blurry Line Between Innovation and Bioterrorism Perhaps the most controversial section of The Hackers’ Almanack explores biohacking and its potential risks. Researchers at the Four Thieves Vinegar Collective demonstrated how AI and 3D printing could allow individuals to manufacture vaccines and medical devices at home—at a fraction of the cost of commercial options. While this raises exciting possibilities for healthcare accessibility, it also raises serious regulatory and ethical concerns. Current laws classify unauthorized vaccine production as bioterrorism, but Braun questions whether that definition should evolve. If underserved communities have no access to life-saving treatments, should they be allowed to manufacture their own? And if so, how can regulators ensure safety without stifling innovation? A Call to Action The Hackers’ Almanack isn’t just a technical report—it’s a call for governments, industry leaders, and the security community to rethink how we approach cybersecurity, technology policy, and even healthcare. Braun and his team at the Franklin Project are actively recruiting volunteers, particularly those with cybersecurity expertise, to help protect vulnerable infrastructure like water utilities. For policymakers, the message is clear: Pay attention to what the hacker community is discovering. These findings aren’t theoretical—they impact national security, public safety, and technological advancement in ways that require immediate action. Want to learn more? Listen to the full episode and explore The Hackers’ Almanack to see how cybersecurity research is shaping the future. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ The DEF CON 32 Hackers' Almanack: https://thehackersalmanack.com/defcon32-hackers-almanack DEF CON Franklin Project: https://defconfranklin.com/ | On LinkedIn: https://www.linkedin.com/company/def-con-franklin/ DEF CON: https://defcon.org/ Cyber Policy Initiative: https://harris.uchicago.edu/research-impact/initiatives-partnerships/cyber-policy-initiative ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity: 🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros | Redefining CyberSecurity with Sean Martin 46:45
⬥GUESTS⬥ Sandy Dunn , Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State University | On Linkedin: https://www.linkedin.com/in/sandydunnciso/ Rock Lambros, CEO and founder of RockCyber | On LinkedIn | https://www.linkedin.com/in/rocklambros/ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin View This Show's Sponsors ⬥EPISODE NOTES⬥ The rise of large language models (LLMs) has reshaped industries, bringing both opportunities and risks. The latest OWASP Top 10 for LLMs aims to help organizations understand and mitigate these risks. In a recent episode of Redefining Cybersecurity , host Sean Martin sat down with Sandy Dunn and Rock Lambros to discuss the latest updates to this essential security framework. The OWASP Top 10 for LLMs: What It Is and Why It Matters OWASP has long been a trusted source for security best practices, and its LLM-specific Top 10 is designed to guide organizations in identifying and addressing key vulnerabilities in AI-driven applications. This initiative has rapidly gained traction, becoming a reference point for AI security governance, testing, and implementation. Organizations developing or integrating AI solutions are now evaluating their security posture against this list, ensuring safer deployment of LLM technologies. Key Updates for 2025 The 2025 iteration of the OWASP Top 10 for LLMs introduces refinements and new focus areas based on industry feedback. Some categories have been consolidated for clarity, while new risks have been added to reflect emerging threats. • System Prompt Leakage (New) – Attackers may manipulate LLMs to extract system prompts, potentially revealing sensitive operational instructions and security mechanisms. • Vector and Embedding Risks (New) – Security concerns around vector databases and embeddings, which can lead to unauthorized data exposure or manipulation. Other notable changes include reordering certain risks based on real-world impact. Prompt Injection remains the top concern, while Sensitive Information Disclosure and Supply Chain Vulnerabilities have been elevated in priority. The Challenge of AI Security Unlike traditional software vulnerabilities, LLMs introduce non-deterministic behavior, making security testing more complex. Jailbreaking attacks —where adversaries bypass system safeguards through manipulative prompts—remain a persistent issue. Prompt injection attacks, where unauthorized instructions are inserted to manipulate output, are also difficult to fully eliminate. As Dunn explains, “There’s no absolute fix. It’s an architecture issue. Until we fundamentally redesign how we build LLMs, there will always be risk.” Beyond Compliance: A Holistic Approach to AI Security Both Dunn and Lambros emphasize that organizations need to integrate AI security into their overall IT and cybersecurity strategy, rather than treating it as a separate issue. AI governance, supply chain integrity, and operational resilience must all be considered. Lambros highlights the importance of risk management over rigid compliance : “Organizations have to balance innovation with security. You don’t have to lock everything down, but you need to understand where your vulnerabilities are and how they impact your business.” Real-World Impact and Adoption The OWASP Top 10 for LLMs has already been widely adopted, with companies incorporating it into their security frameworks. It has been translated into multiple languages and is serving as a global benchmark for AI security best practices. Additionally, initiatives like HackerPrompt 2.0 are helping security professionals stress-test AI models in real-world scenarios. OWASP is also facilitating industry collaboration through working groups on AI governance, threat intelligence, and agentic AI security. How to Get Involved For those interested in contributing, OWASP provides open-access resources and welcomes participants to its AI security initiatives. Anyone can join the discussion, whether as an observer or an active contributor. As AI becomes more ingrained in business and society, frameworks like the OWASP Top 10 for LLMs are essential for guiding responsible innovation. To learn more, listen to the full episode and explore OWASP’s latest AI security resources. ⬥SPONSORS⬥ LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ⬥RESOURCES⬥ OWASP GenAI: https://genai.owasp.org/ Link to the 2025 version of the Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/ Getting Involved: https://genai.owasp.org/contribute/ OWASP LLM & Gen AI Security Summit at RSAC 2025: https://genai.owasp.org/event/rsa-conference-2025/ AI Threat Mind Map: https://github.com/subzer0girl2/AI-Threat-Mind-Map Guide for Preparing and Responding to Deepfake Events: https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/ AI Security Solution Cheat Sheet Q1-2025: https://genai.owasp.org/resource/ai-security-solution-cheat-sheet-q1-2025/ HackAPrompt 2.0: https://www.hackaprompt.com/ ⬥ADDITIONAL INFORMATION⬥ ✨ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Are you interested in sponsoring this show with an ad placement in the podcast? Learn more: 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Shadow IT: Securing Your Organization in a World of Unapproved Apps | A Zero Trust World Conversation with Ryan Bowman | On Location Coverage with Sean Martin and Marco Ciappelli 23:34
Zero Trust World 2025 , hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions. In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT . Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman’s session aims to shed light on this issue and equip attendees with strategies to address it effectively. Understanding Shadow IT and Its Risks Bowman explains that Shadow IT is more than just an inconvenience—it’s a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts. One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss. Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls. Zero Trust as a Mindset A recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it’s a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange. This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies. Practical Strategies to Combat Shadow IT Bowman’s session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into: • Identifying and monitoring unauthorized applications within their organization • Implementing policies and security controls that balance security with user needs • Enhancing employee engagement and education to prevent unauthorized technology use • Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiency Bowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability. Why This Session Matters With organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman’s session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency. Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity. For those interested in staying ahead of security challenges, attending Bowman’s session on The Dangers of Shadow IT is a must. Guest: Ryan Bowman , VP of Solutions Engineering, ThreatLocker [ @ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ This Episode’s Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Register for Zero Trust World 2025: https://itspm.ag/threat5mu1 ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 The Ultimate 2025 Tech & Cybersecurity Event Guide: Where to Be | On Location Coverage with Sean Martin and Marco Ciappelli 11:39
ITSPmagazine is gearing up for another year of in-depth event coverage, bringing insights from industry leaders, innovators, and companies making an impact in cybersecurity, technology, and society. Sean Martin and Marco Ciappelli outline their plans for 2025, emphasizing a mix of established conferences and new opportunities to highlight emerging discussions. Key Industry Events The year’s schedule includes cornerstone cybersecurity conferences such as RSA Conference in San Francisco, Infosecurity Europe in London, and Black Hat in Las Vegas . These events serve as major platforms for discussing industry trends, launching new products, and showcasing research. Through editorial coverage, interviews, and discussions, ITSP Magazine provides perspectives from keynote speakers, panelists, and organizations shaping the field. Expanding Coverage Beyond Cybersecurity Beyond security-focused events, the team is covering NAMM 2025 , a leading music and technology conference, and Legal Week in New York , where legal, policy, and AI discussions intersect. Other major tech gatherings include CES, VivaTech, and KIMS, broadening the conversation to industries influencing the digital landscape. For companies looking to share their stories at these events, ITSP Magazine is offering sponsorship opportunities and editorial coverage. Stay tuned for updates, and catch ITSP Magazine on location throughout the year. Learn about Event Briefings: https://www.itspmagazine.com/event-coverage-briefings Learn about the Event Coverage Sponsorship Bundle: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli This Episode’s Sponsor: HITRUST: https://itspm.ag/itsphitweb Resources The Business Newsletter: https://www.itspmagazine.com/campaigns/view-campaign/4GZV4Nk80T4jGaFCG6wZZXFhO1wa91_1AeZOznFKw-qJhYFt14gJ1lyUvtlfhpABey1BbwWbzLzj-wkwtsauLPtoWbDsmyr- RSA Conference 2025: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Black Hat USA 2025: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas Infosecurity Europe 2025: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverage All of our planned On Location event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 Cyber Threat Research, Hands-On Labs, and a Challenge You Can’t Afford to Miss | A Zero Trust World Conversation with Kieran Human | On Location Coverage with Sean Martin and Marco Ciappelli 23:33
Zero Trust World 2025 , hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year’s event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education. The Growth of Zero Trust World Now in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company’s own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations. What to Expect: Hands-On Learning and Key Discussions One of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker’s perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems. For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there’s something to gain from these hands-on labs. High-Profile Speakers and Industry Insights Beyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices. One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon. Networking, Certification, and More Zero Trust World isn’t just about education—it’s also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience. A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise. A Unique Capture the Flag Challenge For those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event’s commitment to real-world application of cybersecurity techniques. Join the Conversation With so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways. Whether you’re looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you’re attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security. Guest: Kieran Human , Special Projects Engineer, ThreatLocker [ @ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ This Episode’s Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Register for Zero Trust World 2025: https://itspm.ag/threat5mu1 ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
R
Redefining CyberSecurity
1 From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital Threats | A Conversation with Fahad Mughal | Redefining CyberSecurity with Sean Martin 52:43
Guest: Fahad Mughal , Senior Cyber Solutions Architect - Security On LinkedIn | https://www.linkedin.com/in/fahadmughal/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes Modern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure. The Growing Role of Cybersecurity in Railways Railway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure. Critical OT Systems in Railways Mughal highlights key OT components in railways that require cybersecurity protection: • Signaling Systems : These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions. • Interlocking Systems : These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase. • Onboard OT Systems : Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls. • SCADA Systems : Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network. • Safety-Critical Systems : Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents. The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators. Real-World Cyber Threats in Railways Mughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity: • 2023 Poland Attack : Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols. • 2021 Iran Railway Incident : Hackers breached Iran’s railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust. • 2016 San Francisco Muni Ransomware Attack : A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident. These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure. Cybersecurity Standards and Best Practices for Railways ( links to resources below ) To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards: • IEC 62443 : A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels . • TS 50701 : A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems. • EN 50126 (RAMS Standard) : A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations. Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks. Looking Ahead: Strengthening Railway Cybersecurity As railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design. He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks. The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it’s not a question of if railway cyber incidents will happen, but when. To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources The LinkedIn Post that inspired this conversation: https://www.linkedin.com/feed/update/urn:li:activity:7264434413965328384/ IEC 62443: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards CENELEC TS 50701: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/ EN 50126: https://www.en-standard.eu/bs-en-50126-1-2017-railway-applications-the-specification-and-demonstration-of-reliability-availability-maintainability-and-safety-rams-generic-rams-process/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Establishing a New Standard for Cybersecurity Professionals Worldwide: Addressing Trust, Standards, and Risk for the CISO Role | CISO Circuit Series with Heather Hinton | Michael Piacente and Sean… 41:44
About the CISO Circuit Series Sean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin . ____________________________ Guests: Heather Hinton , CISO-in-Residence, Professional Association of CISOs On LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin Michael Piacente , Managing Partner and Cofounder of Hitch Partners On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente ____________________________ This Episode’s Sponsors Imperva | https://itspm.ag/imperva277117988 LevelBlue | https://itspm.ag/levelblue266f6c ThreatLocker | https://itspm.ag/threatlocker-r974 ___________________________ Episode Notes In this episode of the CISO Circuit Series , part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton , seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally. This episode addressed three critical questions shaping the modern CISO role: How can CISOs build trust within their organizations? What is PAC doing to elevate cybersecurity as a recognized profession? How can CISOs prepare for increasing scrutiny and legal risks? Building Trust: A CISO’s Key Responsibility Heather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO’s success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives. The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one. Elevating Cybersecurity as a Recognized Profession Michael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series , emphasizes PAC’s role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC’s ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers. This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC’s advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats. Preparing for Legal Risks and Industry Challenges The conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence. Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society. Looking Ahead With goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals. For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org . ____________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring an ITSPmagazine Channel or telling your promotional story to the Redefining CyberSecurity audience? 👉 https://www.itspmagazine.com/advertise…
R
Redefining CyberSecurity
1 From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity… 43:32
The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process. A Human-Centered Approach to Security Dr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle. The Current State of Secure Development One key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively. She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought. Challenges in Adoption and Education Dr. Fulton’s research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers’ perception that security is not their responsibility, compounded by tight deadlines and organizational pressures. Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust’s promise of enhanced security and memory safety. The Future of Human-Centered Security Looking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities. The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes. By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices. ____________________________ Guests: Dr. Kelsey Fulton , Assistant Professor of Computer Science at the Colorado School of Mines Website | https://cs.mines.edu/project/fulton-kelsey/ Julie Haney , Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [ @NISTcyber ] On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ____________________________ View This Show's Sponsors Imperva | https://itspm.ag/imperva277117988 LevelBlue | https://itspm.ag/levelblue266f6c ThreatLocker | https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Kelsey Fulton Biography: https://kfulton121.github.io/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Data Security Posture Management — DSPM. What, why, when, and how: All The Insights You Need To Know | An Imperva Brand Story Conversation with Terry Ray 49:37
In this latest episode of the Imperva Brand Story on ITSP Magazine, Sean Martin and Marco Ciappelli sit down with Terry Ray, CTO for Data Security at Imperva. Together, they discuss the pressing challenges and transformative innovations shaping the future of safeguarding information. Unpacking Data Security Posture Management Terry Ray introduces Data Security Posture Management (DSPM), comparing it to inspecting a home—where identifying vulnerabilities is just as important as fixing them. He emphasizes that data security requires constant vigilance, urging organizations to develop a deep understanding of their infrastructure while staying agile against emerging threats. Moving Beyond Compliance to Real Security The conversation highlights the often-misunderstood relationship between compliance and genuine security. While meeting regulatory requirements is necessary, Terry argues that true data protection requires a broader, risk-based approach, addressing vulnerabilities in both regulated and non-regulated systems to prepare for audits and unforeseen breaches. The Power of Automation and Machine Learning Terry underscores Imperva's dedication to leveraging advanced automation, AI, and machine learning technologies to process vast data sets and detect threats proactively. By adopting innovative strategies, companies can transition from reactive to proactive measures in protecting their digital ecosystems. Fostering Collaboration and Security Awareness A standout point from the discussion is the importance of collaboration across organizational roles—from compliance officers to database managers and security teams. By fostering a culture of continuous learning and teamwork, businesses can better allocate resources and adapt to evolving security priorities. Embracing Security's Ever-Changing Nature The conversation concludes with a powerful reflection on the unpredictable nature of cybersecurity. As new threats and technologies emerge, organizations must remain adaptable, forward-thinking, and prepared for the unexpected to stay ahead in an ever-changing security landscape. Learn more about Imperva: https://itspm.ag/imperva277117988 Note: This story contains promotional content. Learn more . Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [ @Imperva ] On Linkedin | https://www.linkedin.com/in/terry-ray/ On Twitter | https://twitter.com/TerryRay_Fellow Resources Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Breaking Down the Complexities of Client-Side Threats and How to Stop Them | A c/side Brand Story Conversation with Simon Wijckmans 33:21
In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security. Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks. C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively. Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers. C/side’s offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality. With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike. Learn more about c/side: https://itspm.ag/c/side-t0g5 Note: This story contains promotional content. Learn more . Guest: Simon Wijckmans , Founder & CEO, c/side [ @csideai ] On LinkedIn | https://www.linkedin.com/in/wijckmans/ Resources Learn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-side Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Rebalancing Cyber Security: Prioritizing Response and Recovery in Governance | An Australian Cyber Conference 2024 in Melbourne Conversation with Asaf Dori and Ashwin Pal | On Location Coverage with… 28:36
Guests: Asaf Dori , Cyber Security Lead, Healthshare NSW On LinkedIn | https://www.linkedin.com/in/adori/ Ashwin Pal , Partner – Cyber Security and Privacy Services, RSM Australia On LinkedIn | https://www.linkedin.com/in/ashwin-pal-a1769a5/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes At the AISA CyberCon 2024 in Melbourne, Sean Martin sat down with Asaf Dori and Ashwin Pal to explore the often-overlooked areas of the NIST Cybersecurity Framework: response and recovery. Both guests highlighted the critical gaps organizations face in these domains and shared practical insights on addressing them. Asaf Dori, a cybersecurity professional in healthcare and a researcher at the University of Sydney, underscored the need for governance-driven awareness to improve response and recovery capabilities. His research revealed that while organizations invest heavily in prevention and detection, they frequently neglect robust recovery plans. He emphasized the importance of comprehensive disaster recovery exercises over isolated system-based approaches. By linking governance to practical outcomes, Dori argued that organizations could better align their strategies with business resilience. Ashwin Pal, a partner at RSM with 26 years of experience in IT security, brought a field perspective, pointing out how recovery strategies often fail to meet business requirements. He discussed the disconnect between IT recovery metrics, such as RPOs and RTOs, and actual business needs. Pal noted that outdated assumptions about recovery timeframes and critical systems frequently result in misaligned priorities. He advocated for direct business engagement to establish recovery strategies that support operational continuity. A key theme was the role of effective governance in fostering collaboration between IT and business stakeholders. Both speakers agreed that engaging business leaders through tabletop exercises is an essential starting point. Simulating ransomware scenarios, for instance, often exposes gaps in recovery plans, such as inaccessible continuity documents during a crisis. Such exercises, they suggested, empower CISOs to secure executive buy-in for strategic improvements. The discussion also touched on the competitive advantages of robust cybersecurity practices. Dori noted that in some industries, such as energy, cybersecurity maturity is increasingly viewed as a differentiator in securing contracts. Pal echoed this, citing examples where certifications like ISO have become prerequisites in supply chain partnerships. By reframing cybersecurity as a business enabler rather than a cost center, organizations can align their response and recovery strategies with broader operational goals. This shift requires CISOs and risk officers to lead conversations that translate technical requirements into business outcomes, emphasizing trust, resilience, and customer retention. This dialogue provides actionable insights for leaders aiming to close the response and recovery gap and position cybersecurity as a strategic asset. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Theory of Saving the World: Intervention Requests and Critical Infrastructure | An Australian Cyber Conference 2024 in Melbourne Conversation with Ravi Nayyar | On Location Coverage with Sean… 26:02
Guest: Ravi Nayyar , PhD Scholar, The University Of Sydney On LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/ At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3 Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems. The Cyber Zoo: Ravi Nayyar’s Research Focus Ravi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems. The Role of Humans in Cybersecurity At the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world. The Case for Stronger Cyber Laws Ravi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security. Global Cooperation and the Fight Against Regulatory Arbitrage The discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide. Incentivizing Secure Practices Delving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem. Closing Thoughts: Collaboration for a Safer Digital World Sean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources The theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNrifl Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Melbourne to the World: Recap, Highlights and the importance of Human Connections in a Digital Connected Society | An Australian Cyber Conference 2024 in Melbourne Conversation with Akash… 12:51
Guest: Akash Mittal , Chair, Australian Information Security Association (AISA) On LinkedIn | https://www.linkedin.com/in/akashgmittal/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Throughout the conference, one theme stood out above all: the power of community. Akash reflected on how CyberCon fosters a collective effort to strengthen Australia’s cyber resilience by uniting government, academia, and industry under one roof. From keynote presentations to impromptu hallway conversations, the conference showcased how innovation and human connection go hand in hand to address global cybersecurity challenges. The Block Party and Beyond One of the most talked-about moments was the renowned Block Party , a celebration that blurred the line between networking and friendship. Marco described it as a unique experience that left a lasting impression on attendees. Beyond the lively gatherings, the conference also stood out for its ability to create a space where meaningful connections and ideas flourished—whether on the exhibition floor, during panel discussions, or at informal meetups. Looking Ahead: The Future of CyberCon As the conference came to a close, Akash shared an exciting vision for what lies ahead. With an ethos of continuous improvement, the organizing team is committed to delivering even more impactful experiences in the years to come. Feedback from attendees will play a vital role in shaping future events, ensuring CyberCon remains at the forefront of the cybersecurity community. Highlights from the Exhibition Hall The buzzing exhibition hall served as the heart of CyberCon 2024, brimming with energy and engagement. Sean and Marco noted how sponsors and vendors played a pivotal role, sparking conversations about cutting-edge solutions and driving collaboration across sectors. The hall wasn’t just about showcasing products—it became a space for dialogue, exploration, and innovation. A Legacy of Success CyberCon 2024 was more than just a cybersecurity conference—it was a celebration of the community that makes progress possible. The dedication of volunteers and the meticulous planning behind the scenes ensured the event’s success. As Akash noted, the conference continues to evolve as a space where quality content and genuine connections take center stage. Closing Thoughts: A United Community As Sean, Marco, and Akash wrapped up their time at the Australian Cyber Conference 2024, they reflected on what made the event truly special: its people. The conversations, collaborations, and shared sense of purpose have set the stage for a brighter, more connected future in cybersecurity. Melbourne’s vibrant energy was the perfect backdrop for a conference that reminded us all that innovation is strongest when it’s rooted in community. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Beyond the Briefings: Exploring the Pulse of Cybersecurity Communities | A Black Hat Europe 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli 35:02
Guest: Steve Wylie , Vice President, Cybersecurity Market at Informa Tech [ @InformaTechHQ ] and General Manager at Black Hat [ @BlackHatEvents ] On LinkedIn | https://www.linkedin.com/in/swylie650/ On Twitter | https://twitter.com/swylie650 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes London as the Backdrop for Innovation and Culture The conversation kicked off with reflections on London’s vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city’s knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It’s this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat. Sean and Marco’s admiration for the city wasn’t just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion. Black Hat’s Expanding Global Reach Sean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat’s international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts. Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force. Celebrating Local Voices in Global Conversations One of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat’s dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events. The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive. Sean and Marco’s Chemistry: Informal Yet Insightful Beyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London’s chilly December weather. Marco’s love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions. It’s this blend of professional insight and personal charm that makes their discussions so engaging. Whether they’re debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back. Looking Ahead As the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community’s stories to light remains steadfast. Whether you’re attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all. Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Resources Learn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Bytes to Rights: The Intersection of Law and Cyber Security | An Australian Cyber Conference 2024 in Melbourne Conversation with EJ Wise | On Location Coverage with Sean Martin and Marco… 27:30
