ITSPmagazine | Technology. Cybersecurity. Society

Where has Santa Claus gone?Once upon a time there was Santa Claus's Village — but Santa Claus wasn't there. He had been missing for days and days… actually for months. Who would prepare and deliver gifts to the children as they did every year?That part of the North Pole which was usually very busy had become strangely silent — not an Elf could be seen around, no sounds of bells, the sleighs were covered in snow and all the reindeer dozed about confused.If you looked into his house you couldn't see a trace of life. The fireplace cold, the rocking chair covered in cobwebs, an empty cup on the wooden table and a candle stub burnt out long ago.Many were the rumours that had spread about Santa Claus's absence. Some said he was on another planet in a far, far away galaxy, some on the Moon, some on the vast oceans — and someone even said he had opened a bakery in Buenos Aires.The mystery was thick. Nobody could make sense of it and everything was silent and still.Meanwhile, many miles away, in the Southern Seas, a group of seagulls who spent their days fluttering above the bay spotted a small sailing boat in the distance. There was only one sailor on board who was hoisting the main sail up the creaking mast.The eldest seagull couldn't believe his eyes. He did a couple of acrobatics in the air, pulled out his spyglass, looked more carefully and said: "But I know him! That sailor comes from distant lands!"Turning to the other seagulls he told them: "One day, during one of my long journeys, I lost my way and found myself on the frozen rooftops of a village at the North Pole. I landed right on the house of that long-bearded man you see on the boat. He heard me calling for help, came to fetch me, fed me and told me about his work. I think this meeting has something magical about it. Our next adventure is about to begin."Gliding down, they headed towards the boat and all landed on the bow. The seagull and the sailor greeted each other like old friends.Shortly after, a group of dolphins arrived near the sailing boat, curious. They swam in circles around the boat, jumping out of the water.The youngest dolphin noticed something strange. "Look! Wood shavings are coming out of the hold and floating! And you can see little lights below deck."The long-bearded sailor smiled. "Come," he said in a warm voice, "I'll show you what I've done all these months."He opened the hatch to the hold and inside, by the light of two swaying lanterns, you could see a floating workshop full of wonders. With a sharp plane he had worked pieces of wood recovered from the sea, transforming them into toys — and he had done the same with shells, coconuts, cork stoppers, glass bottles, starfish and golden threads that had arrived from who knows where."I travelled to learn new ways of bringing joy," the sailor explained. "But there's so much work to do and Christmas is coming. Would you help me finish?"And so they all set to work together. The dolphins brought special shells from the bottom of the sea. The seagulls gathered coloured feathers. The objects transformed into gifts were placed in large canvas sacks.The days passed quickly.On the first of December the captain, wearing his red warm hat with his pipe in his mouth, looked at the starry sky and said: "It's time to leave."The dolphins lifted the sailing boat until it rose above the waves. The sails filled with wind and it took flight, whilst the flock of seagulls guided it through the clouds following dreams. Together they continued the journey heading north, flying through the endless blue.Night fell quickly and in the sky full of stars one shone brighter than all the others. It was the North Star which with its light accompanied the sailing boat's descent to earth.By magic, as it approached the village, the sailing boat transformed into a sleigh loaded with gifts. The presents built in the hold arrived in the workshop to be delivered together with all the other parcels.When it landed on the roof of his house, a tinkling of bells was heard in the distance. The Elves looked out of their doors and shouted: "It's him! It's him! It's Santa Claus! He's back!"The red-nosed reindeer woke up suddenly and began polishing the sleighs, decorating them with bows and coloured pine cones.Life in the village awakened all at once. The tree branches shook as if they were being tickled. A group of penguins, who had arrived at the North Pole to lend a hand, sliding on the ice sheets at great speed, ended up inside snowdrifts and came out like bouncing balls.“You are so funny! We'll hang you on the Christmas tree as decorations!" the village animals shouted.But the penguins, freeing themselves from the snow, ran towards Santa Claus's house to help with the preparations.In the village absolutely everyone got moving. The reindeer rushed to the Post Office and filled the sacks with letters, then carried them to the workshop. The Elves with the help of the penguins were ready for work.That morning, when the bells rang out in celebration, foxes, squirrels, hares and bears came running from every corner of the forest to celebrate Santa Claus's return. There was so much to do for the joy of all the children in the world.The air smelt of fir trees and homemade biscuits. The Christmas trees sparkled with icicles like stars. The animals chased each other happily with their noses turned upwards.The preparations began in earnest. Throughout the month of December they worked together — saws that sang, hammers that played, coloured paper that flew. Santa Claus told stories of his journey whilst he hammered and sanded.And when the 24th of December arrived, everything was ready. The presents were loaded onto the sleigh and Santa Claus set off on his most important journey.The seagulls flew away towards new horizons, leaving their footprints on the snowy rooftops.Since that Christmas it is said that Santa Claus never left the North Pole again."What if it was only a tale? Is it true, or not? The final decision is yours!" — Written by Lucia & Marco CiappelliFor the Italian version and many more stories to read and listen to: https://www.storiesottolestelle.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As organizations race to adopt AI, many discover an uncomfortable truth: ambition often outpaces readiness. In this episode of the ITSPmagazine Brand Story Podcast, host Sean Martin speaks with Julian Hamood, Founder and Chief Visionary Officer at TrustedTech, about what it really takes to operationalize AI without amplifying risk, chaos, or misinformation.Julian shares that most organizations are eager to activate tools like AI agents and copilots, yet few have addressed the underlying condition of their environments. Unstructured data sprawl, fragmented cloud architectures, and legacy systems create blind spots that AI does not fix. Instead, AI accelerates whatever already exists, good or bad.A central theme of the conversation is readiness. Julian explains that AI success depends on disciplined data classification, permission hygiene, and governance before automation begins. Without that groundwork, organizations risk exposing sensitive financial, HR, or executive data to unintended audiences simply because an AI system can surface it.The discussion also explores the operational reality beneath the surface. Most environments are a patchwork of Azure, AWS, on-prem infrastructure, SaaS platforms, and custom applications, often shaped by multiple IT leaders over time. When AI is layered onto this complexity without architectural clarity, inaccurate outputs and flawed business decisions quickly follow.Sean and Julian also examine how AI initiatives often emerge from unexpected places. Legal teams, business units, and individual contributors now build their own AI workflows using low-code and no-code tools, frequently outside formal IT oversight. At the same time, founders and CFOs push for rapid AI adoption while resisting the investment required to clean and secure the foundation.The episode highlights why AI programs are never one-and-done projects. Ongoing maintenance, data validation, and security oversight are essential as inputs change and systems evolve. Julian emphasizes that organizations must treat AI as a permanent capability on the roadmap, not a short-term experiment.Ultimately, the conversation frames AI not as a shortcut, but as a force multiplier. When paired with disciplined architecture and trusted guidance, AI enables scale, speed, and confidence. Without that discipline, it simply magnifies existing problems.Note: This story contains promotional content. Learn more.GUESTJulian Hamood, Founder and Chief Visionary Officer at TrustedTech | On LinkedIn: https://www.linkedin.com/in/julian-hamood/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlightKeywords: sean martin, julian hamood, trusted tech, ai readiness, data governance, ai security, enterprise ai, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As NAMM approaches its 125th year, the conversation around The NAMM Show 2026 centers less on products alone and more on the people, relationships, and creative energy that sustain the music industry. In this episode, John Mlynczak, President and CEO of NAMM, joins Sean Martin and Marco Ciappelli to frame the upcoming show as a moment shaped by resilience, adaptation, and shared purpose.Mlynczak positions NAMM's history as a long record of responding to disruption. Musical genres shift. Technologies rise and fall. Companies appear and disappear. Music itself remains. That continuity shapes how NAMM views its role today, particularly amid global trade pressures and ongoing debates around AI in music creation. These pressures are not framed as endpoints, but as forces the industry has encountered many times before, each eventually reshaped into opportunity.A major theme is the renewed emphasis on human connection. While innovation remains central, differentiation increasingly comes through artists, creators, and authentic storytelling. Product launches are no longer just technical showcases. They are expressions of identity, collaboration, and trust between musicians and the tools they choose. According to Mlynczak, this shift is driving a larger presence of artists and creators at The NAMM Show 2026, reinforcing the idea that brands are ultimately represented by people, not specifications.Education also plays a defining role. With more than 200 sessions planned, alongside new half-day and full-day summits, The NAMM Show 2026 expands its commitment to learning across experience levels and professional communities. Retailers, educators, engineers, marketers, and performers each have distinct paths through the show, designed intentionally rather than left to chance. Data-driven planning allows NAMM to understand how attendees engage, enabling more tailored experiences now and in the years ahead.Underlying it all is energy. Not hype, but momentum built through in-person connection. The NAMM Show is described as a space where competitors share ideas, musicians find inspiration, and creativity compounds simply by being present. For those who attend, The NAMM Show 2026 serves as a springboard into the year ahead, shaped by music's enduring ability to connect, adapt, and move people forward.The NAMM Show 2026 is taking place from January 20-24, 2026 | Anaheim Convention Center • Southern California — Coverage provided by ITSPmagazine — Follow our coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/the-namm-show-2026GUEST:Guest: John Mlynczak, President and CEO of NAMM | View Website | Visit NAMMHOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comNAMM Organization: https://www.namm.org/The NAMM Show 2026: https://www.namm.org/thenammshow/attendCatch more stories from NAMM Show 2026 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/the-namm-show-2026Music Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/More from Marco Ciappelli on Redefining Society and Technology Podcast: https://redefiningsocietyandtechnologypodcast.com/Want to share an Event Briefing as part of our event coverage? Learn More

