ITSPmagazine | Technology. Cybersecurity. Society

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Josh Grossman, co-leader of the OWASP Application Security Verification Standard (ASVS) project, shares key updates and strategic thinking behind the release of ASVS version 5. This release, years in the making, reflects a renewed focus on making the standard more approachable, practical, and actionable for development teams and security leaders alike.ASVS is designed to provide a comprehensive and verifiable set of security requirements for building and maintaining secure applications. More than just a checklist, it offers a clear blueprint for what a secure application should look like—making it easier to benchmark progress, develop secure design requirements, and implement effective controls. Version 5 emphasizes accessibility, particularly by lowering the barrier to entry for organizations adopting Level 1 of the standard, reducing the threshold of required controls from nearly 50% to under 30%.One of the major shifts in this new version is the tighter focus on the application itself, moving away from system-level topics like backup policies that tend to fall outside the scope of app development teams. This makes the standard more relevant to software architects, developers, and QA engineers—providing requirements that fall within their sphere of influence, while still covering the full software lifecycle from design to deployment.Grossman explains how organizations can customize ASVS to include their internal controls and build out secure coding checklists, implementation guides, and requirements documents tailored to their environments. He also highlights how ASVS aligns with other OWASP projects, like the Cheat Sheet Series and SAMM, for both control-level guidance and organizational process development.For security leaders looking to improve their application security programs, ASVS v5 offers a foundation to build on—clear, community-driven, and extensible. And true to OWASP's spirit, the project is backed by a passionate community, from project co-leads like Grossman and Elar Lang to contributors around the world. As Grossman puts it, OWASP is about connection—people tackling similar challenges, working together to make software safer.If you're looking for a way to bring practical, standards-based security into your software lifecycle, this conversation is your starting point.GUEST: Josh Grossman | CTO of Bounce Security and co-leader of the OWASP Application Security Verification Standard (ASVS) project | https://www.linkedin.com/in/joshcgrossman/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESOWASP Application Security Verification Standard (ASVS): https://owasp.org/www-project-application-security-verification-standard/Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Jim Manico's passion for secure coding has always been rooted in deeply technical practices—methods that matter most to developers writing code day in and day out. At OWASP Global AppSec EU 2025 Conference in Barcelona, Manico brings that same precision and care to a broader conversation around the intersection of application security and artificial intelligence.While many are still just beginning to assess how AI impacts application development, Manico has been preparing for this moment for years. Two and a half years ago, he saw a shift—traditional low-level technical bugs were being mitigated effectively by mature organizations. The new challenge? Business logic flaws and access control issues that scanners can't easily detect. This change signaled a new direction, prompting him to dive into AI security long before it became fashionable.Now, Manico is delivering AI-flavored AppSec training, helping developers understand the risks of insecure code generated by large language models. His research shows that even the best AI coding tools—from Claude to Copilot—still generate insecure code out of the box. That's where his work becomes transformative: by developing detailed, framework-specific prompts grounded in decades of secure coding knowledge, he has trained these tools to write safer code, using React, Django, Vue, and more.Beyond teaching, he's building. With 200 volunteers, he's leading the creation of the Artificial Intelligence Security Verification Standard (AISVS), a new OWASP project inspired by the well-known Application Security Verification Standard (ASVS). Generated with both AI and human collaboration, the AISVS already has a v0.1 release and aims for a major update by summer.For Manico, this isn't just a technical evolution—it's a personal renaissance. His deep catalog of secure coding techniques, once used primarily for human education, is now fueling a new generation of AI-assisted development. And he's just getting started.This episode isn't just about where AppSec is going. It's a call to developers and security professionals to rethink how we teach, how we build, and how we can use AI to enhance—not endanger—the software we create.Learn more about Manicode: https://itspm.ag/manicode-security-7q8iNote: This story contains promotional content. Learn more.Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/ResourcesJim's OWASP Session: https://owasp2025globalappseceu.sched.com/event/1wfpM/leveraging-ai-for-secure-react-development-with-effective-prompt-engineeringDownload the Course Catalog: https://itspm.ag/manicode-x684Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-securityAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: jim manico, sean martin, appsec, ai, owasp, securecoding, developers, aisvs, training, react, brand story, brand marketing, marketing podcast, brand story podcast

The introduction of the Cyber Resilience Act (CRA) marks a major shift for the software industry: for the first time, manufacturers are being held accountable for the cybersecurity of their products. Olle E. Johansson, a long-time open source developer and contributor to the Asterisk PBX project, explains how this new regulation reshapes the role of software creators and introduces the need for transparency across the entire supply chain.In this episode, Johansson breaks down the complexity of today's software supply ecosystems—where manufacturers rely heavily on open source components, and end users struggle to identify vulnerabilities buried deep in third-party dependencies. With the CRA in place, the burden now falls on manufacturers to not only track but also report on the components in their products. That includes actively communicating which vulnerabilities affect users—and which do not.To make this manageable, Johansson introduces the Transparency Exchange API (TEA), a project rooted in the OWASP CycloneDX standard. What started as a simple Software Bill of Materials (SBOM) delivery mechanism has evolved into a broader platform for sharing vulnerability information, attestations, documentation, and even cryptographic data necessary for the post-quantum transition. Standardizing this API through Ecma International is a major step toward a scalable, automated supply chain security infrastructure.The episode also highlights the importance of automation and shared data formats in enabling companies to react quickly to threats like Log4j. Johansson notes that, historically, security teams spent countless hours manually assessing whether they were affected by a specific vulnerability. The Transparency Exchange API aims to change that by automating the entire feedback loop from developer to manufacturer to end user.Although still in beta, the project is gaining traction with organizations like the Apache Foundation integrating it into their release processes. Johansson emphasizes that community feedback is essential and invites listeners to engage through GitHub to help shape the project's future.For Johansson, OWASP stands for global knowledge and collaboration in application security. As Europe's regulatory influence grows, initiatives like this are essential to build a stronger, more accountable software ecosystem.GUEST: Olle E Johansson | Co-Founder, SBOM Europe | https://www.linkedin.com/in/ollejohansson/HOST:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESCycloneDX/transparency-exchange-api on GitHub: https://github.com/CycloneDX/transparency-exchange-apiVIDEO: The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | With Sarah Fluchs: https://youtu.be/c30eG5kzqnYLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

⬥GUESTS⬥Frida Torkelsen, PhD | AI Solution Architect at Newcode.ai | On LinkedIn: https://www.linkedin.com/in/frida-h-torkelsen/Maged Helmy, PhD | Assoc. Professor - AI at University of South-Eastern Norway and Founder & CEO of Newcode.ai | On LinkedIn: https://www.linkedin.com/in/magedhelmy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Agentic AI is rapidly moving from theoretical promise to practical implementation, and few sectors are feeling this shift as acutely as the legal industry. In this episode of Redefining CyberSecurity, Sean Martin is joined by Frida Torkelsen, a Solution Architect, and Maged Helmy, a professor of AI, to explore how law firms and in-house counsel are applying AI agents to reduce costs, improve efficiency, and unlock strategic capabilities—while navigating critical privacy and security concerns.Frida explains how large firms are seeking to extract value from their troves of historical legal data through bespoke AI agents designed to automate workflows and improve institutional knowledge sharing. Smaller firms, on the other hand, benefit by building narrow, purpose-driven agents that automate core functions and give them a tactical edge. This democratization of capability—fueled by faster iteration and reduced development cost—could be a strategic win for niche firms that are disciplined in their focus.Maged emphasizes the architectural shift AI agents introduce. Unlike static queries to large language models with fixed knowledge, agents access tools, data, and live systems to execute tasks dynamically. This expands the use case potential—but also the risk. Because agentic systems operate probabilistically, consistent outputs aren't guaranteed, and testing becomes more about evaluating outcomes across a range of inputs than expecting deterministic results.Security risk looms large. Maged shares how a single oversight in permissions allowed an agent to make system-wide changes that corrupted his environment. Frida cautions against over-permissive access, noting that agents tapping into shared calendars or HR databases must respect internal boundaries and compliance obligations. Both guests agree that human-in-the-loop validation is essential, especially in environments with strict data governance needs.Law firms must reassess both internal information architecture and team readiness before implementing agentic systems. Start with a clear understanding of the business problem, validate access scopes, and track outcomes for accuracy, speed, and cost. Legal tech teams are forming around these efforts, but success will depend on whether these roles stay grounded in solving specific legal problems—not chasing the latest AI trend.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Newsletter: The Law's Great Recalibration: Inside the Tech-Driven Puzzle of Legal Firm Transformation: https://www.linkedin.com/pulse/laws-great-recalibration-inside-tech-driven-puzzle-sean-martin-cissp-clnoe/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren't simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.This is where science meets practice. Kate's work isn't about generating abstract theories. It's about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.By inviting companies to participate in research and engage with universities, Kate's message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn't gated behind academic walls. It's open to any team curious enough to ask better questions—and brave enough to challenge assumptions.GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/HOSTS:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESKate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-scienceLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn't frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure.ThreatLocker's mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia's Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what's working and where they need help.Why Being There MattersDifferent regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it's conversations about Cyber Essentials that shape booth discussions. Regulations aren't just compliance checklists; they're also conversation starters that change how organizations prioritize security.The ThreatLocker team doesn't rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what's necessary, and blocking what isn't.Booth D90 and BeyondRob Allen invites anyone—whether they're new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It's not just about showcasing technology; it's about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.If you're at InfoSecurity Europe, stop by. If you're not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerCyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcastAustralia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interviLearn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25 ______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people's attention, though, wasn't the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker's controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.Zero Trust Is a Journey—But It Doesn't Have to Be ComplicatedOne key message Rob emphasizes is that true security doesn't come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they're all winter coats, you're not prepared for summer,” Sean Martin jokes, reinforcing Rob's point that layers should be distinct, not redundant.ThreatLocker's approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.From Technical Wins to Human ConnectionsThe conversation wraps with a reminder that cybersecurity isn't just about tools—it's about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974⸻Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

