ITSPmagazine | Technology. Cybersecurity. Society

⬥GUEST⬥John Salomon, Board Member, Cybersecurity Advisors Network (CyAN) | On LinkedIn: https://www.linkedin.com/in/johnsalomon/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity industry keeps repeating a familiar line: there's a shortage of talent. But what if the real issue isn't the number of people—but the lack of access, mentorship, and investment in human potential?In this episode of Redefining CyberSecurity, Sean Martin speaks with John Salomon, an independent cybersecurity consultant and a contributor to the Cybersecurity Advisors Network (CyAN), about how the hiring structure in our industry may be the problem—not the solution. Together, they explore why entry-level roles rarely provide an actual point of entry, and how hiring practices have been shaped more by finance and compliance than by people development.Salomon draws on decades of experience to outline the problem: security is often treated as a pure cost center, so training and mentorship are deprioritized. Early-career professionals are expected to be “job-ready” from day one, and organizations rarely account for the long-term payoff of investing in apprenticeships or junior hires.He also points to the silent collapse of informal mentorship that once defined the field. Leaders used to take risks on new talent. Now, hiring decisions are driven by headcount limitations and performance metrics that leave no room for experimentation or learning through failure.The conversation shifts toward action. Business and security leaders need to reframe cybersecurity as a growth enabler and start viewing mentorship as a risk mitigation tool. Investing in new talent not only strengthens your team—it supports the stability of the industry as a whole.And it's not just on companies. Universities and student organizations must create more opportunities for experiential learning and interdisciplinary collaboration. Leaders can support these efforts with time, not just budget, by showing up and sharing what they've learned.Whether you're a CISO, founder, or just getting started, this episode challenges the idea that “mentorship is nice to have” and shows how it's a cornerstone of sustainable cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7332679935557300224-1lBv/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

As Black Hat USA 2025 approaches, the cybersecurity world is buzzing with innovation—and Dropzone AI is right at the center of it. With roots in Seattle and a mission to bring true intelligence into the security operations center (SOC), the Dropzone AI team is gearing up for a packed week in Las Vegas, from BSides to the AI Summit, and finally at Startup City (booth #6427).Founded by Edward Wu, former Head of AI/ML at ExtraHop Networks, Dropzone AI was built on a key realization: the last thing SOCs need is another flood of alerts. Instead, they need help processing and acting on them. That's where Dropzone comes in—offering an AI-powered security analyst that doesn't just detect threats, but investigates, correlates, and takes action.During a recent pre-event chat with ITSPmagazine's Sean Martin and Marco Ciappelli, Edward explained the core philosophy behind the platform. Unlike hype-driven claims of “fully autonomous SOCs,” Dropzone takes a practical, tiered approach to automation. Their agentic AI system performs full investigations, determines the nature of alerts (true vs. false positives), and recommends or executes containment actions depending on risk tolerance and policy.The tech has found particular traction with lean security teams, or those expanding toward 24/7 coverage without adding headcount. Rather than replacing humans, the platform augments them—freeing analysts from the drudgery of low-priority alert triage and giving them space to focus on strategic work. As Edward put it, “Nobody wants to be a tier-one analyst forever.” Dropzone helps make sure they don't have to be.The platform integrates across existing security stacks and data sources, drawing from threat intel, logs, and endpoint signals to build a full picture of every alert. Security teams retain full control, with human-in-the-loop decision-making remaining the standard in most use cases. However, for low-risk assets and off-hours scenarios, some customers are already authorizing autonomous action.With conversations at Black Hat expected to revolve around the reality of AI in production—not just the vision—Dropzone is entering the perfect arena. From demonstrating real-world impact to sharing insights on agentic design and trust boundaries, their presence will resonate with everyone from analysts to CISOs.Whether you're building out your SOC, questioning your MDR provider, or simply overwhelmed with