⬥EPISODE NOTES⬥Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build software.This conversation focuses on a shift that security leaders can no longer ignore. Malicious packages are not exploiting accidental coding errors. They are intentionally engineered to steal credentials, exfiltrate secrets, and compromise environments long before traditional security tools see anything wrong. Attacks increasingly begin on developer machines through social engineering and poisoned repositories, then propagate into CI pipelines where access density and sensitive credentials converge.Paul outlines why many existing security approaches fall short. Vulnerability databases were built for mistakes, not hostile code. AppSec teams are overloaded burning down backlogs. Security operations teams rarely receive meaningful telemetry from build systems. The result is a visibility gap where malicious code can run, disappear, and leave organizations unsure what was touched or stolen.The episode also explores why simple advice like “only use vetted packages” fails in practice. Open source ecosystems move too fast for manual approval models, and internal package repositories often collapse under friction. Meanwhile, attackers exploit maintainer accounts, typosquatting domains, and ecosystem trust to reach billions of downstream installations in a single event.This discussion challenges security leaders to rethink how software supply chain risk is defined, detected, and owned. The problem is no longer theoretical, and it no longer lives only in development teams. It sits at the intersection of intellectual property, identity, and delivery velocity, demanding attention from anyone responsible for protecting modern software-driven organizations.⬥GUEST⬥Paul McCarty, NPM Hacker and Software Supply Chain Researcher  | On LinkedIn: https://www.linkedin.com/in/mccartypaul/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥LinkedIn Post: https://www.linkedin.com/posts/mccartypaul_i-want-to-introduce-you-to-my-latest-project-activity-7396297753196363776-1N-TOpen Source Malware Database: https://opensourcemalware.comOpenSSF Scorecard Project: https://securityscorecards.dev⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Risk has always been part of doing business. What has changed is its scale, speed, and interconnected nature. In this episode, Sean Martin and Marco Ciappelli are joined by Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, to explore how organizations can think more clearly about digital risk without becoming paralyzed by complexity.Kumar shares how digital resilience is no longer a technical problem alone. Regulations, infrastructure dependencies, geopolitical tensions, supply chain exposure, and emerging technologies such as AI now converge into a single operational reality. Organizations that treat these as isolated issues often miss the real picture, where one decision quietly amplifies risk across multiple domains.A central theme of the conversation is proportion. Kumar emphasizes that risk management is not about eliminating uncertainty, but aligning effort with value. Not every threat matters equally to every organization. Understanding who you are, where you operate, and where you are going determines which signals deserve attention and which are simply noise.The discussion also reframes geopolitics as a daily business concern rather than a distant policy issue. Companies operate inside global power dynamics whether they acknowledge it or not. Technology choices, supplier relationships, and market expansion decisions increasingly carry political and regulatory consequences that surface quickly and without warning.Rather than advocating for massive new departments or rigid frameworks, Kumar outlines a practical approach. Organizations can decide whether to avoid, mitigate, transfer, or tolerate risk, then revisit those decisions as conditions change. This mindset supports growth and innovation while avoiding the false comfort of static checklists.The episode closes on culture. Effective risk management depends on listening across roles, disciplines, and seniority. Internal dissent, diverse viewpoints, and external validation are presented as assets, not obstacles. In a world where uncertainty is constant, resilience comes from clarity, not control.Learn more about CyXcel: https://itspm.ag/cyxcel-922331Note: This story contains promotional content. Learn more.GUESTMegha Kumar, Partner, Chief Product Officer & Head of Geopolitical Risk at CyXcel | On LinkedIn: https://www.linkedin.com/in/drmeghakumarcyxcel/RESOURCESLearn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcelAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Oscar-Nominated Filmmaker Pen Densham on Writing, Cinematography, Photography, Creativity and the Freedom of Breaking the Rules There's a particular kind of magic that happens when a storyteller stops trying to please the market and starts listening to their soul. Pen Densham knows this better than most—he's lived it across three different mediums, each time learning to let go a little more. Densham's creative journey spans decades and disciplines: from screenwriting to cinematography to, now, impressionist photography. When I sat down with him for Audio Signals Podcast, we didn't dwell on credits or awards. We talked about the vulnerability of creativity, the courage it takes to break the rules, and the freedom that comes when you stop asking for permission. "Those scripts that I wrote out of passion, even though they didn't seem necessary to fit the market, got made more frequently than the ones I wrote when I was architecting to hit goals for a studio," Densham told me. It's a paradox he's discovered over and over: the work born from genuine emotional need resonates in ways that calculated formulas never can. His thinking has been shaped by extraordinary influences. He studied with Marshall McLuhan, who opened his eyes to the biology of storytelling—how audiences enter a trance state, mirroring the characters on screen, processing strategies through their neurons. He found resonance in Joseph Campbell's work on myth. "We're the shamans of our age," Densham reflects. "We're trying to interpret society in ways that people can learn and change." But what struck me most was how Densham, after mastering the craft of writing and the machinery of cinematography, has circled back to the simplest tool: a camera. Not to capture perfect images, but to create what he calls "visual music." He moves his camera deliberately during long exposures. He shoots koi through blinding sunlight. He photographs waves at dusk until they fragment into impressionistic dances of light and motion. "The biggest effort was letting go of self-criticism," he admitted. "Thinking 'this is stupid, these aren't real photographs.' But I'm making images that blow my mind." This is the thread that runs through Densham's entire creative life: the willingness to unlearn. In writing, he learned to trust his instincts over studio formulas. In cinematography, he learned that visual storytelling could carry emotional weight beyond dialogue. And now, in photography, he's learned that breaking every rule he ever absorbed—holding the camera still, getting the exposure right, capturing a "correct" image—has unlocked something entirely new. There's a lesson here for anyone who creates. We absorb rules unconsciously—what a proper screenplay looks like, how a film should be shot, what makes a "real" photograph. And sometimes those rules serve us. But sometimes they become cages. Densham's journey is proof that the most profound creative freedom comes not from mastering the rules, but from having the courage to abandon them. "I'm not smarter than anybody else," he said. "But like Einstein said, I stay at things longer." We left the door open for more—AI, the creator economy, the future of storytelling. But for now, there's something powerful in Densham's path across writing, cinematography, and photography: a reminder that creativity is not a destination but a continuous act of letting go.Stay tuned. Subscribe. And remember—we are all made of stories. Learn more about Pen Densham: https://pendenshamphotography.comLearn more about my work and podcasts at marcociappelli.com and audiosignalspodcast.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum  | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Dr. Steve Mancini: https://www.linkedin.com/in/dr-steve-m-b59a525/Marco Ciappelli: https://www.marcociappelli.com/Nothing Has Changed in Cybersecurity Since War Games — And That's Why We're in Trouble"Nothing has changed."That's not what you expect to hear from someone with four decades in cybersecurity. The industry thrives on selling the next revolution, the newest threat, the latest solution. But Dr. Steve Mancini—cybersecurity professor, Homeland Security veteran, and Italy's Honorary Consul in Pittsburgh—wasn't buying any of it. And honestly? Neither was I.He took me back to his Commodore 64 days, writing basic war dialers after watching War Games. The method? Dial numbers, find an open line, try passwords until one works. Translate that to today: run an Nmap scan, find an open port, brute force your way in. The principle is identical. Only the speed has changed.This resonated deeply with how I think about our Hybrid Analog Digital Society. We're so consumed with the digital evolution—the folding screens, the AI assistants, the cloud computing—that we forget the human vulnerabilities underneath remain stubbornly analog. Social engineering worked in the 1930s, it worked when I was a kid in Florence, and it works today in your inbox.Steve shared a story about a family member who received a scam call. The caller asked if their social security number "had a six in it." A one-in-nine guess. Yet that simple psychological trick led to remote software being installed on their computer. Technology gets smarter; human psychology stays the same.What struck me most was his observation about his students—a generation so immersed in technology that they've become numb to breaches. "So what?" has become the default response. The data sells, the breaches happen, you get two years of free credit monitoring, and life goes on. Groundhog Day.But the deeper concern isn't the breaches. It's what this technological immersion is doing to our capacity for critical thinking, for human instinct. Steve pointed out something that should unsettle us: the algorithms feeding content to young minds are designed for addiction, manipulating brain chemistry with endorphin kicks from endless scrolling. We won't know the full effects of a generation raised on smartphones until they're forty, having scrolled through social media for thirty years.I asked what we can do. His answer was simple but profound: humans need to decide how much they want technology in their lives. Parents putting smartphones in six-year-olds' hands might want to reconsider. Schools clinging to the idea that they're "teaching technology" miss the point—students already know the apps better than their professors. What they don't know is how to think without them.He's gone back to paper and pencil tests. Old school. Because when the power goes out—literally or metaphorically—you need a brain that works independently.Ancient cultures, Steve reminded me, built civilizations with nothing but their minds, parchment, and each other. They were, in many ways, a thousand times smarter than us because they had no crutches. Now we call our smartphones "smart" while they make us incrementally dumber.This isn't anti-technology doom-saying. Neither Steve nor I oppose technological progress. The conversation acknowledged AI's genuine benefits in medicine, in solving specific problems. But this relentless push for the "easy button"—the promise that you don't have to think, just click—that's where we lose something essential.The ultimate breach, we concluded, isn't someone stealing your data. It's breaching the mind itself. When we can no longer think, reason, or function without the device in our pocket, the hackers have already won—and they didn't need to write a single line of code.Subscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.My Newsletter? Yes, of course, it is here: https://www.linkedin.com/newsletters/7079849705156870144/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