Guest: EJ Wise , Founder & Principal, WiseLaw On LinkedIn | https://www.linkedin.com/in/wiselaw3/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Against the energetic backdrop of Melbourne's CyberCon, hosted by ISA, the conversation dives into the global nature of technology's influence. The trio reflects on pressing topics such as privacy, cybersecurity, and the shifting landscape of cyber law, all while situated in one of Australia’s most tech-forward cities. EJ Wise’s Journey and Perspective EJ Wise shared her remarkable career path, starting as a member of the U.S. Air Force JAG Corps and later founding her boutique law firm in Australia in 2018. Her firsthand experience sheds light on Australia’s relatively recent introduction of comprehensive cyber laws and the ongoing need to bridge the gap between technological innovation and legislative action. Educating Consumers: A Shared Responsibility A key focus of the conversation was consumer awareness. EJ highlighted the critical need for industries to take responsibility for educating the public, much like banks have historically done with financial literacy. The discussion also touched on embedding technological literacy into early education, ensuring children grow up with a clear understanding of privacy and digital security. Technology and Ethics in Tension The group examined the ethical challenges posed by advancing technologies, especially regarding surveillance and data privacy. From facial recognition in retail spaces to the increasing capabilities of modern devices to monitor user behavior, the conversation drew thought-provoking parallels between these innovations and the history of advertising practices. The ethical implications of such technologies go far beyond convenience, raising questions about transparency, consent, and societal norms in the digital age. Legal Frameworks and Industry Responsibility Marco and Sean explored the evolving role of legal frameworks in holding industry players accountable for consumer safety and privacy. EJ’s insights provided a grounded perspective on how regulatory environments are adapting—or struggling to adapt—to these challenges. The discussion underscored a growing trend: companies must not only comply with existing laws but also anticipate and mitigate the societal impacts of their technologies. Encouraging Dialogue and Reflection Throughout the episode, the importance of open dialogue and introspection emerged as a recurring theme. By examining how technology shapes society and law, the discussion encouraged listeners to reflect on their digital habits and the privacy trade-offs they make in their daily lives. Conclusion While the conversation didn’t provide all the answers, it illuminated the complexities of the interplay between technology, law, and society. EJ, Marco, and Sean left listeners with an invitation to remain curious, question norms, and consider their role in shaping a more ethically aware digital future. This episode captures the spirit of CyberCon 2024—sparking ideas, inspiring debate, and reinforcing the need for thoughtful engagement with the challenges of our hybrid analog-digital society. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Stranger Danger, Phishing, Instinct, and Technology: How AI and Awareness Are Shaping Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Benji Zorella and Rebecca… 30:08
Guests: Benji Zorella , eLearning Instructional Designer, CyberCX On LinkedIn | https://www.linkedin.com/in/benjiz/ Rebecca Caldwell , Phishing Content Specialist, Phriendly Phishing On LinkedIn | https://www.linkedin.com/in/bec-j-caldwell/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Kicking off the episode, Sean Martin and Marco Ciappelli highlight the uniquely local flavor of the conference. With Benji and Bec calling Melbourne home, the guests reflect on the value of attending such a prominent event in their backyard while drawing on their experiences as hosts of their own cybersecurity podcast. Unmasking Phishing in the Digital Age Phishing takes center stage as Benji and Bec share stories and insights about the dangers lurking behind cleverly crafted scams. Sean Martin draws a clever comparison between traditional fishing methods and the digital phishing tactics cybercriminals use today—hooking victims by exploiting their trust and curiosity. Benji drives the conversation deeper, explaining how a person's digital footprint—especially in an age of AI-driven tools like deepfakes—can be weaponized for deception. The guests underscore the importance of remaining vigilant and minimizing the personal information we leave online, turning our digital habits into our best line of defense. Cybersecurity Education: The First Line of Defense Shifting gears, the group emphasizes the need to move beyond relying solely on tech-driven safeguards and focus on building a culture of cybersecurity awareness within organizations. Bec Caldwell shares actionable strategies, likening cybersecurity education to learning how to drive—starting small and gradually building confidence in spotting risks. Empowering employees to question suspicious contexts fosters not just better security, but a collaborative culture of accountability. AI: Friend or Foe? The role of AI emerges as a hot topic, sparking a discussion about its dual impact on cybersecurity. While AI enables sophisticated phishing attacks, it also holds the potential to strengthen defenses. The panel imagines AI tools evolving to provide real-time security nudges, similar to how cars alert drivers to potential hazards. It’s a balancing act, as AI must be wielded thoughtfully to enhance—not replace—human vigilance. The Human Factor in Cybersecurity Throughout the conversation, one message resonates: the enduring power of human intuition. Benji recounts a gripping story of a CEO who thwarted a highly advanced phishing attempt with a simple, old-school phone verification. This moment reinforces the idea that while tech can improve security measures, the human touch remains irreplaceable. Future-Proofing Cybersecurity As the episode winds down, the group reflects on thought-provoking audience questions from the conference. From AI’s impact on CISO responsibilities to how generational shifts in digital communication shape cybersecurity strategies, the guests underscore the need for adaptability as both technology and society evolve. A Final Call to Action Marco Ciappelli and Sean Martin wrap up with a clear takeaway for their listeners: stay curious, ask questions, and embrace skepticism online. The key to navigating today’s cyber landscape is a mix of awareness, education, and the occasional gut check—because even in a tech-driven world, the human element is our greatest asset. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Bytes with Bec and Benji podcast: https://www.phriendlyphishing.com/resources/podcasts Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Building Cyber Resilience Through Global Innovation, Local Community Feedback, and Regional Partnerships | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story… 17:42
This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront. Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974 Note: This story contains promotional content. Learn more . Guests: Jade Wilkie , Account Executive APAC, ThreatLocker [ @ThreatLocker ] On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/ Resources Essential Eight: https://itspm.ag/threatq55q Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin… 26:49
Guest: Joseph Carson , Chief Security Scientist (CSS) & Advisory CISO, Delinea On LinkedIn | https://www.linkedin.com/in/josephcarson/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies. The Dynamics of Engagement The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable. Insights on Ransomware Realities Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance. The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats. Ethical and Strategic Considerations in Cybersecurity The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles. Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model. Global Trends and Local Challenges The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures. Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally. Final Thoughts: Building a Safer Digital World The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security. This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location… 27:07
Guest: Ahmad Salehi Shahraki , Lecturer (Assistant Professor) in Cybersecurity, La Trobe University On LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure. Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain. Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies. Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual’s age for accessing a service without revealing personal data—a critical step toward minimizing data exposure. The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models. The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad’s research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond. Listeners are encouraged to follow Ahmad’s work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Brand Story with Robert Booker,… 1:00:06
1:00:06 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:00:06
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدThe HITRUST CyberInsurance Webinar unveiled an innovative approach to acquiring cyber insurance, highlighting a streamlined process designed to benefit organizations of all sizes and sectors. Gathering insights from industry leaders including Sean Martin, Josh Ladeau, Sidney Prasse, Robert Booker, and Blake Sutherland, the discussion centered around the HITRUST Shared Risk Facility and its value proposition for organizations seeking robust cyber insurance coverage. Josh Ladeau, CEO of Trium, emphasized the importance of reducing volatility in the insurance market. He pointed out the challenges organizations face with traditional insurance processes, including cumbersome questionnaires and inconsistent underwriting requirements. By leveraging HITRUST certifications, the Shared Risk Facility offers a consistent, transparent, and efficient pathway for obtaining coverage, ensuring organizations can focus more on their core operations rather than administrative burdens. Sidney Prasse, a cyber specialist at McGill and Partners, highlighted the comprehensive nature of HITRUST certifications, which provide a high level of assurance and a robust framework for organizations. Prasse elaborated on the return on investment (ROI) that organizations gain from this streamlined approach, not only in terms of competitive premiums but also through time and resource efficiencies. Robert Booker, Chief Strategy Officer at HITRUST, elaborated on the rigorous processes involved in HITRUST certifications. He explained that these certifications require organizations to demonstrate their security maturity comprehensively, which in turn provides insurers with verified, reliable data. This reliability and transparency in security posture are critical, as they enhance the trust between insurers and insureds, making the underwriting process smoother and more accurate. Blake Sutherland, EVP of Market Engagement at HITRUST, emphasized the importance of proactive engagement between IT security teams and finance or risk management teams within organizations. He noted that the HITRUST approach helps bridge gaps between these departments, ensuring a unified and effective strategy towards obtaining and maintaining cyber insurance coverage. The webinar underscored that the HITRUST Shared Risk Facility is not just about easier and more efficient insurance processes; it also represents a strategic advantage in the market. Organizations that are HITRUST certified can differentiate themselves, demonstrating a high level of security and compliance that can be pivotal in securing business contracts. This differentiation is particularly crucial as businesses increasingly rely on third-party attestation to verify their security measures. Ultimately, the HITRUST CyberInsurance Webinar showcased how strategic partnerships and innovative approaches can transform the traditional cyber insurance landscape, providing organizations with the tools they need to effectively manage risk and achieve better overall security. Learn more about HITRUST: https://itspm.ag/itsphitweb Note: This story contains promotional content. Learn more . Guests: Blake Sutherland , EVP Market Adoption, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/ Robert Booker , Chief Strategy Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/robertbooker/ Sidney Prasse , Partner, McGill & Partners On LinkedIn | https://www.linkedin.com/in/sidney-prasse-297894aa/ Josh Ladeau , CEO, Trium Cyber Resources Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships (Session): Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Building a Sustainable, Predictable Cyber Insurance Market | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A McGill and Partners Short Brand Innovation Story with Ryan Griffin 7:08
During the latest Brand Story episode recorded as part of the On Location series at HITRUST Collaborate 2024, host Sean Martin speaks with Ryan Griffin from McGill Partners about the intricacies of cyber insurance. Ryan Griffin, who plays a key role at the cyber insurance brokerage firm McGill Partners, shares insights into the importance of cyber insurance for large and complex organizations. Griffin outlines how the company helps clients understand and quantify their cyber risks before negotiating with over 100 cyber insurers to secure coverage. This rigorous approach is crucial given the volatile nature of cyber risks. One of the significant challenges in the field, Griffin notes, is the counterparty risk involved in contractual relationships between large organizations. He emphasizes the necessity for businesses to carry adequate insurance coverage, akin to traditional liability insurance. Griffin reflects on the market evolution where organizations now see the value in cyber insurance, which should ideally cover rare but high-impact events. The episode also highlights the pivotal role of data in understanding and pricing cyber risks. Sean Martin brings attention to the collaboration between McGill Partners and HITRUST. HITRUST's extensive data on cybersecurity and privacy maturity provides Griffins' team with a strong foundation for tailored cyber insurance solutions. Griffin praises HITRUST’s reliable framework that has been in place since 2007-2008, saying it’s a key differentiator in the cyber insurance space. Sean Martin also notes the ongoing evolution in how organizations approach cyber insurance. Historically, the market's response to cybersecurity certifications has been lukewarm, but there is a shift towards utilizing credible, respected frameworks in insurance solutions. HITRUST certifications, such as the R2 certification, now play a crucial role in demonstrating an organization's efforts to mitigate risk and are instrumental in securing favorable insurance terms. Griffin further discusses the multifaceted stakeholders involved in procuring cyber insurance within organizations. He talks about the need for simplifying cyber risk management for different organizational roles, particularly the non-technical insurance buyers. Griffin emphasizes making the insurance process less intimidating by leveraging compliance and cybersecurity measures already in place. Ryan Griffin underscores McGill Partners' mission to create a mature and sustainable risk pool, making cyber insurance predictable and reliable for their clients. The collaboration with HITRUST showcases a tangible effort towards improving trust and efficiency in the cyber insurance market. With accurate, trustworthy data, McGill Partners is dedicated to reducing insurance barriers and ensuring organizations are well-prepared to meet their cyber risk management needs. Learn more about McGill and Partners: https://itspm.ag/mcgill-and-partners-o89w Note: This story contains promotional content. Learn more . Guest: Ryan Griffin , Partner, McGill and Partners On LinkedIn | https://www.linkedin.com/in/ryanpgriffin/ Resources Learn more and catch more stories from McGill and Partners: https://www.itspmagazine.com/directory/mcgill-and-partners Video Podcast: Introduction to HITRUST’s Cyber Insurance Facility: https://itspm.ag/hitrusp5x6 Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Irreversible Impact of Technology: The Ethical Dilemmas We Face When We Can’t Uninvent Our Creations | An Australian Cyber Conference 2024 in Melbourne Conversation with Mikko Hypponen | On… 23:59
Guest: Mikko Hypponen , Chief Research Officer (CRO) at WithSecure [ @WithSecure ] On LinkedIn | https://www.linkedin.com/in/hypponen/ On Twitter | https://twitter.com/mikko Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the AISA CyberCon 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Mikko Hypponen to discuss the irreversible nature of technology, the challenges it presents, and its impact on society. The discussion focused not on the event itself but on broader issues and ideas that shape our relationship with technological innovation. The Irreversible Nature of Innovation Mikko emphasized that once a technology is invented, it cannot be uninvented. Strong encryption was one of his key examples: it secures communication for individuals and organizations, yet it is also used by criminals to evade detection. This duality underscores the reality that every innovation carries benefits and drawbacks. Mikko noted, “Even if we wanted to get rid of strong encryption, it’s not possible. Criminals would still use it.” The conversation also touched on artificial intelligence. Mikko highlighted how innovations build on past advancements. Decades of progress in digitizing information, developing the internet, and creating cloud infrastructure have made today’s AI capabilities possible. He reflected on how large technological revolutions often take longer than anticipated to develop but eventually surpass expectations in scope. Technology as a Double-Edged Sword The group explored societal challenges posed by technology, such as the impact of social media on youth and ethical questions around ransomware. Mikko pointed to the breach of the Vastamo psychotherapy center in Finland, where hackers stole sensitive patient records and demanded ransoms from both the clinic and its patients. He argued that, in some cases, paying the ransom might result in less harm, even though it contradicts the principle of not funding criminal activity. Marco raised the issue of preparing young people for social media, comparing it to teaching a child to drive before handing over car keys. The discussion emphasized the importance of gradually introducing tools and systems while fostering understanding of their risks and responsibilities. Building on the Past Marco noted how foundational technologies, like the internet, enable further innovations. Mikko agreed, citing how AI’s rapid rise was made possible by decades of previous work. He stressed that each technological leap requires the groundwork laid by earlier developments, creating platforms for new ideas to flourish. The group also discussed the limitations of regulation. For example, cryptocurrencies, built on mathematical principles, cannot be fundamentally altered by laws. Instead, regulation can only address interactions between real-world currencies and blockchain systems. Mikko observed, “Math doesn’t care about your laws and regulations.” Closing Thoughts The conversation underscored that innovation is inherently a trade-off. Every advancement brings both opportunities and challenges, and society must navigate these complexities thoughtfully. Mikko highlighted that while the benefits of technologies like encryption, AI, and the internet are significant, they also create new risks. Sean, Marco, and Mikko’s discussion emphasized the importance of understanding and adapting to technological change. While we can’t control the pace of innovation, we can shape how it integrates into our lives and institutions. This ongoing dialogue remains essential as society continues to grapple with the implications of progress. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Human Factors in Cyber Security: Cultivating Cybersecurity Culture and Cyber Skills Gap | An Australian Cyber Conference 2024 in Melbourne Conversation with Leanne Ngo | On Location Coverage with… 25:58
Guest: Leanne Ngo , Associate Professor, La Trobe University On LinkedIn | https://www.linkedin.com/in/leanne-ngo-86979042/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During AISA Cyber Con 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Dr. Leanne Ngo to discuss cyber resilience, community impact, and the role of culture in cybersecurity. Their conversation explored the intersection of technology, education, and human connection in the pursuit of a safer and more secure society. Dr. Ngo shared her perspective on resilience, highlighting its evolving definition. While digital tools increase opportunities for connection, she emphasized that face-to-face interaction remains vital, especially for vulnerable communities. Her work in promoting cybersecurity awareness involves building trust and understanding among diverse groups, tailoring approaches to their unique needs and cultural contexts. The discussion turned to the importance of culture in cybersecurity, with Dr. Ngo describing it as a gradual process of change driven by action and integration into everyday life. She stressed that cyber awareness—often focused on knowledge—must evolve into behavioral transformation, where secure practices become second nature both at work and in personal lives. This requires understanding the subcultures within organizations and communities and adapting strategies to resonate with their specific dynamics. Sean also brought up the concept of belief as a cornerstone for driving cultural change. Dr. Ngo agreed, emphasizing that confidence and a growth mindset are essential in fostering resilience. Drawing on her experience as a mentor and educator, she described how instilling belief in individuals’ capacity to contribute to a secure society empowers them to take ownership of their role in cybersecurity. The conversation explored practical ways to bridge the gap between technical solutions and human-centered approaches. Dr. Ngo highlighted her work with the Australian government’s "Stay Safe, Act Now" campaign, which focuses on localizing cybersecurity education. By adapting materials to the values and practices of various communities—such as the South Sudanese and Cambodian populations—her initiatives create relatable and impactful messaging that goes beyond surface-level translations. Education and workforce development also emerged as key themes. Dr. Ngo underscored the importance of short, targeted training programs, like micro-credentials, in addressing the growing skills gap in cybersecurity. Such programs offer accessible pathways for individuals from all backgrounds to contribute meaningfully to the industry, supporting Australia's ambition to be the most cyber-resilient country by 2030. Closing the discussion, Dr. Ngo reinforced that cybersecurity is fundamentally about people. By fostering empathy, understanding, and a collaborative spirit, society can build resilience not just through technology but through the collective effort of individuals who care deeply about protecting one another. This belief in human potential left an enduring impression, inspiring attendees to think beyond traditional approaches and embrace the human element at the core of cybersecurity. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Data Sovereignty and Security Challenges in the APAC Region: Simplifying Security with Zero Trust and AI-Driven Solutions | An Australian Cyber Conference 2024 in Melbourne Conversation with Abbas… 24:27
Guest: Abbas Kudrati , Asia’s SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [ @Microsoft ] On LinkedIn | https://www.linkedin.com/in/akudrati/ On Twitter | https://twitter.com/askudrati Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region. Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions. The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices. Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use. Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities. The conversation concluded with a forward-looking perspective on AI’s role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Australia's Global Opportunity and Responsibility: Shaping a More Secure Region and a Safer Digital World | An Australian Cyber Conference 2024 in Melbourne Conversation with Ambassador Brendan… 16:23
Guest: Ambassador Brendan Dowling , Ambassador for Cyber Affairs and Critical Technology, DFAT On LinkedIn | https://www.linkedin.com/in/brendan-dowling-7812b4261/ AT AU Cyber Con | https://canberra2024.cyberconference.com.au/speakers/brendan-dowling Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes This conversation with Brendan Dowling gave us a glimpse into the strategies, challenges, and collaborations shaping Australia’s digital future—and reminded us all that the cyber frontier is not just a technical battlefield but a deeply human one. The Role of a Cyber Ambassador Dowling began by discussing the unique responsibilities of a Cyber Ambassador, a role that integrates cybersecurity into foreign policy at the highest levels. He emphasized how this position, once viewed as an innovative experiment, has become a strategic necessity for national security. As cyber threats grow increasingly complex and borderless, cyber diplomacy has emerged as a critical tool for fostering stability and trust on the global stage. Strengthening Global Collaboration During the discussion, Dowling highlighted the collaborative nature of Australia’s cybersecurity efforts. He explained how cooperation within government agencies and partnerships with international allies are key to staying ahead of emerging threats. These relationships enable critical information-sharing, strategic alignment, and unified responses to incidents, underscoring the interconnectedness of today’s digital ecosystem. Navigating AI and Ethical Challenges The conversation turned to artificial intelligence and its growing role in society. Dowling addressed the ethical considerations of AI development and deployment, stressing the importance of balancing innovation with responsibility. He described Australia’s approach to advocating for ethical design and policy frameworks that protect privacy and human rights while maximizing AI’s benefits. Building Resilience in Critical Infrastructure Critical infrastructure was another focal point of the discussion. Dowling acknowledged the increasing complexity of protecting vital systems, from industrial control processes to supply chains. He emphasized resilience—not only in preventing attacks but in responding swiftly and effectively when incidents occur. This approach ensures that essential services, such as energy and manufacturing, can continue to operate even under pressure. Cultural Contexts in Cybersecurity Dowling also reflected on the role of cultural differences in shaping cybersecurity strategies. He shared experiences from his international work, where addressing issues like online safety and disinformation often requires sensitivity to local norms and values. Tailoring cybersecurity approaches to diverse cultural contexts, he noted, is vital for fostering trust and collaboration across regions. Conclusion: As the conversation concluded, Dowling reaffirmed the need for continued cooperation, innovation, and cultural understanding in tackling global cyber challenges. Sean Martin and Marco Ciappelli expressed their gratitude, leaving listeners with a clear message: cybersecurity is not just a technical issue—it’s a global, ethical, and deeply human challenge that requires collective effort. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Australia's global opportunity and responsibility: shaping a more secure region and a safer digital world (Session): https://canberra2024.cyberconference.com.au/sessions/australias-global-opportunity-and-responsibility-shaping-a-more-secure-region-and-a-safer-digital-world Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano… 24:58
Guest: Ivano Bongiovanni , General Manager / Sr Lecturer, AusCERT / UQ On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/ At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences. Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices. Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures. The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations. Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience. Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Top 10 Skills Your Security Awareness and Culture Person Must Have (With No IT or Cyber Skills in Sight) | An Australian Cyber Conference 2024 in Melbourne Conversation with Daisy Wong | On… 27:11
Guest: Daisy Wong , Head of Security Awareness, Medibank On LinkedIn | https://www.linkedin.com/in/daisywong127/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Kicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss. Daisy’s career journey, from earning a marketing degree to becoming Medibank’s Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity. The Power of Communication and Culture in Cybersecurity Daisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today’s cyber challenges. Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort. Breaking Barriers and Building Bridges One of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background. She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams. Staying Ahead in an Evolving Threat Landscape Daisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant. While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices. In this lively episode of On Location with Marco Ciappelli , Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense. Cybersecurity isn’t just about systems and software—it’s about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Building Resilience in a Disruptive Digital Landscape while Being Green by Design: Addressing the Carbon Footprint in Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation… 16:26
Guest: Sian John , Chief Technology Officer, NCC Group On LinkedIn | https://www.linkedin.com/in/sian-john/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community. Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny. Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.' The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case. The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats. Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The present and future of Human-Centered Cybersecurity: Managing Risks and Fostering Digital Safety | An Australian Cyber Conference 2024 in Melbourne Conversation with Jinan Budge | On Location… 39:44
Guest: Jinan Budge , Vice President, Principal Analyst serving Security & Risk professionals, Forrester On LinkedIn | https://www.linkedin.com/in/jinan-budge-2898132/ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The Australian Cyber Conference Melbourne 2024 is a dynamic hub of innovation, bringing together top cybersecurity professionals and thought leaders to tackle the industry’s most pressing challenges. On this On Location Recording Sean Martin and Marco Ciappelli have a conversation with Jinan Budge , Vice President at Forrester Research, focusing on the vital role of human-centered security in today’s evolving landscape. Building a Human-Centered Cybersecurity Culture One of the central themes of the discussion was the shift from traditional security awareness programs to human risk management . Jinan Budge emphasized the need to move beyond treating people as liabilities and instead design security practices that align with individual behaviors and motivations. This evolution toward human-centered cybersecurity is essential to addressing the unique risks posed by human behavior while fostering a culture of adaptability and trust. Collaboration Between Enterprises and Vendors The podcast highlighted the shared responsibility between enterprises and vendors to advance security practices. Enterprises must embrace adaptive security solutions tailored to their workforce, while vendors have a pivotal role in driving innovation and educating the market. This partnership is key to creating flexible, effective solutions that meet the needs of diverse organizations, from startups to global enterprises. Understanding the Human Element in Data Breaches Budge introduced a framework she calls the “wheel of human element breaches,” which categorizes risks such as social engineering , human error , and insider threats . This comprehensive approach pushes the conversation beyond the common narrative of phishing attacks, encouraging organizations to adopt holistic strategies that address the root causes of human-driven vulnerabilities. Education and Continuous Learning Marco Ciappelli and Jinan Budge underscored the importance of integrating cybersecurity education into early learning environments. Instilling digital safety habits at a young age helps build an instinctive understanding of cybersecurity, preparing future generations for the increasingly digital workplace. This foundation ensures smoother transitions into organizational cultures where cybersecurity is second nature. Conclusion The discussions at the Australian Cyber Conference Melbourne 2024 illuminated the industry’s growing focus on human-centered strategies and collaboration between enterprises and vendors. These efforts underscore the importance of proactively addressing human risks and integrating cybersecurity education into every level of society. Events like this continue to shape the future, offering invaluable insights and inspiration for those dedicated to advancing the field. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Transforming Cybersecurity with Essential Eight by Building Robust Security Structures with a Default Deny Approach | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A… 5:55
During AISA Cyber Con 2024 in Melbourne, Sean Martin connected with Jade Wilkie from ThreatLocker. Wilkie, who is currently an account executive and soon to assume a leadership role with the APAC sales team, discusses the significance of ThreatLocker’s presence at the event and their growth in the Australian market. With ThreatLocker’s APAC team attending for the first time, Wilkie emphasizes the importance of support on the ground as Australia has quickly become ThreatLocker’s second-largest market. ThreatLocker’s approach, centered on a default deny methodology and zero trust framework, aligns well with Australia’s Essential Eight cybersecurity framework. Wilkie highlights that this strategy not only prevents unauthorized access but also reduces noise during detection and response processes. This makes the Essential 8 a solid foundation for cybersecurity, offering a straightforward and effective structure that companies can implement. At their booth, ThreatLocker aims to raise awareness about their comprehensive offerings beyond application control, including EDR and MDR, and network control modules. Wilkie invites attendees to engage with the team to understand how ThreatLocker’s solutions can fortify their security structures. The episode teases an upcoming conversation at Zero Trust World in Orlando, where Sean Martin and Jade Wilkie will further explore the event’s takeaways and discuss emerging themes and trends in the cybersecurity space. Don’t miss out on this insightful discussion that promises to deliver valuable information for strengthening cybersecurity efforts. Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974 Note: This story contains promotional content. Learn more . Guests: Jade Wilkie , Account Executive APAC, ThreatLocker [ @ThreatLocker ] On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/ Resources Essential Eight: https://itspm.ag/threatq55q Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Balancing Technology and Human Awareness in Cyber Defense: Strategies for Families and Organizations | An Australian Cyber Conference 2024 in Melbourne Conversation with Jacqueline Jayne | On… 28:55