alert fatigue, this may be your signal. Dropzone AI isn't selling buzzwords. They're delivering results. Visit them at Startup City, booth #6427, and see for yourself what the future of alert triage and SOC efficiency looks like—one investigation at a time. Note: This story contains promotional content. Learn more.Guests:Edward Wu, Founder/CEO at Dropzone AI On LinkedIn: https://www.linkedin.com/in/edwardxwu/DROPZONE AI: https://itspm.ag/dropzoneai-641Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesVisit the DROPZONE Website to learn more: https://itspm.ag/dropzoneai-641Learn more and catch more stories from Dropzone on ITSPmagazine: https://www.itspmagazine.com/directory/dropzoneaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest and HostGuest: Cindy Hulej, Luthier/Artist | Website: https://www.cindyguitars.com/Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesWhat happens when the story of a city becomes part of the music we make? In this episode of Music Evolves, host Sean Martin sits down with luthier and artist Cindy Hulej of Cindy Guitars to explore how reclaimed wood from historic New York buildings is transformed into custom electric guitars—each one uniquely shaped by memory, material, and imagination.Craft as InnovationCindy's process at Carmine Street Guitars isn't just about building instruments—it's about listening to what the material has to say. The beams salvaged from landmarks like the Chelsea Hotel and John Lennon's former home aren't just structural—they carry decades of vibration, weather, and presence. That physical history directly shapes how these guitars sound, feel, and resonate—offering a kind of analog innovation rooted in human touch and intention.Cindy describes how she and her husband Johnny repurpose old beams, often salvaged from 1800s-era buildings, and transform them into guitars that are not only playable but deeply resonant—physically and emotionally. The aged wood, shaped by centuries of seasonal change, yields a tone that's warm and chimey, with a resonance modern lumber can't match. “You're working with material that's already lived a hundred lives,” she explains. “You just have to unlock the next one.”Creativity Beyond ConventionEach guitar is made by hand, down to the smallest detail. From collaborating with boutique pickup winders to mixing finishes from shellac flakes, Cindy builds instruments that are both sonic and visual statements. No two are alike—because the creative process isn't about repeating perfection, it's about shaping something personal and alive. Whether players come with a precise vision or just a feeling, Cindy helps translate that into tone and form.Reimagining the Past to Shape the FutureThis isn't just about guitars. It's about the convergence of history, artistry, community, and sound. This episode challenges the idea that innovation must come from new tech or flashy trends. Sometimes, the most meaningful advances come from rethinking old materials and techniques.Cindy's guitars are a form of living history—reminding us that sound isn't just produced, it's inherited, interpreted, and carried forward. And, Cindy's path from bartending to building some of the most soulful instruments in New York is a reminder that craft isn't just skill—it's commitment to meaning.About Rick Kelly and Carmine Street GuitarsCarmine Street Guitars, located in New York City's Greenwich Village, is a hand-built electric guitar workshop led by legendary luthier Rick Kelly. Known for using reclaimed old-growth wood from historic buildings across the city, Rick has built instruments for renowned musicians such as Lou Reed, Patti Smith, Bob Dylan, and many others. His approach blends time-honored techniques with a reverence for the city's past, crafting guitars that are as storied as the musicians who play them. At the heart of the shop's ethos is a commitment to individuality, craftsmanship, and sonic integrity—values continued today through Cindy Guitars and the growing creative community within the space.SponsorsAre you interested in sponsoring this show or placing an ad in the podcast?Sponsorship