Spy's Mate: A Conversation with Bradley W. Buchanan About Chess, Cold War Intrigue, and the Stories That Save UsAfter a few months away, I couldn't stay silent. Audio Signals is back, and I'm thrilled that this conversation marks the official return.The truth is, I tried to let it go. I thought maybe I'd hang up the mic and focus solely on my work exploring technology and society. But my passion for storytellers and storytelling—it cannot be tamed. We are made of stories, after all, and some of us choose to write them, sing them, photograph them, or bring them to life on screen. Brad Buchanan writes them, and his story brought me back.I'll admit something upfront: I'm not particularly good at chess. I love the game—the strategy, the mythology, the beautiful complexity of it all—but I'm no grandmaster. That's what made this conversation so fascinating. Brad has created an entire fictional world where chess isn't just a game; it's a matter of life and death, set against the backdrop of Cold War espionage and Soviet propaganda.His debut novel, Spy's Mate, weaves together two worlds I find endlessly intriguing: the intellectual battlefield of competitive chess and the shadow games of international espionage. But what makes this book truly compelling isn't just the plot—it's the man behind it.Brad is a retired English professor from Sacramento State, a two-time blood cancer survivor, and what he calls a "chimera"—someone whose DNA was literally altered by a stem cell transplant from his brother. He was blind for a year and a half. He nearly died multiple times. And through it all, he held onto this story, this passion for chess that manifested in literal dreams where the pieces hunted him across the board.When we spoke, what struck me most was how deeply personal this novel is beneath its spy thriller exterior. The protagonist, Yasha, is an Armenian chess prodigy whose mother teaches him the game before falling gravely ill. In a moment that breaks your heart, young Yasha asks his mother to promise she'll live long enough to see him become world chess champion—an impossible promise that drives the entire narrative.Brad wrote Spy's Mate after his own mother's death from blood cancer in 2021. When he told me he was crying while writing the final pages, I understood something essential about storytelling: we write to process what life won't let us finish. He gave Yasha the closure he wished he'd had with his own mother.But this isn't just a meditation on loss. Brad brings genuine chess expertise and meticulous historical research to create a world where the KGB manipulates tournaments, computers calculate moves at the glacial pace of one per hour, and Soviet chess dominance serves as proof of communist superiority. He recreates famous chess games with diagrams so readers can follow the battlefield. He fictionalizes Soviet leaders (his Gorbachev character is named "Ogar," his Putin figure has "the nose of a proboscis monkey") but keeps the oppressive atmosphere authentic.What I love about Brad's approach is that he wrote this novel almost like a screenplay—action and dialogue, visual and kinematic, built for the screen. Having taught Virginia Woolf while secretly wanting to write page-turning thrillers tells you everything about the tension between academic life and creative passion. Now, finally free to write full-time after early retirement due to his medical challenges, he's doing what he always wanted.We talked about the hero's journey, about Joseph Campbell's mythical structure that still works because it mirrors how our minds work. We reminisced about the 1982 World Cup and Marco Tardelli's iconic scream (we're the same generation, watching from different continents). We discussed whether characters should plot their own paths or whether writers should map everything from the beginning.As someone who writes short, magical stories with my mother, I understand the pull toward something bigger, something that requires more than 1,200 words can contain. Brad waited 55 years to publish his first novel. I'm 56 and still working up to it. There's hope for all of us yet.Spy's Mate is available now, with an audiobook coming after Thanksgiving. And yes, I can absolutely see this as a Netflix series—chess looks incredibly sexy on screen when the stakes are high and the lighting is good.Welcome back to Audio Signals. Let's keep telling stories.Learn more about Bradley and get his book: https://www.bradthechimera.comLearn more about my work and podcasts at marcociappelli.com and audiosignalspodcast.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥Understanding the Startup Engine Behind CybersecurityThis episode brings Sean Martin together with Ross Haleliuk, author, investor, product leader, and creator of Venture Insecurity, for a candid look at the forces shaping cybersecurity startups today. Ross shares how his decade of product leadership and long involvement in the security community give him a unique perspective on what drives founders, what creates market gaps, and why new companies keep entering a space already full of tools.Why Security Produces So Many ProductsRoss explains that the large number of security tools is not evidence of an industry losing control. Instead, it reflects a technology ecosystem where entrepreneurship has become easier and where attackers, not practitioners, define what defenders need. Because threats shift constantly, security leaders must always look for clues on what could fail next. That constant uncertainty fuels innovation.What Motivates FoundersDespite outside assumptions, Ross observes that most founders are motivated by the problems they have lived themselves. Some come from enterprise teams. Others come from military backgrounds. Many find traction with early open source work. Few come into cybersecurity to chase quick wins, and most do not survive long enough to chase profits even if they wanted to.Security as Business EnablementSean and Ross discuss the role of security as a business driver. In regulated sectors, companies invest because they must. In technology companies, strong security is a sales enabler that gives customers confidence to use their products. Outside of tech, the priority is more about resilience and operational continuity.How Buyers Should Think About StartupsRoss outlines the tradeoffs. Startups deliver speed, responsiveness, fresh architecture, and modern user experience. Large vendors provide stability, predictability, and broad coverage. Neither is perfect. Security leaders should decide based on the importance of the capability, the level of influence they want, and the outcomes they need.This conversation highlights the practical realities behind the security products organizations choose and the people who build them. Listeners will hear both the optimism and the honesty that define today's cybersecurity innovation economy.⬥GUEST⬥Ross Haleliuk, Security product leader, author, advisor, board member and investor | On LinkedIn: https://www.linkedin.com/in/rosshaleliuk/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Blog: https://ventureinsecurity.net/p/not-every-security-leader-works-at⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Author Kate O'Neill's Book "What Matters Next": AI, Meaning, and Why We Can't Delegate Creativity | Redefining Society and Technology with Marco CiappelliKate O'Neill: https://www.koinsights.com/books/what-matters-next-book/Marco Ciappelli: https://www.marcociappelli.com/ When Kate O'Neill tells me that AI's most statistically probable outcome is actually its least meaningful one, I realize we're talking about something information theory has known for decades - but nobody's applying to the way we're using ChatGPT.She's a linguist who became a tech pioneer, one of Netflix's first hundred employees, someone who saw the first graphical web browser and got chills knowing everything was about to change. Her new book "What Matters Next" isn't another panic piece about AI or a blind celebration of automation. It's asking the question nobody seems to want to answer: what happens when we optimize for probability instead of meaning?I've been wrestling with this myself. The more I use AI tools for content, analysis, brainstorming - the more I notice something's missing. The creativity isn't there. It's brilliant for summarization, execution, repetitive tasks. But there's a flatness to it, a regression to the mean that strips away the very thing that makes human communication worth having.Kate puts it plainly: "There is nothing more human than meaning-making. From semantic meaning all the way out to the philosophical, cosmic worldview - what matters and why we're here."Every time we hit "generate" and just accept what the algorithm produces, we're choosing efficiency over meaning. We're delegating the creative process to a system optimized for statistical likelihood, not significance.She laughs when I tell her about my own paradox - that AI sometimes takes MORE time, not less. There's this old developer concept called "yak shaving," where you spend ten times longer writing a program to automate five steps instead of just doing them. But the real insight isn't about time management. It's about understanding the relationship between our thoughts and the tools we use to express them.In her book "What Matters Next," Kate's message is that we need to stay in the loop. Use AI for ugly first drafts, sure. Let it expedite workflow. But keep going back and forth, inserting yourself, bringing meaning and purpose back into the process. Otherwise, we create what she calls "garbage that none of us want to exist in the world with."I wrote recently about the paradox of learning when we rely entirely on machines. If AI only knows what we've done in the past, and we don't inject new meaning into that loop, it becomes closed. It's like doomscrolling through algorithms that only feed you what you already like - you never discover anything new, never grow, never challenge yourself.We're living in a Hybrid Analog Digital Society where these tools are unavoidable and genuinely powerful. The question isn't whether to use them. It's how to use them in ways that amplify human creativity rather than flatten it, that enhance meaning rather than optimize it away.The dominant narrative right now is efficiency, productivity, automation. But what if the real value isn't doing things faster - it's doing things that actually matter? Technology should serve humanity's purpose. Not the other way around. And that purpose can't be dictated by algorithms trained on statistical likelihood. It has to come from us, from the messy, unpredictable, meaningful work of being human.My Newsletter? Yes, of course, it is here: https://www.linkedin.com/newsletters/7079849705156870144/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Solar Car That Charges Itself While You Live Your LifeGrowing up, I always wondered: why can't cars just recharge themselves as we drive? Turns out, someone finally built exactly that.Robert Hoevers and his team at Squad Mobility created a solar-powered city car that does something brilliantly simple—it charges itself. There's a solar panel on the roof that continuously feeds the battery whether you're parked at the grocery store, sitting in your driveway, or cruising around town.The engineering is impressive, but the user experience is even better. For most people living in sunny climates—anywhere between 45 degrees north and 45 degrees south latitude (roughly Spain to South Africa)—you'll never need to find a charging station. Ever.Here's the reality: the average person drives about 12 kilometers a day for daily errands. School runs, grocery shopping, meeting friends. The Squad solar car has a 150-kilometer maximum range, and the sun replenishes what you use. You just drive it, park it, and forget about charging infrastructure entirely.This is what smart urban mobility looks like. It's street legal with proper crash structures, seat belts, and rollover protection. It tops out at 45 or 70 kilometers per hour depending on which model you choose—fast enough for city streets, not built for highways. In Europe, you only need a moped license for the slower version.The design sits somewhere between a golf cart and a Smart car, which makes perfect sense. Squad isn't trying to replace your family vehicle. They're solving the "second car" problem—those short daily trips where driving a massive SUV feels ridiculous.The market is responding. Squad Mobility has over 5,300 pre-orders and secured 1.5 million euros in European subsidies. They're currently crowdfunding on Republic to bridge the final gap before production starts in about a year.What surprised me most? Ten percent of their pre-orders come from American gated communities and golf cart neighborhoods. These communities already understand the value of compact, efficient vehicles for daily errands. Squad just made them solar-powered and street legal.Yes, you need consistent sunlight. If you live in perpetually cloudy climates, you'll still need to plug in occasionally. But for millions of people in sunny regions tired of hunting for charging stations or paying electricity bills to charge their second car, Squad Mobility built the obvious solution that somehow nobody else did.Sometimes innovation isn't about reinventing the wheel. It's about putting a solar panel on the roof and letting the sun do the work.This is the future of urban mobility, and it's arriving next year. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

AI in Healthcare: Who Benefits, Who Pays, and Who's at Risk in Our Hybrid Analog Digital Society

Show NotesAs artificial intelligence begins generating music from vast datasets of human art, a fundamental question emerges: who truly owns the sound of AI? This episode of Music Evolves brings together a law student and former musician Chandler Lawn, music industry executive and professor Drew Thurlow, Michael Sheldrick, Co-Founder of Global Citizen, and intellectual property attorney Puya Partow-Navid, alongside hosts Sean Martin and Marco Ciappelli, to examine how AI is reshaping authorship, licensing, and the meaning of originality.The panel explores how AI democratizes creation while exposing deep ethical and economic gaps. Lawn raises the issue of whether artists whose works trained AI models deserve compensation, asking if innovation can be ethical when built on uncompensated labor. Thurlow highlights how, despite fears of automation, generative AI music accounts for less than 1% of streaming royalties—suggesting opportunity, not replacement.Sheldrick connects the conversation to a broader global context, describing how music's economic potential could drive sustainable development if nations modernize copyright frameworks. He views this shift as a rare chance to position creative industries as engines for jobs and growth.Partow-Navid grounds the discussion in legal precedent, pointing to landmark cases—from Two Live Crew to George R. R. Martin—as markers of how courts may interpret fair use, causality, and global jurisdiction in AI-driven creation.Together, the guests agree that the debate extends beyond legality. It's about the emotional authenticity that makes music human. As Chandler notes, “We connect through imperfection.” Marco adds that live performance may ultimately anchor value in a world saturated by digital replication.This conversation captures the tension—and promise—of a future where music, technology, and law must learn to play in harmony.GuestsChandler Lawn, AI Innovation and Law Fellow at The University of Texas School of Law | On LinkedIn: https://www.linkedin.com/in/chandlerlawn/Drew Thurlow, Adjunct Professor at Berklee College of Music | On LinkedIn: https://www.linkedin.com/in/drewthurlow/Michael Sheldrick, Co-Founder and Chief Policy, Impact and Government Affairs Officer at Global Citizen | On LinkedIn: https://www.linkedin.com/in/michael-sheldrick-30364051/Puya Partow-Navid, Partner at Seyfarth Shaw LLP | On LinkedIn: https://www.linkedin.com/in/puyapartow/Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comHostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ResourcesLegal Publication: You Can't Alway Get What You Want: A Survey of AI-related Copyright Considerations for the Music Industry published in Vol. 32, No. 3 of the Texas State Bar Entertainment and Sports Law Journal.BOOK: Machine Music: How AI Is Transforming Music's Next Act by Drew Thurlow: https://www.routledge.com/Machine-Music-How-AI-is-Transforming-Musics-Next-Act/Thurlow/p/book/9781032425242BOOK: From Ideas to Impact: A Playbook for Influencing and Implementing Change in a Divided World by Michael Sheldrick: https://www.fromideastoimpact.com/AI and Copyright Blogs:https://www.gadgetsgigabytesandgoodwill.com/category/ai/https://www.gadgetsgigabytesandgoodwill.com/2025/11/dr-thaler-is-right-in-part/https://www.gadgetsgigabytesandgoodwill.com/2025/07/californias-ai-law-has-set-rules-for-generative-ai-are-you-ready/https://www.gadgetsgigabytesandgoodwill.com/2025/06/copyright-office-firings-spark-constitutional-concerns-amid-ai-policy-tensions/Newsletter (Article, Video, Podcast): The Human Touch in a Synthetic Age: Why AI-Created Music Raises More Than Just Eyebrows: https://www.linkedin.com/pulse/human-touch-synthetic-age-why-ai-created-music-raises-martin-cissp-s9m7e/Article — Universal and Sony Music partner with new platform to detect AI music copyright theft using ‘groundbreaking neural fingerprinting' technology: https://www.musicbusinessworldwide.com/universal-and-sony-music-partner-with-new-platform-to-detect-ai-music-copyright-theft-using-groundbreaking-neural-fingerprinting-technology/Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium: https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Global Citizen: https://www.globalcitizen.org/Gallo Music (Gallo Records, South Africa): https://www.gallo.co.za/Global Citizen Festival: https://www.globalcitizen.org/en/festival/Andy Warhol Foundation v. Goldsmith (Shepard Fairey / “Hope” poster context): https://supreme.justia.com/cases/federal/us/598/21-869/case.pdfGeorge R. R. Martin / Authors Guild v. OpenAI (current AI training lawsuit): https://authorsguild.org/news/ag-and-authors-file-class-action-suit-against-openai/Campbell v. Acuff-Rose Music, Inc. (2 Live Crew “Pretty Woman”): https://supreme.justia.com/cases/federal/us/510/569/Vanilla Ice / “Under Pressure” Sampling Case: https://blogs.law.gwu.edu/mcir/case/queen-david-bowie-v-vanilla-ice/MIDiA Research — AI in Music Reports: https://www.midiaresearch.com/reports/ai-and-the-future-of-music-the-future-is-already-hereMerlin (Global Independent Rights Organization): https://www.merlinnetwork.org/Instagram Reel re: Spotify Terms: https://www.instagram.com/reel/DOrgbUNCYj_/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