At RSAC 2025, the most urgent signals weren't necessarily the loudest. As ISACA board member and cybersecurity veteran Rob Clyde joins Sean Martin and Marco Ciappelli for a post-conference recap, it's clear that conversations about the future of the profession—and its people—mattered just as much as discussions on AI and cryptography.More Than a Job: Why Community MattersRob Clyde shares his long-standing involvement with ISACA and reflects on the powerful role that professional associations play in cybersecurity careers. It's not just about certifications—though Clyde notes that employers often value them more than degrees—it's also about community, mentorship, and mutual support. When asked how many people landed a job because of someone in their local ISACA chapter, half the room raised their hands. That kind of connection is difficult to overstate.Clyde urges cybersecurity professionals to look beyond their company roles and invest in something that gives back—whether through volunteering, speaking, or simply showing up. “It's your career,” he says. “Take back control.”Facing Burnout and Legal Risk Head-OnThe group also addresses a growing issue: burnout. ISACA's latest research shows 66% of cybersecurity professionals are feeling more burned out than last year. For CISOs in particular, that pressure is compounded by personal liability—as in the case of former SolarWinds CISO Tim Brown being sued by the SEC. Clyde warns that such actions have a chilling effect, discouraging internal risk discussions and openness.To counteract that, he emphasizes the need for continuous learning and peer support as a defense, not only against burnout, but also isolation and fear.The Silent Threat of QuantumWhile AI dominated RSAC's headlines, Clyde raises a quieter but equally pressing concern: quantum computing. ISACA chose to focus its latest poll on this topic, revealing a significant gap between awareness and action. Despite widespread recognition that a breakthrough could “break the internet,” only 5% of respondents are taking proactive steps. Clyde sees this as a wake-up call. “The algorithms exist. Q Day is coming. We just don't know when.”From mental health to quantum readiness, this conversation makes it clear: cybersecurity isn't just a technology issue—it's a people issue. Listen to the full episode to hear what else we're missing.Learn more about ISACA: https://itspm.ag/isaca-96808⸻Guest: Rob Clyde, Board Director, Chair, Past Chair of the Board Directors at ISACA | https://www.linkedin.com/in/robclyde/ResourcesLearn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isacaStay tuned for an upcoming ITSPmagazine Webinar with ISACA: https://www.itspmagazine.com/webinarsISACA Quantum Pulse Poll 2025 and related resources: https://www.isaca.org/quantum-pulse-pollISACA State of Cybersecurity 2024 survey report: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob clyde, rsac2025, burnout, quantum, cryptography, certification, isaca, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Guest:Guest: Jeremy LasmanWebsite: https://www.jeremylasman.comLinkedIn: https://www.linkedin.com/in/jeremylasman_____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society & Technology PodcastVisit Marco's website

The Out of Tune InstrumentsOn the bank of a stream, where a great many colorful little fish swam, lived a small family: mamma, babbo, and their seven children — four boys and three girls. Their house was a bit far from the town of Strumentopoli, but being close to the stream and next to the Great Forest made it a wonderful place to live.Mamma lovingly tended the vegetable garden. Babbo, on the other hand, was a woodworker who crafted musical instruments from the finest trunks, chosen among the sturdiest and most fragrant trees in the forest.The children went to school in the village. In winter, they reached it on skis, while in spring and autumn they rode in a cart pulled by two young deer — one white and one black, like the keys of a piano.Before they left, babbo counted them one by one to make sure no one was missing. Then, as he did every day, he reminded them:“Behave yourselves, don't skip school, and remember the tale of Pinocchio and his nose!”Those words always ended with a smile from everyone.Babbo would then return to his workshop. His instruments were well-made, using excellent materials, but there was one problem: they were out of tune. Still, as a good luthier, he didn't lose heart. His passion for music was so strong that teaching his children to play had become a joy. He even gave them special names: Chitarra, Violino, Oboe, Liuto, Arpa, Bongo, and Ukulele.Mamma didn't object. Of course, naming them after vegetables might have been funny, but their village friends probably would've made fun of them.The children did well in school, and when they came home, they helped mamma in the garden. One day, though, they mistook some nettle plants for lettuce — what a sting! They all ran straight to the stream and jumped in to soothe the burning.The little fish burst into laughter:“You're so silly! Ah ah ah!”Mamma helped them out of the water and, turning to the fish, said:“This evening, at sunset, there will be a concert in our courtyard. My children will perform with their instruments. You're all invited!”The fish replied enthusiastically:“Thanks for the invitation! We'll be there for sure — it's going to rain, and we love splashing! Splich, sploch, splach!”That evening turned out to be a real party. At the concert of slightly strange and delightfully quirky music, everyone had a blast: the musicians, the animals from the forest, and even the fish — who mamma cheerfully sprayed with water.After that joyful evening, life went back to its usual pace: school, garden, and even the forest. In fact, during their free time, the children often helped babbo choose and cut wood to build his instruments.The Great Forest had become familiar to them. So one day, while they were playing there and climbing trees, the kids spotted a group of gnomes huddled together, looking agitated. They quickly hid behind some bushes to observe and listen in on their conversation.The meeting, called in great haste, was to make a decision about an imminent danger. A powerful storm was on the way. They spoke of a hurricane wind that hadn't been seen or heard in a hundred years — or perhaps even longer — and it was heading for the forest.“We must stop it, by any means,” said the gnomes.So they decided to call on an old ally: the Great Warrior of the Mountain, armed with a sword and magical powers. He was the one who, in the past, had already defeated dragons and even extraterrestrials who had tried to conquer Earth.The seven children, alarmed by the news and determined to help in the battle, ran quickly back to the house — also to warn the villagers of the impending danger. Meanwhile, the wind drew closer. You could hear it from afar — wild and howling. As it passed, the trees bent until their tops brushed the ground. Some swayed, others snapped, and a few were completely uprooted.The people of Strumentopoli, who had begun to feel the wind blowing through the village streets and saw the Great Warrior descending the mountain, grew concerned — but they didn't panic. Everyone grabbed their instruments and rushed toward the house by the stream to help the family who lived there, and together try to save the Great Forest.At the same time, the colorful fish arrived — united and determined — along with the other animals of the woods and stream.“All together we can form a barrier and block the wind!” they shouted in unison.At that moment, the children of the family — still out of breath from running — stepped forward and said:“We have our babbo's instruments too. They're strange, a bit out of tune… but if we all play together, maybe we can stop the storm.” And with that, they rushed into the house and came back out in no time at all.The gnomes, fully aware of the instruments' flaws, cast a powerful musical spell. When the children began to play, something magical happened. For the first time, the music was melodious, harmonious, and full of feeling.One by one, all the people of Strumentopoli joined in. Each person, with their own instrument, contributed as if they were all part of one great orchestra.The hurricane wind — engaged in a fierce battle with the Great Warrior of the Mountain — heard the music from afar and immediately began to calm. Its howling softened, and by the time it reached the forest, it had become a cool mountain gust, and finally… a gentle valley breeze.The wind had become part of that marvelous orchestra — the battle was won thanks to everyone. Each had offered their own music and helped bring about the victory.“United we are strong,” they all said proudly.The babbo luthier continued building instruments with the finest wood the forest had to offer. They were so beautiful and sounded so good that people said they were the most melodic ever heard.The children — Chitarra, Violino, Oboe, Liuto, Arpa, Bongo, and Ukulele — joined the village band. At every festival, they played with great success, cheered on by applause and warm smiles. Even the gnomes and the Great Warrior listened to their music… from the forest and the mountain.The colorful fish swam and danced happily in the stream, and when someone passed by, they greeted them with joyful splashes.The family continued to live near the Great Forest, and on summer evenings, when everything finally grew quiet, they would lie along the stream and watch the stars above. Their hearts would tell stories… and the night would write the happy ending of every tale.