As Black Hat USA 2025 approaches, General Manager Steve Wylie joins Sean Martin and Marco Ciappelli for the annual pre-conference conversation to highlight what's new—and what's next—for one of cybersecurity's most iconic events. This year's themes and expansions signal a strong return to growth, technical depth, and strategic investment.AI Everywhere—from Training to the Show FloorArtificial intelligence emerges as the dominant force across the agenda. From the main stage to the training rooms, Black Hat is packed with AI-related content designed to meet the rising demand for education and clarity. New this year is a comprehensive lineup of instructor-led AI courses and expanded AI tool showcases in the Arsenal and Arsenal Labs programs. As Wylie notes, three of the four Spotlight competition finalists—FireTail, Keep Aware, and Twine Security—are AI-driven solutions, underscoring the technology's influence on innovation.Investor Energy and Startup MomentumCybersecurity investment is back. That momentum is reflected in the expanded Innovators and Investors Summit and the largest-ever Startup Zone on the show floor, now hosting more than 80 companies. This year's program builds on last year's debut and aims to connect entrepreneurs, investors, and CISOs in a more targeted and collaborative setting.Expanding the Audience: New Summits and KeynotesTo better serve cybersecurity leaders across sectors, Black Hat has introduced new summits tailored to financial services and supply chain security. These gatherings offer strategic-level insights for professionals who don't typically engage in technical briefings. Meanwhile, the keynote lineup includes prominent voices from both public and private sectors—such as Miko Hyppönen, Nicole Perlroth, and Chris Inglis—offering grounded perspectives in a time of uncertainty.Interactive Additions and Community GrowthAttendees can expect hands-on experiences like a new drone hacking zone and an expanded hardware lab area. A Career Development Zone also debuts this year, offering sessions designed to help attendees build or pivot their cybersecurity careers.___________Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech and General Manager at Black Hat | On LinkedIn: https://www.linkedin.com/in/swylie650/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

The HITRUST 2025 Trust Report sheds light on a critical question organizations continue to ask: can you really rely on a certification to mean what it says? According to Vincent Bennekers, Vice President of Quality, and Bimal Sheth, Executive Vice President of Standards Development and Assurance Operations at HITRUST, the answer comes down to one word: reliability.The conversation highlights how HITRUST goes beyond a simple checklist by layering in both threat intelligence and maturity modeling. Their framework isn't just built on abstract risk—it incorporates real-world attack techniques, aligning controls to the MITRE ATT&CK framework. This means that the certification reflects actual adversarial tactics rather than hypothetical risk scenarios.Bennekers shares that 99.41% of HITRUST-certified organizations did not report a breach in the last year, and that consistency over two annual reports points to meaningful outcomes—not just marketing claims. Sheth explains how each certification is reviewed in full by HITRUST, not just sampled, and every control is assessed for maturity—not pass/fail. It's a model that helps companies continuously improve, while also giving relying parties better information.For executive teams and boards, the report surfaces where organizations commonly struggle, including access control, vulnerability management, and third-party risk. It also highlights a growing use of external inheritance—leveraging cloud service providers' security posture—as a strategic move for organizations with tighter budgets.Looking ahead, the conversation points to continuous assurance and the evolving role of AI—both as a source of new risks and a tool to enhance security operations. HITRUST is already exploring certification models that reduce drift and increase visibility year-round.For organizations wanting to build more than just a paper shield, this episode unpacks how certification—done right—can be a strategic, measurable advantage.Note: This story contains promotional content. Learn more.Guests:Bimal Sheth, Executive Vice President of Standards Development and Assurance Operations at HITRUST | On LinkedIn: https://www.linkedin.com/in/bimal-sheth-248219130/Vincent Bennekers, Vice President of Quality at HITRUST | On LinkedIn: https://www.linkedin.com/in/vincent-bennekers-a0b3201/Host:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/______________________Keywords: sean martin, bimal sheth, vincent bennekers, hitrust, trust report, cybersecurity, compliance, certification, quality assurance, risk management, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesHITRUST 2025 Trust Report: https://itspm.ag/hitrusz49cWebinar: Beyond the Checkbox: Rethinking SOC 2, Cybersecurity, and Third-Party Risk in 2025 — An ITSPmagazine Webinar with HITRUST (https://www.crowdcast.io/c/beyond-the-checkbox-rethinking-soc-2-cybersecurity-and-third-party-risk-in-2025-an-itspmagazine-webinar-with-hitrust)Visit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________The Hybrid Species — When Technology Becomes Human, and Humans Become