THE SEASONS IN A BREATHAutumn appeared at the window and looked around— it was November."The leaves are yellow and red.The swallows fly away in flocks over the rooftops.The crisp air smells of roasted chestnuts and burning wood.I like it this way,"Autumn exclaimed.Winter opened the door and looked around— it was January."The snow and the freezing wind.In the woods, mistletoe on branches beneath a blanket of ice.The marmot sleeps in her covered den, dreaming of the stars.How lovely it is to be warm and cozy!"Winter exclaimed.Spring stepped out onto the terrace and looked around— it was April."The flowers bloom and the birds chirp, returning to their nests.With the mild temperature, joyful life vibrates in the air.How wonderful!"Spring exclaimed.Summer went into the garden and looked around— it was July.A cat rests in the shade of a pine tree.The air smells of cut grass and ripe fruit.The butterflies dance carefree to the song of the cicadas.The sun makes me smile!"Summer exclaimed.The months pass and the year spins at great speed,but they will always bring something beautiful. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Breaking Free from Data Normalization: A Smarter Path for Security TeamsTraditional security models were built on a simple idea: collect data, normalize it, and analyze it. But as Director of Product Marketing Cory Wallace explains in this conversation with Sean Martin, that model no longer fits the reality of modern security operations. Data now lives across systems, clouds, and lakes—making normalization an inefficient, error-prone step that slows teams down and risks critical blind spots.Rethinking How Analysts Work with DataCory describes how schema drift, inconsistent field naming, and vendor-specific query languages have turned the analyst's job into a maze of manual mapping and guesswork. Each product update or schema change introduces a chance to miss something important—something an attacker is counting on. Crogl's new patent eliminates this problem by enabling search and correlation across unnormalized data, creating a unified analytical view without forcing everything into one rigid format.From Data Chaos to Analyst EmpowermentThis shift isn't just technical—it's cultural. Instead of treating SOC analysts as passive alert closers, Crogl's model empowers them with meaningful context from the start. Alerts now come with historical data, cross-referenced fields, and prebuilt queries, giving analysts the information they need to make decisions faster and more confidently.Efficiency with IntelligenceWallace explains how this approach saves time, reduces training burdens, and cuts dependency on multiple query languages. It helps overworked teams move from reactive triage to proactive investigation. By removing unnecessary layers of data transformation, organizations can accelerate incident resolution, minimize risk, and help analysts focus on what matters most—catching what others miss.At its core, the conversation highlights how removing the barriers of data normalization can redefine what's possible in modern security operations.Watch the full interview: https://youtu.be/Kx2JEE_tYq0Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTCory Wallace, Director of Product Marketing at CROGL | On LinkedIn: https://www.linkedin.com/in/corywallacecrogl/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglPress Release: https://www.globenewswire.com/news-release/2025/11/05/3181815/0/en/Crogl-Granted-Patent-for-Analyzing-Non-Normalized-Data-for-Security.htmlForbes Article: https://www.forbes.com/sites/justinwarren/2025/11/05/tackling-cybersecurity-data-sprawl-without-normalizing-everything/LinkedIn Post: https://www.linkedin.com/posts/activity-7391913358817517569-QaCHAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

⬥GUEST⬥Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn't just about money; it's about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent closure is exponentially higher than for a large enterprise.As host of the Redefining CyberSecurity Podcast, I've seen this imbalance repeatedly — and the conversation with Andrew Morgan underscores why it persists and what can be done about it.The Problem: Structural ImbalanceLarge enterprises operate with defined budgets, mature governance, and integrated security operations centers. They can afford redundancy, talent, and tooling. Meanwhile, small and mid-sized organizations are often left with fragmented controls, minimal staff, and reliance on external vendors or managed providers.The result is a “have and have not” world. The “haves” can detect, contain, and recover. The “have nots” often cannot. When they are compromised, the impact isn't just reputational — it can mean financial collapse or service disruption that directly affects communities.The Hidden Costs of ComplexityEven when smaller organizations invest in technology, they often fall into the trap of overtooling without strategy. Multiple, overlapping systems create noise, false confidence, and operational fatigue. Morgan describes this as a symptom of viewing cybersecurity as a subset of IT rather than as a business enabler.Simplification is key. A rationalized platform approach — even if not best-of-breed — can deliver better visibility and sustainability than a patchwork of disconnected tools. The goal should not be perfection; it should be proportionate protection aligned with business risk.The Solution: Culture, Collaboration, and ContinuityCyber resilience starts with people and culture. As Morgan puts it, programs must be driven by culture, informed by risk, and delivered through people, process, and technology. Security can't succeed in isolation from the organization's purpose or its people.The Australian CISO Tribe provides a real-world model for collaboration. Its members share threat intelligence, peer validation, and practical experiences — a living example of collective defense in action. Whether formalized or ad-hoc, these networks give security leaders context, community, and shared strength.Getting Back to BasicsPractical resilience isn't glamorous. It's about getting the basics right — consistent patching, logging, phishing-resistant authentication, verified backups, and tested recovery plans. It's about ensuring that, if everything fails, you can still get back up.When security becomes a business-as-usual practice rather than a project, organizations begin to move from reactive defense to proactive resilience.The TakeawayBridging the cybersecurity divide doesn't require endless budgets. It requires prioritization, simplification, and partnership. The “have nots” may never mirror enterprise scale, but they can adopt enterprise discipline — and that can make all the difference between temporary disruption and permanent failure.⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/andrewmorgancism_last-night-i-was-fortunate-enough-to-spend-activity-7383972144507994112-V3Zr/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

How to Market to Cybersecurity's Most Elusive Buyers: AI, Emotion, and the Human Touch - Interview with Gianna Whitver and Maria Velasquez | Cyber Marketing Con 2025 Coverage | On Location with Sean Martin and Marco CiappelliCyberMarketingCon 2025 In Person & Virtual https://www.cybermarketingconference.comDec 7-10, 2025 in Austin, Texas Why Cybersecurity Marketing Demands a Different PlaybookThe cybersecurity industry presents a paradox for marketers. While practitioners work with cutting-edge technology, traditional marketing approaches consistently fall flat. Gianna Whitver and Maria Velasquez, co-founders of the Cybersecurity Marketing Society, have spent six years understanding why—and they're sharing those insights at CyberMarketingCon 2025 this December in Austin.The challenge begins with the audience itself. Security professionals operate under constant pressure, actively preventing threats while juggling competing priorities. This stress creates an environment where patience for marketing noise evaporates instantly. Unlike other industries where buyers might browse vendor websites or respond to cold outreach, cybersecurity practitioners have both the technical sophistication to evade tracking and the motivation to control their own buying journey."Our buyer is highly elusive," Whitver explains. "They're saving the world and their companies from threats. When vendors reach out, it's an interruption to critical work." This dynamic forces marketers to rethink fundamental assumptions about how business gets done.The numbers tell part of the story. With over 5,000 cybersecurity vendors flooding the market, standing out based solely on technical specifications has become nearly impossible. Many solutions address similar problems with comparable features. The differentiator, Velasquez argues, isn't in the technology itself but in how that technology transforms the buyer's daily experience."We have to shed that technical layer and go for the emotion," Velasquez says. "If they buy our product, how is it gonna make them feel? Are they gonna get their weekends back with family? Are they actually gonna go to sleep without stress?" This human-centered approach represents a fundamental shift from the feeds-and-speeds messaging that dominated cybersecurity marketing for years.The industry is witnessing what Velasquez calls an "evolution slash revolution" in marketing tactics. Humor, entertainment, and authentic storytelling are replacing dense whitepapers as the first touch point. The goal isn't to dumb down complex technology but to create space for meaningful engagement by first addressing the emotional reality of a stressful profession.Trust remains the currency that matters most. Peer recommendations carry exponentially more weight than any advertising campaign. Security professionals rely on trusted networks to validate purchasing decisions, making community building and genuine thought leadership more valuable than aggressive outreach. Word-of-mouth referrals from colleagues who have seen real results trump even the most sophisticated demand generation campaigns.The emergence of AI as a marketing buzzword presents both opportunity and risk. Whitver notes that countless vendors now position themselves as "AI-native" or "agentic AI" solutions without articulating meaningful differentiation. "If that's what you remember about their product, what do you actually do?" she asks. The challenge for marketers is communicating AI's business value without contributing to the noise.CyberMarketingCon 2025 addresses these challenges head-on. Running December 7-10 in Austin, the conference brings together more than 550 marketing professionals for hands-on workshops, peer learning, and practical strategy sessions. Dedicated tracks cover brand, demand generation, operations, communications, and product marketing, with special summits for CEOs and sales leaders.Hands-on AI workshops represent a conference highlight. Attendees can build marketing agents using n8n, explore Clay for go-to-market planning, or participate in a marketer-focused capture-the-flag hacking exercise. The "Marketing Time Machine" theme balances timeless fundamentals with forward-looking innovation, acknowledging that effective marketing requires both solid foundations and experimental thinking.What sets CyberMarketingCon apart is its community-first philosophy. Despite 40-50% year-over-year growth, organizers prioritize maintaining an intimate, reunion-style atmosphere. Many CMOs bring entire teams for what becomes a working offsite, with different members attending specialized sessions then synthesizing insights into unified strategies.The conference's success metric reflects this philosophy. "Our KPI is: is it worth your time?" Whitver says. In an industry where time represents the scarcest resource, that might be the most important question of all.For cybersecurity marketers navigating an increasingly complex landscape, CyberMarketingCon offers something rare—a chance to learn from peers facing identical challenges, build practical skills, and remember that even in a technical industry, it's humans talking to humans. CyberMarketingCon 2025 In Person & Virtual https://www.cybermarketingconference.comDec 7-10, 2025 in Austin, Texas GUEST:Gianna WhitverCo-Founder & CEO, Cybersecurity Marketing Society | Cybersecurity GTM Industry Resource | Cybersecurity Marketing | Bees & Cybersecurity | Podcast Host | Community | (I like to build things & laugh a lot & tell jokes)Maria Velasquez

⬥GUEST⬥Eric O'Neill, Keynote Speaker, Cybersecurity Expert, Spy Hunter, Bestselling Author. Attorney | On Linkedin: https://www.linkedin.com/in/eric-m-oneill/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of the Redefining CyberSecurity Podcast, host Sean Martin reconnects with Eric O'Neill, National Security Strategist at NeXasure and former FBI counterintelligence operative. Together, they explore how cybercrime has matured into a global economy—and why organizations of every size must learn to compete, not just defend.O'Neill draws from decades of undercover work and corporate investigation to reveal that cybercriminals now operate like modern businesses: they innovate, specialize, and scale. The difference? Their product is your data. He argues that resilience—not prevention—is the true marker of readiness. Companies can't assume they're too small or too obscure to be targeted. “It's just a matter of numbers,” he says. “At some point, you will get struck. You need to be able to take the punch and keep moving.”The discussion covers the practical realities facing small and midsize businesses: limited budgets, fragmented tools, and misplaced confidence. O'Neill explains why so many organizations over-invest in overlapping technologies while under-investing in strategy. His firm helps clients identify these inefficiencies and replace tool sprawl with coordinated defense.Preparation, O'Neill says, should follow his PAID methodology—Prepare, Assess, Investigate, Decide. The goal is to plan ahead, detect fast, and act decisively. Those that do not prepare spend ten times more responding after an incident than they would have spent preventing it.Martin and O'Neill also examine how storytelling bridges the gap between security teams and executive boards. Using relatable analogies—like house fires and insurance—O'Neill makes cybersecurity human. His message is simple: security is not a technical decision; it's a business one.Listen to hear how the business of cybercrime mirrors legitimate enterprise—and why understanding that truth might be your best defense.⬥RESOURCES⬥Book: Spies, Lies, and Cybercrime by Eric O'Neill – Book linkBook: Gray Day by Eric O'Neill – Book linkFree, Weekly Newsletter: spies-lies-cybercrime.ericoneill.netPodcast: Former FBI Spy Hunter Eric O'Neill Explains How Cybercriminals Use Espionage techniques to Attack Us: https://redefiningsocietyandtechnologypodcast.com/episodes/new-book-spies-lies-and-cyber-crime-former-fbi-spy-hunter-eric-oneill-explains-how-cybercriminals-use-espionage-techniques-to-attack-us-redefining-society-and-technology-podcast-with-marco-ciappelli⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