At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it's not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It's warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.OWASP is more than just another security organization. It's a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year's conference reflects that same inclusive energy. Whether you're a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.Beyond the BuzzwordsUnsurprisingly, AI will have a strong presence this year. But the conversations aren't limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.Diverse Tracks, Real ConversationsAttendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.A Truly Global CommunityWith participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you'll learn, but for who you'll meet.__________________________________Guest: Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Securityhttps://www.linkedin.com/in/avidouglen/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsManicode Security: https://itspm.ag/manicode-security-7q8i____________________________ResourcesLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support.The research behind this project, supported by the University and its partners, explores how different types of SMEs—micro, small, and medium-sized—struggle with limited time, budget, and expertise. Many rely on third-party service providers, but often don't have enough cybersecurity knowledge to evaluate what “good” looks like. It's not just a resource problem—it's a visibility and literacy problem.Furnell emphasizes the potential of automation to lift some of the burden, from automated updates to scheduled malware scans. But he also makes it clear that automated tools can't fully replace the need for human judgment, especially in scenarios like phishing or social engineering attacks. People still need cybersecurity literacy to recognize and resist threats.That's where the idea of communities of support comes in. Rather than each SME navigating cybersecurity alone, the goal is to create local or sector-based communities where businesses and cybersecurity practitioners can engage in open, non-commercial conversations. These communities would offer SMEs a space to ask questions, share challenges, and exchange practical advice—without pressure, cost, or fear of judgment.The initiative isn't about replacing regulation or mandating compliance. It's about raising the baseline first. Communities of support can serve as a step toward greater awareness and capability—something that's especially critical in a world where supply chains are interconnected, and security failures in one small link can ripple outward.The message is clear: cybersecurity isn't just a technical issue—it's a social one. And it starts by creating room for dialogue, connection, and shared responsibility. Want to know what this model could look like in your community? Tune in to find out.__________________________________Guest: Steven Furnell | Professor of Cyber Security at University of Nottinghamhttps://www.linkedin.com/in/stevenfurnell/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

The Future Is a Place We Visit, But Never StayMay 9, 2025A Post-RSAC 2025 Reflection on the Kinda Funny and Pretty Weird Ways Society, Technology, and Cybersecurity Intersect, Interact, and Often Simply Ignore Each Other.By Marco Ciappelli | Musing on Society and TechnologyHere we are — once again, back from RSAC. Back from the future. Or at least the version of the future that fits inside a conference badge, a branded tote bag, and a hotel bill that makes you wonder if your wallet just got hacked.San Francisco is still buzzing with innovation — or at least that's what the hundreds of self-driving cars swarming the city would have you believe. It's hard to feel like you're floating into a Jetsons-style future when your shuttle ride is bouncing through potholes that feel more 1984 than 2049.I have to admit, there's something oddly poetic about hosting a massive cybersecurity event in a city where most attendees would probably rather not be — and yet, here we are. Not for the scenery. Not for the affordability. But because, somehow, for a few intense days, this becomes the place where the future lives.And yes, it sometimes looks like a carnival. There are goats. There are puppies. There are LED-lit booths that could double as rave stages. Is this how cybersecurity sells the feeling of safety now? Warm fuzzies and swag you'll never use? I'm not sure.But again: here we are.There's a certain beauty in it. Even the ridiculous bits. Especially the ridiculous bits.Personally, I'm grateful for my press badge — it's not just a backstage pass; it's a magical talisman that wards off the pitch-slingers. The power of not having a budget is strong with this one.But let's set aside the Frankensteins in the expo hall for a moment.Because underneath the spectacle — behind the snacks, the popcorns, the scanners and the sales demos — there is something deeply valuable happening. Something that matters to me. Something that has kept me coming back, year after year, not for the products but for the people. Not for the tech, but for the stories.What RSAC Conference gives us — what all good conferences give us — is a window. A quick glimpse through the curtain at what might be.And sometimes, if you're lucky and paying attention, that glimpse stays with you long after the lights go down.We have quantum startups talking about cryptographic agility while schools are still banning phones. We have generative AI writing software — code that writes code — while lawmakers print bills that read like they were faxed in from 1992. We have cybersecurity vendors pitching zero trust to rooms full of people still clinging to the fantasy of perimeter defense — not just in networks, but in their thinking.We're trying to build the future on top of a mindset that refuses to update.That's the real threat. Not AI and quantum. Not ransomware. Not the next zero-day.It's the human operating system. It hasn't been patched in a while.And so I ask myself — what are these conferences for, really?Because yes, of course, they matter.Of course I believe in them — otherwise I wouldn't be there, recording stories, chasing conversations, sharing a couch and a mic with whoever is bold enough to speak not just about how we fix things, but why we should care at all.But I'm also starting to believe that unless we do something more — unless we act on what we learn, build on what we imagine, challenge what we assume — these gatherings will become time capsules. Beautiful, well-produced, highly caffeinated, blinking, noisy time capsules.We don't need more predictions. We need more decisions.One of the most compelling conversations I had wasn't about tech at all. It was about behavior. Human behavior.Dr. Jason Nurse reminded us that most people are not just confused by cybersecurity — they're afraid of it.They're tired.They're overwhelmed.And in their confusion, they become unpredictable. Vulnerable.Not because they don't care — but because we haven't built a system that makes it easy to care.That's a design flaw.Elsewhere, I heard the term “AI security debt.” That one stayed with me.Because it's not just technical debt anymore. It's existential.We are creating systems that evolve faster than our ability to understand them — and we're doing it with the same blind trust we used to install browser toolbars in the ‘90s.“Sure, it seems useful. Click accept.”We've never needed collective wisdom more than we do right now.And yet, most of what we build is designed for speed, not wisdom.So what do we do?We pause. We reflect. We resist the urge to just “move on” to the next conference, the next buzzword, the next promised fix.Because the real value of RSAC isn't in the badge or the swag or the keynotes.It's in the aftershock.It's in what we carry forward, what we refuse to forget, what we dare to question even when the conference is over, the blinking booths vanish, the future packs up early, and the lanyards go into the drawer of forgotten epiphanies — right next to the stress balls, the branded socks and the beautiful prize that you didn't win.We'll be in Barcelona soon. Then London. Then Vegas.We'll gather again. We'll talk again. But maybe — just maybe — we can start to shift the story.From visiting the future… To staying a while.Let's build something we don't want to walk away from. And now, ladies and gentlemen… the show is over.The lights dim, the music fades, and the future exits stage left...Until we meet again.—Marco ResourcesRead first newsletter about RSAC 2025 I wrote last week " Securing Our Future Without Leaving Half Our Minds in the Past" https://www.linkedin.com/pulse/securing-our-future-without-leaving-half-minds-past-marco-ciappelli-cry1c/