TechnologyA Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3July 19, 2025We once built tools to serve us. Now we build them to complete us. What happens when we merge — and what do we carry forward?A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliIn my last musing, I revisited Robbie, the first of Asimov's robot stories — a quiet, loyal machine who couldn't speak, didn't simulate emotion, and yet somehow felt more trustworthy than the artificial intelligences we surround ourselves with today. I ended that piece with a question, a doorway:If today's machines can already mimic understanding — convincing us they comprehend more than they do — what happens when the line between biology and technology dissolves completely? When carbon and silicon, organic and artificial, don't just co-exist, but merge?I didn't pull that idea out of nowhere. It was sparked by something Asimov himself said in a 1965 BBC interview — a clip that keeps resurfacing and hitting harder every time I hear it. He spoke of a future where humans and machines would converge, not just in function, but in form and identity. He wasn't just imagining smarter machines. He was imagining something new. Something between.And that idea has never felt more real than now.We like to think of evolution as something that happens slowly, hidden in the spiral of DNA, whispered across generations. But what if the next mutation doesn't come from biology at all? What if it comes from what we build?I've always believed we are tool-makers by nature — and not just with our hands. Our tools have always extended our bodies, our senses, our minds. A stone becomes a weapon. A telescope becomes an eye. A smartphone becomes a memory. And eventually, we stop noticing the boundary. The tool becomes part of us.It's not just science fiction. Philosopher Andy Clark — whose work I've followed for years — calls us “natural-born cyborgs.” Humans, he argues, are wired to offload cognition into the environment. We think with notebooks. We remember with photographs. We navigate with GPS. The boundary between internal and external, mind and machine, was never as clean as we pretended.And now, with generative AI and predictive algorithms shaping the way we write, learn, speak, and decide — that blur is accelerating. A child born today won't “use” AI. She'll think through it. Alongside it. Her development will be shaped by tools that anticipate her needs before she knows how to articulate them. The machine won't be a device she picks up — it'll be a presence she grows up with.This isn't some distant future. It's already happening. And yet, I don't believe we're necessarily losing something. Not if we're aware of what we're merging with. Not if we remember who we are while becoming something new.This is where I return, again, to Asimov — and in particular, The Bicentennial Man. It's the story of Andrew, a robot who spends centuries gradually transforming himself — replacing parts, expanding his experiences, developing feelings, claiming rights — until he becomes legally, socially, and emotionally recognized as human. But it's not just about a machine becoming like us. It's also about us learning to accept that humanity might not begin and end with flesh.We spend so much time fearing machines that pretend to be human. But what if the real shift is in humans learning to accept machines that feel — or at least behave — as if they care?And what if that shift is reciprocal?Because here's the thing: I don't think the future is about perfect humanoid robots or upgraded humans living in a sterile, post-biological cloud. I think it's messier. I think it's more beautiful than that.I think it's about convergence. Real convergence. Where machines carry traces of our unpredictability, our creativity, our irrational, analog soul. And where we — as humans — grow a little more comfortable depending on the very systems we've always built to support us.Maybe evolution isn't just natural selection anymore. Maybe it's cultural and technological curation — a new kind of adaptation, shaped not in bone but in code. Maybe our children will inherit a sense of symbiosis, not separation. And maybe — just maybe — we can pass along what's still beautiful about being analog: the imperfections, the contradictions, the moments that don't make sense but still matter.We once built tools to serve us. Now we build them to complete us.And maybe — just maybe — that completion isn't about erasing what we are. Maybe it's about evolving it. Stretching it. Letting it grow into something wider.Because what if this hybrid species — born of carbon and silicon, memory and machine — doesn't feel like a replacement… but a continuation?Imagine a being that carries both intuition and algorithm, that processes emotion and logic not as