Halloween over Florence: THE MARKET OF GHOSTSSeverino lived in the bell tower on the hill — the one next to the ancient Basilica of San Miniato al Monte.Every evening, at sunset, he would lock the gate at the base of the entrance stairway and before climbing back up, he would pause to watch Florence color itself amber.And so he did today as well. The tourists had left. Time stopped and silence became sacred again.Through the rusted bars the city stood there motionless — perhaps since forever; with its red roofs, marble facades and the Arno flowing between its stones like a glittering silver ribbon.Domes and towers trembling with light, almost suspended in the air, as if everything and everyone were holding their breath waiting for twilight — and for the night that would cover it with shadows, stars and dreams.One more glance, then he turned on his transistor radio that he had found a few years ago and the notes of Duke Ellington's 'Don't Get Around Much Anymore' filled the autumn evening.Silence may be sacred for the monks, but for Severino music was more so. Seven, his raven, didn't need to be called and at the first notes launched himself from the cypresses of the cemetery above, circled in front of the imposing facade of the Basilica and suddenly glided down along the stairway, to land gently on his left shoulder."Hey Seven, had a good day?""Yes. Could have been worse — Let's settle for that."At which, Severino smiled, turned up the radio's volume and began climbing resolutely toward le Porte del Cielo, while Jazz music echoed among the ancient stones.Nine years ago, on this same day in the month of October, the Olivetan monks residing in the Abbey found a child on the steps of the Basilica.He was there, wrapped in fog, silent as the night, eyes curious as the wind, without name and without past. They called him Severino — I don't know why — and he grew up among prayers and silences. He played in ancient rooms and discovered his world, surrounded by books, tombs, art and mysteries never revealed. At night a raven and a black cat accompanied him, illuminated by the moon, in the Cimitero delle Porte Sante, wandering among imposing crypts and motionless statues that whispered memories and mysteries.But on Halloween nights the whispers transform into screams and endless laments. Secrets manifest themselves, legends become reality, and dreams disguised as nightmares knock on doors lit by candles. And that full moon night was precisely this night: October 31st — and remember, whether you believe in spirits or not, nothing changes: the ghosts will come.And Severino was up there, right there waiting for them to arrive. Leaning out the highest window of the bell tower, calm, looking at Florence from above. While Thelonious Monk's 'Round Midnight' played on his radio, he watched — tapping time with one foot and waited.At the second of the twelve strokes of the midnight bells, something began to happen. On the Arno formed a dense fog that pulsed with spectral green. It began to rise and slide slow but inexorable over the bridges like fingers of cold hands of impatient ghosts. It slid over the Ponte Vecchio and rolled through the streets of Oltrarno until reaching San Niccolò, where it climbed up the hill swallowing everything it found in its path.When it reached the gate of San Miniato, it slipped through the bars and climbed up the stairs until it covered, like a high luminous tide, the entire square in front of the church. It climbed up the marble facade and wrapped also the Cimitero delle Porte Sante, covering the entire hill in a cloak of mystery. Then slowly, as if by enchantment, the fog began to dissolve rising toward the sky and when the last cloud melted into the night air, the square was no longer empty.Small jack-o'-lanterns with flickering lights floated in the air smiling with teeth of fire. Black candles sprouted from nowhere, illuminating spectral stalls full of everything and nothing. Bats that seemed made of paper but were alive fluttered among the lights with wings of black velvet, while autumn leaves danced without wind, sparkling with gold and copper. Pumpkins of every shape filled the stands, some carved with funny faces, others covered with silver spiderwebs that shone like threads of moon. Witch hats swirled in the air like flying umbrellas rotating slow on themselves. Roasted chestnuts perfumed the air with cinnamon and mystery, while small dancing skeletons tinkled like ice bells.And finally in the Cimitero delle Porte Sante, the Portal opened. Like every Halloween, for centuries, spirits from all over the world congregated in Florence for their annual meeting. A spectral river of ghosts poured into the square, each heading toward their own stall, and each with their impossible merchandise to sell or trade. The spirits had arrived and Severino observed them from above. A carnival of other worlds, made of sounds, colors and unimaginable stories.The deserted square had transformed into the Market of Ghosts. Stalls kept materializing from nowhere, carved and glowing pumpkins told each other stories of Halloweens past, present and future laughing malicious among the perfumes of lost memories, past centuries, tomorrow's candles and fallen stardust. The sky above the Tuscan hills and above Florence was full of ghosts arriving from everywhere to search for the unfindable. But no human eye could see this spectacle. No one except Severino, who descended from the tower enchanted by that spectacle and immersed himself in the crowd pulsating with otherworldly life. Seven circled above him observing with attentive eyes and cawing a bit nervous. Some ghosts looked at him with curiosity and recognized him. Someone greeted him and many others whispered his name in forgotten languages."There he is," murmured a witch from Prague."The child of time," sighed a Norman knight."He's returned, I told you so." laughed a Caribbean pirate.But Severino paid them no attention because there were ghosts selling: dreams of sleeping dragons, laughter of northern gnomes, tears of mermaids in love, the last breath of dinosaurs, shadows of unicorns. And even fears from past Halloweens — two for the price of one, but only for tonight. The ghost of a pirate who died during a boarding gone not so well shouted: "Storm bottles! Lightning in jars!" A witch from Salem whispered: "Love potions that last three lifetimes…" A medieval knight showed swords that cut fear, A Chinese spirit waved kites that fly into the past.The spectral crowd grew and thickened, laughed and bargained, while Severino walked amazed and fascinated among the impossible stalls of the Halloween Market. Seven cawed restless from above and Eleven, the black cat with orange eyes, jumped from one tent to another not losing sight of a single movement of Severino and the hundreds of souls circling around him.A ghost monk from an era that never existed saw him and smiled at him from behind a stall full of ancient radios adorned with mysterious symbols. Severino approached, fascinated."How wonderful! Do they all work?""Oh yes, certainly" replied the monk. "These transmit on the waves of past, present, and future time. But you don't need to buy one."The other ghosts stopped. They ceased selling, buying and bartering. They looked at Severino with respect and listened to what the collector of frequencies told him."The transistor radio you already have is more special than you think. But to discover its true secrets, you'll have to search in the ancient crypts where everything began."And suddenly the first lights of dawn began to illuminate the sky behind San Miniato with pink. In rush and hurry the ghosts said goodbye flying away in the wind. "Until next Halloween!" They told each other crossing in the sky. The stalls vanished. Lanterns and candles went out. The Market of Ghosts dissolved like a dream.Severino found himself alone in the empty square, Seven on his shoulder and Eleven sitting on the low wallLooking at Florence illuminating itself in the day of All Saints. He observed his old radio with new eyes and from the ancient crypts of San Miniato, something seemed to call him. He turned it on, turned up the volume and descended the stairway in time to Chet Baker's version of 'Autumn Leaves'.It was time to throw open the gate of the Basilica of San Miniato al Monte.___________________We will continue this story.... For now a Happy Halloween to all of you, may you always believe in magic!Story written by Marco Ciappelli for "Stories Under The Stars" Halloween 2025___________________Listen to Severino's Playlist for the songs that accompany this story and subscribe to discover new music with every adventure.

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

Guest and HostGuest: Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comHost: Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesIn this candid episode of Music Evolves, Sean Martin and Marco Ciappelli unpack the creative, ethical, and deeply personal tensions surrounding AI-generated music—where it fits, where it falters, and where it crosses the line.Sean opens with a clear position: AI can support the creative process, but its outputs shouldn't be commercialized unless the ingredients—i.e., training data—are ethically sourced and properly licensed. His concern is grounded in authorship and consent. If a model learns from unlicensed tracks, even indirectly, is it sampling without credit?Marco responds by acknowledging how deeply embedded influence is in all creative acts. As a writer and musician, he often discovers melodies or storylines in his own work that echo familiar structures—not out of theft, but because of lived experience. “We are made of what we absorb,” he says, drawing parallels between human memory and how AI models are trained.But the critical difference? Humans feel. They reinterpret. They falter. They declare their intent. AI does none of that—at least, not yet.The discussion isn't anti-technology. Instead, it's about boundaries. Both Sean and Marco agree that tools like neural networks can be fascinating collaborators. But when those tools start to blur authorship or generate perfect replicas of a human's imperfection—say, the crackle of a vinyl or the slide of a finger across a string—what are we really listening to? And who, if anyone, should profit from it?They wrestle with questions of transparency (“Did you write that… or did AI?”), authorship (“If you like it but don't know it's AI, does it matter?”), and commercialization (“Is it still your art if someone else feeds it to a machine?”). And perhaps most importantly, they invite you to answer for yourself.

Show NotesIn this episode, we unpack the core ideas behind the Sonic Frontiers article “From Sampling to Scraping: AI Music, Rights, and the Return of Creative Control.” As AI-generated music floods streaming platforms, rights holders are deploying new tools like neural fingerprinting to detect derivative works — even when no direct sampling occurs. But what does it mean to “detect influence,” and can algorithms truly distinguish theft from inspiration?We explore the implications for artists who want to experiment with AI without being replaced by it, and the shifting desires of listeners who may soon prefer human-made music the way some still seek out vinyl, film cameras, or wooden roller coasters — not for efficiency, but for the feel.The article also touches on the burden of rights enforcement in this new age. While major labels can embed detection systems, who protects the independent artist? And if AI enables anyone to create, does it also require everyone to monitor?This episode invites you to reflect on what we value in music: speed and volume, or craft and control?