When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That's the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security.The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust this output? That mindset, he argues, is fundamental to building responsible systems, especially when models are generating code or influencing decisions at scale.Their conversation surfaces an emerging gap between automation and assurance. AI tools promise speed and performance, but that speed introduces risk if teams are too quick to assume accuracy or ignore validation. John and Alex discuss this trust gap and how the zero trust mindset—so common in network security—must now apply to AI models and agents, too.They share a key concern: technical debt is back, this time in the form of “AI security debt”—risk accumulating faster than most teams can keep up with. But it's not all gloom. They highlight real opportunities for security and development teams to reprioritize: moving away from chasing every CVE and toward higher-value work like architecture reviews and resiliency planning.The conversation then shifts to the foundation of true resilience. For Alex, resilience isn't about perfection—it's about recovery and response. He pushes for embedding threat modeling into unit testing, not just as an afterthought but as part of modern development. John emphasizes traceability and governance across the organization: ensuring the top understands what's at stake at the bottom, and vice versa.One message is clear: context matters. CVSS scores, AI outputs, scanner alerts—all of it must be interpreted through the lens of business impact. That's the art of security today.Ready to challenge your assumptions about secure AI and modern AppSec? This episode will make you question what you trust—and how you build.___________Guests: Alex Kreilein, Vice President of Product Security, Qualys | https://www.linkedin.com/in/alexkreilein/John Sapp Jr., Vice President, Information Security & CISO, Texas Mutual Insurance Company | https://www.linkedin.com/in/johnbsappjr/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesJP Morgan Chase Open Letter: An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliersLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this episode of On Location at RSAC Conference 2025, Phillip Miller—Chief Information Security Officer and founder of Corporal—offers a candid and practical look at the current realities of cybersecurity leadership, innovation ecosystems, and the business-first mindset required to drive effective security outcomes.With a unique background that blends enterprise cybersecurity leadership and hands-on work on his Virginia farm, Miller brings a grounded perspective to the CISO role. Over the past 18 months, he stepped away from a traditional enterprise seat to work directly with startups through his company, advising them on how to align their offerings with the real needs of security teams. His return to a full-time CISO position follows that immersive experience, giving him a renewed sense of what enterprise security leaders are missing when they close themselves off from emerging technology vendors.Shifting the Buying ConversationOne of Miller's strongest messages is that buying decisions should start with the security team—not just the CISO. Too often, tools are purchased at the top and handed down without enough input from those who will actually use them. Miller stresses that founders who are selling into the enterprise need to solve real problems with real people—and CISOs should invite that dialogue rather than block it.He also encourages CISOs to think beyond the big names. While legacy providers are often the default, marketplace ecosystems (like AWS or GCP) and accelerator programs (such as those run by CrowdStrike) offer curated, credible entry points to newer solutions. These platforms can streamline the validation process while introducing fresh capabilities that legacy tools may lack.Lead With the Business, Not the TechFor Miller, the CISO's most valuable contribution is helping business leaders understand their own risks—especially the ones they don't associate with cybersecurity. By starting with “What are your biggest non-cyber risks?” Miller helps organizations connect the dots between core operations and digital exposure.Whether working in manufacturing, retail, or financial services, his approach remains consistent: understand how the business creates value, then align security programs and tooling accordingly. The tech, he reminds us, comes second.Catch the full conversation to hear more on third-party risk, building high-functioning teams, and why peer conversations at conferences like RSAC are essential to the health of the cybersecurity community.___________Guest: Phillip Miller, CISO and founder of Qurple | https://www.linkedin.com/in/pemiller/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Fred Wilmot, CEO and co-founder of Detecteam, and Sebastien Tricaud, CTO and co-founder, bring a candid and critical take on cybersecurity's detection and response problem. Drawing on their collective experience—from roles at Splunk, Devo, and time spent in defense and offensive operations—they raise a core question: does any of the content, detections, or tooling security teams deploy actually work?The Detecteam founders challenge the industry's obsession with metrics like mean time to detect or respond, pointing out that these often measure operational efficiency—not true risk readiness. Instead, they propose a shift in thinking: stop optimizing broken processes and start creating better ones.At the heart of their work is a new approach to detection engineering—one that continuously generates and validates detections based on actual behavior, environmental context, and adversary tactics. It's about moving away from one-size-fits-all IOCs toward purpose-built, context-aware detections that evolve as threats do.Sebastien highlights the absurdity of relying on static, signature-based detection in a world of dynamic threats. Adversaries constantly change tactics, yet detection rules often sit unchanged for months. The platform they've built breaks detection down into a testable, iterative process—closing the gap between intel, engineering, and operations. Teams no longer need to rely on hope or external content packs—they can build, test, and validate detections in minutes.Fred explains the benefit in terms any CISO can understand: this isn't just detection—it's readiness. If a team can build a working detection in under 15 minutes, they beat the average breakout time of many attackers. That's a tangible advantage, especially when operating with limited personnel.This conversation isn't about a silver bullet or more noise—it's about clarity. What's working? What's not? And how do you know? For organizations seeking real impact in their security operations—not just activity—this episode explores a path forward that's faster, smarter, and grounded in reality.Learn more about Detecteam: https://itspm.ag/detecteam-21686Note: This story contains promotional content. Learn more.Guests: Fred Wilmot, Co-Founder & CEO, Detecteam | https://www.linkedin.com/in/fredwilmot/Sebastien Tricaud, Co-Founder & CTO, Detecteam | https://www.linkedin.com/in/tricaud/ResourcesLearn more and catch more stories from Detecteam: https://www.itspmagazine.com/directory/detecteamWebinar: Rethink, Don't Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam | https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, fred wilmot, sebastien tricaud, detecteam, detection, cybersecurity, behavior, automation, red team, blue team, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this episode, Subo Guha, Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber's mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform's modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber's strong commitment to ecosystem support and customer-centric growth.Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It's a clear statement: powerful security doesn't need to be out of reach for smaller teams or companies.This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don't just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.At the heart of the platform's effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it's SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.Perhaps most compelling is ManageEngine's global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?Learn more about ManageEngine: https://itspm.ag/manageen-631623Note: This story contains promotional content. Learn more.Guest: Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/ResourcesLearn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengineLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this episode, Sean Martin speaks with Richard Seiersen, Chief Risk Technology Officer at Qualys, about a new way to think about cybersecurity—one that puts value and business resilience at the center, not just threats.Richard shares the thinking behind Qualys' Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.From Security Operations to Risk OperationsWhile a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.A CISO's Role in the Business of RiskRichard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?Learn more about Qualys: https://itspm.ag/qualys-908446Note: This story contains promotional content. Learn more.Guest: Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/ResourcesLearn more and catch more stories from Qualys: https://www.itspmagazine.com/directory/qualysLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, richard seiersen, risk, cybersecurity, data, resilience, telemetry, automation, ciso, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this on-location conversation recorded during RSAC 2025, attorney, investor, and strategic advisor Yair Geva shares a global perspective shaped by years of legal counsel, venture investing, and deal-making across Israel, Europe, and the U.S. Geva offers unique insight into how cybersecurity, AI, and M&A are not only intersecting—but actively reshaping—the tech ecosystem.More than just a legal expert, Geva advises early-stage founders and institutional investors across markets, helping them navigate cultural, legal, and strategic gaps. With over 50 personal investments and a strong focus on cybersecurity in recent institutional activity, his perspective reflects where real momentum is building—and how smart capital is being deployed.AI Acceleration and M&A HesitationAccording to Geva, the accelerating capabilities of AI have created a strange paradox: in some sectors, VCs are hesitant to invest because the pace of change undermines long-term confidence. Yet in cybersecurity, AI is acting as a catalyst, not a caution. Cyber-AI combinations are among the few domains where deals are still moving quickly. He points to recent acquisitions—such as Palo Alto Networks' move on Protect AI—as a sign that strategic consolidation is alive and well, even if overall deal volume remains lighter than expected.Cyber Due Diligence Is Now Table StakesAcross all industries, cybersecurity evaluations have become a non-negotiable part of M&A. Whether acquiring a fashion brand or a software firm, buyers now expect a clear security posture, detailed risk management plans, and full disclosure of any prior breaches. Geva notes that incident response experience, when managed professionally, can actually serve as a confidence builder in the eyes of strategic buyers.From Global Hubs to Human ConnectionsWhile San Francisco remains a major force, Geva sees increasing momentum in New York, London, and Tel Aviv. Yet across all markets, he emphasizes that human relationships—trust, cultural understanding, and cross-border collaboration—ultimately drive deal success more than any legal document or term sheet.With a front-row seat to innovation and a hand in building the bridges that power global tech growth, Yair Geva is helping define the next chapter of cybersecurity, AI, and strategic investment.Listen to the full conversation to hear what's shaping the deals behind tomorrow's cybersecurity innovations.Note: This story contains promotional content. Learn more.Guest: Yair Geva, Attorney and Investor | https://www.linkedin.com/in/yairgeva/ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, yair geva, cybersecurity, investment, ai, m&a, venture, resilience, innovation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can't control what you can't see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.The Zero Trust Mindset: Assume Breach, Limit AccessRob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It's not about waiting to detect bad behavior—it's about blocking the behavior before it starts.The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker's automation is designed to lower that barrier and get organizations to meaningful control faster.Modern Threats, Simplified DefensesAs AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don't require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it's created. Whether it's PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you're ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Quantum computing and AI are no longer theoretical concepts for tomorrow—they're shaping how organizations must secure their infrastructure today. In this episode of the podcast, Marc Manzano, General Manager of Cybersecurity at SandboxAQ, joins the conversation to share how his team is helping organizations confront some of the most urgent and complex cybersecurity shifts of our time.SandboxAQ, a company spun out of Alphabet, operates at the intersection of quantum technology and artificial intelligence. Manzano highlights two immediate challenges that demand new approaches: the looming need for quantum-resistant cryptography and the unchecked proliferation of AI agents across enterprise systems.Post-Quantum Migration and Cryptographic AgilityManzano describes an industry-wide need for massive cryptographic migration in response to the quantum threat. But rather than treating it as a one-time fix, SandboxAQ promotes cryptographic agility—a framework that enables organizations to dynamically and automatically rotate credentials, replace algorithms, and manage certificates in real-time. Their approach replaces decades of static key management practices with a modern, policy-driven control plane. It's not just about surviving the post-quantum era—it's about staying ready for whatever comes next.Taming the Complexity of AI Agents and Non-Human IdentitiesThe second challenge is the surge of non-human identities—AI agents, machine workloads, and ephemeral cloud infrastructure. SandboxAQ's platform provides continuous visibility and control over what software is running, who or what it communicates with, and whether it adheres to security policies. This approach helps teams move beyond manual, one-off audits to real-time monitoring, dramatically improving how organizations manage software supply chain risks.Real Use Cases with Measurable ImpactManzano shares practical examples of how SandboxAQ's technology is being used in complex environments like large banks—where decades of M&A activity have created fragmented infrastructure. Their platform unifies cryptographic and identity management through a single pane of glass, helping security teams act faster with less friction. Another use case? Reducing vendor risk assessment from months to minutes, allowing security teams to assess software posture quickly and continuously.Whether it's quantum cryptography, AI risk, or identity control—this isn't a vision for 2030. It's a call to action for today.Learn more about SandboxAQ: https://itspm.ag/sandboxaq-j2enNote: This story contains promotional content. Learn more.Guest: Marc Manzano, General Manager of Cybersecurity at SandboxAQ | https://www.linkedin.com/in/marcmanzano/ResourcesLearn more and catch more stories from SandboxAQ: https://www.itspmagazine.com/directory/sandboxaqLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:marc manzano, marco ciappelli, sean martin, cryptography, quantum, ai, cybersecurity, nonhuman, keymanagement, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In today's threat environment, it's not enough to back up your data—you have to be able to trust that those backups will be there when you need them. That's the message from Sterling Wilson, Field CTO at Object First, during his conversation at RSAC Conference 2025.Object First is purpose-built for Veeam environments, offering out-of-the-box immutability (OOTBI) with a hardened, on-premises appliance. The goal is simple but critical: make backup security both powerful and practical. With backup credentials often doubling as access credentials for storage infrastructure, organizations expose themselves to unnecessary risk. Object First separates those duties by design, reducing the attack surface and protecting data even when attackers have admin credentials in hand.Immutability as a Foundation—Not a FeatureThe conversation highlights data from a recent ESG study showing that 81% of respondents recognize immutable object storage as the most secure way to protect backup data. True immutability means data cannot be modified or deleted until a set retention period expires—an essential safeguard when facing ransomware or insider threats. But Sterling emphasizes that immutability alone isn't enough. Backup policies, storage access, and data workflows must be segmented and secured.Zero Trust for Backup InfrastructureZero trust principles—verify explicitly, assume breach, enforce least privilege—have gained ground across networks and applications. But few organizations extend those principles into the backup layer. Object First applies zero trust directly to backup infrastructure through what they call zero trust data resilience. That includes verifying credentials at every step and ensuring backup jobs can't alter storage configurations.A Real-World Test: Marysville School DistrictWhen Marysville School District suffered a ransomware attack, nearly every system was compromised—except the Object First appliance. The attacker had administrative credentials, but couldn't access or encrypt the immutable backups. Thanks to the secure design and separation of permissions, recovery was possible—demonstrating that trust in your backups can't be assumed; it must be enforced by design.Meeting Customers Where They AreTo support both partners and end customers, Object First now offers OOTBI through a consumption-based model. Whether organizations are managing remote offices or scaling their environments quickly, the new model provides flexibility without compromising security or simplicity.Learn more about Object First: https://itspm.ag/object-first-2gjlNote: This story contains promotional content. Learn more.Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/ResourcesLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, sterling wilson, ransomware, immutability, backups, cybersecurity, zero trust, data protection, veeam, recovery, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this RSAC 2025 episode, Sean Martin sits down with Steve Schlarman, Senior Director of Product Management at Archer Integrated Risk Management, to explore how organizations are rethinking compliance and risk—not just as a box to check, but as a business enabler.At the center of the conversation is Archer Evolve, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company's post-RSA independence, Evolve aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.One standout capability comes from Archer's integration of Compliance.ai, a regulatory tech firm the company acquired to accelerate its transformation. By applying AI tuned specifically for the language of compliance, Archer can now help customers reduce review time per regulatory obligation from 100 hours to just a few. That's more than a productivity gain—it's a structural shift in how companies adapt to nonstop regulatory change.Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.This episode isn't just about software or frameworks. It's about what happens when governance becomes a driver of value, not just a reaction to fear.Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.Learn more about Archer Integrated Risk Management: https://itspm.ag/rsaarchwebNote: This story contains promotional content. Learn more.Guest: Steve Schlarman, Senior Director, Product Management, Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