opposites, but as complementary forms of sense-making. A creature that can feel love while solving complex equations, write poetry while accessing a planetary archive of thought. A soul that doesn't just remember, but recalls in high-resolution.Its body — not fixed, but modular. Biological and synthetic. Healing, adapting, growing new limbs or senses as needed. A body that weathers centuries, not years. Not quite immortal, but long-lived enough to know what patience feels like — and what loss still teaches.It might speak in new ways — not just with words, but with shared memories, electromagnetic pulses, sensory impressions that convey joy faster than language. Its identity could be fluid. Fractals of self that split and merge — collaborating, exploring, converging — before returning to the center.This being wouldn't live in the future we imagined in the '50s — chrome cities, robot butlers, and flying cars. It would grow in the quiet in-between: tending a real garden in the morning, dreaming inside a neural network at night. Creating art in a virtual forest. Crying over a story it helped write. Teaching a child. Falling in love — again and again, in new and old forms.And maybe, just maybe, this hybrid doesn't just inherit our intelligence or our drive to survive. Maybe it inherits the best part of us: the analog soul. The part that cherishes imperfection. That forgives. That imagines for the sake of imagining.That might be our gift to the future. Not the code, or the steel, or even the intelligence — but the stubborn, analog soul that dares to care.Because if Robbie taught us anything, it's that sometimes the most powerful connection comes without words, without simulation, without pretense.And if we're now merging with what we create, maybe the real challenge isn't becoming smarter — it's staying human enough to remember why we started creating at all.Not just to solve problems. Not just to build faster, better, stronger systems. But to express something real. To make meaning. To feel less alone. We created tools not just to survive, but to say: “We are here. We feel. We dream. We matter.”That's the code we shouldn't forget — and the legacy we must carry forward.Until next time,Marco_________________________________________________

ITSPmagazine Weekly Update | From AI Agents to Tape Mixes, to Guitars and Black Hat Buzzwords and much more with Marco & Sean's Random & Unscripted Podcast ⸻ In this weekly unscripted update, Marco Ciappelli and Sean Martin catch up on their latest stories, from AI agents replacing SOC analysts to mixtape nostalgia and vintage guitars made from NYC history. They also tease big things coming at Black Hat USA and reflect on why collaboration is core to ITSPmagazine. ⸻ In this week's Random and Unscripted episode, Marco Ciappelli and Sean Martin return with another lively behind-the-scenes update from the ITSPmagazine world. As always, the conversation flows unpredictably—from music and nostalgia to cybersecurity, AI, and everything in between. Marco kicks off the episode by confessing he saw ASIS live—twice—and is now on a mission for the perfect mod haircut. Sean follows with an unexpected review of an avant-garde opera at Lincoln Center, which explores humanity's attempt to extend life through technology. That sets the stage for deeper reflection on AI, with both co-founders digging into the role of AI agents in cybersecurity operations. Sean recaps his recent contributor-led newsletters on threat intelligence and AI-powered SOC roles. Marco, meanwhile, teases the next chapter in his “Robbie the Robot” newsletter series, which will explore the merger of humans and machines. The episode also spotlights a series of published interviews: a brand story with Greg and John from White Knight Labs, Marco's conversation with Ken Munro wrapping up Infosecurity Europe 2025, and an episode with Abadesi from the Women in Cybersecurity track—discussing how diverse teams build better tech. Sean also drops new Music Evolves episodes, including a conversation with Summer McCoy of the Mixtape Museum and a new story on Carmine Guitars, where vintage NYC wood is repurposed into one-of-a-kind instruments. That sparks a philosophical reflection from Marco on the contrast between analog warmth and digital impermanence. As the episode winds down, Marco and Sean turn their attention to Black Hat USA 2025. With sponsorships nearly sold out, they encourage companies to claim one of the last remaining spots. They also preview an upcoming live webinar where they'll debate the event's inevitable buzzwords with industry peers. As always, the tone is informal, curious, and community-driven. If you want the inside scoop on what's shaping the stories and strategies at ITSPmagazine—this is the episode to hear. ⸻ Keywords: cybersecurity, AI agents, threat intelligence, SOC analyst, mixtape museum, custom guitars, Black Hat USA 2025, ITSPmagazine, analog vs digital, diversity in tech, robotic automation, newsletter strategy, editorial collaboration, pen testing, brand storytelling, tech culture, cybersecurity events, operational technology, digital transformation, music and techHosts links:

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com Title: The Human Side of Technology with Abadesi Osunsade — From Diversity to AI and Back AgainGuest: Abadesi OsunsadeFounder @ Hustle Crew - We train ambitious & inclusive teams in tech & beyondWebSite: https://www.abadesi.comOn LinkedIn: https://www.linkedin.com/in/abadesi/Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Consultant | Journalist | Writer | Podcasts: Technology, Cybersecurity, Society, and Storytelling.WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ What happens when someone with a multicultural worldview, startup grit, and a relentless focus on inclusion sits down to talk about tech, humanity, and the future? You get a conversation like this one with Abadesi Osunsade. We touched on everything from equitable design and storytelling to generative AI and ethics. This episode isn't about answers — it's about questions that matter. And it reminded me why I started this show in the first place. ⸻ Article ⸻ Some conversations remind you why you hit “record” in the first place. This one with Abadesi Osunsade — founder of Hustle Crew, podcast host of Techish, and longtime tech leader — was exactly that kind of moment. We were supposed to connect in person at Infosecurity Europe in London, but the chaos of the event kept us from it. I'm glad it worked out this way instead, because what came out of our remote chat was raw, layered, and deeply human. Abadesi and I explored a lot in just over 30 minutes: her journey through big tech and startups, the origins of Hustle Crew, and how inclusion and equity aren't just HR buzzwords — they're the foundation of better design. Better products. Better culture. We talked about the usual “why diversity matters” angle — but went beyond it. She shared viral real-world examples of flawed design (like facial recognition or hand dryers that don't register dark skin) and challenged the myth that inclusive design is more expensive. Spoiler: it's more expensive not to do it right the first time. Then we jumped into AI — not just how it's being built, but who is building it. And what it means when those creators don't reflect the world they're supposedly designing for. We talked about generative AI, ethics, simulation, capitalism, utopia, dystopia — you know, the usual light stuff. What stood out most, though, was her reminder that this work — inclusion, education, change — isn't about shame or guilt. It's about possibility. Not everyone sees the world the same way, so you meet them where they are, with stories, with data, with empathy. And maybe, just maybe, you shift their perspective. This podcast was never meant to be just about tech. It's about how tech shapes society — and how society, in turn, must shape tech. Abadesi brought that full circle. Take a listen. Think with us. Then go build something better. ⸻ Keywords ⸻ Society and Technology, AI ethics, generative AI, inclusive design, tech innovation, product development, digital transformation, tech, technology, Diversity & Inclusion, equity in tech, inclusive leadership, unconscious bias, diverse teams, representation matters, belonging at workEnjoy. Reflect. Share with your fellow humans.And if you haven't already, subscribe to Musing On Society & Technology on LinkedIn — new transmissions are always incoming.https://www.linkedin.com/newsletters/musing-on-society-technology-7079849705156870144You're listening to this through the Redefining Society & Technology podcast, so while you're here, make sure to follow the show — and join us as we continue exploring life in this Hybrid Analog Digital Society.End of transmission.____________________________Listen to more Redefining Society & Technology stories and subscribe to the podcast:

⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Title: "Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time"A Post–Infosecurity Europe 2025 Conversation with Ken MunroGuestsKen Munro Security writer & speakerhttps://www.linkedin.com/in/ken-munro-17899b1/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________After a whirlwind week at Infosecurity Europe 2025, I had the chance to reconnect with Ken Munro from Pen Test Partners — a longtime friend, hacker, and educator who brings cybersecurity to life in the most tangible ways. From car hacking escape rooms to flight simulators in pubs, we talked about why touching tech matters, how myth-busting makes us safer, and how learning through play might just be the key to securing our increasingly complex world. Tune in, and maybe bring a cocktail.⸻There's something special about catching up with someone who's not just an expert in cybersecurity, but also someone who reminds you why this industry can — and should — be fun. Ken Munro and I go back to the early days of DEFCON's Aviation Village, and this post-Infosecurity Europe 2025 chat brought all that hacker spirit right back to the surface.Ken and his crew from Pen Test Partners set up shop next to the main Infosecurity Europe venue in a traditional London pub — but this wasn't your average afterparty. They transformed it into a hands-on hacking village, complete with a car demo, flight simulator, ICS cocktail CTF, and of course… a bar. The goal? Show that cybersecurity isn't just theory — it's something you can touch. Something that moves. Something that can break — and be fixed — before it breaks us.We talked about the infamous “Otto the Autopilot” from Airplane, the Renault Clio-turned-Mario Kart console, and why knowing how TCAS (collision avoidance) works on an Airbus matters just as much as knowing your Wi-Fi password. We also dug into the real-world cybersecurity concerns of industrial systems, electronic flight bags, and why European regulation might be outpacing the U.S. in some areas — for better or worse.One of the biggest takeaways? It's time to stop fearing the hacker mindset and start embracing it. Curiosity isn't a threat — it's a superpower. And when channeled correctly, it leads to safer skies, smarter cars, and fewer surprises in the water we drink or the power we use.There's a lot to reflect on from our conversation, but above all: education, community, and creativity are still the most powerful tools we have in security — and Ken is out there proving that, one demo and one pint at a time.Thanks again, Ken. See you at the next village — whichever pub, hangar, or DEFCON corner it ends up in.⸻Keywords: cybersecurity, ethical hacking, pen testing, Infosecurity Europe, embedded systems, car hacking, flight simulator, ICS security, industrial control systems, aviation cybersecurity, hacker mindset, DEFCON___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Before a power crew rolls out to check a transformer, sensors on the grid have often already flagged the problem. Before your smart dishwasher starts its cycle, it might wait for off-peak energy rates. And in the world of autonomous vehicles, lightweight systems constantly scan road conditions before a decision ever reaches the car's central processor.These aren't the heroes of their respective systems. They're the scouts, the context-builders: automated agents that make the entire operation more efficient, timely, and scalable.Cybersecurity is beginning to follow the same path.In an era of relentless digital noise and limited human capacity, AI agents are being deployed to look first, think fast, and flag what matters before security teams ever engage. But these aren't the cartoonish “AI firefighters” some might suggest. They're logical engines operating at scale: pruning data, enriching signals, simulating outcomes, and preparing workflows with precision."AI agents are redefining how security teams operate, especially when time and talent are limited," says Kumar Saurabh, CEO of AirMDR. "These agents do more than filter noise. They interpret signals, build context, and prepare response actions before a human ever gets involved."This shift from reactive firefighting to proactive triage is happening across cybersecurity domains. In detection, AI agents monitor user behavior and flag anomalies in real time, often initiating mitigation actions like isolating compromised devices before escalation is needed. In prevention, they simulate attacker behaviors and pressure-test systems, flagging unseen vulnerabilities and attack paths. In response, they compile investigation-ready case files that allow human analysts to jump straight into action."Low-latency, on-device AI agents can operate closer to the data source, better enabling anomaly detection, threat triaging, and mitigation in milliseconds," explains Shomron Jacob, Head of Applied Machine Learning and Platform at Iterate.ai. "This not only accelerates response but also frees up human analysts to focus on complex, high-impact investigations."Fred Wilmot, Co-Founder and CEO of Detecteam, points out that agentic systems are advancing limited expertise by amplifying professionals in multiple ways. "Large foundation models are driving faster response, greater context and more continuous optimization in places like SOC process and tools, threat hunting, detection engineering and threat intelligence