Guest: Jacqueline Jayne , The Independent Cybersecurity Expert On LinkedIn | https://www.linkedin.com/in/jacquelinejayne/ At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smict Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes During the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures. One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management. Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No’ to the ‘Department of K-N-O-W.’” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level. Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats. Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens. The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation. Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There’s a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It’s not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Resources The top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1O Keeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xG Security awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsL Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Healthcare to Cybersecurity: Leveraging Past Professions to Enhance Cybersecurity Programs | A Conversation with Gina D’Addamio | Redefining CyberSecurity with Sean Martin 44:49
Guest: Gina D’Addamio , Threat Analyst, Canadian Cyber Threat Exchange [ @CCTXCanada ] On LinkedIn | https://www.linkedin.com/in/gina-daddamio ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D’Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds. Gina D’Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing. Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case. Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX. The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S. Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry. Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person’s overall ability to fit within the team and contribute to the organization’s goals. This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D’Addamio’s story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst and https://itspm.ag/rogershxbp Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/accelerating-cybersecurity-training-and-innovation-7-minutes-on-itspmagazine-from-black-hat-sector-2024-a-rogers-cybersecure-catalyst-short-brand-innovation-story-with-rushmi-hasham-and-vasu-daggupaty ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Pre-Event Coverage | Different Hats, Shared Goals: Insights and Anticipations for Conversations and Stories from Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin… 9:32
Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this pre-event Chats on the Road episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli meet up in person and on location to discuss their excitement and expectations for the upcoming Australia Cybersecurity Conference 2024 in Melbourne. They express their enthusiasm about reuniting with the cybersecurity community and emphasize the significance of the event, which is organized by AISA and supported by notable individuals like Akash Mattel, Megan, and Abbas Kudrati. Sean and Marco share a light-hearted opening conversation about boats and travels, setting a casual tone before diving into what they look forward to at the conference. The hosts appreciate the opportunity to connect with industry leaders and attendees, emphasizing the importance of stories in operationalizing cybersecurity in business and society. Sean highlights the need to align technology with business processes while adhering to policies and laws on a global scale. On the other hand, Marco provides a broader perspective on the interaction between individuals, society, and technology, stressing the role of cybersecurity in protecting personal privacy and fostering human interaction — it turns out it's all about the intersection of technology and culture. The hosts reflect on their past experiences in the cybersecurity field, with Sean sharing an anecdote about a vintage AV hat that represents his journey at Symantec rooted in the Australia. culture. This reflection underscores the value of learning from past and present experiences to shape a better future in cybersecurity. Sean and Marco discuss the diverse sessions and interactions planned for the event, mentioning notable speakers like Joe Sullivan and Mikko Hypponen. They are particularly excited about the wide range of topics to be covered, from policy and privacy to operational strategies and the human element in cybersecurity. As they anticipate the week ahead, Sean and Marco invite listeners to engage with them during the conference. They are eager to forge new relationships and gather stories that resonate on a global scale, underscoring the event's potential for fostering meaningful connections and enhancing cybersecurity practices worldwide. Tune in to hear Sean and Marco's thoughts on what promises to be an exciting and informative week at the Australia Cybersecurity Conference 2024. Whether you're attending the event or staying tuned from afar, this episode sets the stage for the compelling conversations and insights to come. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Bridging Cybersecurity and Finance for Better Insurance Outcomes | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Google Short Brand Innovation Story with Monica Shokrai 7:04
In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors. Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks. A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy. Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization. Another significant point is Google’s innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal. Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers. Learn more about Google Cloud: https://itspm.ag/google-pkap Note: This story contains promotional content. Learn more . Guest: Monica Shokrai , Head of Risk and Insurance, Google Cloud [ @lifeatgoogle ] On LinkedIn | https://www.linkedin.com/in/monicashokrai/ Resources Learn more and catch more stories from Google: https://www.itspmagazine.com/directory/google Simplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6 Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The 3-2-1 Rule for Cyber Resiliency | 7 Minutes on ITSPmagazine | An Apricorn Short Brand Innovation Story with Kurt Markley 7:03
Companies, organizations and governments have massive volumes of data, and the primary focus for its security is placed on that which is stored in the cloud, but many are not following best practices of taking the extra steps necessary to ensure their backed up data is secure, complete and uncorrupted. This story is to talk about using the 3-2-1 rule for cyber resiliency (keep three copies of data, on two different formats–both encrypted, one of which is stored off-site and offline) and discuss anecdotes of what can happen when cyber resilience plans are not put in place or followed. Data is the most important asset an organization has, whether it’s a business, organization or a government. At the same time, the frequency of cyber attacks that compromise data are increasing. Ransomware continues to be a plague, with some reports showing more than 14 publicly claimed attacks daily for the first half of 2024. Having a plan to thwart cyberattack is only part of the strategy. Equally important is how to rapidly recover and restore operations after a ransomware disruption has occurred. Share anecdote about OVHcloud data center that burned down in 2021 with backups in it – all assets destroyed and websites down for days. also might be good to mention the latest ransomware attack on University of Texas healthcare that is still not fully operational, 3 weeks after the attack and counting. it is unknown if they paid the ransom, but if they did and they’re still not operational, that goes to show how unreliable the ransomed data is. Apricorn’s own research shows that only half of U.S. respondents are conducting automatic backups to both a central repository AND a personal repository. Additionally, more than 25% of survey respondents were unable to recover all of their data successfully If attackers are successfully breaching data and holding it for ransom, organizations have to be able to recover complete backups of their data in order to a) avoid paying the ransom and b) assure the original data needed for restoration of operations is complete and intact, which statistics show, frequently is corrupted and incomplete when ransom is paid. One of the easiest and most effective ways to rapidly restore operations after a ransomware attempt is to keep multiple copies of integrity-checked data so you can fully recover it if it’s compromised. The 3-2-1 rule is a proven cyber resilience best practice. The 3-2-1 rule calls for keeping at least three copies of your data on two different types of media, with one being encrypted and offsite. This is where Apricorn comes into play - we make the highest grade, portable data encryption products on the market. Our products are security focused - 100% software free, FIPS certified, non-Chinese chips and so many unique features such as admin AND user forced enrollment, programmable PIN lengths, brute force defense, self destruct PINS and more. Learn more about Apricorn: https://itspm.ag/apricomebv Note: This story contains promotional content. Learn more . Guest: Kurt Markley , Managing Director, America's, Apricorn [ @apricorn_info ] On LinkedIn | https://www.linkedin.com/in/kurt-markley-1596054/ Resources Securing Data with Hardware Encrypted USB Drives: https://itspm.ag/apricoy0dm Learn more and catch more stories from Apricorn: https://www.itspmagazine.com/directory/apricorn Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Cyber Heroes in Action: Delivering Advanced Security Measures for Modern Businesses | A ThreatLocker Brand Story with Danny Jenkins 37:22
In this Brand Story episode, Marco Ciappelli and Sean Martin sit down with Danny Jenkins, CEO and co-founder of ThreatLocker, to uncover the fascinating journey and innovative approach of ThreatLocker in the cybersecurity realm. The episode sheds light on the company’s mission, the challenges it faces, and the transformative solutions it offers. Danny Jenkins recounts the origin story of ThreatLocker, beginning with his early career in IT and his fortuitous stumble into cybersecurity. He explains how witnessing firsthand the devastating impact of ransomware led to the inception of ThreatLocker. His experience with ethical hacking and ransomware recovery highlighted a critical need for more effective IT security solutions, enabling Jenkins to spearhead the development of ThreatLocker with a central philosophy: deny by default. ThreatLocker’s primary goal is to help organizations implement a zero trust framework by making it as simple and automated as possible. Jenkins emphasizes that effective security requires blocking untrusted software and limiting what trusted software can do. He articulates the importance of learning the intricacies of each environment ThreatLocker protects, from small businesses to massive enterprises like JetBlue. By examining each endpoint and understanding the specific software and dependencies, ThreatLocker ensures that systems remain secure without disrupting daily operations. One of the key aspects discussed is ThreatLocker’s unique human element combined with technological innovation. Jenkins introduces the concept of their 'cyber hero' team, dedicated to providing 24/7 support. This team is crucial, especially when onboarding new clients or assisting those already affected by ransomware. This commitment to customer service underscores ThreatLocker’s philosophy of not only providing top-tier solutions but ensuring they are successfully implemented and maintained. Jenkins also touches upon the broader industry challenges, specifically the common pitfalls enterprises fall into by relying on endpoint detection and response (EDR) systems alone. He argues that such systems are often reactive, addressing symptoms rather than root causes. ThreatLocker’s approach, focusing on proactive prevention and least privilege access, aims to mitigate vulnerabilities before they can be exploited. Finally, Jenkins discusses the future vision for ThreatLocker, highlighting continued growth and innovation. The company’s commitment to maintaining high support levels while expanding its product offerings ensures it remains at the forefront of cybersecurity solutions. Events like Zero Trust World serve as educational opportunities for clients to deepen their understanding and enhance their security postures. Overall, this episode provides an in-depth look at ThreatLocker’s strategic approach to cybersecurity, emphasizing the importance of proactive prevention, customer service, and continuous improvement. Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974 Note: This story contains promotional content. Learn more . Guest: Danny Jenkins , CEO of ThreatLocker [ @ThreatLocker ] On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/ Resources Zero Trust World Conference: https://itspm.ag/threat5mu1 Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Pre Event Coverage | Unveiling Cybersecurity's Future: Joe Sullivan's Keynote Journey to Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin and Marco Ciappelli 28:27
Guest: Joe Sulllivan , CEO at Ukraine Friends [ @UkraineFriends_ ] On Linkedin | https://www.linkedin.com/in/joesu11ivan/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The discussion begins with Sean and Marco humorously chatting about sunsets in California versus those on the other side of the world, as they prepare for their trip. With excitement in the air, they highlight the conference’s stellar lineup, especially keynote speaker Joe Sullivan, joining the conversation from Sydney. Already immersed in the Australian vibe, Sullivan shares his anticipation for the event and comments on the sunny weather awaiting them. Sullivan’s career is a fascinating intersection of technology, law, and leadership. From his days as a cybercrime prosecutor to leading security efforts at Facebook and Uber, he offers a unique perspective on the evolution of cybersecurity as both a profession and a global necessity. Joe Sullivan's Career Journey Reflecting on his career path, Sullivan describes his journey as a "Jenga pile" built on diverse and dynamic experiences. He recalls his transition from government service to the tech industry during the dot-com boom, driven by curiosity and a hunger for new challenges. His work at companies like eBay, PayPal, and Facebook involved pioneering projects such as building security teams from scratch and shaping policies like responsible disclosure programs. The Role of Regulation in Cybersecurity Sullivan and the hosts delve into the crucial topic of regulation in cybersecurity. Drawing on his experiences, Sullivan underscores the disparity in resources between regulated and unregulated sectors, pointing to financial services and healthcare as examples. He advocates for smart, balanced regulations to ensure cybersecurity initiatives are well-funded and effective, emphasizing that structure is key to protecting industries and consumers alike. Connecting with Security Professionals Globally Through his global speaking engagements and commitment to attending conferences in full, Sullivan has gained valuable insights into the shared challenges facing security professionals worldwide. He highlights the universal nature of these challenges and the importance of collaboration across borders. His passion for fostering connections within the cybersecurity community resonates strongly in today’s interconnected world. Humanitarian Efforts Beyond Cybersecurity Beyond his professional endeavors, Sullivan shares his inspiring humanitarian work, particularly his efforts to support Ukraine through laptop donations. These initiatives, born from his professional network, illustrate the profound impact the cybersecurity community can have on broader global issues. By using technology to aid children’s education in conflict zones, Sullivan underscores the power of tech to bring hope and stability to those in need. Conclusion As the Australian Cyber Conference 2024 approaches, Joe Sullivan’s insights set a compelling tone for discussions about the future of cybersecurity. His message of resilience, adaptability, and global cooperation will undoubtedly inspire attendees. For those ready to engage and learn, Sean Martin and Marco Ciappelli warmly invite you to join them in Melbourne for this transformative event — and of course, follow them subscribing to their podcast if you cannot be there. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Resources UkraineFriends: https://itspm.ag/ukrainwwmj ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 When Risk Management and Information Security Resonate with Hearts and Minds | A Conversation with Nadine Michaelides and Julie Haney | Redefining CyberSecurity with Sean Martin 39:17
Guests: Nadine Michaelides , CEO / VD, Anima People On LinkedIn | https://www.linkedin.com/in/nadinemichaelides/ Julie Haney , Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [ @NISTcyber ] On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes Imagine a world where employees aren't just potential risks, but the vanguard of cyber defense. A world where the human element, long considered the weakest link in security, becomes the cornerstone of an impenetrable digital fortress. The latest episode of the Human Centered sub-series on the Redefining CyberSecurity podcast features a compelling discussion with Nadine Michaelides, a security and crime psychologist, researcher at University College London, speaker, and entrepreneur. Julie Haney co-hosts the episode with Sean Martin, discussing the critical role employees play in strengthening cybersecurity defenses. Nadine Michaelides shares her insights on the shift from viewing employees as potential risks to recognizing them as essential components of a robust cybersecurity strategy. This approach emphasizes the importance of understanding the human element in security and integrating psychological principles to improve employee engagement and motivation. Unlike purely technical measures, human-centered cybersecurity focuses on fostering intrinsic motivation and creating a culture where security is an integral part of daily operations. The conversation highlights the importance of moving beyond mere awareness campaigns. According to Michaelides, simply making employees aware of security risks is insufficient. Organizations must focus on creating intrinsic motivation, ensuring that employees understand and internalize the significance of their actions. This can be achieved through effective training, clear communication, and involving employees in security initiatives. Michaelides also introduces the concept of human risk management, which involves assessing and addressing the psychological and behavioral factors that influence cybersecurity. She stresses the need for a multidisciplinary approach, incorporating insights from psychology, sociology, and organizational behavior to create comprehensive security strategies. This holistic approach helps organizations identify and mitigate risks more effectively, as it considers the diverse motivations and behaviors of employees. Sean Martin raises an interesting point about how personal risk assessments can parallel organizational security measures. He suggests that just as individuals assess the risks associated with their actions and make informed decisions, organizations should empower employees to understand and manage their own cybersecurity risks. This empowerment can lead to more proactive and responsible security behaviors. The discussion also touches on the significance of cultural factors in cybersecurity. Michaelides explains that security initiatives must resonate with the cultural values and norms of the workforce to be truly effective. This involves creating tailored security content that reflects the diverse backgrounds and experiences of employees, making it relevant and engaging for everyone. Julie Haney underscores the potential of employee feedback loops in enhancing security measures. She suggests that organizations should actively seek input from employees to identify pain points and areas for improvement in their security practices. By involving employees in the development and refinement of security protocols, organizations can create a more supportive and effective security culture. In conclusion, the episode presents a forward-thinking perspective on cybersecurity, advocating for a shift from traditional, top-down approaches to more inclusive and employee-centered strategies. By recognizing and leveraging the human element, organizations can transform their employees from potential vulnerabilities into key defenders of digital assets. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ThreatLocker: https://itspm.ag/threatlocker-r974 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
Black Hat, the cybersecurity industry’s most established and in-depth security event series, today announced the release of its content lineup for Black Hat Europe 2024. The live, in-person event will take place at the ExCeL London from December 9 to December 12, and feature 41 Briefings hand selected by the Black Hat Europe Review Board, four days of Trainings, 25 Sponsored Sessions, and 64 in-person tool demos and three labs at Black Hat Arsenal. Briefings highlights include: ● SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications ● SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon ● WorstFit: Unveiling Hidden Transformers in Windows ANSI! Trainings highlights include: ● Assessing and Exploiting Control Systems and IIoT [4105] ● Fundamentals of Cyber Investigations and Human Intelligence [2111] ● Attacking DevOps Pipelines [2108] ● Offensive Mobile Reversing and Exploitation [4108] ● Advanced Cloud Incident Response in Azure and Microsoft 365 [2103] Black Hat Arsenal at Black Hat Europe 2024 tool demo highlights include: ● Campus as a Living Lab: An Open-World Hacking Environment ● Pandora: Exploit Password Management Software To Obtain Credential From Memory ● Morion - A Tool for Experimenting with Symbolic Execution on Real-World Binaries For registration and additional information on Black Hat Europe 2024, please visit www.blackhat.com/eu-24 Note: This story contains promotional content. Learn more . Resources Press Release: https://www.blackhat.com/html/press/2024-11-06.html Catch all of our On Location Stories: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs…
R
Redefining CyberSecurity
1 SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event | 2 Minutes on ITSPmagazine 2:02
SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Show highlights for 2024 included: ● Keynotes: This year’s event featured two Keynote presentations. The opening Keynote was presented by Leigh Honeywell, founder and CEO of Tall Poppy, and the second Keynote was presented by Omkhar Arasaratnam, Distinguished Engineer for Security at LinkedIn. ● Business Hall: This year’s Business Hall showcased the latest products and technologies from more than 140 of the industry’s leading cybersecurity solution providers. The Business Hall also featured areas for attendee, vendor, and community engagement through Exhibitor Booths, Arsenal, Sponsored Sessions, Bricks & Picks, and the Community Lounge. ● Summits: On Tuesday, October 22, the event featured a full day of Summit content, including the ninth annual SecTor Executive Summit, the inaugural The AI Summit at SecTor, and the ninth annual Cloud Security Summit at SecTor. ● Scholarships: As a way to introduce the next generation of security professionals to the SecTor community, SecTor awarded a total of 37 complimentary SecTor 2024 Briefings passes. Black Hat holds its own annual Student and Veteran Scholarship programs, and partners with a variety of associations on additional scholarship opportunities. Note: This story contains promotional content. Learn more . Resources Press Release: https://www.businesswire.com/news/home/20241030638106/en/SecTor-2024-Announces-Record-Breaking-Attendance-Following-Successful-Close-of-Toronto-Event Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs…
R
Redefining CyberSecurity
1 Leveraging Data for Cyber Insurance to Bring Consistency and Clarity in Underwriting | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Trium Cyber Short Brand Innovation Story with Josh… 7:07
In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages. Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately. Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market. The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses. Learn more about Trium Cyber: https://itspm.ag/hitrusi2it Note: This story contains promotional content. Learn more . Guest: Josh LaDeau , CEO, Trium Cyber Resources Learn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrust Learn more about HITRUST: https://itspm.ag/itsphitweb Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach | A SecTor Cybersecurity Conference Toronto 2024 Conversation withChristine Dewhurst and Dr.… 26:55
Guests: Christine Dewhurst , Partner, NSC Tech On LinkedIn | https://www.linkedin.com/in/christine-dewhurst-262867a9/ At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#christine-dewhurst-48706 Dr. Thomas Lee , CEO, Vivo Security On LinkedIn | https://www.linkedin.com/in/thomas-lee-phd-b7766b10/ At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#dr-thomas-lee-48707 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of the On Location with Sean and Marco as part of our coverage of SecTor Information Security Conference in Toronto, Canada, Sean Martin and Marco Ciappelli spoke with notable guests Christine Dewhurst and Dr. Thomas Lee. This episode centers on innovative approaches to assessing an organization's risk related to third-party data breaches. Christine Dewhurst and Dr. Thomas Lee present a compelling new people-centric model for determining an organization's exposure to third-party data breaches. Dr. Lee, who holds a PhD in biophysics and operates in California's Silicon Valley, initially approached cybersecurity from a scientific standpoint. He explains that their research focuses on using empirical regression modeling to quantify and predict data breach probabilities based on staffing levels and certifications. His emphasis is on the importance of having enough trained and certified personnel, which includes CISSPs and CISAs, as key indicators of security posture. Christine Dewhurst, based in Toronto, partners with Dr. Lee in applying these mathematical models in practical scenarios. She underscores the critical role of understanding the workforce's capacity to manage and protect data. Dewhurst explains that their model evaluates five key staffing metrics to predict data breach risks, emphasizing that having the right quantity and quality of staff is crucial for robust security. She highlights their unique approach which differs from traditional methods focusing solely on technical controls. The discussion also touches on the surprising significance of audit certifications (CISA) being equally important as technical security certifications (CISSP). This understanding bridges the gap between cybersecurity practices and business management strategies, providing a holistic overview of enterprise security health based on human resources. Christine Dewhurst and Dr. Thomas Lee offer fresh insights into how organizations can strategically enhance their defenses against third-party data breaches. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S Be sure to share and subscribe! ____________________________ Resources A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach (Session): https://www.blackhat.com/sector/2024/briefings/schedule/index.html#a-new-people-centric-approach-to-determining-an-organizations-exposure-to-a-third-party-data-breach-41396 Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
R
Redefining CyberSecurity
1 First of its Kind Cyber Insurance Product Exclusively Available to HITRUST-Certified Customers | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Blake Sutherland and… 31:19
In this Brand Story episode, Sean Martin brings together the team from HITRUST, Robert Booker and Blake Sutherland, to discuss the topic of cyber insurance and its current state in the industry. Both guests bring a wealth of experience and insight, with Robert Booker overseeing strategy, research, and innovation at HITRUST, and Blake Sutherland serving as the EVP of Market Engagement. A significant portion of the discussion centers around the role of cyber insurance in today's business environment. Cyber insurance is not just a safety net but a critical aspect of a complete risk management strategy. As Robert Booker points out, it’s an essential service, historically used to cover residual risk after companies have applied their own security measures. However, the market has changed considerably, with new capabilities and approaches evolving over the past several years, making it a dynamic area. Blake Sutherland further elaborates on the issues that organizations face in acquiring cyber insurance today. The process is often cumbersome, involving extensive questionnaires and varied requirements from different underwriters. This can be particularly challenging for mid-market companies that may lack the internal resources to manage these complexities. The episode highlights that HITRUST is addressing these challenges with their R2 certification, which provides an objective, quantifiable measure of an organization’s cybersecurity posture. This certification helps companies not only in fortifying their own security but also in streamlining the insurance acquisition process by offering a standardized measure that underwriters can rely on. According to Robert Booker, this quantified approach can make a significant difference, offering confidence to both the insured and the insurer. Another important aspect discussed is the role of brokerage in this process. Brokers traditionally guide companies through the insurance process, and an R2 certification from HITRUST can greatly assist them in securing better terms and conditions, as it is recognized as a testament to a company's robust security posture. This can also translate into potentially lower premiums and more reliable coverage, addressing one of the largest pain points in securing cyber insurance. The HITRUST Shared Risk Facility is made available exclusively through licensed brokers and can be accessed by any company holding an R2 certification, with plans to extend to I1 and E1 levels in the future. This facility aims to simplify the process, reduce the administrative burden on companies, and provide greater reliability in the insurance coverage. The episode wraps up with an invitation for organizations, brokers, and underwriters to engage with HITRUST to explore these innovative solutions. It’s a call to improve the overall confidence in the insurance landscape through verified, independent measures of cybersecurity maturity, ultimately benefiting all parties involved in the cyber insurance ecosystem. Explore how HITRUST’s R2 certification can enhance your organization's cybersecurity posture and streamline your cyber insurance process. Learn more about HITRUST: https://itspm.ag/itsphitweb Note: This story contains promotional content. Learn more . Guests: Blake Sutherland , EVP Market Adoption, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/ Robert Booker , Chief Strategy Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/robertbooker/ Resources HITRUST 2024 Trust Report: https://itspm.ag/hitrusi2it Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Bringing a Consistent, Personable and Hands-On Approach to Compliance | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A IS Partners Short Brand Innovation Story with Ian Terry and Robert… 7:24
In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing. Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security. One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals. The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth. Learn more about IS Partners: https://itspm.ag/isparto2jk Note: This story contains promotional content. Learn more . Guests: Ian Terry , Principal, Cybersecurity Services, IS Partners [ @ISPartnersLLC ] On LinkedIn | https://www.linkedin.com/in/ian-terry/ Robert Godard , Partner, IS Partners [ @ISPartnersLLC ] On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ Resources Learn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partners Learn more about HITRUST: https://itspm.ag/itsphitweb Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Future of Cybersecurity at the Australian Cyber Conference 2024, in Melbourne | A Pre-Event Conversation with Akash Mittal | On Location Coverage with Sean Martin and Marco Ciappelli 34:44