At RSAC Conference 2025, Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, joined ITSPmagazine to share critical insights into the dual role AI is playing in cybersecurity today—and what Akamai is doing about it.Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it's also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.The API and Web Application Threat SurgeReferencing Akamai's latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they're exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren't actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.Introducing Akamai's Firewall for AIAkamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.Enabling Security LeadershipChokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai's goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.Learn more about Akamai: https://itspm.ag/akamailbwcNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

What a magnificent full moon!Late April.The San Fernando Valley shimmered gently.Tiny lights flickered softly,like electric fireflies in summer dreams.In a small garden,beneath an old wise lemon tree,something special was about to happen.Because lemon trees, you know,hide delicate secrets;magical whispers, patiently guardedamong their fruits, flowers and branches.Up high, safe and sound,Mr and Mrs Hummingbird waited.Little hearts vibrating with hope.They watched carefully,as small eggs cracked, whispered and hatchedunder California's warm sky.Jack and Sally arrived.At first with their eyes closed,resting peacefully in the warmth of their mother.Days passed gently.Soon their eyes opened andfeathers grew, stretching softly.From their nest they gazed with wonderat the lively world of the garden:birds singing, flowers murmuring,bees buzzing tirelesslyand squirrels chasing each other merrily,leaping from tree to treeas if they'd had a little too much coffee;far too much, in fact!“Calm down a bit,” exclaimed Sally bravely from the nest.“We're still learning how to be hummingbirds!”The garden fell silent for a moment,smiled quietly,and kindly replied,“Welcome, Jack! Welcome, Sally! Welcome to the Valley!”Days turned into weeks. Sally stretched her wings,tiny feathers growing stronger by the hour,training and preparingto reach the sky of her dreams.At last, the big day came.“Watch me, Jack!” sang Sally joyfully,and with a brave flutter, she left the nest.She flew—slowly at first, then faster;twirling, laughing, gliding above the flowers and below the branches,while the whole garden cheered and clapped.Jack watched from the nest, silent.His left wing, carefully folded, was still unsure.The garden held its breath, happy for Sally,but gently concerned for Jack.“Your moment will come too, dear,” whispered Mrs Hummingbird softly,kissing Jack on the forehead. “Believe in it.”That very night, as stars filled the sky,Jack stared at the little Glass Hot-Air Balloon that,hanging from a branch of the lemon tree,swayed gently in the evening breeze.An ornament, a sunset trapped,gently lit from within by dancing flames that, perhaps, were fake,but only if you didn't believe in magic.Jack believed.He balanced carefully, hopping softly,bravely, from branch to branch,towards the glowing balloon that kept on dancing in the windas if it were flying through the sky.Without hesitation, he jumped into the tiny basket.Suddenly, sparks shimmered. Whirls danced.Magic awakened beneath his feathers,as the Glass Hot-Air Balloon rose,lifting slowly into the evening air.“Jack!” exclaimed Sally, eyes full of wonder.She flew right up next to him, laughing.Together they soared, joyfully twirling,while the garden clapped louder than ever.Even Mr and Mrs Hummingbird blinked in astonishment,smiling proudly at their brave children.“You know,” said an old owl,smiling wisely from a nearby branch,“if you follow the sunset, through the canyon,you'll reach the Great Blue Ocean.”Jack's heart fluttered with courage.“Come with me, Sally!” he said, eyes shining.And Sally didn't hesitate.She joined Jack on the hot-air balloonand together they flew higher and farther,beyond the valley, over winding canyons,towards golden rays blending with endless blue.The ocean appeared—glittering, infinite;the waves whispering gentle secretslit softly by what was left of the sunset.Below, the Malibu pier glowed warm and welcoming,caressed by the Pacific Ocean and the breeze.The whole bay greeted the brave adventurers.Jack breathed deeply, heart full.He had found his way to fly, to soar in the sky;not by trying to be like the others,but by embracing who he truly was.Because it's not our limits that define us,but our courage to dream,our will to believe,and the magic we carry within.Because nothing,absolutely nothing,can stop those who dare to dream.- Written by Marco Ciappelli

RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We're working on it.” That exchange captured the spirit of the entire event — security is not a destination, it's an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward. ___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent and Director of Science and Research at CybSafe, joins ITSPmagazine at RSAC 2025 to discuss how people's attitudes shape their cybersecurity behaviors—at home, at work, and everywhere in between.Drawing from a global survey of over 7,000 individuals, Dr. Nurse presents data that reveals a fundamental challenge: while many individuals recognize the importance of cybersecurity, a significant number also find it intimidating and frustrating. Nearly 43% of participants shared that they feel overwhelmed by security measures, highlighting a persistent disconnect between the intent of security protocols and the lived experience of users.This disconnect manifests in inconsistent behaviors. At home, people may take extra precautions to protect their personal lives and families. At work, however, there's a tendency to outsource responsibility to the employer. This duality—heightened vigilance in personal spaces and relaxed caution in professional environments—creates vulnerabilities in a world where attackers don't care where the device or user happens to be.The conversation emphasizes the need to rethink how we approach cybersecurity education, awareness, and design. Dr. Nurse advocates for a “usable security” model—systems that protect users without demanding overly technical knowledge or creating friction. He uses the example of biometrics and seamless phone authentication to show how good design can improve both security and user satisfaction.To illustrate the connection between knowledge, attitude, and behavior, Dr. Nurse brings humor into the mix with a memorable analogy involving Kit Kats. Just as knowing something is delicious can shape our cravings and actions, understanding security in relatable terms can lead to more proactive behaviors.The episode wraps with a candid reflection on trust and novelty in the face of emerging AI systems—like self-driving cars. Dr. Nurse questions whether people truly trust new technologies or if they're simply seduced by convenience and innovation.This is a conversation about what it really takes to build a security-conscious society—one that understands people as much as it understands threats.Listen to the full episode to hear how mindset, usability, and cultural attitudes are reshaping the human side of cybersecurity.___________Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________Resources Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

The cybersecurity workforce shortage isn't a new problem—but according to Jamie Norton, Board Director at ISACA, it's one that's getting worse. In this on-location conversation during RSAC Conference 2025, Norton shares how ISACA is not only acknowledging this persistent gap but actively building pathways to close it, especially for early-career professionals.While many know ISACA for its certifications and events, Norton emphasizes that the organization's mission goes much deeper—supporting digital trust through education, community, and career development. One key area of focus: helping individuals navigate every phase of their professional journey, from new graduates to seasoned leaders. That includes new offerings like the Certified Cyber Operations Analyst (CCOA) credential, designed specifically to meet the growing demand for technical, hands-on skills in security operations roles.What's driving this shift? Norton points to employer demand for candidates who can walk into SOC and technical analyst roles with practical experience. The CCOA was created based on feedback from ISACA's 185,000+ global members and a wide network of hiring organizations, all highlighting the same pain point: early-stage roles are difficult to fill, not because people aren't interested, but because too many can't prove their skills in ways hiring managers understand.ISACA's response is both strategic and community-driven. Certification development is rooted in large-scale data analysis and enhanced by input from members around the world, ensuring each program reflects real-world needs. At the same time, ISACA recognizes that certifications alone don't create confidence. Community and mentorship matter—especially for those struggling with imposter syndrome or breaking into the field from non-traditional backgrounds.Looking ahead, ISACA is investing in career journey tools, AI-focused certifications, and guidance for post-quantum readiness—all while continuing to support members through local chapters and global programs.For those hiring, job-seeking, or guiding others into the field, this episode offers a grounded, forward-looking view into how one organization is equipping the cybersecurity workforce for the work that matters now—and what's coming next.Learn more about ISACA: https://itspm.ag/isaca-96808Note: This story contains promotional content. Learn more.Guest: Jamie Norton, Director Board of Directors, ISACA | https://www.linkedin.com/in/jamienorton/ResourcesLearn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isacaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:jamie norton, sean martin, marco ciappelli, cybersecurity, certifications, workforce, skills, governance, community, careers, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

When it comes to cybersecurity, corporate executives are often the most targeted individuals—but their greatest vulnerabilities may lie beyond the office walls. In this episode recorded live at RSAC Conference 2025, Dr. Chris Pierson, Founder and CEO of BlackCloak, joins hosts Sean Martin and Marco Ciappelli to unpack why digital executive protection is now a business necessity, not a luxury.Dr. Pierson—a former two-time CISO, DHS cybersecurity advisor, and chief privacy officer—explains how BlackCloak addresses a long-ignored problem: the personal digital exposure of high-profile individuals and their families. From compromised home networks and identity theft to impersonation scams powered by deepfake technology, today's cyber threats easily bypass corporate defenses by exploiting softer targets at home.Digital Protection That Mirrors Physical SecurityJust as companies rely on third-party providers for health insurance or physical executive protection, Dr. Pierson advocates for a dedicated, privacy-conscious solution for securing personal digital lives. BlackCloak functions as a concierge-style service, guiding individuals through essential steps like securing high-risk accounts, managing privacy settings, shrinking their attack surface, and implementing a modern, multifactor verification system to prevent impersonation attacks.A Framework for ActionAt RSAC, Dr. Pierson unveiled BlackCloak's Digital Executive Protection Framework—a practical tool that includes 14 tenets and over 100 specific actions to assess and improve personal digital security maturity. The goal: help organizations prioritize what matters most. Instead of trying to secure every account or device equally, the framework focuses attention on high-value targets like banking credentials, communication platforms, and personal data exposed via data brokers.From Deepfakes to Real-World ConsequencesPierson also highlights the alarming growth of AI-powered impersonation attacks. With 42% of surveyed CISOs reporting executive-targeted deepfake incidents, and financial losses climbing, companies must think differently. It's not just about technology—it's about trust, relationships, and verification at every level of communication.This episode sheds light on how executive protection is evolving—and why your organization should consider extending its security strategy beyond the boardroom. To see how BlackCloak is redefining protection for the C-suite and their families, listen to the full episode.Learn more about BlackCloak: https://itspm.ag/itspbcwebNote: This story contains promotional content. Learn more.Guest: Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/ ResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, chris pierson, cybersecurity, privacy, deepfakes, identity, executives, framework, protection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