⬥GUEST⬥Walter Haydock, Founder, StackAware | On Linkedin: https://www.linkedin.com/in/walter-haydock/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥No-Code Meets AI: Who's Really in Control?As AI gets embedded deeper into business workflows, a new player has entered the security conversation: no-code automation tools. In this episode of Redefining CyberSecurity, host Sean Martin speaks with Walter Haydock, founder of StackAware, about the emerging risks when AI, automation, and business users collide—often without traditional IT or security oversight.Haydock shares how organizations are increasingly using tools like Zapier and Microsoft Copilot Studio to connect systems, automate tasks, and boost productivity—all without writing a single line of code. While this democratization of development can accelerate innovation, it also introduces serious risks when systems are built and deployed without governance, testing, or visibility.The conversation surfaces critical blind spots. Business users may be automating sensitive workflows involving customer data, proprietary systems, or third-party APIs—without realizing the implications. AI prompts gone wrong can trigger mass emails, delete databases, or unintentionally expose confidential records. Recursion loops, poor authentication, and ambiguous access rights are all too easy to introduce when development moves this fast and loose.Haydock emphasizes that this isn't just a technology issue—it's an organizational one. Companies need to decide: who owns risk when anyone can build and deploy a business process? He encourages a layered approach, including lightweight approval processes, human-in-the-loop checkpoints for sensitive actions, and upfront evaluations of tools for legal compliance and data residency.Security teams, he notes, must resist the urge to block no-code outright. Instead, they should enable safer adoption through clear guidelines, tool allowlists, training, and risk scoring systems. Meanwhile, business leaders must engage early with compliance and risk stakeholders to ensure their productivity gains don't come at the expense of long-term exposure.For organizations embracing AI-powered automation, this episode offers a clear takeaway: treat no-code like production code—because that's exactly what it is.⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Everyone Is Protecting My Password, But Who Is Protecting My Toilet Paper? - Interview with Amberley Brady | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Empty shelves trigger something primal in us now. We've lived through the panic, the uncertainty, the realization that our food supply isn't as secure as we thought. Amberley Brady hasn't forgotten that feeling, and she's turned it into action.Speaking with her from Florence to Sydney ahead of AISA CyberCon in Melbourne, I discovered someone who came to cybersecurity through an unexpected path—studying law, working in policy, but driven by a singular passion for food security. When COVID-19 hit Australia in 2019 and grocery store shelves emptied, Amberley couldn't shake the question: what happens if this keeps happening?Her answer was to build realfoodprice.com.au, a platform tracking food pricing transparency across Australia's supply chain. It's based on the Hungarian model, which within three months saved consumers 50 million euros simply by making prices visible from farmer to wholesaler to consumer. The markup disappeared almost overnight when transparency arrived."Once you demonstrate transparency along the supply chain, you see where the markup is," Amberley explained. She gave me an example that hit home: watermelon farmers were getting paid 40 cents per kilo while their production costs ran between $1.00 to $1.50. Meanwhile, consumers paid $2.50 to $2.99 year-round. Someone in the middle was profiting while farmers lost money on every harvest.But this isn't just about fair pricing—it's about critical infrastructure that nobody's protecting. Australia produces food for 70 million people, far more than its own population needs. That food moves through systems, across borders, through supply chains that depend entirely on technology most farmers never think about in cybersecurity terms.The new autonomous tractors collecting soil data? That information goes somewhere. The sensors monitoring crop conditions? Those connect to systems someone else controls. China recognized this vulnerability years ago—with 20% of the world's population but only 7% of arable land, they understood that food security is national security.At CyberCon, Amberley is presenting two sessions that challenge the cybersecurity community to expand their thinking. "Don't Outsource Your Thinking" tackles what she calls "complacency creep"—our growing trust in AI that makes us stop questioning, stop analyzing with our gut instinct. She argues for an Essential Nine in Australia's cybersecurity framework, adding the human firewall to the technical Essential Eight.Her second talk, cheekily titled "Everyone is Protecting My Password, But No One's Protecting My Toilet Paper," addresses food security directly. It's provocative, but that's the point. We saw what happened in Japan recently with the rice crisis—the same panic buying, the same distrust, the same empty shelves that COVID taught us to fear."We will run to the store," Amberley said. "That's going to be human behavior because we've lived through that time." And here's the cybersecurity angle: those panics can be manufactured. A fake image of empty shelves, an AI-generated video, strategic disinformation—all it takes is triggering that collective memory.Amberley describes herself as an early disruptor in the agritech cybersecurity space, and she's right. Most cybersecurity professionals think about hospitals, utilities, financial systems. They don't think about the autonomous vehicles in fields, the sensor networks in soil, the supply chain software moving food across continents.But she's starting the conversation, and CyberCon's audience—increasingly diverse, including people from HR, risk management, and policy—is ready for it. Because at the end of the day, everyone has to eat. And if we don't start thinking about the cyber vulnerabilities in how we grow, move, and price food, we're leaving our most basic need unprotected.AISA CyberCon Melbourne runs October 15-17, 2025 Virtual coverage provided by ITSPmagazineGUEST:Amberley Brady, Food Security & Cybersecurity Advocate, Founder of realfoodprice.com.au | On LinkedIn: https://www.linkedin.com/in/amberley-b-a62022353/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Beyond Blame: Navigating the Digital World with Our KidsAISA CyberCon Melbourne | October 15-17, 2025There's something fundamentally broken in how we approach online safety for young people. We're quick to point fingers—at tech companies, at schools, at kids themselves—but Jacqueline Jayne (JJ) wants to change that conversation entirely.Speaking with her from Florence while she prepared for her session at AISA CyberCon Melbourne this week, it became clear that JJ understands what many in the cybersecurity world miss: this isn't a technical problem that needs a technical solution. It's a human problem that requires us to look in the mirror."The online world reflects what we've built for them," JJ told me, referring to our generation. "Now we need to step up and help fix it."Her session, "Beyond Blame: Keeping Our Kids Safe Online," tackles something most cybersecurity professionals avoid—the uncomfortable truth that being an IT expert doesn't automatically make you equipped to protect the young people in your life. Last year's presentation at Cyber Con drew a full house, with nearly every hand raised when she asked who came because of a kid in their world.That's the fascinating contradiction JJ exposes: rooms full of cybersecurity professionals who secure networks and defend against sophisticated attacks, yet find themselves lost when their own children navigate TikTok, Roblox, or encrypted messaging apps.The timing couldn't be more relevant. With Australia implementing a social media ban for anyone under 16 starting December 10, 2025, and similar restrictions appearing globally, parents and carers face unprecedented challenges. But as JJ points out, banning isn't understanding, and restriction isn't education.One revelation from our conversation particularly struck me—the hidden language of emojis. What seems innocent to adults carries entirely different meanings across demographics, from teenage subcultures to, disturbingly, predatory networks online. An explosion emoji doesn't just mean "boom" anymore. Context matters, and most adults are speaking a different digital dialect than their kids.JJ, who successfully guided her now 19-year-old son through the gaming and social media years, isn't offering simple solutions because there aren't any. What she provides instead are conversation starters, resources tailored to different age groups, and even AI prompts that parents can customize for their specific situations.The session reflects a broader shift happening at events like Cyber Con. It's no longer just IT professionals in the room. HR representatives, risk managers, educators, and parents are showing up because they've realized that digital safety doesn't respect departmental boundaries or professional expertise."We were analog brains in a digital world," JJ said, capturing our generational position perfectly. But today's kids? They're born into this interconnectedness, and COVID accelerated everything to a point where taking it away isn't an option.The real question isn't who to blame. It's what role each of us plays in creating a safer digital environment. And that's a conversation worth having—whether you're at the Convention and Exhibition Center in Melbourne this week or joining virtually from anywhere else.AISA CyberCon Melbourne runs October 15-17, 2025 Virtual coverage provided by ITSPmagazine___________GUEST:Jacqueline (JJ) Jayne, Reducing human error in cyber and teaching 1 million people online safety. On Linkedin: https://www.linkedin.com/in/jacquelinejayne/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com ______Title: AI Creativity Expert Reveals Why Machines Need More Freedom - Creative Machines: AI, Art & Us Book Interview | A Conversation with  Author Maya Ackerman | Redefining Society And Technology Podcast With Marco Ciappelli______Guest: Maya Ackerman, PhD.Generative AI Pioneer | Author | Keynote SpeakerOn LinkedIn: https://www.linkedin.com/in/mackerma/Website: http://www.maya-ackerman.comDr. Maya Ackerman is a pioneer in the generative AI industry, associate professor of Computer Science and Engineering at Santa Clara University, and co-founder/CEO of Wave AI, one of the earliest generative AI startup. Ackerman has been researching generative AI models for text, music and art since 2014, and an early advocate for human-centered generative AI, bringing awareness to the power of AI to profoundly elevate human creativity. Under her leadership as co-founder and CEO, WaveAI has emerged as a leader in musical AI, benefiting millions of artists and creators with their products LyricStudio and MelodyStudio.Dr. Ackerman's expertise and innovative vision have earned her numerous accolades, including being named a "Woman of Influence" by the Silicon Valley Business Journal. She is a regular feature in prestigious media outlets and has spoken on notable stages around the world, such as the United Nations, IBM Research, and Stanford University. Her insights into the convergence of AI and creativity are shaping the future of both technology and music. A University of Waterloo PhD and Caltech Postdoc, her unique blend of scholarly rigor and entrepreneurial acumen makes her a sought-after voice in discussions about the practical and ethical implications of AI in our rapidly evolving digital world. Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____ Newsletter: Musing On Society And Technology https://www.linkedin.com/newsletters/musing-on-society-technology-7079849705156870144/_____ Watch on Youtube: https://youtu.be/nFn6CcXKMM0_____ My Website: https://www.marcociappelli.com_____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliReflections from Our Hybrid Analog-Digital SocietyFor years on the Redefining Society and Technology Podcast, I've explored a central premise: we live in a hybrid -digital society where the line between physical and virtual has dissolved into something more complex, more nuanced, and infinitely more human than we often acknowledge.Introducing a New Series: Analog Minds in a Digital World:Reflections from Our Hybrid Analog-Digital SocietyPart II: Lo-Fi Music and the Art of Imperfection — When Technical Limitations Become Creative LiberationI've been testing small speakers lately. Nothing fancy—just little desktop units that cost less than a decent dinner. As I cycled through different genres, something unexpected happened. Classical felt lifeless, missing all its dynamic range. Rock came across harsh and tinny. Jazz lost its warmth and depth. But lo-fi? Lo-fi sounded... perfect.Those deliberate imperfections—the vinyl crackle, the muffled highs, the compressed dynamics—suddenly made sense on equipment that couldn't reproduce perfection anyway. The aesthetic limitations of the music matched the technical limitations of the speakers. It was like discovering that some songs were accidentally designed for constraints I never knew existed.This moment sparked a bigger realization about how we navigate our hybrid analog-digital world: sometimes our most profound innovations emerge not from perfection, but from embracing limitations as features.Lo-fi wasn't born in boardrooms or designed by committees. It emerged from bedrooms, garages, and basement studios where young musicians couldn't afford professional equipment. The 4-track cassette recorder—that humble Portastudio that let you layer instruments onto regular cassette tapes for a fraction of what professional studio time cost—became an instrument of democratic creativity. Suddenly, anyone could record music at home. Sure, it would sound "imperfect" by industry standards, but that imperfection carried something the polished recordings lacked: authenticity.The Velvet Underground recorded on cheap equipment and made it sound revolutionary—so revolutionary that, as the saying goes, they didn't sell many records, but everyone who bought one started a band. Pavement turned bedroom recording into art. Beck brought lo-fi to the mainstream with "Mellow Gold." These weren't artists settling for less—they were discovering that constraints could breed creativity in ways unlimited resources never could.Today, in our age of infinite digital possibility, we see a curious phenomenon: young creators deliberately adding analog imperfections to their perfectly digital recordings. They're simulating tape hiss, vinyl scratches, and tube saturation using software plugins. We have the technology to create flawless audio, yet we choose to add flaws back in.What does this tell us about our relationship with technology and authenticity?There's something deeply human about working within constraints. Twitter's original 140-character limit didn't stifle creativity—it created an entirely new form of expression. Instagram's square format—a deliberate homage to Polaroid's instant film—forced photographers to think differently about composition. Think about that for a moment: Polaroid's square format was originally a technical limitation of instant film chemistry and optics, yet it became so aesthetically powerful that decades later, a digital platform with infinite formatting possibilities chose to recreate that constraint. Even more, Instagram added filters that simulated the color shifts, light leaks, and imperfections of analog film. We had achieved perfect digital reproduction, and immediately started adding back the "flaws" of the technology we'd left behind.The same pattern appears in video: Super 8 film gave you exactly 3 minutes and 12 seconds per cartridge at standard speed—grainy, saturated, light-leaked footage that forced filmmakers to be economical with every shot. Today, TikTok recreates that brevity digitally, spawning a generation of micro-storytellers who've mastered the art of the ultra-short form, sometimes even adding Super 8-style filters to their perfect digital video.These platforms succeeded not despite their limitations, but because of them. Constraints force innovation. They make the infinite manageable. They create a shared language of creative problem-solving.Lo-fi music operates on the same principle. When you can't capture perfect clarity, you focus on capturing perfect emotion. When your equipment adds character, you learn to make that character part of your voice. When technical perfection is impossible, artistic authenticity becomes paramount.This is profoundly relevant to how we think about artificial intelligence and human creativity today. As AI becomes capable of generating increasingly "perfect" content—flawless prose, technically superior compositions, aesthetically optimized images—we find ourselves craving the beautiful imperfections that mark something as unmistakably human.Walking through any record store today, you'll see teenagers buying vinyl albums they could stream in perfect digital quality for free. They're choosing the inconvenience of physical media, the surface noise, the ritual of dropping the needle. They're purchasing imperfection at a premium.This isn't nostalgia—most of these kids never lived in the vinyl era. It's something deeper: a recognition that perfect reproduction might not equal perfect experience. The crackle and warmth of analog playback creates what audiophiles call "presence"—a sense that the music exists in the same physical space as the listener.Lo-fi music replicates this phenomenon in digital form. It takes the clinical perfection of digital audio and intentionally degrades it to feel more human. The compression, the limited frequency range, the background noise—these aren't bugs, they're features. They create the sonic equivalent of a warm embrace.In our hyperconnected, always-optimized digital existence, lo-fi offers something precious: permission to be imperfect. It's background music that doesn't demand your attention, ambient sound that acknowledges life's messiness rather than trying to optimize it away.Here's where it gets philosophically interesting: we're using advanced digital technology to simulate the limitations of obsolete analog technology. Young producers spend hours perfecting their "imperfect" sound, carefully curating randomness, precisely engineering spontaneity.This creates a fascinating paradox. Is simulated authenticity still authentic? When we use AI-powered plugins to add "vintage" character to our digital recordings, are we connecting with something real, or just consuming a nostalgic fantasy?I think the answer lies not in the technology itself, but in the intention behind it. Lo-fi creators aren't trying to fool anyone—the artifice is obvious. They're creating a shared aesthetic language that values emotion over technique, atmosphere over precision, humanity over perfection.In a world where algorithms optimize everything for maximum engagement, lo-fi represents a conscious choice to optimize for something else entirely: comfort, focus, emotional resonance. It's a small rebellion against the tyranny of metrics.As artificial intelligence becomes increasingly capable of generating "perfect" content, the value of obviously human imperfection may paradoxically increase. The tremor in a hand-drawn line, the slight awkwardness in authentic conversation, the beautiful inefficiency of analog thinking—these become markers of genuine human presence.The challenge isn't choosing between analog and digital, perfection and imperfection. It's learning to consciously navigate between them, understanding when limitations serve us and when they constrain us, recognizing when optimization helps and when it hurts.My small speakers taught me something important: sometimes the best technology isn't the one with the most capabilities, but the one whose limitations align with our human needs. Lo-fi music sounds perfect on imperfect speakers because both embrace the same truth—that beauty often emerges not from the absence of flaws, but from making peace with them.In our quest to build better systems, smarter algorithms, and more efficient processes, we might occasionally pause to ask: what are we optimizing for? And what might we be losing in the pursuit of digital perfection?The lo-fi phenomenon—and its parallels in photography, video, and every art form we've digitized—reveals something profound about human nature. We are not creatures built for perfection. We are shaped by friction, by constraint, by the beautiful accidents that occur when things don't work exactly as planned. The crackle of vinyl, the grain of film, the compression of cassette tape—these aren't just nostalgic affectations. They're reminders that imperfection is where humanity lives. That the beautiful inefficiency of analog thinking—messy, emotional, unpredictable—is not a bug to be fixed but a feature to be preserved.Sometimes the most profound technology is the one that helps us remember what it means to be beautifully, imperfectly human. And maybe, in our hybrid analog-digital world, that's the most important thing we can carry forward.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society.End of transmission.______________________________________

⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com ______Title: Tech Entrepreneur and Author's AI Prediction - The Last Book Written by a Human Interview  | A Conversation with Jeff Burningham | Redefining Society And Technology Podcast With Marco Ciappelli______Guest: Eli LopianFounder of Typemock Ltd | Author of AIcracy: Beyond Democracy | AI & Governance Thought LeaderOn LinkedIn: https://www.linkedin.com/in/elilopian/Book: https://aicracy.aiHost: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

When we talk about AI at cybersecurity conferences these days, one term is impossible to ignore: agentic AI. But behind the excitement around AI-driven productivity and autonomous workflows lies an unresolved—and increasingly urgent—security issue: identity.In this episode, Sean Martin and Marco Ciappelli speak with Cristin Flynn Goodwin, keynote speaker at SecTor 2025, about the intersection of AI agents, identity management, and legal risk. Drawing from decades at the center of major security incidents—most recently as the head cybersecurity lawyer at Microsoft—Cristin frames today's AI hype within a longstanding identity crisis that organizations still haven't solved.Why It Matters NowAgentic AI changes the game. AI agents can act independently, replicate themselves, and disappear in seconds. That's great for automation—but terrifying for risk teams. Cristin flags the pressing need to identify and authenticate these ephemeral agents. Should they be digitally signed? Should there be a new standard body managing agent identities? Right now, we don't know.Meanwhile, attackers are already adapting. AI tools are being used to create flawless phishing emails, spoofed banking agents, and convincing digital personas. Add that to the fact that many consumers and companies still haven't implemented strong MFA, and the risk multiplier becomes clear.The Legal ViewFrom a legal standpoint, Cristin emphasizes how regulations like New York's DFS Cybersecurity Regulation are putting pressure on CISOs to tighten IAM controls. But what about individuals? “It's an unfair fight,” she says—no consumer can outpace a nation-state attacker armed with AI tooling.This keynote preview also calls attention to shadow AI agents: tools employees may create outside the control of IT or security. As Cristin warns, they could become “offensive digital insiders”—another dimension of the insider threat amplified by AI.Looking AheadThis is a must-listen episode for CISOs, security architects, policymakers, and anyone thinking about AI safety and digital trust. From the potential need for real-time, verifiable agent credentials to the looming collision of agentic AI with quantum computing, this conversation kicks off SecTor 2025 with urgency and clarity.Catch the full episode now, and don't miss Cristin's keynote on October 1.___________Guest:Cristin Flynn Goodwin, Senior Consultant, Good Harbor Security Risk Management | On LinkedIn: https://www.linkedin.com/in/cristin-flynn-goodwin-24359b4/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcweb___________ResourcesKeynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurityGood Harbor Security Risk Management (Richard Clarke's firm): https://www.goodharbor.net/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

The cybersecurity industry operates on a fundamental misconception: that consumers want to understand and manage their digital security. After 17 years at F-Secure and extensive consumer research, Dmitri Vellikok has reached a different conclusion—people simply want security problems to disappear without their involvement.This insight has driven F-Secure's transformation from traditional endpoint protection to what Vellikok calls "embedded ecosystem security." The company, which holds 55% global market share in operator-delivered consumer security, has moved beyond the conventional model of asking consumers to install and manage security software.F-Secure's approach centers on embedding security capabilities directly into applications and services consumers already use. Rather than expecting people to download separate security software, the company partners with telecom operators, insurance companies, and financial institutions to integrate protection into existing customer touchpoints.This embedded strategy addresses what Vellikok identifies as cybersecurity's biggest challenge: activation and engagement. Traditional security solutions fail when consumers don't install them, don't configure them properly, or abandon them due to complexity. By placing security within existing applications, F-Secure automatically reaches more consumers while reducing friction.The company's research reveals the extent of consumer overconfidence in digital security. Seventy percent of people believe they can easily spot scams, yet 43% of that same group admits to having been scammed. This disconnect between perception and reality drives F-Secure's focus on proactive, invisible protection rather than relying on consumer vigilance.Central to this approach is what F-Secure calls the "scam kill chain"—a framework for protecting consumers at every stage of fraudulent attempts. The company analyzes scam workflows to identify intervention points, from initial contact through trust-building phases to final exploitation. This comprehensive view enables multi-layered protection that doesn't depend on consumers recognizing threats.F-Secure's partnership with telecom operators provides unique advantages in this model. Operators see network traffic, website visits, SMS messages, and communication patterns, giving them visibility into threat landscapes that individual security solutions cannot match. However, operators typically don't communicate their protective actions to customers, creating an opportunity for F-Secure to bridge this gap.The company combines operator-level data with device-level protection and user interface elements that inform consumers about threats blocked on their behalf. This creates what Vellikok describes as a "protective ring" around users' digital lives while maintaining transparency about security actions taken.Artificial intelligence and machine learning have been core to F-Secure's operations for over a decade, but recent advances enable more sophisticated predictive capabilities. The company processes massive data volumes to identify patterns and predict threats before they materialize. Vellikok estimates that within 18 to 24 months, F-Secure will be able to warn consumers three days in advance about likely scam attempts.This predictive approach represents a fundamental shift from reactive security to proactive protection. Instead of waiting for threats to appear and then blocking them, the system identifies risk patterns and steers users away from dangerous situations before threats fully develop.The AI integration also serves as a translation layer between technical security events and consumer-friendly communications. Rather than presenting technical alerts about blocked URLs or filtered emails, the system provides context about threats in language consumers can understand and act upon.F-Secure's evolution reflects broader industry recognition that consumer cybersecurity requires different approaches than enterprise security. While businesses can mandate security training and complex protocols, consumers operate in environments where convenience and simplicity drive adoption. The embedded security model acknowledges this reality while maintaining protection effectiveness.The company's global reach through operator partnerships positions it to address cybersecurity as a systemic challenge rather than an individual consumer problem. By aggregating threat data across millions of users and multiple communication channels, F-Secure creates network effects that improve protection for all users as the system learns from new attack patterns.Looking forward, Vellikok anticipates cybersecurity challenges will continue evolving in waves. Current focus on scam protection will likely shift to AI-driven threats, followed by quantum computing challenges. The embedded security model provides a framework for adapting to these changes while maintaining consumer protection without requiring users to understand or manage evolving threat landscapes. Learn more about F-Secure: https://itspm.ag/f-secure-2748Note: This story contains promotional content. Learn more. Guest: Dmitri Vellikok, Product and Business Development at F-Secure  On LinkedIn: https://www.linkedin.com/in/dmitrivellikok/ResourcesCompany Directory:https://www.itspmagazine.com/directory/f-secure Learn more about creating content with Sean Martin & Marco Ciappelli:  https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/purchase-programs Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥GUEST⬥Aunshul Rege, Director at The CARE Lab at Temple University | On Linkedin: https://www.linkedin.com/in/aunshul-rege-26526b59/⬥CO-HOST⬥Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Cybersecurity Is for Everyone — If We Teach It That WayCybersecurity impacts us all, yet most people still see it as a tech-centric domain reserved for experts in computer science or IT. Dr. Aunshul Rege, Associate Professor in the Department of Criminal Justice at Temple University, challenges that perception through her research, outreach, and education programs — all grounded in community, empathy, and human behavior.In this episode, Dr. Rege joins Sean Martin and co-host Julie Haney to share her multi-layered approach to cybersecurity awareness and education. Drawing from her unique background that spans computer science and criminology, she explains how understanding human behavior is critical to understanding and addressing digital risk.One powerful initiative she describes brings university students into the community to teach cyber hygiene to seniors — a demographic often left out of traditional training programs. These student-led sessions focus on practical topics like scams and password safety, delivered in clear, respectful, and engaging ways. The result? Not just education, but trust-building, conversation, and long-term community engagement.Dr. Rege also leads interdisciplinary social engineering competitions that invite students from diverse academic backgrounds — including theater, nursing, business, and criminal justice — to explore real-world cyber scenarios. These events prove that you don't need to code to contribute meaningfully to cybersecurity. You just need curiosity, communication skills, and a willingness to learn.Looking ahead, Temple University is launching a new Bachelor of Arts in Cybersecurity and Human Behavior — a program that weaves in community engagement, liberal arts, and applied practice to prepare students for real-world roles beyond traditional technical paths.If you're a security leader looking to improve awareness programs, a university educator shaping the next generation, or someone simply curious about where you fit in the cyber puzzle, this episode offers a fresh perspective: cybersecurity works best when it's human-first.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Dr. Aunshul Rege is an Associate Professor here, and much of her work is conducted under this department: https://liberalarts.temple.edu/academics/departments-and-programs/criminal-justiceTemple Digital Equity Plan (2022): https://www.phila.gov/media/20220412162153/Philadelphia-Digital-Equity-Plan-FINAL.pdfTemple University Digital Equity Center / Digital Access Center: https://news.temple.edu/news/2022-12-06/temple-launches-digital-equity-center-north-philadelphiaNICE Cybersecurity Workforce Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