Guest: Akash Mittal , CISO, Group Security, Sumitomo Forestry Australia On LinkedIn | https://www.linkedin.com/in/akashgmittal/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Welcome to Melbourne for AU Cyber Con 2024 From November 26th to 28th, Melbourne will transform into the epicenter of cybersecurity as it hosts AU Cyber Con 2024. Organized by the Australian Information Security Association (AISA), the conference brings a diverse lineup of global thought leaders and innovators to the stage, all focused on shaping the next wave of cybersecurity. Conference Highlights and Theme The theme, "The Future is Now," reflects the urgent need for organizations and individuals alike to adapt to our rapidly changing digital landscape. Over three days, the event will feature 440+ speakers and 350 sessions, offering a deep dive into the intersection of cybersecurity, society, and technology. Engage with Industry Leaders This year’s lineup includes top voices in cybersecurity and beyond, like former Facebook CSO Joe Sullivan, astronaut Jose Hernandez, and security icon Mikko Hypponen. With appearances from cultural figures such as actor Kal Penn, the event will highlight the broader societal impact of cybersecurity, demonstrating how it affects everything from the arts to government policy. Interactive Villages and Hands-On Workshops AU Cyber Con goes beyond the stage with interactive villages like the Careers Village, Lockpicking Village, and AI Village. Here, attendees can gain hands-on experience with everything from physical security tools to AI applications and prompt injections. For those interested in personal brand-building, industry insights, or getting into the nuts and bolts of cybersecurity, these workshops offer something for everyone. Spotlight on Sponsors and Exhibitors With support from over 150 exhibitors, the event provides a unique opportunity for attendees to connect with leading companies and uncover the latest in cybersecurity tech. For exhibitors, it’s a valuable chance to meet professionals tackling real-world cybersecurity challenges head-on. Fostering Global Collaboration AU Cyber Con 2024 emphasizes the need for global teamwork to advance cybersecurity. Government representatives and international delegates will discuss strategic initiatives and regulatory advancements to strengthen cyber resilience. This gathering is the perfect platform to build connections, share ideas, and work toward a unified digital security future. Looking Ahead: Coverage from ITSPmagazine Sean Martin and Marco Ciappelli will be covering AU Cyber Con in real time. Join us for pre-event discussions, live updates, and post-event insights—all crafted to keep you connected to the latest innovations and collaborations shaping the future of cybersecurity. ____________________________ This Episode’s Sponsors Threatlocker: https://itspm.ag/threatlocker-r974 ____________________________ Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia Be sure to share and subscribe! ____________________________ Resources Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/asia24 Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Transforming Compliance and Revolutionizing Cybersecurity | A HITRUST Collaborate 2024 Conversation with Ryan T. Patrick | On Location Coverage with Sean Martin 36:24
Guests: Ryan T. Patrick , Vice President of Adoption, HITRUST On LinkedIn | https://www.linkedin.com/in/ryan-patrick-3699117a/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ____________________________ Episode Notes In On Location Podcast episode, Sean Martin had a recap conversation with Ryan T. Patrick, engaging about the pivotal topics surrounding HITRUST and its Collaborate Conference. Ryan Patrick, Director of Corporate Audit and Compliance Operations at HITRUST, provided insightful commentary on HITRUST's mission and its recent initiatives to strengthen cybersecurity and compliance across various sectors. Throughout the episode, Ryan emphasized the significance of HITRUST's annual event, Collaborate. The conference serves as a central hub for customers, assessors, partners, auditors, security, and privacy professionals to share insights and build relationships. One key discussion topic was the evolving concept of continuous assurance. Ryan highlighted how HITRUST is striving to transform annual assessments into a continuous process, enabling organizations to better manage and understand their security posture throughout the year. This shift aims to make security and compliance efforts more proactive and less burdensome. Sean and Ryan also touched on the important role of HITRUST's Results Distribution System (RDS). This innovative system allows organizations to receive structured assessment results, which can be integrated seamlessly into GRC platforms like ServiceNow. By utilizing RDS, companies can more effectively compare vendor assessments and manage risk in a streamlined manner. Another significant highlight from the conference was the announcement of HITRUST's first AI security certification. Set to launch in December, this certification will provide a comprehensive framework for securing AI technologies. Ryan explained that this initiative addresses the rising concerns around AI security by focusing on the controls needed to safeguard AI deployments. In addition, the certification will ensure that the underlying infrastructure supporting AI meets high-security standards. Cyber insurance was another critical topic discussed. HITRUST's partnership with leading insurers has led to the creation of a cyber insurance product tailored for HITRUST-certified organizations. This product offers a 25% premium reduction for those who achieve HITRUST certification, potentially leading to lower premiums and higher coverage limits. Ryan noted that the product is designed to reward organizations that have demonstrated robust cybersecurity practices through their HITRUST certification. The conversation wrapped up with a mention of HITRUST's impressive Trust Report statistics. According to Ryan, less than 1% of HITRUST-certified organizations experienced a security breach in the past two years, compared to over 50% of non-certified entities. This stark difference underscores the effectiveness of HITRUST's rigorous assessment and certification process in enhancing organizational security. Ryan’s insights during this episode illuminate the critical role HITRUST plays in advancing cybersecurity and compliance. The initiatives discussed not only demonstrate HITRUST's commitment to innovation but also highlight practical steps organizations can take to fortify their security posture and achieve greater assurance in an increasingly interconnected world. This collaborative spirit and dedication to continuous improvement continue to set HITRUST apart as a leader in the field. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Be sure to share and subscribe! ____________________________ Resources Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Guiding Organizations on the Next Steps in Their Compliance Journey | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | An A-LIGN Short Brand Innovation Story with Shreesh Bhattarai 7:13
The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications. A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN’s experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience. A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. Learn more about A-LIGN: https://itspm.ag/a-lign-uz1w Note: This story contains promotional content. Learn more . Guest: Shreesh Bhattarai , Director of HITRUST, A-LIGN [ @aligncompliance ] On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ Resources Learn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lign Learn more about HITRUST: https://itspm.ag/itsphitweb Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu… 7:16
The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst. Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university’s national hub for cyber education. The organization’s focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market. Vasu Daggupaty explains that the Catalyst’s training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services. The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst’s Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program’s design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion. Additionally, the Catalyst’s corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada’s cybersecurity skills shortage and enhancing the nation’s defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada. Learn more about Rogers Cybersecure Catalyst: https://itspm.ag/rogershxbp Note: This story contains promotional content. Learn more . Guests: Rushmi Hasham , Director of Strategic Partnerships, Rogers Cybersecure Catalyst On LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/ Vasu Daggupaty , Manager, Partnerships & Investment, Rogers Cybersecure Catalyst On LinkedIn | https://www.linkedin.com/in/vdaggupaty/ Resources Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Effectively Managing a Growing Compliance Program While Minimizing Audit Fatigue | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Schellman Short Brand Innovation Story with Michael… 7:10
Schellman, founded in 2002 as SAS 70 Solutions, was originally focused on just one audit standard; the SAS 70 (subsequently replaced by SOC 2). As the client base grew so did the request to perform other audits outside of the SAS 70. Schellman grew its offerings over the past 20+ years by identifying client needs and then determining if we have the skillset and expertise to deliver high quality work. We have always stayed true to our core strengths and expertise, which is why Schellman is the only Top 100 CPA firm that specializes in IT Audit and Cybersecurity. Schellman provides full-spectrum cybersecurity third-party audits, assessments, and certifications. In a marketplace with growing cybersecurity compliance needs, organizations are struggling to incorporate additional framework and regulations in an efficient and effective way. At Schellman we harnesses our expertise and deep knowledge across the compliance standards to roadmap audits throughout the year that promotes the highest return on evidence collection and subject matter expert time. By performing specific assessments in a staggered or parallel fashion, Schellman is able to collect once and test many; both in terms of information from subject matters experts and evidence from business stakeholders. The broad range of our compliance offerings, along with our combined audit approach and depth of expertise sets Schellman apart. Schellman's approach was built to provide expertise and quality work while valuing and respecting the time and stress assessments/audits place on an organization. Learn more about Schellman: https://itspm.ag/schellman9a6v Note: This story contains promotional content. Learn more . Guests: Michael Parisi , Head of Client Acquisition, Schellman [ @Schellman ] On LinkedIn | https://www.linkedin.com/in/michael-parisi-4009b2261/ Ryan Meehan , Director, Schellman [ @Schellman ] On LinkedIn | https://www.linkedin.com/in/ryan-meehan-cisa-cissp-ccsfp-iso-lead-cipp-71a5939 Resources Learn more and catch more stories from Schellman: https://www.itspmagazine.com/directory/schellman Learn more about HITRUST: https://itspm.ag/itsphitweb Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk 7:08
In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services. Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments. Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway. Note: This story contains promotional content. Learn more . Guest: Michael Mychalczuk , Director of Product Management at OpenText [ @opentext ] On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/ Resources Learn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentext Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 LevelBlue Futures Report: Cyber Resilience in Retail | 7 Minutes on ITSPmagazine | A LevelBlue Short Brand Innovation Story with Theresa Lanowitz 7:05
Retailers today continue to grapple with unforeseen issues as supply chain attacks become more common and vulnerabilities from third-party sources emerge as major threats. Of the 1,050 C-suite and senior executives surveyed, 86% of respondents anticipate that dynamic computing will enhance operational performance within the next three years, especially in AI strategy development and leveraging sophisticated supply chains. However, 82% acknowledge the increased exposure to risk. In this age of dynamic computing, retail organizations encounter both significant opportunities and risks. With traditional security boundaries fading and conventional security measures proving inadequate, retail leaders must adopt a comprehensive approach to ensure overall cyber resilience. To better achieve cyber resilience in the retail industry, LevelBlue shares five specific steps that can be applied across industries, directly in response to these findings: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies. To learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here: https://itspm.ag/levelbjk57 Learn more about LevelBlue: https://itspm.ag/levelblue266f6c Note: This story contains promotional content. Learn more . Guest: Theresa Lanowitz , Chief Evangelist of AT&T Cybersecurity / LevelBlue [ @LevelBlueCyber ] On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ Resources Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Leveraging AI for Effective Healthcare Solutions | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Walter Haydock and Steve Dufour 25:41
The Emergence of Innovative Partnerships: As AI becomes increasingly integral across industries, healthcare is at the forefront of adopting these technologies to improve patient outcomes and streamline services. Sean Martin emphasizes the collaboration between StackAware and Embold Health, setting the stage for a discussion on how they leverage HITRUST to enhance healthcare solutions. A Look into StackAware and Embold Health: Walter Haydock, founder and CEO of StackAware, shares the company's mission to support AI-driven enterprises in measuring and managing cybersecurity compliance and privacy risks. Meanwhile, Steve Dufour, Chief Security and Privacy Officer of Embold Health, describes their initiative to assess physician performance, guiding patients toward top-performing providers. Integrating AI Responsibly: A key theme throughout the conversation is the responsible integration of generative AI into healthcare. Steve Dufour details how Embold Health developed a virtual assistant using Azure OpenAI, ensuring users receive informed healthcare recommendations without long-term storage of sensitive data. Assessment Through Rigorous Standards: Haydock and Dufour also highlight the importance of ensuring data privacy and compliance with security standards, from conducting penetration tests to implementing HITRUST assessments. Their approach underscores the need to prioritize security throughout product development, rather than as an afterthought. Navigating Risk and Compliance: The conversation touches on risk management and compliance, with both speakers emphasizing the importance of aligning AI initiatives with business objectives and risk tolerance. A strong risk assessment framework is essential for maintaining trust and security in AI-enabled applications. Conclusion: This in-depth discussion not only outlines a responsible approach to incorporating AI into healthcare but also showcases the power of collaboration in driving innovation. Sean Martin concludes with a call to embrace secure, impactful technologies that enhance healthcare services and improve outcomes. Learn more about HITRUST: https://itspm.ag/itsphitweb Note: This story contains promotional content. Learn more . Guests: Walter Haydock , Founder and CEO, StackAware On LinkedIn | https://www.linkedin.com/in/walter-haydock/ Steve Dufour , Chief Security & Privacy Officer, Embold Health On LinkedIn | https://www.linkedin.com/in/swdufour/ Resources Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Unveiling AI's Impact and Challenges at SECTOR 2024 | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Helen Oakley and Larry Pesce | On Location Coverage with Sean Martin and Marco… 22:44
Guests: Helen Oakley , Director of Secure Software Supply Chains and Secure Development, SAP On LinkedIn | https://www.linkedin.com/in/helen-oakley On Twitter | https://x.com/e2hln On Instagram | https://instagram.com/e2hln Larry Pesce , Product Security Research and Analysis Director, Finite State [ @FiniteStateInc ] On LinkedIn | https://www.linkedin.com/in/larrypesce/ On Twitter | https://x.com/haxorthematrix On Mastodon | https://infosec.exchange/@haxorthematrix ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Sean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today. The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations. Preventing the AI Apocalypse One of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes. Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components. AI BOM: A Tool for Understanding and Compliance The conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time. Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts. Engagement at the CISO Executive Summit The speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment. Conclusion: A Call to Be Prepared As the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S Be sure to share and subscribe! ____________________________ Resources Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
SecTor, Canada’s largest cybersecurity conference, today announced the release of its full schedule of Summits for SecTor 2024. The live, in-person event will take place from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Summits will take place on Tuesday, October 22 and include: SecTor Executive Summit – This Summit will offer CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy. Sponsors include: Armis, Sysdig, Cyera, and Trend Micro. To apply, please visit blackhat.com/sector/2024/executive-summit.html . Inaugural AI Summit at SecTor – This Summit will take place as part of The AI Summit Series, a global conference and expo series focusing on practical applications of AI technologies. This Summit will underscore the importance of artificial intelligence (AI) as an organization’s newest and greatest weapon within the ever-evolving cybersecurity landscape. Passes can be purchased here: blackhat.com/sector/2024/ai-summit.html . Cloud Security Summit at SecTor – This Summit is Canada’s leading cloud security event featuring keynote speakers, panel discussions, and networking opportunities, and provides an invaluable opportunity for every security professional to engage with leaders and discuss the future of cloud security. Sponsors include: CrowdStrike, Cyera, Kyndryl, Okta, OpenText, StrongDM, Sysdig, and Lookout. Passes can be purchased here: blackhat.com/sector/2024/cloud-summit.html . Note: This story contains promotional content. Learn more . Resources Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs…
R
Redefining CyberSecurity
1 Strategies for Effective Cybersecurity Governance and Protection to Better Balance Innovation and Regulation in Cybersecurity | CISO Circuit Series with Mandy Huth and Whitney Merrill | Michael… 47:46
About the CISO Circuit Series Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin . ____________________________ Guests: Michael Piacente , Managing Partner and Cofounder of Hitch Partners On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente Mandy Huth , Global CISO - VP of Cybersecurity, Kohler Co. On LinkedIn | https://www.linkedin.com/in/mandyhuth/ Whitney Merrill , Head of Global Privacy & Data Protection Officer, Asana [ @asana ] On LinkedIn | https://www.linkedin.com/in/whitney-merrill-5ab05012/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin ____________________________ This Episode’s Sponsors Imperva | https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Episode Notes In this episode of the CISO Circuit series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Michael Piacente lead an engaging discussion about the current state of cybersecurity leadership, liability, and protection. Their conversation features insights from two distinguished guests: Mandy Huth, an enterprise security leader with over 20 years of experience, and Whitney Merrill, a privacy attorney with a strong background in computer science and legal frameworks around consumer protection. The discussion opens with an exploration of individual liability for cybersecurity leaders and broader business leadership within organizations. Whitney Merrill argues that regulators like the FTC and SEC are increasingly holding individuals accountable for security and privacy lapses. The conversation highlights notable cases where executives have faced scrutiny, emphasizing the growing expectation for tangible processes and proper security postures within organizations. Mandy Huth underscores the importance of shared responsibility and accountability within a business, noting that security decisions are not made in isolation. She advocates for a collaborative approach where security leaders outline risks comprehensively to allow for informed decision-making across the executive team. Huth also expresses concern over the proliferation of CYA (Cover Your Ass) practices that prioritize documentation over meaningful risk mitigation, warning that this can dilute the effectiveness of security programs. Another central theme in the episode centers on the need for standardized frameworks and a common language to articulate risk across an organization. Both guests highlight the need for clear, consistent communication of risks to build a unified understanding among all stakeholders, from the board to individual teams. Piacente and Merrill emphasize that while existing frameworks like NIST and ISO provide a foundation, there is an ongoing need to adapt these frameworks to align with industry-specific contexts and evolving regulatory expectations. A significant takeaway from the conversation is the role of systemic risk and the potential outsized impact of seemingly minor vulnerabilities. Huth and Merrill caution against underestimating these risks and advocate for continuous improvement and adaptation of security measures. They suggest that prioritizing business-friendly security practices can help foster greater adoption and collaboration across the enterprise. The episode concludes with reflections on the future landscape of cybersecurity regulation and practice. Whitney Merrill envisions a shift towards democratizing security, making it more accessible and achievable for small businesses through standardized, affordable solutions. Meanwhile, Huth calls for a balance between regulatory clarity and flexibility to ensure innovative small businesses can thrive without being stifled by onerous security requirements. Overall, the conversation provides valuable insights into the complexities of cybersecurity management, emphasizing the importance of collaboration, clear communication, and adaptability in navigating modern security challenges. These discussions are essential for any business leader or security professional looking to enhance their organization's resilience against cyber threats. ____________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ____________________________ Resources ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring an ITSPmagazine Channel? 👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network…
R
Redefining CyberSecurity
1 A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and… 23:55
Guest: Steve Wylie , Vice President, Cybersecurity Portfolio On LinkedIn | https://www.linkedin.com/in/swylie650/ On Twitter | https://twitter.com/swylie650 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards. This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies. The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area. Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements. In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S Be sure to share and subscribe! ____________________________ Resources Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
R
Redefining CyberSecurity
1 HITRUST Collaborate 2024 Keynote—Industry Perspectives: Charting The Path Forward—Innovations in Security and Assurance | A Conversation with Dan Nutkis, Robert Booker, Omar Khawaja, Cliff Baker,… 49:43
Guests: Dan Nutkis , Founder and Chief Executive Officer of HITRUST On LinkedIn | https://www.linkedin.com/in/daniel-nutkis-339b93b/ Robert Booker , Chief Strategy Officer at HITRUST On LinkedIn | https://www.linkedin.com/in/robertbooker/ Omar Khawaja , CISO, Client at Databricks On LinkedIn | https://www.linkedin.com/in/smallersecurity/ Cliff Baker , CEO at CORL Technologies On LinkedIn | https://www.linkedin.com/in/cliffbaker/ Andrew Hicks , Partner and National HITRUST Practice Lead at Frazier & Deeter On LinkedIn | https://www.linkedin.com/in/aehicks2000/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ____________________________ Episode Notes This episode of the On Location series takes place during HITRUST Collaborate 2024 brought together leading figures in cybersecurity to share their experiences and insights. Moderated by Sean Martin, host of the Redefining CyberSecurity Podcast, the panel included Dan Nutkis, Founder and Chief Executive Officer of HITRUST; Robert Booker, Chief Strategy Officer at HITRUST and former Chief Information Security Officer at UnitedHealth Group; Omar Khawaja, CISO, Client at Databricks and former Chief Information Security Officer at Highmark Health; Cliff Baker, CEO at CORL Technologies and Managing Partner at Meditology Services; and Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter. The session kicked off with Sean Martin highlighting the importance of collaboration and conversation within the cybersecurity community. Dan Nutkis reflected on the early beginnings of HITRUST in 2007 and discussed the initial goal of establishing a comprehensive and effective framework for security. Nutkis highlighted the organization's ongoing commitment to continuous improvement and adaptability in addressing security needs. Omar Khawaja emphasized the need for setting high-security bars and how HITRUST has been instrumental in providing robust frameworks that simplify complex compliance requirements. He shared how Highmark Health leveraged the HITRUST certification to streamline their third-party risk management, ensuring better outcomes with fewer resources. According to Khawaja, HITRUST’s efforts in adapting to market needs and developing new assurance levels like the i1 and e1 have been vital in meeting evolving security demands. Cliff Baker discussed the innovation driven by HITRUST in the compliance space. Baker stressed the importance of the HITRUST ecosystem, which is designed not only to meet today’s security challenges but to anticipate future needs. The assurance framework and transparency provided by HITRUST have proven essential in building and maintaining trust within the healthcare industry. Andrew Hicks praised the rigorous QA process that HITRUST employs, which ensures that certified organizations maintain high standards of security. He emphasized how this rigorous process not only helps organizations achieve certification but also transforms their overall approach to cybersecurity. Robert Booker spoke about the continuous curiosity and commitment required to stay ahead in cybersecurity. He highlighted how HITRUST’s data-driven approach and innovations in areas like AI and continuous monitoring are crucial in maintaining relevance and enhancing security outcomes. Throughout the discussion, the panelists collectively underscored the importance of a robust, adaptable, and comprehensive security framework. HITRUST's continuous innovation and commitment to addressing real-world security challenges position it as a leader in the industry. The collaborative efforts of HITRUST and its community not only improve organizational security but also strengthen the overall reliability of the healthcare system. As HITRUST continues to evolve and introduce new initiatives, it remains a pivotal player in setting high security and compliance standards. The insights shared during this episode of On Location provide a glimpse into the future of cybersecurity and the ongoing efforts to safeguard sensitive data in the healthcare sector.Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas Be sure to share and subscribe! ____________________________ Resources Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 HITRUST Achieves Major Milestone with Availability of Solution Making it Practical to Manage Third-Party (Information Security) Risk | 2 Minutes on ITSPmagazine 2:19
HITRUST, leader in information security and third-party risk management (TPRM), has announced significant enhancements to its HITRUST Assessment XChange. This comprehensive solution addresses longstanding challenges in TPRM by integrating with leading TPRM platforms to streamline vendor risk management processes. These integrations solve the "last mile" challenge by enabling organizations to efficiently capture, consume, and analyze detailed assurance data. The HITRUST Assessment XChange operationalizes third-party risk management through end-to-end workflows that cover the entire vendor lifecycle—from initial evaluation to results analysis. This approach significantly improves information security risk capabilities, reducing time, costs, and complexity. It also allows organizations to manage risk with updated threat-adaptive controls, broad assessment options, and real-time updates on risk mitigation. Legacy approaches to TPRM have proven inefficient, with many organizations relying on outdated methods like spreadsheets or self-assessment questionnaires. In contrast, HITRUST’s solution offers a practical, effective, and comprehensive approach, making TPRM more manageable and secure across industries. HITRUST’s first planned integration with ServiceNow’s TPRM solution is set for release by the end of 2024, allowing users to leverage HITRUST's capabilities within the ServiceNow platform. This integration marks a new era in operationalizing information security TPRM, providing organizations with unprecedented visibility into vendor risk. Learn more about and stay up to date by visiting hitrustalliance.net/news . Note: This story contains promotional content. Learn more . Resources Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs…
R
Redefining CyberSecurity
1 Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 3 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin 27:34
Guest: Kush Sharma , Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario) On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ___________________________ Episode Notes In the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity. Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately. Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants. A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures. Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives. In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 HITRUST Announces Continuous Assurance through the Proven HITRUST Ecosystem | 2 Minutes on ITSPmagazine 2:06
HITRUST has announced the launch of HITRUST Continuous Assurance , a new strategic evolution aimed at enhancing security sustainability and outcomes through continuous control monitoring. This initiative builds upon the proven HITRUST ecosystem, providing organizations with an efficient way to manage security and compliance risks in the face of evolving cyber threats. Traditional approaches that prioritize compliance over security are increasingly inadequate, especially in the era of generative AI and sophisticated cyber-attacks. Continuous Assurance minimizes the risk of evidence decay by enabling organizations to monitor security controls continuously, ensuring that security requirements remain relevant and reliable. Key features of this initiative include automated evidence collection, a continuous monitoring taxonomy integrated with the HITRUST CSF, and enhanced workflows in HITRUST’s MyCSF platform. The system also supports integration with Governance, Risk, and Compliance (GRC) systems, ensuring streamlined risk management. HITRUST's Continuous Assurance will leverage its extensive certification framework, which has shown significant success. Notably, the 2024 HITRUST Trust Report highlighted that 99.4% of HITRUST-certified organizations did not report a breach over the past two years. Continuous Assurance offers new capabilities that further solidify HITRUST’s role as a leader in information security risk management. Learn more about and stay up to date by visiting hitrustalliance.net/news . Note: This story contains promotional content. Learn more . Resources Read the Press Release: https://hitrustalliance.net/press-releases/hitrust-announces-continuous-assurance-through-the-proven-hitrust-ecosystem Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs…
R
Redefining CyberSecurity
1 Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and… 22:40
Guest: Sagar Bhure , Senior Security Researcher, F5 [ @F5 ] On LinkedIn | https://www.linkedin.com/in/sagarbhure/ At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#sagar-bhure-45119 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The authenticity of audio and visual media has become an increasingly significant concern. This episode explores this critical issue, featuring insights from Sean Martin, Marco Ciappelli, and guest Sagar Bhure, a security researcher from F5 Networks. Sean Martin and Marco Ciappelli engage with Bhure to discuss the challenges and potential solutions related to deepfake technology. Bhure reveals intricate details about the creation and detection of deepfake images and videos. He emphasizes the constant battle between creators of deepfakes and those developing detection tools. The conversation highlights several alarming instances where deepfakes have been used maliciously. Bhure recounts the case in 2020 where a 17-year-old student successfully fooled Twitter’s verification system with an AI-generated image of a non-existent political candidate. Another incident involved a Hong Kong firm losing $20 million due to a deepfake video impersonating the CFO during a Zoom call. These examples underline the serious implications of deepfake technology for misinformation and financial fraud. One core discussion point centers on the challenge of distinguishing between real and artificial content. Bhure explains that the advancement in AI and hardware capabilities makes it increasingly difficult for the naked eye to differentiate between genuine and fake images. Despite this, he mentions that algorithms focusing on minute details such as skin textures, mouth movements, and audio sync can still identify deepfakes with varying degrees of success. Marco Ciappelli raises the pertinent issue of how effective detection mechanisms can be integrated into social media platforms like Twitter, Facebook, and Instagram. Bhure suggests a 'secure by design' approach, advocating for pre-upload verification of media content. He suggests that generative AI should be regulated to prevent misuse while recognizing that artificially generated content also has beneficial applications. The discussion shifts towards audio deepfakes, highlighting the complexity of their detection. According to Bhure, combining visual and audio detection can improve accuracy. He describes a potential method for audio verification, which involves profiling an individual’s voice over an extended period to identify any anomalies in future interactions. Businesses are not immune to the threat of deepfakes. Bhure notes that corporate sectors, especially media outlets, financial institutions, and any industry relying on digital communication, must stay vigilant. He warns that deepfake technology can be weaponized to bypass security measures, perpetuate misinformation, and carry out sophisticated phishing attacks. As technology forges ahead, Bhure calls for continuous improvement in detection techniques and the development of robust systems to mitigate risks associated with deepfakes. He points to his upcoming session at Sector in Toronto, where he will delve deeper into 'Hacking Deepfake Image Detection Systems with White and Black Box Attacks,' offering more comprehensive insights into combating this pressing issue. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S Be sure to share and subscribe! ____________________________ Resources Hacking Deepfake Image Detection System with White and Black Box Attacks: https://www.blackhat.com/sector/2024/briefings/schedule/#hacking-deepfake-image-detection-system-with-white-and-black-box-attacks-40909 Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