At RSAC Conference 2025 in San Francisco, the message is clear: cybersecurity must be a shared endeavor—across nations, disciplines, and sectors. In this episode, Marco Ciappelli and Sean Martin welcome two distinguished voices from Italy who are helping shape this collective path forward: Luigi Martino, Director of the Center for Cybersecurity and International Relations Studies at the University of Florence, and Luca Tagliaretti, Executive Director of the European Cybersecurity Competence Centre (ECCC).Cybersecurity as a Multinational, Multidimensional EffortLuigi Martino, who also holds roles at the University of Bologna and Khalifa University in Abu Dhabi, underscores the growing global awareness that cybersecurity is no longer a niche concern—it's embedded in everything, from space to artificial intelligence. He emphasizes that cyber cannot be treated in isolation and must be considered alongside advancements in quantum technologies, AI, and the systems that govern our modern society.For Luca Tagliaretti, leading the EU's newly autonomous cybersecurity body, this interconnected view plays out through policy and community-building. The ECCC's role spans everything from shaping long-term cybersecurity strategies across Europe to investing in innovation and skilling up the current workforce. He describes this as a community-first mission—building cohesion not just across EU member states, but eventually through global alignment.Regulation: Guardrail or Roadblock?A major theme discussed is the role of regulation in fostering or hindering innovation. Both guests agree that thoughtful regulation—especially in AI—is not the enemy of progress. Rather, it can be a mechanism for building trust, ensuring ethical use, and creating market conditions where all players, not just the biggest, can thrive. Bureaucracy, not regulation itself, is called out as the more significant challenge—particularly when public institutions aren't equipped to implement modern governance.What They're Taking Home from RSACAsked what they'll bring back from the conference, Luca points to the “sense of unity”—the opportunity to build on shared knowledge and collaborate across borders. Luigi highlights the spirit of open innovation and trust that defines the RSAC community: a willingness to share, experiment, and move forward together.Both perspectives offer a powerful reminder—cybersecurity isn't just about defending systems, it's about building connections.___________Guest:s Luigi Martino, Principal Research Scientist at Khalifa University and Head at the Center for Cyber Security and International Relations Studies | https://www.linkedin.com/in/luigi-martino-07515364/Luca Tagliaretti, Executive Director at ECCC | https://www.linkedin.com/in/luca-tagliaretti-564a703/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSmarco ciappelli, sean martin, luigi martino, luca tagliaretti, rsac 2025, cybersecurity, regulation, ai, quantum, collaboration, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.Cyber Resilience, Not Just StorageAccording to Herzog, today's enterprise buyers—especially those in the Global Fortune 2000—aren't just asking how to store data. They're asking how to protect it when things go wrong. That's why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.Built-In Defense and Blazing-Fast RecoveryThe integration isn't cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.Real-World Scenarios, Real Business OutcomesHerzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.Simplified Operations, Smarter SecurityThe message is clear: storage can't be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.Learn more about Infinidat: https://itspm.ag/infini3o5dNote: This story contains promotional content. Learn more.Guest: Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/ResourcesLearn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidatLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what's in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.SBOMs Are Not Optional AnymoreSoftware Bills of Materials (SBOMs) have long been a recommended best practice, but they're now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you're not going to give me an SBOM, I'm not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.Bringing AI into the SBOM FoldBut what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.A Tool for the Community, Built by the CommunityIn an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community's response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.Why Security Leaders Should Pay AttentionThe real value of an SBOM—whether for software or AI—is not just external compliance. It's about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it's a strategic necessity.Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.___________Guests: Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJeaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________KEYWORDShelen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

At RSAC Conference 2025, Sean Martin catches up with Brian Dye, CEO of Corelight, to explore a recurring truth in cybersecurity: attackers adapt, and defenders must follow suit. In this episode, Dye lays out why traditional perimeter defenses and endpoint controls alone are no longer sufficient—and why it's time for security teams to look back toward the network for answers.Beyond the Perimeter: Visibility as a Force MultiplierAccording to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They're bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What's left exposed is the network itself—and that's where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there's no real damage.Three Layers of Network InsightDye outlines a layered approach to detection:1. Baseline Network Activity – High-fidelity summaries of what's happening.2. Raw Detections – Behavioral rules, signatures, and machine learning.3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.The Metrics That MatterDye points to three critical success metrics for teams:• Visibility coverage over time.• MITRE ATT&CK coverage, especially around lateral movement.• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.Learn more about Corelight: https://itspm.ag/coreligh-954270Note: This story contains promotional content. Learn more.Guest: Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/ResourcesLearn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelightLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this closing conversation from Day One at RSAC Conference 2025, ITSPmagazine co-founders Sean Martin and Marco Ciappelli reflect on what they're hearing in the halls, on the show floor, and in conversations with attendees—and the picture they're painting may surprise you.Sean Martin raises a recurring theme that's come up in multiple off-camera discussions: the increasing hesitancy among CISOs to engage with new vendors or consider new technologies unless they come from familiar sources. The concern isn't about the technology itself—it's about time, trust, and the overwhelming volume of noise. In many cases, CISOs prefer to rely on their peer network rather than explore unknown options, potentially limiting their exposure to different ways of thinking about risk and security.But this isn't just a “vendor fatigue” issue. It's a structural one.Martin points to a conversation with Philip Miller, who emphasized the need for vendors to connect with the security team—not just the CISO. That shift could unlock a healthier, more scalable way to evaluate solutions without overloading leadership. When security teams are empowered to explore, test, and validate, it changes the decision-making dynamic and may lead to more open-minded program development—especially as AI begins reshaping how data and security interact.Meanwhile, Marco Ciappelli looks at this cultural tension from a societal perspective. He draws parallels between the speed of technological progress and the slower-moving nature of regulation, governance, and even human behavior. If security programs are stuck in reactive modes—bound by risk aversion, budget constraints, or outdated expectations—how can they support the innovation their businesses (and society) demand?The two hosts conclude that change isn't just needed—it's already underway, albeit unevenly. The key may lie in empowering the broader security ecosystem, from frontline analysts to policy makers, to think and act with more agility.For those wrestling with how security can lead rather than lag, this conversation offers a timely reflection—and a few provocations worth sitting with.What does a future-ready security program really look like?Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this pre-event Brand Story On Location conversation recorded live from RSAC Conference 2025, Emily Long, Co-Founder and CEO of Edera, and Kaylin Trychon, Head of Communications, introduce a new approach to container security—one that doesn't just patch problems, but prevents them entirely.Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.What's notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today's use cases, including AI and GPU-driven environments.Kaylin adds that this design-first approach means security isn't bolted on later—it's embedded from the start. And yet, it's done without disruption. Teams don't need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.For those grappling with infrastructure pain points—whether you're in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera's vision is bold, but their delivery is practical. And yes, you'll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guests: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.Inside Northbridge: The Stakes Are RealNorthbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It's not just a walkthrough — it's a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn't theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.The AI Cyber Challenge: Pairing Generative AI with Cyber ReasoningThe AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.Building Toward DEFCON Finals and BeyondThe journey doesn't end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.From Competition to CollaborationCarney and Fisher stress that the ultimate victory isn't in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.___________Guest: Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesThe DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpaLearn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25___________KEYWORDSandrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