A Mystery in FlorenceIn Tuscany there is so much magic: hills decorated with olive trees, vineyards and cypresses, bell towers ringing everywhere, hidden gardens, and of course enchanted cities, full of history and beauty, where famous artists have created marvellous works of art.In this tale we find ourselves in the city of Florence, where magic abounds and legends hide in every corner.A river called the Arno runs through it; and amongst the many bridges there is one that quite rightly is a bit more famous than the others: the Ponte Vecchio. In those suspended houses no one lives anymore. Every day it is full of tourists who photograph it and come to visit from all over the world, but many, many years ago on this bridge there were butchers, fishmongers and tanners as if it were a market, a square suspended over the Arno and daily life was very different from today.At the time of this story the shops were all jewellery stores owned by master goldsmiths, who lived there, worked and sold gold jewellery and precious items of the highest quality. It was one of the hearts of the city where the Florentines of the time would meet and stop to chat whilst they came and went from one side of the river to the other. Even the children spent their days having fun playing and running from one side to the other undisturbed.At this point you must know that for some days small thefts had been occurring in the artisans' shops. Gold and precious items disappeared as if stolen by the wind, silently and by surprise, without leaving a trace. Who knows who knows? Who could be the culprit?The goldsmiths gathered together, after closing their shops, right there on the bridge."But what on earth is happening?" said one."Well, if only we knew..." said another."And we can't go on like this, looking like fools!"Bernardo, one of the goldsmiths, said: "Granted I'm a bit absent-minded, but I'm certainly not blind enough not to see if gold is missing from my shop."And off they went asking questions and interrogating each other to try to find an explanation for these thefts, discover the thief and perhaps recover what was stolen.In short, it had been weeks now that gold filings from the working of gold and various precious objects had been disappearing from the shops — and all this was happening under everyone's eyes but no one had seen anything.Who to blame if not those mischievous rascals who enjoyed playing football on the bridge! Between little matches, laughter, running, various games and hide-and-seek, who knows if one of them hadn't started stealing here and there.More days passed and more gold had vanished into thin air. The goldsmiths, tired of this business, came out onto the bridge and shouted loudly all together: "Now we've really had enough and it's time to put an end to it! Let's catch the thief!"Even Giulio the baker came out to the doorway of his shop, on the left, at the end of the bridge, and although he hadn't understood precisely what was happening, he showed everyone his flour-covered hands shouting: "I've got nothing to do with it, I swear! My hands are covered in dough only because I'm always preparing focaccia to bake in the oven."And saying this he joined the others shouting: "Let's catch the thief red-handed before that sack becomes one of flour!"In that commotion, Lapo, a very clever and curious boy, son of the goldsmith Bernardo who was friends with everyone and played together with the other children on the bridge, after reflecting thought: "There's something that doesn't add up: we children don't steal, whose fault can it be?"So Lapo decided to investigate on his own. Because as his grandfather always told him: "one thing done is worth more than a hundred to do" and then he would add that "if you do it yourself you do for three."So, without much ado, the following evening he organised himself, getting hold of a magnifying glass, a notebook with pencil to take notes and a lantern that would accompany him in the dark. The latter he held tight with a slightly trembling hand, but there was no hesitation — the situation wouldn't resolve itself.At dusk, he set off from the Ponte Vecchio, where he lived with his father above the shop, towards the column in Piazza Santa Trinità.Up there was, and still is, the Statue of Justice that towered so high as to touch the sky. The journey wasn't long, but that evening it took him longer than usual, because he observed everything with attention and curiosity. He looked right, left, in the narrow streets, beyond the parapet of the Lungarno and if he saw a stone he moved that too: "you never know where you might find clues" he thought.He had heard it said that the column and the statue of Justice were magical and full of secrets. But the most amazing thing was that from its summit, where indeed the statue stood, one could see what was happening at every point in the city — as we know justice sees and knows everything.Having arrived in Piazza Santa Trinita, he gave a great sigh, took one last step and at the foot of the column — what a surprise... he met a snail."A snail?" you will say. "Eh, exactly a snail complete with house on its shoulders, with lights on at the windows and a fireplace lit" Really, I tell you... Believe it... In short it was there, moving, slowly yes, but determined. When it heard the light step of the unexpected visitor, it became suspicious and withdrawing its antennae as if they were brakes, it stopped dead and said:"Halt! Who goes there? But who are you and where are you going? You're not looking for trouble, are you, wandering about all alone at this twilight hour?""No, what trouble... quite the opposite Mrs Snail" replied Lapo, "I should go to the top of the column to see what's happening on the Ponte Vecchio. There are things that don't quite add up and I'm investigating. As you can see I even have the magnifying glass and hat!" Said Lapo showing the objects to avoid misunderstandings. "Now, since you seem to be from around here, you wouldn't happen to know how I can get up there?"The snail who lived at the foot of the column and was to all intents and purposes its guardian, huffed but then smiled and showed Lapo a small door at the foot of the column, hidden by ivy."Dearest Lapo," she said adjusting her spectacles "you seem like a brave boy, a true friend and also a good investigator, but only from the top of the column will you be able to know the truth."Having said this, the snail rubbed her tentacles and they began to shine with a magical light that enveloped Lapo making him become the height of the door which opened with a great creak; so sharp as to make all the birds that were hanging about in the night fly away.Lapo, now very small, thanked the snail and without fear entered inside the column. In the darkness, he was impressed by a narrow and high well that went up instead of down. On the gleaming walls there was a spiral of tiny steps that he began to climb with determination with the lit lantern held tight in his hand. He reached the top.In the night the starry sky illuminated the Statue of Justice that towered over Florence. It had a scale with two balanced plates in one hand and a golden sword in the other.As we said previously, by enchantment, from there one could see the whole city — one just had to look in the right direction and think of the part of Florence you wanted to see: an incredible magic for a breathtaking view.Now was the moment to concentrate on the Ponte Vecchio and try to solve the mystery of the thefts, but whilst moving around the statue, to go to the side that looked towards the river, he made an incredible discovery. He couldn't believe his own eyes — so much so that he took out the magnifying glass to be sure. Both plates of the scale were full of gold filings and precious trinkets."Good heavens! And how did this stuff get up here?" Exclaimed Lapo with wide eyes. "This is undoubtedly the loot from the thefts at the jewellery shops!"At first, confused and amazed he didn't know what to think, but then, observing the filings more carefully he realised they were all woven together with bracelets and necklaces: these were two nests and an idea immediately flashed into his mind."The thieving magpies!" Exclaimed Lapo. Those crafty birds love everything that glitters, it must certainly have been them who robbed the shops and brought the stolen goods up here.And in the middle of this thought, suddenly they appeared in flight. They landed on the column agitated and furious "KRAA KRAA KRAA! Oh, little boy but what are you doing at our home? Don't you even dare touch these glittering marvels; they are our nest, we found them and they are ours."Lapo didn't let himself be frightened and calmly replied: "But what are you saying? You like glittering things that shine and you take them, but that certainly doesn't mean they are yours."The magpies were all chattering together they seemed to have gone mad and knew no reason. "But what is this one saying?" Said one. "Right, someone comes to our home and expects to give orders?" Added another. "Yes, nice joke. They're not ours? But are you a comedian? Change job, look, because you don't make us laugh." Said another.And all of them laughing.At which Lapo didn't let himself be intimidated. He rummaged in his pocket and found what he was looking for. He proposed an exchange. "What if we made a deal. To tell the truth I lose out quite a bit, but I like you so much that I would gladly give you these beautiful shiny marbles in exchange for the gold and trinkets."Seeing those small brilliant and colourful treasures, which they had never seen before, the magpies calmed down. They looked at each other with a crafty look and without hesitation... "Deal!"They took the marbles from his hand in a flash and flew away shouting: "Hooray, we're rich! From now on we'll collect these little balls."Sighing with relief and satisfaction, Lapo recovered the stolen goods and rushed down from the column. The snail was waiting for him applauding. With another spell she made him come out of the little door and appear right on the Ponte Vecchio where several Florentines were taking the evening air and chatting — including the goldsmiths."Papa, papa I've discovered the mystery and found the culprit, it was the thieving magpies! My friends didn't do anything wrong." "Calm down son, I'm listening". Replied Bernardo.Lapo with all the breath he had in his throat didn't waste a moment and told everything he had discovered and seen: the investigator's hat, the magnifying glass, the magical snail who knew the secrets of the column, the little door, the statue at the top, the view of Florence, the thieving magpies and the trick with the coloured marbles. Finally the mystery of the strange thefts was clarified, all the recovered stolen goods were returned to the goldsmiths of the Ponte Vecchio thanks to the enterprising and brave Lapo.At that point everyone who was on the Ponte Vecchio applauded shouting: "hooray, hooray, hooray, for the little investigator."Whilst the ancient bridge, perhaps enchanted, gleamed with golden lights.Giulio the baker whilst putting focaccia in the oven, sang merrily and with a ringing voice announced: "today focaccia for everyone free of charge, we must celebrate!"The thieving magpies returned to flying; they continued to find small objects and even pieces of glittering dreams; and chattering they said: "It may well be that we've lost a nest, but we've certainly found a story to tell."And perhaps, who knows, there will be a new story!— Written by Lucia & Marco Ciappelli [Inspired by a Florentine legend] Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.Learn more about Asimily: itspm.ag/asimily-104921Note: This story contains promotional content. Learn more.Guest: Shankar Somasundaram, CEO & Founder, Asimily  | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/Company Directory: https://www.itspmagazine.com/directory/asimilyResourcesLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less