R
Redefining CyberSecurity
1 HITRUST Announces Industry-Leading AI Security Certification | 7 Minutes on ITSPmagazine | A HITRUST Short Brand Innovation Story with Jeremy Huval 7:07
HITRUST will launch its AI Security Certification in December 2024, addressing the unique security risks of artificial intelligence systems. As AI reshapes the cybersecurity landscape, existing control frameworks, including HITRUST CSF, do not fully address new and evolving threats. The certification offers prescriptive controls to help secure AI deployments effectively. Targeted at AI platform and product providers, this certification is an optional extension to HITRUST CSF validated assessments. It addresses AI-specific threats alongside traditional cybersecurity risks, focusing on security practices for AI/ML deployments, including generative AI. The certification integrates with third-party risk management (TPRM) platforms, enabling more efficient workflows for managing AI solution security. This helps organizations manage AI risk, adopt AI solutions with confidence, and reduce complexity, time, and costs. Designed to enhance third-party AI risk management, the certification allows organizations to identify shared security responsibilities between AI providers and users. It ensures greater trust and security across AI deployments, helping businesses stay ahead of emerging AI threats. The draft certification specification is open for public comment until October 17, 2024. To learn more and to provide feedback visit: https://www.manula.com/manuals/hitrust/ai-security-certification-requirements-draft/1/en/topic/about Learn more about HITRUST: https://itspm.ag/itsphitweb Note: This story contains promotional content. Learn more . Guest: Jeremy Huval , Chief Innovation Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/jeremyhuval/ Resources Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Building Resilient Applications and APIs: The Importance of Security by Design to Ensure Data Protection | An Imperva Brand Story with Lebin Cheng 36:47
In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks. Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology. Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking. Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat. In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world. Learn more about Imperva: https://itspm.ag/imperva277117988 Note: This story contains promotional content. Learn more . Guest: Lebin Cheng , VP, API Security, Imperva [ @Imperva ] On LinkedIn | https://www.linkedin.com/in/lebin/ Resources Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Ashley Jess | On… 22:51
Guest: Ashley Jess , Senior Intelligence Analyst, Intel 471 [ @Intel471Inc ] At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#ashley-jess-48633 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes As part of their Chats on the Road for the On Location series during SecTor in Toronto, Sean Martin and Marco Ciappelli had an engaging conversation with Ashley Jess, a Senior Threat Intelligence Analyst from Intel471. The discussion centered on the intricacies of artificial intelligence (AI), its uses, and its abuses in the realm of cybersecurity. Ashley's upcoming presentation titled "Hello from the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation, and Scam Campaigns" sets the stage for an in-depth exploration into the dark side of AI. Ashley gives a glimpse into how AI is being utilized for nefarious purposes, highlighting the connection between generative AI and disinformation campaigns. She explains how AI has been used to create politically motivated fake graffiti, deepfake videos with celebrities, and even entirely fabricated news websites. She emphasizes that the lowest barrier to entry for generating such content is lower than ever, making it easy for bad actors to create and spread false information swiftly. She mentions a particularly interesting case during the Olympics, where an entire propaganda movie starring a deepfake Tom Cruise was produced for political purposes. This example underscores the potential of AI to convincingly spread disinformation on a massive scale. She also points out how scam campaigns are increasingly leveraging AI, making them more believable and harder to detect. One crucial topic Ashley touches on is the matter of responsibility in combating these threats. She discusses the need for more robust government regulations and the role of various technology vendors in detecting and preventing the misuse of AI. She highlights the importance of technologies like Web3 and blockchain for content provenance. According to Ashley, integrating such measures into platforms used by everyday people can help mitigate the risks posed by AI-generated disinformation. Marco Ciappelli adds to this by reflecting on how easy it is to create misleading content and target vulnerable populations. He points out that ordinary citizens, who are not as vigilant or technologically savvy, are at greater risk. On this note, Sean Martin questions who should be responsible for protecting individuals and organizations from AI-based threats. The discussion also touches on the ethical aspects of AI and its dual-use nature—where technological advancements can be both beneficial and harmful. Ashley emphasizes the need for a balanced approach that considers both the legitimate applications of AI technology and its potential for abuse. Ashley Jess is enthusiastic about her upcoming talk at SecTor where she promises to delve further into these critical issues. The session aims to provide a realistic, frontline view of how AI is being used maliciously and to encourage more proactive measures to combat these emerging threats. For those attending SecTor, her insights promise to be both enlightening and essential. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S Be sure to share and subscribe! ____________________________ Resources Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns (Session): https://www.blackhat.com/sector/2024/briefings/schedule/#hello-from-the-dumpster-fire-real-examples-of-artificially-generated-malware-disinformation-and-scam-campaigns-41161 Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
R
Redefining CyberSecurity
1 Book | The Developer's Playbook for Large Language Model Security: Building Secure AI Applications | A Conversation with Steve Wilson | Redefining CyberSecurity with Sean Martin 34:35
Guest: Steve Wilson , Chief Product Officer, Exabeam [ @exabeam ] & Project Lead, OWASP Top 10 for Larage Language Model Applications [ @owasp ] On LinkedIn | https://www.linkedin.com/in/wilsonsd/ On Twitter | https://x.com/virtualsteve ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of Redefining CyberSecurity, host Sean Martin sat down with Steve Wilson, chief product officer at Exabeam, to discuss the critical topic of secure AI development. The conversation revolved around the nuances of developing and deploying large language models (LLMs) in the field of cybersecurity. Steve Wilson's expertise lies at the intersection of AI and cybersecurity, a point he emphasized while sharing his journey from founding the Top 10 group for large language models to authoring his new book, "The Developer's Playbook for Large Language Model Security." In this insightful discussion, Wilson and Martin explore the roles of developers and product managers in ensuring the safety and security of AI systems. One of the key themes in the conversation is the categorization of AI applications into chatbots, co-pilots, and autonomous agents. Wilson explains that while chatbots are open-ended, interacting with users on various topics, co-pilots focus on enhancing productivity within specific domains by interacting with user data. Autonomous agents are more independent, executing tasks with minimal human intervention. Wilson brings attention to the concept of overreliance on AI models and the associated risks. Highlighting that large language models can hallucinate or produce unreliable outputs, he stresses the importance of designing systems that account for these limitations. Product managers play a crucial role here, ensuring that AI applications are built to mitigate risks and communicate their reliability to users effectively. The discussion also touches on the importance of security guardrails and continuous monitoring. Wilson introduces the idea of using tools akin to web app firewalls (WAF) or runtime application self-protection (RASP) to keep AI models within safe operational parameters. He mentions frameworks like Nvidia's open-source project, Nemo Guardrails, which aid developers in implementing these defenses. Moreover, the conversation highlights the significance of testing and evaluation in AI development. Wilson parallels the education and evaluation of LLMs to training and testing a human-like system, underscoring that traditional unit tests may not suffice. Instead, flexible test cases and advanced evaluation tools are necessary. Another critical aspect Wilson discusses is the need for red teaming in AI security. By rigorously testing AI systems and exploring their vulnerabilities, organizations can better prepare for real-world threats. This proactive approach is essential for maintaining robust AI applications. Finally, Wilson shares insights from his book, including the Responsible AI Software Engineering (RAISE) framework. This comprehensive guide offers developers and product managers practical steps to integrate secure AI practices into their workflows. With an emphasis on continuous improvement and risk management, the RAISE framework serves as a valuable resource for anyone involved in AI development. About the Book Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models. Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list—a feat accomplished by more than 400 industry experts—this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Book: "The Developer's Playbook for Large Language Model Security: Building Secure AI Applications": https://amzn.to/3ztWuc2 OWASP Top 10 for LLM: https://genai.owasp.org/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 $17M Series B Will Accelerate Growth As BlackCloak Further Strengthens Its Personal Cybersecurity Platform And Drives Innovative Products | 7 Minutes on ITSPmagazine | A BlackCloak Short Brand… 7:03
In 7 Minutes on ITSPmagazine, Sean Martin chats with Chris Pierson, CEO and Co-founder of BlackCloak, about their latest milestone in digital executive protection. BlackCloak, a pioneer in protecting executives, senior leaders, high-net-worth individuals, and family offices, has secured $17 million in a Series B funding round led by Baird Capital, with contributions from Blue Heron, TDF, and Tech Operators. Chris explains that the new funds will focus on scaling the company's operations, building proprietary cybersecurity and privacy technologies, and enhancing their concierge-level services. The goal is to provide specialized protection and remediation for corporate executives, board members, and high-profile individuals, including those in their families' personal lives. The conversation touches on the increasing need for digital executive protection against breaches, privacy risks, and identity theft. Chris highlights how recent attacks on home environments have accelerated the demand for robust digital security solutions. Investors are drawn to BlackCloak's unique approach and market potential. Looking ahead, Chris envisions a day in the life of a protected digital executive as one where privacy enhancements and proactive, intelligence-driven alerts become standard. BlackCloak aims to make managing personal cybersecurity seamless, offering reactive support and expert advice along the way. With this fresh investment, the company is poised to capture significant growth in this critical space. Learn more about BlackCloak: https://itspm.ag/itspbcweb Note: This story contains promotional content. Learn more . Guest: Chris Pierson , Founder and CEO of BlackCloak [ @BlackCloakCyber ] On Linkedin | https://www.linkedin.com/in/drchristopherpierson/ On Twitter | https://twitter.com/drchrispierson Resources Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak BlackCloak Raises $17M Series B Funding Round to Enhance Personal Cybersecurity Protections for Corporate Executives, High Net Worth Individuals, and Family Offices: https://blackcloak.io/news-media/blackcloak-raises-17m-series-b-personal-cybersecurity-protections-corporate-executives-high-networth-individuals-family-offices/ Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Critical Role of Identity in Creating Effective Ransomware Attack Defense and Broader Business Resilience Strategies | 7 Minutes on ITSPmagazine | A Semperis Short Brand Story with Simon… 7:03
Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems. Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements. The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3w Learn more about Semperis: https://itspm.ag/semperis-1roo Note: This story contains promotional content. Learn more . Guest: Simon Hodgkinson , Strategic Advisor, Semperis [ @SemperisTech ] On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623 Resources Learn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperis Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli 24:19
Guest: Allan Liska , Senior Security Architect and Ransomware Specialist, Recorded Future [ @RecordedFuture ] On Linkedin | https://www.linkedin.com/in/allan2 On Twitter | https://twitter.com/uuallan ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses. The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean’s engagements. Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations. A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack. The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes. The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference. In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle Be sure to share and subscribe! ____________________________ Resources The Ransomware Threat and the Resilience Imperative (Session): https://www.hitrustevents.com/event/HITRUSTCollaborate2024/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce?session=3448b1bf-3996-4945-95ed-bd957710b0ac Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli 21:25
Guest: Cassie Crossley , VP, Supply Chain Security, Schneider Electric [ @SchneiderElec ] On LinkedIn | https://www.linkedin.com/in/cassiecrossley/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context. Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development. Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability. Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means. The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries. To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews. ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt Be sure to share and subscribe! ____________________________ Resources The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sboms Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martin Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/ SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Generative AI and Large Language Model (LLM) Prompt Hacking: Exposing Systemic Vulnerabilities of LLMs to Enhance AI Security Through Innovative Red Teaming Competitions | A Conversation with Sander… 35:14
Guest: Sander Schulhoff , CEO and Co-Founder, Learn Prompting [ @learnprompting ] On LinkedIn | https://www.linkedin.com/in/sander-schulhoff/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of Redefining CyberSecurity, host Sean Martin engages with Sander Schulhoff, CEO and Co-Founder of Learn Prompting and a researcher at the University of Maryland. The discussion focuses on the critical intersection of artificial intelligence (AI) and cybersecurity, particularly the role of prompt engineering in the evolving AI landscape. Schulhoff's extensive work in natural language processing (NLP) and deep reinforcement learning provides a robust foundation for this insightful conversation. Prompt engineering, a vital part of AI research and development, involves creating effective input prompts that guide AI models to produce desired outputs. Schulhoff explains that the diversity of prompt techniques is vast and includes methods like the chain of thought, which helps AI articulate its reasoning steps to solve complex problems. However, the conversation highlights that there are significant security concerns that accompany these techniques. One such concern is the vulnerability of systems when they integrate user-generated prompts with AI models, especially those prompts that can execute code or interact with external databases. Security flaws can arise when these systems are not adequately sandboxed or otherwise protected, as demonstrated by Schulhoff through real-world examples like MathGPT, a tool that was exploited to run arbitrary code by injecting malicious prompts into the AI’s input. Schulhoff's insights into the AI Village at DEF CON underline the community's nascent but growing focus on AI security. He notes an intriguing pattern: many participants in AI-specific red teaming events were beginners, which suggests a gap in traditional red teamer familiarity with AI systems. This gap necessitates targeted education and training, something Schulhoff is actively pursuing through initiatives at Learn Prompting. The discussion also covers the importance of studying and understanding the potential risks posed by AI models in business applications. With AI increasingly integrated into various sectors, including security, the stakes for anticipating and mitigating risks are high. Schulhoff mentions that his team is working on Hack A Prompt, a global prompt injection competition aimed at crowdsourcing diverse attack strategies. This initiative not only helps model developers understand potential vulnerabilities but also furthers the collective knowledge base necessary for building more secure AI systems. As AI continues to intersect with various business processes and applications, the role of security becomes paramount. This episode underscores the need for collaboration between prompt engineers, security professionals, and organizations at large to ensure that AI advancements are accompanied by robust, proactive security measures. By fostering awareness and education, and through collaborative competitions like Hack A Prompt, the community can better prepare for the multifaceted challenges that AI security presents. Top Questions Addressed What are the key security concerns associated with prompt engineering? How can organizations ensure the security of AI systems that integrate user-generated prompts? What steps can be taken to bridge the knowledge gap in AI security among traditional security professionals? ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources The Prompt Report: A Systematic Survey of Prompting Techniques: https://trigaten.github.io/Prompt_Survey_Site/ HackAPrompt competition: https://www.aicrowd.com/challenges/hackaprompt-2023 HackAPrompt results published in this paper "Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition EMNLP 2023": https://paper.hackaprompt.com/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Achieving Compliance in the Cloud through Continuous Controls Monitoring (CCM) | 7 Minutes on ITSPmagazine | A RegScale Short Brand Story with Travis Howerton 7:05
With the rapid pace of cloud adoption, less time is spent ensuring that systems are built and operated effectively and with proper cyber hygiene. As a result, continuous controls monitoring (CCM) has emerged as indispensable for ensuring both security and regulatory compliance. Travis will discuss how CCM: transforms reactive security measures into a proactive stance; strengthens security protocols and embeds compliance within cloud operations; and streamlines the protection of digital assets in an ever-evolving landscape. With systems becoming increasingly cloud-native and ephemeral, manual approaches no longer work, can’t scale, and are not timely enough to manage risk. Continuous Controls Monitoring (CCM) is needed to allow cloud adoption in highly regulated industries without sacrificing security. The speed of the cloud, AI development, and digital transformation is quickly reaching a point where human-based risk and compliance business processes cannot keep up. A modern, compliance-as-code approach is needed via CCM platforms to ensure risk and compliance processes can execute in real-time to keep pace with modern cloud technology. Embracing compliance-as-code to allow business processes to execute at machine speed, generate self-updating paperwork, and leverage AI and mini-robot automations to validate and assess the results. Consider more sophisticated DevOps approaches leveraging CI/CD software factories to push security from code to cloud. The new CCM approach is to shift security processes left across every layer of the application lifecycle. Learn more about RegScale: https://itspm.ag/regscaksfb Note: This story contains promotional content. Learn more . Guest: Travis Howerton , Co-Founder and CEO, RegScale, [ @RegScale ] On LinkedIn | https://www.linkedin.com/in/travishowerton/ Resources Learn more and catch more stories from RegScale: https://www.itspmagazine.com/directory/regscale Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Charting the Path Forward: Navigating Security and Compliance at Collaborate 2024 | A HITRUST Collaborate 2024 Conversation with Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins |… 17:25
Guests: Leslie Jenkins , Sr. Director, Marketing, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/lsjenkins/ Robert Booker , Chief Strategy Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/robertbooker/ Blake Sutherland , EVP Market Adoption, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/ Steve Perkins , Chief Marketing Officer, HITRUST [ @HITRUST ] On LinkedIn | https://www.linkedin.com/in/steve-perkins-1604b31/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of "On Location with Sean and Marco," Sean Martin welcomes listeners to an engaging Chats on the Road episode heading from Frisco, Texas, where he discusses Collaborate 2024—an upcoming event centered on security, risk management, and compliance programs. Sean is joined by notable industry figures, including Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins, who collectively provide a comprehensive overview of Collaborate 2024. The discussion begins with Robert Booker sharing insights into the history and objectives of the HITRUST Collaborate conference. He explains the event's organic growth and its focus on creating a community-driven environment where participants can engage in meaningful conversations about the challenges they face in the industry. Steve Perkins elaborates on the theme "charting the path forward," highlighting the importance of addressing recent industry events, such as significant breaches, and fostering collective efforts in assurance, risk management, and compliance. The agenda includes a variety of sessions ranging from roundtable discussions with seasoned industry professionals to focused talks on emerging trends like ransomware and workforce development. Blake Sutherland touches on the unique aspects of cyber insurance, outlining the benefits of integrating HITRUST certifications into the insurance process to enhance risk decisions and streamline procurement. The conversation also touches on the significance of AI in the industry, as Robert Booker discusses the challenges and opportunities associated with AI governance and security. He emphasizes the need for a robust framework to ensure AI systems are secure and align with corporate governance. Leslie Jenkins adds to the excitement by talking about the conference's location at the Dallas Cowboys' world headquarters, which promises a unique networking experience. She underscores the importance of in-person interactions and how they contribute to the event's overall value. The episode concludes with logistical details for attendees and a collective anticipation for the upcoming event. Sean and guests express their enthusiasm for being part of a community that actively engages in shaping the future of security, risk management, and compliance. Listeners are encouraged to stay tuned for more insightful episodes and register for the event through links provided in the show notes. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors HITRUST: https://itspm.ag/itsphitweb ____________________________ Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle Be sure to share and subscribe! ____________________________ Resources Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 AI-powered, Unified Detection and Response Platform Streamlines Cybersecurity for MSPs and IT Service Providers | 7 Minutes on ITSPmagazine | A Guardz Short Brand Innovation Story with Dor Eisner 7:05
As cyber threats grow more sophisticated and target various aspects of businesses across digital assets and surfaces, a common practice is to increase the number of security layers a company uses, often tasked to an MSP. However, this approach has led to a new dilemma: MSPs are now dealing with managing a plethora of disparate point solutions simultaneously. These solutions generate an overwhelming amount of data, information, and alerts that demand attention. As SMBs often lack dedicated personnel and resources to handle these alerts, the task falls on MSPs. This leaves MSPs struggling to manage the flood of information effectively. Guardz empowers MSPs and IT service providers to protect their clients effectively and efficiently, offering a unified platform with automated detection and response, which ensures digital assets, emails, endpoints, data and cloud directories are secure, allowing businesses to focus on growth. The Guardz platform is tailor-made for MSPs, simplifying cybersecurity management for SMBs and the MSPs that serve them. Leveraging the power of AI, Guardz automates threat detection and response, reducing false alerts and focusing on real threats. It provides scalable solutions for MSPs, comprehensive coverage for SMBs, and a user-friendly interface, ensuring robust protection and proactive security measures like regular vulnerability assessments and continuous monitoring. Guardz is transforming the future of cybersecurity by streamlining security management and enhancing efficiency. By unifying disparate solutions into a single platform that unifies detection from its own security stack and automates the response utilizing AI,Guardz empowers MSPs to significantly reduce complexity and operational burdens as they secure their SMB customers. AI-driven threat detection and automated response capabilities minimize false alerts and ensure rapid remediation of threats, allowing MSPs to focus on strategic tasks rather than being overwhelmed by data. The scalability of Guardz’s solutions means that even small businesses can access enterprise-quality security, fostering a more secure business environment overall. This transformation leads to better-prepared MSPs, more resilient SMBs, and a more secure digital landscape. Learn more about Guardz: https://itspm.ag/guardzrgig Note: This story contains promotional content. Learn more . Guest: Dor Eisner , CEO and Co-Founder, Guardz [ @GuardzCyber ] On LinkedIn | https://www.linkedin.com/in/dor-eisner-17067744/ Resources Learn more and catch more stories from Guardz: https://www.itspmagazine.com/directory/guardz For a free 14 day trial of Guardz’s platform please visit https://itspm.ag/guardzgvu3 . Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 How AI-Enhanced Phishing Changes the Economic Dynamics of Phishing Attacks | A Conversation with Marco Ciappelli and Fred Heiding | Redefining CyberSecurity with Sean Martin 37:26
Guests: Fred Heiding , Research Fellow, Harvard On LinkedIn | https://www.linkedin.com/in/fheiding/ On Twitter | https://twitter.com/fredheiding On Mastodon | https://mastodon.social/@fredheiding On Instagram | https://www.instagram.com/fheiding/ Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In today's digital era, AI-enhanced phishing attacks are transforming the landscape of cybersecurity. An insightful episode of The Redefining CyberSecurity Podcast features host Sean Martin alongside ITSPmagazine co-founder Marco Ciappelli, and guest Fred Heiding, a research fellow in computer science at Harvard School of Engineering and Applied Sciences, and a fellow at the Harvard Kennedy School. Fred Heiding shares updates on the evolution of phishing attacks using AI, highlighting both the technical facets and the societal implications. He explains how advanced language models can now automate the creation of highly realistic phishing emails, making it easier and more cost-effective for attackers to target individuals and organizations. Heiding discusses the concept of hyper-personalization, where attackers gather granular information about their targets, such as their communication patterns and personal interests, to craft emails that seem authentic and trustworthy. This hyper-personalization poses significant challenges. Heiding provides an example where attackers mimicked a Black Hat organizer's email, highlighting the precision and timing crucial for successful phishing. The use of open-source language models, which can be adjusted by developers to remove any built-in protections, further exacerbates the issue. Marco Ciappelli ponders the potential solutions by leveraging AI for defensive strategies. Heiding acknowledges this is an area with promise, particularly in personalized spam filters, yet notes the inherent advantages attackers hold over defenders due to the unpatchable nature of human intuition. Defense mechanisms using AI can marginally enhance current spam filters but face limitations in practicality and widespread adoption because of people's reluctance toward continuous training and complex defense mechanisms. Sean Martin evaluates the potential of AI in monitoring patterns of human vulnerability over time, which could redefine phishing training by focusing on specific, individualized principles. However, he also stresses the economic aspect, citing that cheaper and more efficient phishing methods increase the attack's scale and frequency, further complicating defensive strategies. Heiding and Ciappelli both emphasize that while technological advancements provide tools for protection, they also require more personal data to be effective—a trade-off that involves significant privacy concerns. The future of online trust, according to Heiding, appears precarious. As phishing attacks become more sophisticated, the very nature of how people trust digital communications must evolve. Overall, this episode underscores the critical need for ongoing research and dialogue in cybersecurity, focusing on balancing innovation in defense mechanisms against the ever-advancing sophistication of attacks. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Harvard Business Review article: https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams IEEE Access article: https://ieeexplore.ieee.org/document/10466545 BSides presentation: https://bsideslv.org/talks#8WK8P3 Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/hacking-humans-using-llms-with-fredrik-heiding-devising-and-detecting-phishing-large-language-models-vs-smaller-human-models-las-vegas-black-hat-2023-event-coverage-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/a-framework-for-evaluating-national-cybersecurity-strategies-a-black-hat-usa-2024-conversation-with-fred-heiding-on-location-coverage-with-sean-martin-and-marco-ciappelli Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli: https://itsprad.io/redefiningcybersecurity-454 ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 An Introduction to CyberTech NYC Conference 2024 with Event Director Steve Corrick | On Location Coverage with Sean Martin and Marco Ciappelli 21:44
Guest: Steve Corrick , Director, Cybertech New York On LinkedIn | https://www.linkedin.com/in/stevecorrick/ On Twitter | https://x.com/scorrick On Facebook | https://www.facebook.com/stephen.corrick ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes A Virtual Road Trip to CyberTech NYC In a lively pre-event discussion, we embark on a metaphorical journey across the States, representing our excitement for the CyberTech NYC Conference, happening on September 5th, 2024, at the Metropolitan Pavilion in Chelsea. The idea of this "drive" is a fun nod to the interconnectedness of our virtual world and our anticipation of the event. Event Spotlight: Why CyberTech NYC Matters We kick things off by highlighting the significance of this event, mentioning that it starts early on September 4th with pre-event activities, leading up to the main event on the 5th. Steve Corrick, one of the key organizers, provides a behind-the-scenes look at the planning process and explains how this third edition of CyberTech NYC has become a distinctive fixture in the cyber ecosystem. The Global and Local Impact of CyberTech Steve takes us through the journey of CyberTech as a global series, tracing its roots from Tel Aviv to its expansion across multiple continents. What sets CyberTech NYC apart, he says, is its dual focus on both global trends and local innovation. New York City, now a burgeoning hub for tech and cybersecurity, plays host to an event that showcases local talent, startups, and established players alike. Comprehensive Coverage of Cyber Topics The event’s agenda is packed with content designed to tackle critical issues, such as: Cyber Talent Initiative: Programs for everyone, from students to professionals looking to upskill. VC and Investor Focus: The Investing in the Best initiative to help startups boost their funding. Government and Agency Involvement: Discussions on how localities can strengthen their cyber ecosystems. Main Stage Content: Keynotes on fake news, the role of cyber in elections, and other pressing topics. Inclusivity and Innovation: A Diverse Speaker Lineup We appreciate the diversity of speakers and the range of topics covered. With big names like Walmart, AWS, and various innovative startups, the event promises to offer something for everyone. Steve also explains the event’s blend of formats, including main stage panels, roundtables, and think tanks, all aimed at fostering in-depth discussions and knowledge sharing. The Evolving Cyber Landscape Reflecting on how cybersecurity events have evolved over the years, Steve notes the shift from niche gatherings to mainstream importance. With cyber threats becoming part of our daily lives, collaboration among countries and industries has become essential for enhancing global security. Local Focus with Global Reach We commend the event’s ability to balance global participation with a strong local focus. Steve agrees, emphasizing their collaboration with local and state-level initiatives in New York, further solidifying the city’s place on the global cybersecurity map. Looking Forward to CyberTech NYC 2024 Our conversation wraps up with a sneak peek at the event’s schedule, including a Happy Cyber Hour on the evening of September 5th and additional pre-event activities on the 4th. Steve and his team are excited to connect with participants from around the globe, and we’ll be sharing more updates as CyberTech NYC 2024 approaches. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf ____________________________ Follow our Cybertech NYC 2024 coverage: https://www.itspmagazine.com/cybertech-nyc-2024-cybersecurity-event-coverage-in-new-york-city On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRjdy_wDSLBwgPkM3zSeau_ Be sure to share and subscribe! ____________________________ Resources Learn more about Cybertech NYC 2024: https://nyc.cybertechconference.com/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast…