When you feel the energy of RSAC week starting to build, you know it's going to be a memorable one. Conversations, collaborations, learning, connecting—it's what this community thrives on. And ahead of the big week, we had a chance to catch up with Sterling Wilson, Field CTO at Object First, to talk about their vision for data resilience and why backup security can't be an afterthought anymore.Sterling's career path reads like a masterclass in data protection. After working deep in the trenches as a Microsoft and virtualization architect for both government and private sectors, he transitioned into the vendor space—eventually joining Veeam Software, where he became immersed in the world of backups and data resilience. That journey eventually brought him to Object First, and it's clear that passion for simplifying security while strengthening infrastructure hasn't faded.One of the major shifts we talked about is how the world of cybersecurity is now fundamentally interconnected. Sterling emphasized what we've said many times ourselves: it's no longer about isolated tools or technologies. It's about how everything fits together. And at the center of it all? Data.Object First is hitting RSAC with a mission: making backup security radically simple without compromising strength. Their “Ootbi”—short for Out Of The Box Immutability—makes protecting backup data straightforward, automatic, and resilient. No special configuration needed. No extra security knowledge required. Just plug it in and let the design do the work.We loved hearing how Object First applies core Zero Trust principles—like assuming breach and strict segmentation—not to networks or apps, but directly to backup storage. It's a philosophy Sterling calls “Zero Trust Data Resilience.” Especially in a world where admins are juggling multiple roles, budgets are tighter, and attacks are getting smarter (yes, AI is helping the bad actors too), reducing complexity while increasing protection is a game-changer.Sterling also shared a hard truth that many organizations are realizing too late: a lot of backup storage solutions weren't built for today's threat landscape. They weren't designed with security-first thinking. Object First aims to fix that by focusing on simplicity, immutability, and speed—not just in backup, but in recovery when it matters most.If you're heading to RSAC 2025, make sure you swing by Booth S260 to check out Object First in person. There'll be demos, trivia, swag, and a few surprise announcements. Plus, Sterling will be speaking at the Insights Theater (South Expo Booth 2151) on April 30 at 10:30 AM. He'll dive deeper into what Zero Trust Data Resilience really means—and why it's time to rethink how we secure our most valuable digital assets.And if you can't make it to San Francisco? Don't worry—we'll be recording another conversation with Sterling on location during the conference, going even deeper into these critical topics. Be sure to follow our On Location coverage to stay connected with everything happening during RSAC 2025.The future of security isn't just about new firewalls, AI-driven analytics, or policy updates. It's about protecting what matters most—our data—with approaches that are built for the challenges of today, not yesterday. And with companies like Object First pushing the boundaries, we think the conversation around data resilience is about to get a whole lot louder.Guests:Sterling Wilson | Field CTO | Data Resilience Strategist | ZTDR AdvocateLinkedIn: https://www.linkedin.com/in/sterling-wilson-007______________________________Resources:Learn more about Object First: https://itspm.ag/object-first-2gjlLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstImmutable Storage for Everyone.Ransomware-proof and immutable out-of-the-box, Ootbi delivers secure, simple, and powerful backup storage: https://itspm.ag/objectzlju____________________________Keywords:RSAC 2025, backup security, data resilience, immutable storage, zero trust, object first, ootbi, zero trust data resilience, cybersecurity conference, backup protection, Veeam, ransomware, disaster recovery, storage security, simple cybersecurity, RSAC, securing backups, infosec, infosecurity_______________________Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Chats on the Road to RSAC 2025, , Sean Martin and Marco Ciappelli connect with Tim Brown, Chief Information Security Officer at SolarWinds, to unpack the critical issues facing CISOs today—and why the role remains worth pursuing.Brown is participating in multiple sessions at RSAC Conference 2025, including the CISO Bootcamp and Cyber Leaders Forum. Both are closed-door conversations designed to surface real concerns in a confidential, supportive setting. These aren't theoretical discussions—they're rooted in hard-earned experience. Brown, who has faced high-profile scrutiny and legal fallout from a past incident at SolarWinds, brings a uniquely personal perspective to these sessions.He points out that fear and hesitation are keeping many deputy CISOs from stepping up into the top role. His message to them: don't be afraid of the position. Despite the weight of responsibility, the role offers real influence, the ability to shape enterprise architecture, and the opportunity to drive meaningful business decisions. Brown emphasizes the importance of community support and collective growth, noting that the cybersecurity industry—still relatively young—is maturing and finding its footing when it comes to accountability and resilience.Beyond leadership development, mental health and stress management are key themes in the Cyber Leaders Forum. Brown acknowledges the toll the job can take, even sharing that his own health suffered despite thinking he was managing stress well. This honest reflection opens the door for deeper conversations about personal well-being in high-pressure roles.He's also appearing at the Cloud Security Alliance Summit with Chris Hoff, Chief Security Officer at LastPass, where they'll discuss incident response and field questions from the audience. On Wednesday, Brown joins a breakfast session with Tactic and Hyperwise, guiding attendees through a crisis simulation based on lessons from the Sunburst attack. His focus? Helping others avoid being unprepared in a moment of chaos.From insider threat modeling to supply chain transparency and the challenges of monitoring runtime behavior, Brown is clear-eyed about where CISOs need to focus next.This episode isn't just a preview of conference sessions—it's a call to future security leaders to lean in, not back.___________Guest: Tim Brown, CISO, Solarwinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesRSAC Session: CLF Ask Me Anything Session with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739404173721001x1MHRSAC Session: CISO Boot Camp Exclusive Fireside Chat with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739403254724001isXhCSA Summit at RSAC 2025: Fireside Chat with Tim Brown and Chris Hoff: https://www.csasummitrsac.com/event/5b3547c2-c652-4f77-97de-5b094e746626/agenda?session=1452408b-c822-4664-87b8-38ce1276247bLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As anticipation builds for the RSAC Conference 2025, ISACA leaders Mary Carmichael and Dooshima Dabo'Adzuana join Sean Martin and Marco Ciappelli to preview what the global technology and cybersecurity association has in store for attendees this year. With a focus on expanding community, AI governance, and professional development, their conversation reveals how ISACA is showing up with both timely insights and tangible resources.Mary Carmichael, President of ISACA's Vancouver Chapter and a CPA focused on cybersecurity risk and governance, highlights the session she's co-presenting with Dooshima Dabo'Adzuana: Third-Party AI: What Are You Really Buying? Their talk will explore the increasing complexity of evaluating AI solutions procured from vendors—especially those embedding large language models. Topics include due diligence during procurement, monitoring post-deployment, and assessing whether vendor practices align with internal risk and privacy requirements.Dooshima Dabo'Adzuana, a researcher at Boise State University and leader from ISACA's Abuja Chapter, shares how ISACA members across regions are grappling with similar questions: What does AI mean for my organization? What risks do third-party integrations introduce? She emphasizes the importance of frameworks and educational tools—resources that ISACA is making readily available at their booth (South Expo #2268) and through new certification tracks in AI audit and security.Alongside the AI focus, visitors to the booth can explore results from ISACA's Quantum Pulse Poll and access guidance on encryption readiness for a post-quantum future. The booth will also feature a selfie station and serve as a meeting point for the diverse ISACA community, with members from over 220 chapters worldwide.The conversation rounds out with a critical discussion on cybersecurity career development. Both Mary and Dooshima share personal stories of transitioning into the field—Mary from accounting, Dooshima from insurance—and call for broader recognition of transferable skills. They point to global tools, such as career pathway frameworks supported by ISACA and the UK Cyber Security Council, as essential for addressing the persistent workforce gap.This episode offers a preview of how ISACA is connecting global conversations on AI, quantum, and professional development—making RSAC Conference 2025 not just a tech showcase, but a community gathering rooted in learning and action.Stop by booth 2268 in the South Expo to explore how ISACA are equipping professionals with practical tools for AI governance, quantum readiness, and cybersecurity career growth—and how your organization can benefit from a stronger, more connected community.Learn more about ISACA: https://itspm.ag/isaca-96808Guests:Mary Carmichael, President of ISACA's Vancouver Chapter | https://www.linkedin.com/in/carmichaelmary/Dooshima Dabo'Adzuana, a researcher at Boise State University and leader from ISACA's Abuja Chapter | https://www.linkedin.com/in/dooshima-dabo-adzuana/ResourcesMary and Dooshima's session at RSA Conference: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737642290064001tqyqLearn more about ISACA's AI resources: https://www.isaca.org/resources/artificial-intelligenceLearn more about ISACA's credentials: https://www.isaca.org/credentialingLearn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isacaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: ai, quantum, cybersecurity, risk, governance, audit, certification, encryption, rsa, rsac, third-party, compliance, career, skills, education, community, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Ahead of the RSAC Conference, Sean Martin and Marco Ciappelli sit down with Steve Schlarman, Director of Product Management at Archer, to talk risk, regulation, and where governance fits into the broader cybersecurity conversation.Steve represents a company that's been at the center of governance, risk, and compliance (GRC) for nearly 25 years. But don't mistake tenure for inertia—Archer is actively reshaping how organizations think about integrated risk management, especially through its latest platform, Archer Evolv. Steve shares how his team is focused on rethinking compliance not as a checkbox, but as a foundation for smarter, more strategic business decisions.What sets Archer Evolv apart? For one, the platform doesn't just cater to full-time risk professionals. It's built for anyone in the organization who touches compliance—even occasionally. Steve explains how the user experience has been redesigned to make it easier for non-experts to contribute, pulling in relevant data without bogging down daily operations.AI also plays a major role. After acquiring Compliance.AI, Archer has embedded large language models and automation into its compliance workflows—cutting down the time it takes to process regulatory updates and map controls. This means compliance professionals can spend less time scanning documents and more time advising the business.But this isn't about technology for technology's sake. Steve underscores the bigger question facing companies today: how much risk are they truly willing to accept? Regulation might kickstart the conversation, but it's risk management that sustains it—and that requires clarity, context, and collaboration across the business.Archer's team will be on site at RSAC, ready to demo the platform and share stories from the field. With over 1,200 customers worldwide, the company has no shortage of real-world examples to pull from. From frontline vulnerability assessments to strategic compliance mapping, Archer's approach is centered on enabling better decisions—not just better dashboards.Stop by booth 3117 (https://itspm.ag/archervn5f) to see how they're turning compliance into an engine for risk-aware growth—and how your team might benefit from a more purposeful approach to GRC.Learn more about Archer: https://itspm.ag/rsaarchwebGuest: Steve Schlarman, Senior Director, Product Management at Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: risk, compliance, governance, cybersecurity, ai, automation, regulation, grc, audit, resilience, controls, workflow, data, business continuity, product management, rsa, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

At this year's RSAC Conference, the team from ThreatLocker isn't just bringing tech—they're bringing a challenge. Rob Allen, Chief Product Officer at ThreatLocker, joins Sean Martin and Marco Ciappelli for a lively pre-conference episode that previews what attendees can expect at booth #854 in the South Expo Hall.From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry's typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker's philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.ThreatLocker's presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn't? They (temporarily) get your data. It's a simple but powerful reminder that what you think is secure might not be.The booth won't just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that's growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More