R
Redefining CyberSecurity
1 Recapping Black Hat 2024 and What’s Next | On Location Coverage with Sean Martin and Marco Ciappelli 20:30
Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of "On Location With Sean Martin and Marco Ciappelli," our hosts dive into their time at Black Hat 2024 in Las Vegas, reflecting on key takeaways and sharing what’s next on their journey. Whether you're deep into cybersecurity or just curious about the industry, this blog post offers a snapshot of what to expect from Sean and Marco. Recapping Black Hat 2024 Marco Ciappelli Choo, choo . . . Sean Martin Is that the sound of the fast train back from Vegas? Or just the rush of everything we experienced? Marco Ciappelli I'm still wondering why there's no train from LA to Vegas. And don't get me started on LA to San Francisco—that's another conversation entirely. The conversation kicks off with a lighthearted nod to travel woes before shifting to the core of the episode: their reflections on Black Hat 2024. Sean and Marco bring unique perspectives, emphasizing the importance of thinking beyond cybersecurity's technical aspects to consider its broader impact on society and business. Sean's Operational Insights Sean Martin I like to look at things from an operational angle—how can we take what we learn and bring it back to the business to help leaders and practitioners do what they love? Sean’s Black Hat 2024 Recap Newsletter explores the evolution from reactive data responses to strategic enablement, AI and automation, modular cybersecurity, and the invaluable role of human insights. His focus is clear: helping businesses become more resilient and adaptable through smarter cybersecurity practices. Marco's Societal Impact Marco Ciappelli Cybersecurity isn’t a destination—it’s a journey. We’re never going to be fully secure, and that’s okay. Cultures change, technology evolves, and we have to keep adapting. Marco’s take highlights the societal implications of cybersecurity. He talk about how different fields and nations are breaking down silos to collaborate more effectively. His newsletter often reflects on the need for digital literacy across business, society, and education, emphasizing the importance of broadening our understanding of technology’s role. Upcoming Events and Conferences The duo is excited about their packed schedule for the rest of 2024 and beyond, including: CyberTech New York (September 2024): Focused on policy, innovation, SecOps, AppSec, and sustainability. OWASP AppSec San Francisco (September 2024): Covering the OWASP Top 10 for LLMs and more. Sector in Toronto (October 2024): Offering unique coverage ideas, closely tied to Black Hat. Did someone said that they will be back covering an APJ event, in Melbourne, before the end of the year??? Additional Ventures They’ll also be hosting innovation panels and keynotes at a company event in New Orleans, with CES in Las Vegas and VivaTech in Paris on the horizon for 2025, blending B2B startup insights with consumer tech, all with a cybersecurity twist. Subscribe and Stay Tuned Marco and Sean invite you to subscribe to their newsletters and follow their podcast, "On Location," as they continue their journey around the globe—both physically and virtually—bringing fresh perspectives on business, technology, and cybersecurity. You’ll also find unique "brand stories" that highlight innovations making our world safer and more sustainable. Stay connected, enjoy the ride, and don’t forget to subscribe to both their newsletters and the "On Location" podcast on YouTube! Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Sean's Newsletter Article: https://www.linkedin.com/pulse/reflecting-black-hat-2024-operationalizing-enhanced-business-martin-ccive/ Marco's Newsletter Article: https://www.linkedin.com/pulse/my-reflections-from-itspmagazines-black-hat-usa-2024-state-ciappelli-ayglc/?trackingId=hLvuq5LqQ%2B2RHNpgDtIJlQ%3D%3D On Location Podcast: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli 23:31
Guest: Steve Wilson , Chief Product Officer, Exabeam [ @exabeam ] & Project Lead, OWASP Top 10 for Larage Language Model Applications [ @owasp ] On LinkedIn | https://www.linkedin.com/in/wilsonsd/ On Twitter | https://x.com/virtualsteve ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs. The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs. Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems. The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss. The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization. Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc ____________________________ Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt Be sure to share and subscribe! ____________________________ Resources OWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190 OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287 Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208 Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Building Resilient Software: Secure by Design, Transparency, and Governance Remain Key Elements | A Conversation with Chris Hughes | Redefining CyberSecurity with Sean Martin 37:22
Guest: Chris Hughes , President / Co-Founder, Aquia On LinkedIn | https://www.linkedin.com/in/resilientcyber/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of The Redefining CyberSecurity Podcast, host Sean Martin connects with Chris Hughes, a seasoned author and consultant in cybersecurity. The primary focus is on the intricacies of vulnerability management and software supply chain security, particularly in an era where software pervades every aspect of modern life. Chris Hughes emphasizes the paramount importance of understanding what is in the software we consume. Software Bill of Materials (SBOM) has emerged as a focal point, akin to ingredient lists in the food industry, highlighting the need for transparency. Hughes argues that transparency is not just about knowing the components; it extends to understanding the risks associated with those components. He illustrates his point by referencing infamous incidents like the Log4j vulnerability, which unveiled the critical gaps in our knowledge of software components. The conversation also shifts towards the broader challenges in software supply chain security. Hughes discusses the government's push for self-attestation and the role of third-party validators in ensuring software security. While acknowledging the complexities and potential bottlenecks, he underscores the necessity for a balanced approach that combines self-attestation with external validation to foster a secure software ecosystem. Additionally, Hughes addresses the concept of Secure by Design, advocating for practices that embed security into the software development lifecycle right from the outset. He notes the historical context of this concept, which dates back to the Ware Report, and argues for its relevance even today. Secure by Design entails building security measures inherently into products, thereby reducing the need for perpetual patching and vulnerability management. Internal risk management within organizations also gets spotlighted. Hughes insists that organizations should maintain an inventory of the software and components they use internally, evaluate their risks, and contribute to the open-source communities they rely on. This comprehensive approach not only helps in mitigating risks but also fosters a resilient and sustainable software ecosystem. On the topic of platform engineering, Hughes shares his insights on its potential to streamline software development processes and enhance security through standardization and governance. However, he is candid about the challenges, particularly the need to balance standardization with the diverse preferences of development teams. As the discussion wraps up, Hughes and Martin underline the importance of focusing on contextual risk assessment in vulnerability management, rather than merely responding to static severity scores. Hughes' advocacy for a more nuanced approach to security, balancing immediate risk mitigation with longer-term strategic planning, offers listeners a thoughtful perspective on managing cybersecurity challenges. Top Questions Addressed How can organizations ensure transparency and security in their software supply chains? What strategies can be implemented to address the challenges of vulnerability management? How can platform engineering and internal governance improve software security within organizations? ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources NCF Whitepaper: https://tag-app-delivery.cncf.io/whitepapers/platforms/ CNCF Platform Maturity Model: https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/ Secure-by-Design at Google: What is the website URL for Secure-by-Design at Google? https://research.google/pubs/secure-by-design-at-google/ Software Transparency: Supply Chain Security in an Era of a Software-Driven Society (Book): https://a.co/d/0bNaPmF Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem: https://a.co/d/6xs5saH ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Harnessing Dark Web Insights to Understand Risks from the Attacker's Viewpoint | A Brand Story Conversation From Black Hat USA 2024 | A Resecurity Story with Christian Lees and Shawn Loveland | On… 18:38
At Black Hat USA 2024, the spotlight is on redefining and rethinking security, as discussed in this Brand Story episode with Resecurity. Sean Martin, Christian Lees, and Shawn Loveland share the mic to explore the cutting-edge innovations shifting paradigms within the cybersecurity domain. Christian Lees and Shawn Loveland from Resecurity dive deep into the substance of their work and its impact on modern security teams. The primary focus is Resecurity's approach towards threat intelligence and how it aids organizations in proactively mitigating risks. The discussion kicks off with an overview of Resecurity's approach to threat intelligence. Unlike conventional models that operate from within the firewall, Resecurity adopts an outside-in perspective, helping clients understand what attackers might know about their infrastructure. Shawn Loveland emphasizes this unique viewpoint by illustrating how Resecurity helps organizations identify potential breaches and vulnerabilities from the attacker's perspective, well before any threats materialize. One intriguing point discussed by Lees and Loveland is Resecurity's comprehensive data sourcing from the dark web. Resecurity does not simply rely on common threat intel from visible websites but digs deep into exclusive, invitation-only forums and other obscure corners of the web. This meticulous venture results in a much more profound understanding of potential threats, minimizing blind spots and the risk of data inaccuracies or AI hallucinations. By drawing on diverse data sources, Resecurity promises more significant and accurate insights into the motives and methods of cybercriminals. Moreover, Loveland highlights the technologically sophisticated tactics employed by Resecurity, combining AI to convert unstructured data into structured, actionable intelligence for security teams. This automation not only boosts efficiency but also empowers analysts to make more informed decisions swiftly. AI in Resecurity's arsenal is not a standalone entity but integrates deeply with the human-driven aspects of threat intelligence, enriching the overall analytic experience with contextual understanding and tangible evidence. The guests also touch on Resecurity's AI capabilities, illustrating this through scenarios where AI accelerates threat detection and response. By transforming vast amounts of data into comprehensible formats, and even summarizing complex situations into actionable insights, AI significantly reduces the ordeal for security analysts while enhancing precision. In conclusion, Resecurity’s state-of-the-art threat intelligence solutions, emphasized by the knowledgeable insights from Christian Lees and Shawn Loveland, represent a proactive and innovative approach to modern cybersecurity. Learn more about Resecurity: https://itspm.ag/resecurb51 Note: This story contains promotional content. Learn more . Guests: Christian Lees , CTO, Resecurity [ @RESecurity ] On LinkedIn | https://www.linkedin.com/in/christian-lees-72886b3/ Shawn Loveland , Chief Operating Officer, Resecurity [ @RESecurity ] On LinkedIn | https://www.linkedin.com/in/shawn-loveland/ Resources Learn more and catch more stories from Resecurity: https://www.itspmagazine.com/directory/resecurity View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Reflecting on Black Hat 2024: Operationalizing Cybersecurity for Enhanced Business Outcomes and Improved Resilience | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3… 9:03
Join Sean Martin and TAPE3 as they dive into key insights from Black Hat 2024, highlighting the crucial need to embed cybersecurity into core business practices to drive growth and resilience. Discover how leveraging AI, modular frameworks, and human expertise can transform cybersecurity from a defensive function into a strategic enabler of business success. ________ This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is the host of the Redefining CyberSecurity Podcast , part of the ITSPmagazine Podcast Network —which he co-founded with his good friend Marco Ciappelli —where you may just find some of these topics being discussed. Visit Sean on his personal website . TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine . Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas…
R
Redefining CyberSecurity
1 Enhancing Cyber Defense: AI Innovations and Challenges | A Black Hat USA 2024 Conversation with Rock Lambros | On Location Coverage with Sean Martin and Marco Ciappelli 14:53
Guest: Rock Lambros, CEO and founder of RockCyber [ @RockCyberLLC ] On LinkedIn | https://www.linkedin.com/in/rocklambros/ On Twitter | https://twitter.com/rocklambros ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In a recent On Location episode recorded at Black Hat USA 2024, Sean Martin and Rock Lambros explore the prevailing topics and critical insights from the event's AI Summit. Sitting in the media room, not on the bustling show floor, the paid dissect the impact of artificial intelligence (AI) on cybersecurity, shedding light on its multifaceted implications. Rock Lambros, Founder and CEO of RockCyber, shares his observations about the predominance of AI in every corner of the conference. He notes how AI's presence is ubiquitous, even saturating advertisements at the airport. Lambros provides an overview of the AI Summit, highlighting the diversity of sessions ranging from high-level talks to vendor pitches. While some were mere product promotions, others provided substantial insights and valuable statistics, which Lambros is keen to share on platforms like LinkedIn. The discussion progresses to the remark by Nvidia's CEO, Bartley Richardson, suggesting that cyber is fundamentally a data problem, and AI could be the solution. Lambros concurs with this in part but emphasizes the necessity of maintaining human oversight in the process. Martin and Lambros reflect on the potential of AI to augment cybersecurity tasks, particularly for tier one analysts. There is a focus on leveraging AI to expedite responses to threats, potentially reducing the reaction time, which currently lags significantly behind the speed of AI-driven attacks. Lambros presents a balanced perspective, warning against the risk of reducing entry-level jobs in cybersecurity due to AI advancements, advocating instead for upskilling these professionals to handle more complex roles. The conversation touches on governance and risk management, with Lambros stressing the importance of integrating AI governance into existing frameworks without rendering AI oversight an exclusive domain for data scientists alone. He highlights the EU AI Act and Colorado AI Act as critical regulatory frameworks that emphasize this need. Lambros also brings attention to DARPA's open-source resources aimed at securing AI, encouraging practitioners to utilize these tools. Towards the end, a poignant observation from Robert Flores, former CISO of the CIA, underscores the difficulty governments face in keeping up with AI's rapid evolution. Lambros reflects on the mixed audience at the summit, a blend of technical practitioners and policy leaders, all grasping the significant impact and challenges AI brings to the field. The episode underscores the crucial balance between embracing technological advancements and maintaining human oversight and governance within cybersecurity. The insights shared by Rock Lambros and Sean Martin offer a nuanced perspective on the current state of AI in the field, emphasizing a collaborative approach to integrating these innovations responsibly. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Rock's LinkedIn Post: https://www.linkedin.com/posts/rocklambros_ai-cybersecurity-ciso-activity-7226988285410074626-rX3- AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher -- https://redefiningcybersecuritypodcast.com/episodes/ai-summit-keynote-enhancing-national-security-with-ai-driven-cybersecurity-a-black-hat-usa-2024-conversation-with-dr-kathleen-fisher-on-location-coverage-with-sean-martin-and-marco-ciappelli Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Innovations in Autonomous Penetration Testing and Continuous Security Posture Management | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From Black Hat USA 2024 | A Horizon3 Brand Story… 7:12
In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management. Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs. A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both. Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly. Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization’s security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture’s evolution. A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai’s rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness. The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai’s tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier. Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23 Note: This story contains promotional content. Learn more . Guest: Snehal Antani , Co-Founder & CEO at Horizon3.ai [ @Horizon3ai ] On LinkedIn | https://www.linkedin.com/in/snehalantani/ On Twitter | https://twitter.com/snehalantani Resources Learn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3ai View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Enhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with… 17:55
In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management. ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security. One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first. The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization’s security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden. Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk. One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams. The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes. This insightful episode underscores the importance of comprehensive, AI-driven solutions in today’s security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient. Learn more about ArmorCode: https://itspm.ag/armorcode-n9t Note: This story contains promotional content. Learn more . Guest: Mark Lambert , Chief Product Officer, ArmorCode [ @code_armor ] On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/ Resources Learn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcode View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Blocking Billions to Secure the Internet | A Brand Story Conversation From Black Hat USA 2024 | A DNSfilter Story with TK Keanini | On Location Coverage with Sean Martin and Marco Ciappelli 17:46
During Black Hat USA 2024 in Las Vegas, Sean Martin engages in a Brand Story conversation with TK Keanini from DNSFilter to explore the pivotal role DNSFilter plays in safeguarding networks around the world. DNSFilter operates by leveraging the Domain Name System (DNS), an essential component of the internet. As TK Keanini shares, the company's primary mission is to filter out malicious traffic and allow legitimate traffic to pass through, thereby providing an effective layer of security that is both accessible and user-friendly. The applicability of DNSFilter spans globally, reflecting the nature of cyber threats, which are not confined by geographic borders. One critical aspect discussed is DNSFilter's ability to manage approximately 130 billion DNS requests daily, blocking between three to four billion potentially harmful requests. This impressive scale underscores the importance of DNSFilter in preventing cyberattacks and protecting users from inadvertently accessing malicious sites. From coffee shops to large enterprises, the relevance and ease of deploying DNSFilter stand out. For businesses, the practical uses of DNSFilter are numerous. Keanini explains that the technology is effortless to set up and can be integrated directly into various levels of IT infrastructure, including Wi-Fi routers in coffee shops and public Wi-Fi in retail settings. This straightforward setup enables even those with minimal technical expertise to implement robust cybersecurity measures easily. The conversation also highlights DNSFilter's effectiveness in addressing global issues, such as Child Sexual Abuse Material (CSAM), reinforcing the company's commitment to making the internet safer for everyone. The firm’s blocking capabilities are not limited to phishing and ransomware; they extend to other harmful content categories, ensuring comprehensive protection. Moreover, for Chief Information Security Officers (CISOs) and organizations with established cybersecurity programs, DNSFilter offers an invaluable addition to their security suite. With DNSFilter, policies can be set with a single click, streamlining the process for schools, businesses, and managed service providers alike. Keanini points out that this level of usability ensures that even those without extensive cybersecurity experience can effectively manage and implement necessary protections. Additionally, Keanini emphasizes the importance of DNSFilter's role in protecting everyday users on public Wi-Fi networks and its affordability for public-use scenarios. DNSFilter's technology integrates smoothly into existing security frameworks, providing peace of mind to users and IT administrators that their networks are secure. For individuals and organizations looking to enhance their online security, DNSFilter presents a compelling solution. With its easy setup, global reach, and comprehensive protection against a wide range of cyber threats, DNSFilter stands as a vital tool in the arsenal of modern cybersecurity solutions. Learn more about DNSFilter: https://itspm.ag/dnsfilter-1g0f Note: This story contains promotional content. Learn more . Guest: TK Keanini , CTO, DNSFilter [ @DNSFilter ] On LinkedIn | https://www.linkedin.com/in/tkkeaninipub/ Resources Learn more and catch more stories from DNSFilter: https://www.itspmagazine.com/directory/dnsfilter View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Evolving Landscape of Application Security | A Brand Story Conversation From Black Hat USA 2024 | An AppSOC Story with Willy Leichter | On Location Coverage with Sean Martin and Marco Ciappelli 20:52
Black Hat Hacker Summer Camp: A Meeting Ground for Security Minds As Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes. Returning to Basics: The Unending Challenge of Security Sean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged. Introducing AppSoc: The New Kid on the Block Sean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Pravin Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence. The Importance of Prioritization and Orchestrated Remediation Willy explains how AppSoc’s "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly. Leveraging AI for Better Prioritization and Security Posture The use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices. Real-world Applications: A Day in the Life with AppSoc Willy shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc’s efficacy in providing actionable insights promptly. The Shift-Left Strategy and DevSecOps Collaboration The conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams. Conclusion Sean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape. Learn more about AppSOC: https://itspm.ag/appsoc-z45x Note: This story contains promotional content. Learn more . Guest: Willy Leichter , Chief Marketing Officer, AppSOC [ @appsoc_inc ] On LinkedIn | https://www.linkedin.com/in/willyleichter/ Resources Learn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsoc View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Cutting-Edge Mobile App Security | A Brand Story Conversation From Black Hat USA 2024 | An Appdome Story with Tom Tovar | On Location Coverage with Sean Martin and Marco Ciappelli 22:01
Welcome to another insightful story from ITSPmagazine, where we bring you exclusive content directly from Hacker Summer Camp at Black Hat Las Vegas 2024. This year, Sean Martin had the pleasure of sitting down with Tom Tovar, CEO of Appdome, to explore the company’s innovative approach to mobile app security. A Dynamic Presence at Black Hat Black Hat 2024 is buzzing with energy, and Appdome's vibrant booth has become a focal point for many attendees. Tom credits his marketing team for creating an engaging and visually striking presence that truly reflects Appdome’s mission. A standout feature is a unique widescreen shot setup that, although not yet shared on social media, perfectly encapsulates Appdome's vision for mobile app security. The Origin of Appdome During the conversation, Sean Martin asked Tom to share the origin story of Appdome. Tom, who began his career as a corporate and securities lawyer during the tech boom, later transitioned to roles in security and operations at NetScreen. His journey took a pivotal turn after teaching himself to code and recognizing the need for a more efficient way to secure mobile applications. Driven by frustration with existing solutions and encouraged by a venture capitalist friend, Tom set out to create Appdome, aiming to simplify and automate mobile app security. Revolutionizing Mobile App Security with Appdome Appdome’s approach integrates security into the mobile app development process through machine learning, making it easier to incorporate essential functions like encryption and anti-tampering. Over time, the platform has evolved to include advanced features such as malware detection and fraud prevention. By automating these processes, Appdome reduces friction for developers and users alike, offering a streamlined path to robust mobile app security. Embracing Generative AI for User Empowerment A highlight of the interview was the discussion around Appdome’s adoption of Generative AI (Gen AI). This cutting-edge technology offers automated support to users facing mobile app security threats, providing real-time guidance to resolve issues independently. This not only enhances cybersecurity but also raises awareness, helping users become more informed and vigilant. Appdome’s Expanding Influence in Cybersecurity With over 144,000 applications utilizing its platform and more than 11,000 builds handled daily, Appdome has established itself as a leader in mobile app security. Its widespread adoption across diverse industries underscores the platform’s scalability and versatility. Looking Ahead: The Future of Mobile App Security Tom Tovar also shared Appdome’s vision for the future, including the introduction of AI-driven recommendations to further streamline security integration. The ultimate goal is to achieve an auto-defend capability, making mobile app security more intuitive and effortless for users worldwide. Conclusion This exclusive interview with Tom Tovar at Black Hat 2024 highlights how Appdome is at the forefront of mobile app security, driving innovation and automation in a rapidly evolving landscape. As mobile threats continue to grow, Appdome’s solutions will be essential in ensuring secure, seamless experiences for users everywhere. For more insights and updates from the cybersecurity world, keep following ITSPmagazine. Learn more about Appdome: https://itspm.ag/appdome-neuv Note: This story contains promotional content. Learn more . Guest: Tom Tovar , CEO, Appdome [ @appdome ] On LinkedIn | https://www.linkedin.com/in/tom-tovar-9b8552/ Resources Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Securing the Digital Economy: A Deep Dive into Application and API Security | A Brand Story Conversation From Black Hat USA 2024 | An Akamai Story with Rupesh Chokshi | On Location Coverage with… 20:53
In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment. Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations. The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape. A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards. Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem. The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively. The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors. For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets. Learn more about Akamai: https://itspm.ag/akamaievki Note: This story contains promotional content. Learn more . Guest: Rupesh Chokshi , SVP & General Manager, Application Security, Akamai [ @Akamai ] On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/ Resources Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 From Deep Fakes to Phishing: Protecting High-Profile Digital Lives and Safeguarding Personal Privacy | A Brand Story Conversation From Black Hat USA 2024 | A BlackCloak Story with Chris Pierson | On… 31:28
In this Brand Story episode of On Location, hosts Sean Martin and Marco Ciappelli sit down with Chris Pierson, Founder and CEO of BlackCloak, a digital executive protection company. Throughout their conversation, they explore the intersection of personal privacy, digital security, and the unique challenges faced by high-profile individuals in protecting their digital lives. Chris Pierson discusses the importance of proactive measures in digital security, emphasizing the need for executives and public figures to safeguard their personal information just as rigorously as their corporate data. The dialogue covers various critical topics, including the rising threats of deep fakes and the implications for personal and professional security. Pierson explains how these convincing digital forgeries can be used maliciously and provides strategies to identify and combat them. Additionally, the conversation delves into common cyber threats like phishing and business email compromise, with Pierson detailing practical strategies for mitigating these risks. Pierson also highlights the evolving landscape of privacy threats and the role of education in empowering individuals to take control of their digital presence. He shares insights on balancing security with usability, pointing out the vulnerabilities that can be overlooked by even the most tech-savvy individuals. Reflecting on his experience building BlackCloak, Pierson discusses key lessons learned while developing solutions tailored to the needs of high-net-worth and high-profile clients. The episode underscores the criticality of a tailored approach to digital security, addressing both technical defenses and user behaviors. Listeners are encouraged to think about their own digital habits and consider how they can better protect their personal information in an increasingly interconnected world. Learn more about BlackCloak: https://itspm.ag/itspbcweb Note: This story contains promotional content. Learn more . Guest: Chris Pierson , Founder and CEO of BlackCloak [ @BlackCloakCyber ] On Linkedin | https://www.linkedin.com/in/drchristopherpierson/ On Twitter | https://twitter.com/drchrispierson Resources Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Insider Insights: Cybersecurity and Collaboration | A Brand Story Conversation From Black Hat USA 2024 | A LevelBlue Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco… 19:44
Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue. Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We’re here in Las Vegas for Black Hat USA 2024, and I’m thrilled to be joined by Theresa Lanowitz. Theresa, how are you?” Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs. Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.” The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on. Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience. Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience. Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they’re not, achieving cyber resilience becomes very difficult.” The Pandemic's Impact on Cybersecurity Reflecting on the pandemic’s effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach. Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance. Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you’re going to be proactive rather than reactive.” The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures. Sean Martin: “By working with a trusted partner, you’re not giving up your creative ideas but rather ensuring they play out effectively and securely.” The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity. Sean Martin: “It always comes back to the people, doesn’t it?” Conclusion The episode wraps up with Sean expressing gratitude for Theresa’s insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights. Learn more about LevelBlue: https://itspm.ag/levelblue266f6c Note: This story contains promotional content. Learn more . Guest: Theresa Lanowitz , Chief Evangelist of AT&T Cybersecurity / LevelBlue [ @LevelBlueCyber ] On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ Resources Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Balancing Integrity and Sales: The Dual Role of Field CISOs | CISO Circuit Series: Episode 5 with Black Hat USA 2024 Event Coverage | Michael Piacente and Sean Martin on the Redefining CyberSecurity… 30:06
About the CISO Circuit Series Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin . ____________________________ Guest: Michael Piacente , Managing Partner and Cofounder of Hitch Partners On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ___________________________ Episode Notes In the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape. A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients. Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams. One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice. Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust. Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive. ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ____________________________ Resources Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring an ITSPmagazine Channel? 👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network…
R
Redefining CyberSecurity
1 Dynamic Access Control in Modern Cloud Environments | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Artyom Poghosyan | On Location Coverage with Sean Martin and Marco… 22:13
In this On Location episode Brand Story, Sean Martin speaks with Artyom Poghosyan at the Black Hat conference in Las Vegas about Britive, a cloud privileged access management platform. They explore how Britive assists medium to large enterprises in tackling identity management and security issues across multi-cloud and hybrid environments. Sean and Artyom discuss the complexities that organizations face with cloud adoption, where traditional lift-and-shift approaches no longer suffice. Artyom outlines how the incorporation of new processes and tools, such as DevOps automation, complicates identity and access management in cloud environments. Britive's approach emphasizes the need for dynamic, scalable solutions that align with the speed and agility of cloud-based development while ensuring robust security controls. A key focus is the balance between granting necessary access for operational efficiency and minimizing security risks from overprivileged accounts. Artyom describes Britive's method of dynamically granting and revoking access based on justified needs, ensuring that temporary elevated access is appropriately controlled and removed post-use. Additionally, the conversation highlights the challenges of managing identities across multiple cloud platforms (AWS, GCP, Azure, etc.) and the diverse technologies used in modern enterprises. Artyom explains Britive's capability to provide a unified identity and access management approach that simplifies and secures these varied environments. The episode also emphasizes Britive’s potential to significantly reduce the time required for onboarding DevOps engineers, streamlining the process from days to mere minutes through automation. This not only improves operational efficiency but also vastly reduces risk by limiting standing privileges, a key security vulnerability often exploited by cybercriminals. Finally, they touch upon how Britive fits within broader organizational security strategies, particularly Zero Trust initiatives. By eliminating standing access risks and offering integration with existing security processes, Britive supports the implementation of comprehensive identity security programs that align with modern security frameworks. Sean closes the episode by encouraging listeners to engage with Artyom and the Britive team to see how their solutions can enhance identity management and security within their organizations. Learn more about Britive: https://itspm.ag/britive-3fa6 Note: This story contains promotional content. Learn more . Guest: Artyom Poghosyan , Co-Founder, Britive [ @britive1 ] On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/ Resources Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Coro's Modular Cybersecurity and True Platform Revolution | A Brand Story Conversation From Black Hat USA 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco… 20:37
At Black Hat 2024 in Las Vegas, Sean Martin from On Location interviews Dror Liwer of Coro, uncovering the impressive strides Coro has made in creating a truly cohesive cybersecurity platform. This conversation reveals how Coro distinguishes itself in an industry saturated with buzzwords and inadequate solutions, particularly for smaller and mid-sized businesses. Meeting in Vegas Sean Martin starts the conversation by appreciating the vibrant atmosphere at the Black Hat Business Hall. The colorful Coro booth, coupled with the energetic team, sets the perfect backdrop for a discussion centered on platform innovation. Sean Martin: "Here we are, Dror. Fantastic seeing you here in Vegas." Dror Liwer: "It's where we meet." The Platform Buzz The term “platform” has become a buzzword in the cybersecurity industry. Dror explains that many companies claim to offer platforms, but these so-called platforms often result from the integration of various point solutions, which don't communicate effectively with each other. Dror Liwer: “We built Coro as a platform and have been a platform for 10 years. It's kind of funny to see everybody now catching up and trying to pretend to be a platform.” Dror criticizes how companies use “platform” to create market confusion, explaining that a true platform requires seamless integration, a single endpoint agent, and a unified data lake. Defining a True Platform Dror and Sean delve deep into what makes Coro's platform genuinely innovative. Dror emphasizes that a real platform collects and processes data across multiple modules, providing a single pane of glass for operators. He contrasts this with other solutions that merely integrate various tools, resulting in operational complexity and inefficiencies. Dror Liwer: "A real platform is an engine that has a set of tools on top of it that work seamlessly together using a single pane of glass, a single endpoint agent, and a single data lake that shares all of the information across all of the different modules." The Role of Data Data integration is a cornerstone of Coro’s platform. Dror explains that each module in Coro functions as both a sensor and protector, feeding data into the system and responding to anomalies in real-time. Dror Liwer: "The collection of data happens natively at the sensor. They feed all the data into one very large data lake." This unified approach allows Coro to eliminate the time-critical gap between event detection and response, a significant advantage over traditional systems that often rely on multiple disparate tools. Supporting MSPs and Mid-Market Businesses One of Coro's key missions is to support Managed Service Providers (MSPs) and mid-market businesses, sectors that have been largely overlooked by larger cybersecurity firms. By offering a more manageable and less costly platform, Coro empowers these providers to offer comprehensive cybersecurity services without the high operational costs traditionally associated with such tasks. Dror Liwer: “We are changing that economic equation, allowing MSPs to offer full cybersecurity solutions to their customers at an affordable price.” Fulfilling New Requirements Dror also sheds light on how Coro helps businesses comply with new regulatory requirements or cybersecurity mandates, often dictated by their position in the supply chain. Dror Liwer: "When this guy comes to you and says, ‘Hey, I need to now comply with this or do that,’ this is an opportunity to tell them, ‘Don't worry. I got you covered. I have Coro for you.’” Conclusion Dror Liwer's insights during Black Hat 2024 highlight how Coro is not only addressing but revolutionizing the cybersecurity needs of small to mid-sized businesses and their MSP partners. By creating a true platform that reduces complexity and operational costs, Coro sets a new standard in the cybersecurity industry. Learn more about CORO: https://itspm.ag/coronet-30de Note: This story contains promotional content. Learn more . Guest: Dror Liwer , Co-Founder at Coro [ @coro_cyber ] On LinkedIn | https://www.linkedin.com/in/drorliwer/ Resources Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Behind the Scenes of SquareX's Exposing DEF CON Talk and Their Latest Browser Security Innovations | A Brand Story Conversation From Black Hat USA 2024 | A SquareX Story with Vivek Ramachandran | On… 20:21
In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX’s innovative approach to browser security and its relevance in today’s cybersecurity landscape. Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience. The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively. Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity. Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment. Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations. Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security. Learn more about SquareX: https://itspm.ag/sqrx-l91 Note: This story contains promotional content. Learn more . Guest: Vivek Ramachandran , Founder, SquareX [ @getsquarex ] On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ Resources Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Book | Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More | A Conversation with Evgeniy Kharam | Redefining CyberSecurity with Sean Martin 27:51
Guest: Evgeniy Kharam , Co-Founder, Security Architecture [ @secarchpodcast ] On LinkedIn | https://www.linkedin.com/in/ekharam/ Website | https://www.softskillstech.ca/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of The Redefining CyberSecurity Podcast, host Sean Martin speaks with Evgeniy Kharam about the essential role of soft skills in the technology and cybersecurity sectors. While many discussions in this field tend to center on hard technical skills or the latest cyber threats, this episode shifts the focus to the often-overlooked soft skills that can drive success. Evgeniy Kharam, who is also an author and holds a key position in his company, shares insightful perspectives from his newly released book 'Architecting Success: The Art of Soft Skills in Technical Sales.' According to Evgeniy, effective communication and connection are foundational elements not just for sales engineers and teams, but for anyone working in any field, including cybersecurity. He notes that regardless of how advanced one's technical skills might be, the ability to connect with people, convey ideas clearly, and build lasting relationships is crucial. One of the primary points that Evgeniy discusses is the changing landscape for sales engineers. He mentions that the role has evolved significantly over the years. Previously, sales engineers primarily focused on giving demos and technical presentations. Today, they are expected to be deeply involved in the sales process, understand procurement intricacies, and effectively communicate technical merits and business values. Host Sean Martin addresses the barriers that often exist within organizational cultures, where roles are tightly defined, and stepping outside of one's designated lane can be frowned upon. Evgeniy suggests that this old-school mentality needs to shift. Everyone in a company—from engineers to marketers and beyond—is involved in sales in some way. From making a strong first impression to ensuring clear and intentional communication, soft skills can enhance every aspect of organizational interaction. The duo also touches upon the importance of continuous self-improvement. Evgeniy advises that one of the best ways to practice soft skills is outside the workplace. Whether making a cashier smile or engaging in meaningful conversations with strangers, these efforts contribute to refining one's ability to connect and communicate effectively. Sean Martin concludes the episode by highlighting that everyone is, in essence, always selling something—whether it's a product, a service, or simply themselves. The more refined these soft skills, the better positioned anyone will be to achieve success in their respective fields. For those interested in taking a deeper dive into this topic, Evgeniy's book is a must-read, offering practical tips and strategies to help professionals hone their soft skills and, ultimately, architect success. About the Book In today's crowded marketplace, technology alone isn't enough. Architecting Success equips sales professionals and anyone in tech and science to unlock their full potential through the power of soft skills. Architecting Success: The Power of Soft Skills in Technical Sales. Connect to Sell More is a practical guide for architects, sales professionals, and anyone in the technology and science sectors to enhance their effectiveness. The book begins by exploring the historical dynamics between sales and technical teams, emphasizing how soft skills can bridge the gap between these traditionally siloed groups. It highlights how focusing on mentoring, problem-solving, listening, teamwork, and empathy can connect to increase sales. Here is a call to action for technical sales professionals to embrace and cultivate their soft skills. By engaging and reflecting, readers can unlock their full potential and achieve personal and professional excellence in the competitive world of technical sales. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More (Book): https://amzn.to/3MVTYhT LinkedIn Post: https://www.linkedin.com/posts/ekharam_softskilltech-new-book-activity-7223356920441585664-NGrq ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Breaking Boundaries in Cloud Security, Identity, and Privileged Access Management | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Art Poghosyan | On Location Coverage… 21:40
In this Brand Story episode as part of the Black Hat Event Coverage featuring Sean Martin and Marco Ciappelli, guest Art Poghosyan, co-founder of Britive, discusses the evolution and challenges of identity and access management (IAM) in the modern technological landscape. Sean and Marco engage Art in a conversation that covers everything from the significance of effective IAM for businesses to the innovative solutions Britive is bringing to the market. Art shares the story behind the foundation of Britive and its journey from conception to a leading provider of cloud-native privileged access management solutions. He highlights the shift from static to dynamic identities, emphasizing the importance of automating and authorizing access in real time to meet the needs of modern DevOps and cloud environments. The conversation also touches on how traditional security measures are adapting to new cloud-based infrastructures, highlighting the growing complexity and necessity for advanced IAM solutions. Marco brings in a critical perspective on the changing nature of technology and security, questioning how modern companies can sustain their operations amid rapid technological changes. Art shares insight into the convergence of new ideas and the maturity of contemporary technologies, suggesting that today's advancements provide unique opportunities for innovative solutions. Sean and Marco steer the conversation to practical applications, with Art providing real-world examples of how Britive's technologies are being implemented by enterprises facing complex security challenges. He explains how Britive's API-first approach aids in operationalizing security without imposing on performance or user experience. Furthermore, the episode sets the stage for an upcoming deeper conversation at the Black Hat event, where Art, Sean, and Marco will continue exploring IAM and the critical role Britive plays in shaping the industry's future. Listeners also get information on how to connect with Art and the Britive team at the event. Learn more about Britive: https://itspm.ag/britive-3fa6 Note: This story contains promotional content. Learn more . Guest: Art Poghosyan , Co-Founder, Britive [ @britive1 ] On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/ Resources Cloud PAM: https://itspm.ag/britivxya3 Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 2 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin 45:42
Guest: Kush Sharma , Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario) On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ___________________________ Episode Notes In this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation. Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed. Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly. Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project. Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment. Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making. Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Measuring Cybersecurity Success: A Holistic Approach to Protecting Businesses, Infrastructure, and Society | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by… 9:17
Discover the keys to achieving cybersecurity success through insightful metrics and strategic integration of technology and human effort. Explore expert perspectives on effective risk management, protection, detection, and response to safeguard your organization against evolving cyber threats. ________ This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is the host of the Redefining CyberSecurity Podcast , part of the ITSPmagazine Podcast Network —which he co-founded with his good friend Marco Ciappelli —where you may just find some of these topics being discussed. Visit Sean on his personal website . TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine .…
R
Redefining CyberSecurity
1 AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher | On Location Coverage with Sean Martin and Marco Ciappelli 25:17
Guest: Dr. Kathleen Fisher , Information Innovation Office (I2O) Director, Defense Advanced Research Projects Agency (DARPA) [ @DARPA ] On LinkedIn | https://www.linkedin.com/in/kathleen-fisher-4000964/ At Black Hat | https://www.blackhat.com/us-24/summit-sessions/schedule/speakers.html#dr-kathleen-fisher-48776 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this On Location with Sean and Marco episode, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation with Dr. Kathleen Fisher from the Defense Advanced Research Projects Agency (DARPA). The discussion centers around the upcoming Black Hat and DEF CON events, where Dr. Fisher is scheduled to deliver a keynote on the intersection of artificial intelligence (AI) and cybersecurity, with a particular focus on DARPA's ongoing initiatives and competitions. Dr. Fisher begins by providing an overview of her background and DARPA's mission to prevent technological surprises that could undermine U.S. national security. She recounts the success of the High-Assurance Cyber Military Systems (HACMS) program, which utilized formal methods to create highly secure software for military vehicles. This program demonstrated the potential of formal methods to revolutionize cybersecurity, proving that robust software could be developed to withstand hacking attempts, even from world-class red teams. The conversation then shifts to the AI Cyber Challenge (AICC) program, a major highlight of her upcoming keynote. AICC aims to leverage the power of AI combined with cyber reasoning systems to automatically find and fix vulnerabilities in real open-source software—an ambitious extension of DARPA's previous Cyber Grand Challenge. This competition involves collaboration with major tech companies like Google, Anthropic, OpenAI, and Microsoft, offering competitors access to state-of-the-art models to tackle real-world vulnerabilities. Dr. Fisher emphasizes the importance of public-private collaboration in advancing cybersecurity technologies. DARPA's charter allows it to work with a diverse range of organizations, from startups to national labs, in pursuit of strategic technological advances. The episode also touches on the potential impact of cyber vulnerabilities on critical infrastructure, underscoring the need for scalable and automatic solutions to address these threats. Listeners can anticipate Dr. Fisher highlighting these themes in her keynote, aimed at business leaders, practitioners, policymakers, and risk managers. She will outline how the audience can engage with DARPA's initiatives and contribute to the ongoing efforts to enhance national security through innovative technology solutions. The episode promises to provide a nuanced understanding of DARPA's role in pioneering AI-driven cybersecurity advancements and offers a preview of the exciting developments to be showcased at Black Hat and DEF CON. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Keynote: Enhancing National Security with AI-Driven Cybersecurity: https://www.blackhat.com/us-24/summit-sessions/schedule/index.html#keynote--enhancing-national-security-with-ai-driven-cybersecurity-41250 AI Cyber Challenge: https://aicyberchallenge.com/ DARPA's Information Innovation Office: https://www.darpa.mil/about-us/offices/i2o?ppl=collapse High-Assurance Cyber Military Systems (HACMS): https://www.darpa.mil/program/high-assurance-cyber-military-systems DARPAConnect Website: https://pathfinder.theari.us/darpaconnect/home Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Spotting and Unmasking Fake LinkedIn Profiles to Avoid the Hidden Risks and Thwart LinkedIn Scams | A Conversation with Kris Rides | Redefining CyberSecurity with Sean Martin 36:35
Guest: Kris Rides , Co-Founder & Chief Executive Officer, Tiro Security [ @tirosecurity ] On LinkedIn | https://www.linkedin.com/in/krisrides/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of the Redefining CyberSecurity Podcast, host Sean Martin speaks with Kris Rides, founder of Tiro Security. They discuss the fascinating and somewhat unsettling topic of fake LinkedIn profiles, an issue that has become increasingly prevalent. Kris Rides, with years of experience in cybersecurity staffing and professional services, shares insights from a recent LinkedIn post that garnered significant engagement. The discussion kicks off with Sean Martin recounting how Kris's post about a suspicious LinkedIn account with 28,000 followers caught his attention. Despite having a large number of followers, the account consistently posted irrelevant comments and lacked meaningful engagement. This anomaly prompted Kris to investigate further, leading to a broader conversation about the implications and dangers of fake profiles on professional networking sites. One key takeaway from their conversation is the motivational factors behind creating fake profiles. Kris highlights a range of activities from promoting scams and fake job offers to phishing attempts and even cyber reconnaissance. Fake accounts might seek to gather personal information through seemingly legitimate contact requests or endorsements, which could then be used for nefarious purposes. Kris explains that fake profiles often masquerade as legitimate individuals or companies, which makes them hard to identify at a glance. He recounts instances where Endorsements were used as a tool by these profiles to build credibility. In one case, a fake profile had numerous endorsements from a marketing tool, unbeknownst to the people doing the endorsing. This exploitation of LinkedIn's features underscores the complexity of detecting inauthentic activities. The episode also touches on the sophisticated techniques used to enhance the legitimacy of fake profiles. Kris shares how these profiles sometimes share resumes and job offers to build trust within the LinkedIn community. Sean and Kris debate the ultimate end-goals of these activities, including using amassed information for large-scale phishing or vishing campaigns, perpetrating job offer scams, and scraping data for fraudulent purposes. For professionals and companies, the conversation provides crucial advice: maintaining vigilance and conducting regular checks on connections and endorsements can help mitigate risks. Both speakers emphasize the importance of trust but verify, suggesting that users report suspicious activities to LinkedIn and engage cautiously with unsolicited requests. In summary, the episode explores how fake LinkedIn profiles represent a growing concern, affecting both individuals and organizations. Through their shared experiences and insights, Sean Martin and Kris Rides bring valuable awareness to this issue, encouraging proactive measures to safeguard personal and professional information in the digital age. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Inspiring Post: https://www.linkedin.com/posts/krisrides_ive-reported-this-so-im-unsure-how-long-activity-7211061069274914817-aN43/ ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Reconstructing the Organizational and Social Structure of a Ransomware Gang | A Black Hat USA 2024 Conversation with L Jean Camp and Dalya Manatova | On Location Coverage with Sean Martin and Marco… 23:40
Guests: L Jean Camp , Professor, Luddy School of Computing, Informatics, and Engineering, Indiana University [ @IUBloomington ] On LinkedIn | https://www.linkedin.com/in/ljean/ At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#l-jean-camp-37968 Dalya Manatova , Associate Instructor/Ph.D. Student, Luddy School of Computing, Informatics, and Engineering, Indiana University [ @IUBloomington ] On LinkedIn | https://www.linkedin.com/in/dalyapraz/ At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#dalya-manatova-48133 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this Chats on the Road episode of the On Location with Sean and Marco podcast series, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation about the intricacies of modern cybercrime, specifically focusing on ransomware gangs. The discussion revolves around the research conducted by their guests, L Jean Camp, a scholar specializing in the economics of security and privacy, and Dalya Manatova, a PhD student studying security informatics and the organizational social dynamics of e-crime. The episode explores how ransomware gangs, such as the notorious Conti group, operate much like legitimate businesses. These criminal organizations exhibit structured hierarchies, recruit testers who may not even realize they are part of an illegal operation, and employ professional negotiation tactics with their victims. The guests emphasize that the threat posed by these gangs is often misunderstood; rather than facing advanced government operations, most individuals and organizations are dealing with commoditized cyber-attacks that follow business-like procedures. Jean and Dalya share intriguing details about their methodology, including the linguistic and discourse analyses used to map out the relationships and organizational structures within these criminal groups. These analyses reveal the complexities and resilience of the organizations, shedding light on how they maintain operational efficiency and manage internal communications. For instance, the researchers discuss the use of jargon like “cat” to refer to crypto wallets, a nuance that highlights the challenges of interpreting cybercriminal chatter. Additionally, the conversation touches on the implications of these findings for cybersecurity practices and the broader business landscape. Jean notes the importance of information sharing and understanding the flow of chatter within and between criminal organizations. This awareness can empower defenders by providing them with better tools and methods to anticipate and counteract these threats. Overall, the episode provides a comprehensive look at the sophisticated nature of ransomware gangs and the importance of interdisciplinary research in understanding and combating cybercrime. The session mentioned in the episode, "Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang," is slated for Wednesday, August 7th at Black Hat, promising to offer more extensive insights into this critical issue. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang: https://www.blackhat.com/us-24/briefings/schedule/#relationships-matter-reconstructing-the-organizational-and-social-structure-of-a-ransomware-gang-39725 An Argument for Linguistic Expertise in Cyberthreat Analysis: https://www.researchgate.net/publication/372244795_An_Argument_for_Linguistic_Expertise_in_Cyberthreat_Analysis_LOLSec_in_Russian_Language_eCrime_Landscape Building and Testing a Network of Social Trust in an Underground Forum: Robust Connections and Overlapping Criminal Domains: https://www.researchgate.net/publication/371353386_Building_and_Testing_a_Network_of_Social_Trust_in_an_Underground_Forum_Robust_Connections_and_Overlapping_Criminal_Domains Usable Security Lab: https://usablesecurity.net/ Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli 24:11
Guests: Vas Mavroudis , Principal Research Scientist, The Alan Turing Institute Website | https://mavroud.is/ At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757 Jamie Gawith , Assistant Professor of Electrical Engineering, University of Bath On LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/ At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes As Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event. Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas. The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area. Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments. Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures. Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited. Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult. Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation. Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems. Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Deep Backdoors in Deep Reinforcement Learning Agents: https://www.blackhat.com/us-24/briefings/schedule/index.html#deep-backdoors-in-deep-reinforcement-learning-agents-39550 Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Traceability in Cyber Security: Lessons Learned from the Medical Sector | A Conversation with Kostas Papapanagiotou | Redefining CyberSecurity with Sean Martin 29:28
Guest: Dr. Kostas Papapanagiotou , Advisory Services Director, Census S.A. On LinkedIn | https://www.linkedin.com/in/kpapapan/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes Cybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices. No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach. Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards. Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later. Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority. The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities. This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives. ___________________________ Sponsors Imperva: https://itspm.ag/imperva277117988 LevelBlue: https://itspm.ag/attcybersecurity-3jdk3 ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Traceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 From Zero Trust to AI and now Platformization and Consolidation: Debunking Cybersecurity Buzzwords | A Brand Story Conversation From Black Hat USA 2024 | A Coro Story with Dror Liwer | On Location… 24:31
Join the On Location Podcast co-hosts, Sean Martin and Marco Ciappelli, as they kick off an engaging conversation with Dror Liwer, Co-Founder of Coro, discussing SMB cybersecurity and preparations for Black Hat 2024. Dror emphasizes Coro’s excitement about participating in Black Hat for the second year, where they will be showcasing their offerings at booth 4734. He contrasts Black Hat with other conferences, noting its unique focus on cybersecurity practitioners and those who carry the weight of their organizations' security. Throughout the discussion, Dror tackles the buzzwords and trends in the cybersecurity industry. This year, the buzzword is "platform," and Dror provides insight into what truly constitutes a cybersecurity platform. He distinguishes between various types of platforms, such as those built from multiple vendors, internally developed ones like Cisco and Palo Alto, and Coro's own from-the-ground-up modular platform. He also discusses the advantages of a unified and seamless approach to cybersecurity. The conversation covers the practical benefits of Coro’s platform for service providers and end customers. Dror mentions how Coro simplifies cybersecurity by allowing easy onboarding and flexible licensing. He highlights Coro’s data governance capabilities and modular design, which enable users to scale their security needs up or down efficiently. Dror also teases his upcoming talk at Black Hat, titled “Platformization, Consolidation, and Other Buzzwords Debunked,” promising a comprehensive framework to help organizations evaluate and select the right cybersecurity platforms for their needs. The episode closes with Sean and Marco expressing their enthusiasm for continuing the conversation at Black Hat and encouraging listeners to connect with Coro’s energetic team. They also invite the audience to stay tuned for more updates and insights from the event. Learn more about CORO: https://itspm.ag/coronet-30de Note: This story contains promotional content. Learn more . Guest: Dror Liwer , Co-Founder at Coro [ @coro_cyber ] On LinkedIn | https://www.linkedin.com/in/drorliwer/ Resources Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott | Redefining CyberSecurity with Sean Martin 38:21
Guest: Allyn Stott , Senior Staff Engineer, meoward.co On LinkedIn | https://www.linkedin.com/in/whyallyn On Twitter | https://x.com/whyallyn ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program. Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable. In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times. Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly. The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals. For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model. In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives. ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources The Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Breaking the Password Barrier: An Expert Guide to Multi-Factor Authentication and the Rise of Passwordless Security | A Conversation with Theodore Heiman | Redefining CyberSecurity with Sean Martin 37:33
Guest: Theodore Heiman , CEO, CISO Guru On LinkedIn | https://www.linkedin.com/in/tedheiman On Twitter | https://x.com/tedrheiman ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Ted Heiman, CEO of the cybersecurity practice CISO Guru, in an insightful conversation about the complexities and evolving landscape of password management and multi-factor authentication (MFA). Sean Martin introduces the session by highlighting the challenges practitioners and leaders face in building security programs that enable organizations to achieve their objectives securely. The discussion quickly steers towards the main topic - the evolution of passwords, the role of password managers, and the critical implementation of MFA. Ted Heiman shares his extensive experience from over 25 years in the cybersecurity industry, observing that passwords are a relic from a time when networks were isolated and less complex. As organizations have grown and interconnected, the weaknesses of static passwords have become more apparent. Heiman notes a striking statistic: 75 to 80 percent of breaches occur due to compromised static passwords. The conversation examines the history of passwords, starting as simple, memorable phrases and evolving into complex strings with mandatory special characters, numbers, and capitalization. This complexity, while intended to increase security, often leads users to write down passwords or repeat them across multiple platforms, introducing significant security risks. Solutions like password managers arose to mitigate these issues, but as Heiman highlights, they tend to centralize risk, making a single point of failure an attractive target for attackers. The discussion shifts to MFA, which Heiman regards as a substantial improvement over static passwords. He illustrates the concept by comparing it to ATM use, which combines something you have (a bank card) and something you know (a PIN). Applying this to cybersecurity, MFA typically involves an additional step, such as an SMS code or biometric verification, significantly reducing the possibility of unauthorized access. Looking forward, both Heiman and Martin consider the promise of passwordless systems and continuous authentication. These technologies utilize a combination of biometrics and behavioral analysis to constantly verify user identity without the need for repetitive password entries. This approach aligns with the principles of zero-trust architecture, which assumes that no entity, inside or outside the organization, can be inherently trusted. Heiman stresses that transitioning to these advanced authentication methods should be a priority for organizations seeking to enhance their security posture. However, he acknowledges the challenges, especially concerning legacy systems and human behaviors, emphasizing the importance of a phased and managed risk approach. For listeners involved in cybersecurity, Heiman’s insights provide valuable guidance on navigating the intricate dynamics of password management and embracing more secure, advanced authentication mechanisms. ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 A Deep Dive into SquareX | A Short Brand Story from Black Hat USA 2024 | A SquareX Story with Chief Architect Jeswin Mathai | On Location Coverage with Sean Martin and Marco Ciappelli 22:45
Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event. Getting Ready for Black Hat 2024 The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat. Introducing Jeswin Mathai and SquareX Jeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat. The Birth of SquareX Sean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security. Addressing Security Gaps Jeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity. Innovative Security Solutions SquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience. A Scalable and Privacy-Safe Solution Marco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws. Real-World Use Cases To illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats. Looking Ahead to Black Hat and DEF CON The discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions. Conclusion In conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX. Learn more about SquareX: https://itspm.ag/sqrx-l91 Note: This story contains promotional content. Learn more . Guest: Jeswin Mathai , Chief Architect, SquareX [ @getsquarex ] On LinkedIn | https://www.linkedin.com/in/jeswinmathai/ Resources Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Is Defense Winning? | A Black Hat USA 2024 Conversation with Jason Healey | On Location Coverage with Sean Martin and Marco Ciappelli 25:17
Guest: Jason Healey , Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [ @Columbia ] On LinkedIn | https://www.linkedin.com/in/jasonhealey/ At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Opening Remarks: Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey. Meet the Expert: Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead. The Role of Defense in Cybersecurity: Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference. Shifting the Balance: Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes. Economic Costs and Broader Impacts: Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities. Community and Collaboration: Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session. Looking Forward: As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity. Conclusion: Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity. For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed! Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources Is Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663 Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 From Signatures to Behavior: RAD Security's Recognized Innovations for Cloud Threat Detection and Response | A Brand Story Conversation From Black Hat USA 2024 | A RAD Security Story with Brooke Motta 7:00
In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP). The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification. The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats. Key Points Discussed: Behavioral Detection vs. Signature-Based Methods: Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities. Enhanced Capabilities for Real-Time Response: The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation. Recognition and Impact: RAD Security’s innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position. Supply Chain Security: Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security’s verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability. Future of Cloud Security: As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats. RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection. For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation. Learn more about RAD Security: https://itspm.ag/radsec-l33tz Note: This story contains promotional content. Learn more . Guest: Brooke Motta , CEO & Co-Founder, RAD Security [ @RADSecurity_ ] On LinkedIn | https://www.linkedin.com/in/brookemotta/ On Twitter | https://x.com/brookelynz1 Resources A Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4bi Open Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kro Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Achieving Cybersecurity Velocity: The Role of Culture and Leadership for Operational Excellence | A Conversation with Kim Jones | Redefining CyberSecurity with Sean Martin 42:44
Guest: Kim Jones , Director, Intuit [ @Intuit ] On LinkedIn | https://www.linkedin.com/in/kimjones-cism/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk. Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively. One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment. Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals. Top Questions Addressed How can organizations achieve velocity in their cybersecurity operations? Why is cultural alignment important for achieving velocity? What role does effective leadership play in achieving cybersecurity velocity? ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Inspiring Resource: https://www.linkedin.com/posts/kimjones-cism_velocity-simplified-activity-7201763704848175104-sprZ/ Velocity, Simplified (Blog Post): https://www.security2cents.com/post/velocity-simplified ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli 24:56
Guest: Fred Heiding , Research Fellow, Harvard On LinkedIn | https://www.linkedin.com/in/fheiding/ On Twitter | https://twitter.com/fredheiding On Mastodon | https://mastodon.social/@fredheiding On Instagram | https://www.instagram.com/fheiding/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats. Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide. Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations. A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time. Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion. The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share. Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session): Fred Heiding | Research Fellow, Harvard Alex O'Neill | Independet Lachlan Price | Research Assistant, Harvard Eric Rosenbach | Senior Lecturer in Public Policy, Harvard ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ Resources A Multilateral Framework for Evaluating National Cybersecurity Strategies: https://www.blackhat.com/us-24/briefings/schedule/#a-multilateral-framework-for-evaluating-national-cybersecurity-strategies-40879 Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli 29:25
Guest: Steve Wylie , Vice President, Cybersecurity Market at Informa Tech [ @InformaTechHQ ] and General Manager at Black Hat [ @BlackHatEvents ] On LinkedIn | https://www.linkedin.com/in/swylie650/ On Twitter | https://twitter.com/swylie650 ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Vroom Vroom! The Black Hat Tradition with Sean and Marco It's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat. A Decade of ITSP Magazine and Black Ha t Marco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection. What to Expect at Black Hat USA 2024 Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions. Key Highlights Expanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events. More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets. Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience. Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences. Deep Dives and Panel Discussions Steve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year’s heavy election schedule and the growing influence of AI. Fireside Chat with Moxie Marlinspike Another unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape. Arsenal and the NOC: Fan Favorites Return Sean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection. Wrapping Up As Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Resources Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ The list of keynotes can be found on this page: https://www.blackhat.com/us-24/keynotes.html Direct links to keynotes: https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-from-the-office-of-the-ciso-smarter-faster-stronger-security-in-the-age-of-ai-42061 https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-understanding-and-reducing-supply-chain-and-software-vulnerability-risks-42104 https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-let-me-tell-you-a-story-technology-and-the--vs-41962 https://www.blackhat.com/us-24/briefings/schedule/index.html#solving-the-cyber-hard-problems-a-view-into-problem-solving-from-the-white-house-42239 ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Sevco Sets a New Standard for Vulnerability Risk Prioritization with the Launch of New Exposure Management Capabilities | 7 Minutes on ITSPmagazine | A Sevco Brand Story with J.J. Guy 7:00
Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco’s exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco’s asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't. Why does this matter: The systems that typically track and report CVEs, don’t report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform’s exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it’s observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what’s working and what’s not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place. How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization’s security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams. Learn more about Sevco: https://itspm.ag/sevco250d8e Note: This story contains promotional content. Learn more . Guest: J.J. Guy , CEO and Co-Founder, Sevco On LinkedIn | https://www.linkedin.com/in/jjguy/ On Twitter | https://x.com/jjguy?lang=en Resources State of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9bl Learn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevco View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Revolutionizing Data Privacy and Information Security Compliance: Latest Findings from the ‘State of Information Security’ Report | A ISMS.online Brand Story with Luke Dash 7:06
ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare. The main findings that it exposed are: 79% of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner. Over 99% of UK businesses received hefty fines for data breaches or violation of data protection rules over the last year Deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organisations. What does all of this mean? As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Listen in as Luke speaks to IT managers about the need to build robust and effective information security foundations, invest in securing their supply chains and increasing employee awareness and training. Learn more about ISMS.online: https://itspm.ag/ismsonline08ab81 Note: This story contains promotional content. Learn more . Guest: Luke Dash , CEO, ISMS.online On LinkedIn | https://www.linkedin.com/in/luke-dash-33867b25/ Resources The State of Information Security Report 2024: https://itspm.ag/ismsonlinef56b77 Learn more and catch more stories from ISMS.online: https://www.itspmagazine.com/directory/isms-online View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 2024 AppDome and OWASP Mobile Consumer Cyber Security Survey | A Brand Story Conversation From OWASP AppSec Global Lisbon 2024 | An AppDome Brand Story with Brian Reed and Chris Roeckl | On Location… 23:02
In the latest Brand Story episode, host Sean Martin chats with Brian Reed, Mobile Security Evangelist, and Chris Roeckl, Chief Product Officer at AppDome, during the OWASP Global AppSec event in Lisbon. The episode dives into pivotal aspects of mobile app security and consumer expectations. Brian Reed articulates how AppDome collaborates with OWASP to tackle mobile app security challenges. He underscores the significant role consumers play in these endeavors. According to AppDome's annual survey, consumer feedback is indispensable, revealing that a staggering 97% of consumers would abandon a brand after an insecure app experience, while 95% would advocate for a brand offering a secure experience. This highlights the stark consequences of neglecting mobile security. Chris Roeckl elaborates on how AppDome’s annual survey, spanning four years, has amassed data from over 120,000 consumers across 12 countries. This wealth of information provides a clear trend: consumers increasingly prioritize security, particularly in banking, e-wallet, healthcare, and retail apps. Interestingly, while social media is not at the forefront of security concerns, it is rapidly becoming a focus area as users grow more conscious of account security and privacy. The discussion brings to light how brands can effectively communicate their security protocols to consumers. Reed and Roeckl suggest transparency through dedicated web pages, direct email outreach, and in-app notifications. This communication helps build trust and reassures consumers that their security concerns are being addressed. The conversation also touches on the integration of security into the development lifecycle. Developers often face the challenge of ensuring robust security without compromising the user experience. Reed mentions the importance of making security processes seamless and non-invasive for developers. By leveraging machine learning and AI, AppDome aims to automate many security tasks, allowing developers to focus on creating innovative, user-friendly applications. Moreover, Roeckl points out that a holistic approach is essential. This means incorporating input from various teams within an organization - from product leaders focusing on user engagement to engineers ensuring crash-free applications and cybersecurity teams safeguarding data integrity. This collaborative effort ensures that the final product not only meets but exceeds consumer expectations. The insights shared in the episode are a call to action for businesses to prioritize mobile security. With six billion humans using mobile apps globally, the stakes are higher than ever. Brands must recognize the direct correlation between secure mobile experiences and customer loyalty. By investing in robust security measures and effectively communicating these efforts, businesses can foster a secure and trustworthy environment for their users. Listeners are encouraged to download the full AppDome report for a deeper understanding of consumer attitudes towards mobile app security. This empathetic report offers valuable insights that can help developers, product managers, and cybersecurity teams align their strategies with consumer expectations, ultimately leading to safer and more secure mobile applications. Learn more about Appdome: https://itspm.ag/appdome-neuv Note: This story contains promotional content. Learn more . Guests: Brian Reed , SVP AppSec & Mobile Defense, Appdome [ @appdome ] On LinkedIn | https://www.linkedin.com/in/briancreed/ Chris Roeckl , Chief Product Officer, Appdome [ @appdome ] On LinkedIn | https://www.linkedin.com/in/croeckl/ Resources Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 1 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin 46:25
Guest: Kush Sharma , Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario) On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/ ____________________________ Host: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode — Part 1 of 3 Parts — of the Redefining CyberSecurity Podcast on ITSPmagazine, host Sean Martin dives into a comprehensive discussion with Kush Sharma, a distinguished leader with vast experience across Accenture, Deloitte, the City of Toronto, and CP Rail. The conversation explores the intricacies of building a Chief Information Security Officer (CISO) office from the ground up, offering invaluable insights for current and aspiring CISOs. Kush Sharma emphasizes the multifaceted role of a CISO, particularly the distinct challenges faced when establishing a cybersecurity program in various organizational contexts—government, private sector, and consulting firms. He points out that in governmental environments, the focus is typically on how to benefit citizens or internal staff while operating under tight scrutiny and budget constraints. In contrast, consulting and private sectors prioritize efficiency, quick deployment, and direct benefits to the organization. A significant part of the discussion centers on enterprise risk management. Sharma highlights the importance of aligning cybersecurity initiatives with organizational objectives. From mergers and acquisitions (M&A) to digital transformations, CISOs must ensure that their strategies mitigate risk while supporting the broader business goals. Kush Sharma advises that during such major projects, security measures need to be integrated from the ground up, focusing on things like role-based access and the segmentation of business processes. Additionally, the challenges of engaging with governmental bodies are explored in depth. Sharma explains the extensive bureaucratic processes and the need for consensus-building, which often lead to significant delays. Understanding these processes allows for better navigation and more efficient outcomes. Sharma also brings out the importance of understanding and acting upon business processes when integrating cybersecurity measures. For instance, in large-scale ERP implementations, it is crucial to map out detailed roles and ensure that security provisions are applied consistently across all integrated systems. By focusing on the distinct roles within these processes, such as AP clerks or accounting managers, CISOs can develop more granular and effective security measures. The episode underscores that success in building a CISO office lies in strategic alignment, efficient resource allocation, and thorough understanding of both technical and business processes. For cybersecurity leaders, this conversation with Kush Sharma offers crucial guidance and real-world examples to help navigate their complex roles effectively. Be sure to listen to the episode for a deeper dive into these topics and more. And, stay tuned for Parts 2 and 3 for even more goodness from Sean and Kush. Top Questions Addressed What are the complexities of establishing a CISO office from scratch? How do the requirements and focus differ when establishing a cybersecurity program in governmental versus private sectors? What is the approach to managing enterprise risk during digital transformations and mergers & acquisitions (M&A)? ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Dodging the Ball and ways for CISOs to avoid Liability: Essential Strategies for CISOs | A Black Hat USA 2024 Conversation with Jess Nall | On Location Coverage with Sean Martin and Marco Ciappelli 21:53
Guest: Jess Nall , Partner, Defense Against Government Investigations, Baker McKenzie, LLP [ @bakermckenzie ] On LinkedIn | https://www.linkedin.com/in/jess-nall/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes As the countdown to Black Hat 2024 begins, ITSP Magazine’s “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today. The Dodgeball Analogy: Setting the Stage The conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges. Legacy Technology vs. Modern Cybersecurity Drawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today’s cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually. ITSP Magazine’s Milestone and Black Hat Connections This episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication’s mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration. Introducing Jess Nall: Expertise and Experience Jess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles. The Internet’s Troubled History and Its Impact Marco steers the conversation towards the Internet’s troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes. The Perfect Storm: AI and Cybersecurity The discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever. Regulation and Legislation: A Critical Examination Marco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively. Looking Ahead: Black Hat 2024 As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall’s presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles. Stay Tuned with ITSP Magazine Sean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 Britive: https://itspm.ag/britive-3fa6 AppDome: https://itspm.ag/appdome-neuv ____________________________ Resources Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Beyond Traditional Pen Testing for Continuous Risk Assessment | A Brand Story Conversation From RSA Conference 2024 | A Hadrian Story with Rogier Fischer | On Location Coverage with Sean Martin and… 26:34
In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing. Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities. One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments. Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation. In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker’s perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape. Top Questions Addressed What drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill? How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments? How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation? Learn more about Hadrian: https://itspm.ag/hadrian-5ei Note: This story contains promotional content. Learn more . Guest: Rogier Fischer , Co-Founder and CEO, Hadrian [ @hadriansecurity ] On LinkedIn | https://www.linkedin.com/in/rogierfischer/ Resources View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story…
R
Redefining CyberSecurity
1 Book | Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success | A Conversation with Authors Tyler Wall and Jarrett Rodrick | Redefining CyberSecurity with Sean Martin 30:27
Guests: Tyler Wall , CEO, Cyber NOW Education On LinkedIn | https://www.linkedin.com/in/tylerewall On YouTube | https://www.youtube.com/@cybernoweducation Jarrett Rodrick , Sr. Manager, Threat Management at Omnissa [ @WeAreOmnissa ] On LinkedIn | https://www.linkedin.com/in/jarrett-rodrick/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of Redefining CyberSecurity, host Sean Martin converses with Tyler Wall and Jarrett Rodrick, co-authors of "Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success." The discussion dives into the essential aspects of starting and advancing a career as a Security Operations Center (SOC) analyst, shedding light on the realities and opportunities within the cybersecurity landscape. Tyler Wall, a full-time cybersecurity professional and founder of CyberNow Education, highlights that entering the SOC analyst role doesn't necessarily require a college degree. Wall emphasizes the importance of certifications like Security+ and Network+, combined with real-world IT experience. The discussion points out that many successful SOC analysts have transitioned from desktop support roles or other IT positions, using these pathways to gain relevant experience and knowledge. Jarrett Rodrick, formerly a SOC lead at VMware and now overseeing multiple security teams at Omnissa, underscores that this field values practical skills and continuous learning. Rodrick's own journey from combat soldier to SOC manager exemplifies the diverse backgrounds from which professionals can emerge. He points out that, during the COVID-19 pandemic, the cybersecurity job market was robust, but now there is fiercer competition with many qualified candidates vying for roles. Wall and Rodrick discuss the structure of their book, which includes five real-world stories from various SOC analysts. These stories serve to inspire and provide practical insights into the everyday challenges and rewards of the role. The book also covers the technical and non-technical skills necessary for SOC analysts, such as curiosity, the ability to delve into rabbit holes of information, and a thorough understanding of cloud security. Networking and community involvement are vital for career growth, as highlighted by Wall. He advises aspiring SOC analysts to join groups like DEF CON, 2600, and online communities such as Black Hills Information Security to build connections and gain industry insights. Blogging about one's learning journey and challenges can also attract attention and establish a professional network. The conversation also touches upon the future of the SOC analyst role, particularly in light of advancements in automation. Rodrick notes that while automation will handle some of the more mundane tasks, it will never completely replace human analysts. These tools are designed to enhance efficiency and allow analysts to focus on more complex and strategic issues. Wall adds that having a background or education in cloud security is increasingly important as more companies migrate to cloud environments. In summary, the episode provides a comprehensive overview of the SOC analyst career path, highlighting the need for practical skills, continuous learning, and community engagement. Wall and Rodrick's insights and recommendations serve as a valuable guide for anyone looking to enter or advance in this critical cybersecurity role. Their book, "Jump-start Your SOC Analyst Career," is a testament to their commitment to supporting the next generation of SOC analysts and promoting a secure digital world. Key Questions Addressed How can one get started as a SOC analyst? What skills are necessary for a SOC analyst? How is automation impacting the SOC analyst role? About the Book The frontlines of cybersecurity operations include many unfilled jobs and exciting career opportunities.A transition to a security operations center (SOC) analyst position could be the start of a new path for you. Learn to actively analyze threats, protect your enterprise from harm, and kick-start your road to cybersecurity success with this one-of-a-kind book. Authors Tyler E. Wall and Jarrett W. Rodrick carefully and expertly share real-world insights and practical tips in Jump-start Your SOC Analyst Career. The lessons revealed equip you for interview preparation, tackling day one on the job, and setting long-term development goals.This book highlights personal stories from five SOC professionals at various career levels with keen advice that is immediately applicable to your own journey. The gems of knowledge shared in this book provide you with a notable advantage for entering this dynamic field of work. The recent surplus in demand for SOC analysts makes Jump-start Your SOC Analyst Career a must-have for aspiring tech professionals and long-time veterans alike. Recent industry developments such as using the cloud and security automation are broken down in concise,understandable ways, to name a few. The rapidly changing world of cybersecurity requires innovation and fresh eyes, and this book is your roadmap to success. ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success - 2nd Edition (Book): https://amzn.to/3MRUFbW ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc…
R
Redefining CyberSecurity
1 Punch Cards, Steam Engines, 48 Volt Batteries, Platform Engineering, and the AI Revolution: The Ongoing Evolution of Language-Based Software Development | An OWASP AppSec Global Lisbon 2024… 37:40
Guest: Oleg Shanyuk , Platform Security, Delivery Hero [ @deliveryherocom ] On LinkedIn | https://www.linkedin.com/in/oleg-shanyuk/ ____________________________ Hosts: Sean Martin , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining CyberSecurity Podcast [ @RedefiningCyber ] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this On Location episode, Sean Martin discusses the complexities of application security (AppSec) and the challenges surrounding the integration of artificial intelligence (AI) with Oleg Shanyuk at the OWASP Global AppSec Global conference in Lisbon. The conversation delves into various aspects of AppSec, DevSecOps, and the broader scope of securing both web and mobile applications, as well as the cloud and container environments that underpin them. One of the core topics Martin and Shanyuk explore is the pervasive influence of AI across different sectors. AI's application in coding, for instance, can significantly expedite the development process. However, as Sean Martin highlights, AI-generated code may lack the human intuition and contextual understanding crucial for error mitigation. This necessitates deeper and more intricate code reviews by human developers, reinforcing the symbiotic relationship between human expertise and AI efficiency. Shanyuk shares insightful anecdotes about the history and evolution of programming languages and how AI's rise is reminiscent of past technological shifts. He references the advancement from physical punch cards to assembly languages and human-readable code, drawing parallels to the current AI boom. Shanyuk stresses the importance of learning from past technological evolutions to better understand and leverage AI's full potential in modern development environments. The conversation also explores the practical applications of AI in fields beyond straightforward coding. Shanyuk discusses the evolution of automotive batteries from 12 volts to 48 volts, paralleling this shift with how AI can optimize various processes in different industries. This evolution demonstrates the potential of technology to drive efficiencies and reduce costs, emphasizing the need for ongoing innovation and adaptation. Martin further navigates the discussion towards platform engineering, contrasting its benefits of consistency and control with the precision and customization needed for specific tasks. The ongoing debate encapsulates the broader dialogue within the tech community about finding the right balance between standardization and flexibility. Shanyuk's perspective offers valuable insights into how industries can leverage AI and platform engineering principles to achieve both operational efficiency and specialized functionality. The episode concludes with forward-looking reflections on the future of AI-driven models and their potential to transcend the limitations of human language and traditional coding paradigms. The thoughtful dialogue between Martin and Shanyuk leaves listeners with a deeper appreciation of the challenges and opportunities within the realm of AI and AppSec, encouraging continued exploration and discourse in these rapidly evolving fields. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources Bret Victor: https://worrydream.com/ Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf…
R
Redefining CyberSecurity
1 Young Frankenstein (or is it Frankenstream or Frankenscheme?) and the AI Revolution | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 4:23
In the hilarious yet insightful tale, join the eccentric Dr. Frankenstream and his quirky assistant Igor, as they bring an AI system to life, only to face unexpected challenges and hilarious missteps. Discover how they, along with cybersecurity expert Inga, navigate the perils of modern technology, reminding us of the crucial balance between innovation and responsibility. ________ This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to " The Future of Cybersecurity " newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is the host of the Redefining CyberSecurity Podcast , part of the ITSPmagazine Podcast Network —which he co-founded with his good friend Marco Ciappelli —where you may just find some of these topics being discussed. Visit Sean on his personal website . TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine .…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