operationalization," Wilmot explains. "We're seeing the dawn of a new way to understand data, behavior and process, while optimizing how we ask the question efficiently, confirm the answer is correct and improve the next answer from the data interaction our agents just had."Still, real-world challenges persist. Costs for tokens and computing power can quickly outstrip the immediate benefit of agentic approaches at scale. Organizations leaning on smaller, customized models may see greater returns but must invest in AI engineering practices to truly realize this advantage. "Companies have to get comfortable with the time and energy required to produce incremental gains," Wilmot adds, "but the incentive to innovate from zero to one in minutes should outweigh the cost of standing still."Analysts at Forrester have noted that while the buzz around so-called agentic AI is real, these systems are only as effective as the context and guardrails they operate within. The power of agentic systems lies in how well they stay grounded in real data, well-defined scopes, and human oversight. ¹ ²While approaches differ, the business case is clear. AI agents can reduce toil, speed up analysis, and extend the reach of small teams. As Saurabh observes, AI agents that handle triage and enrichment in minutes can significantly reduce investigation times and allow analysts to focus on the incidents that truly require human judgment.As organizations wrestle with a growing attack surface and shrinking response windows, the real value of AI agents might not lie in what they replace, but in what they prepare. Rob Allen, Chief Product Officer at ThreatLocker, points out, "AI can help you detect faster. But Zero Trust stops malware before it ever runs. It's not about guessing smarter; it's about not having to guess at all." While AI speeds detection and response, attackers are also using AI to evade defenses, making it vital to pair smart automation with architectures that deny threats by default and only allow what's explicitly needed.These agents are the eyes ahead, the hands that set the table, and increasingly the reason why the real work can begin faster and smarter than ever before.References1. Forrester. (2024, February 8). Cybersecurity's latest buzzword has arrived: What agentic AI is — and isn't. Forrester Blogs. https://www.forrester.com/blogs/cybersecuritys-latest-buzzword-has-arrived-what-agentic-ai-is-and-isnt/ (cc: Allie Mellen and Rowan Curran)2. Forrester. (2024, March 13). The battle for grounding has begun. Forrester Blogs. https://www.forrester.com/blogs/the-battle-for-grounding-has-begun/ (cc: Ted Schadler)________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Getting a start in cybersecurity has never been easy — but for today's aspiring pen testers, the entry barriers are even higher than they were a decade ago. In this conversation, Sean Martin and Marco Ciappelli sit down with Greg Hatcher and John Stigerwalt from White Knight Labs to unpack why they decided to flip the script on entry-level offensive security training.Greg, a former Army Special Operations communicator, and John, who got his break as a self-taught hacker, agree that the traditional path — expensive certifications and theoretical labs — doesn't reflect the reality of the work. That's why White Knight Labs is launching the Entry Level Pen Tester (ELPT) program. The idea is straightforward: make high-quality, practical training accessible to anyone, anywhere.Unlike other courses that focus purely on the technical side, the ELPT emphasizes the full skill set a junior pen tester needs. This means not just breaking into systems, but learning how to write clear reports, communicate effectively with clients, and operate as part of a real engagement team. John explains that even the best technical find is worthless if it's not explained properly or delivered with clear guidance for fixing the issue.Greg points out that the team culture at White Knight Labs borrows from his Special Forces days — small, specialized teams where each individual goes deep on a specific domain but works in tight coordination with others. Their goal for trainees mirrors this: to develop focused, practical skills while understanding how their piece fits into bigger, complex attack scenarios.Affordability and global access are key parts of the mission. The team wants the ELPT to open doors for people who might not have thousands to spend on training. By combining hands-on labs, in-depth modules, real-world scenarios, and a tough final exam, they aim to ensure that passing the ELPT means you're truly job-ready.For anyone considering a start in offensive security, this episode is a glimpse into a program designed to create more than just hackers — it's building adaptable, communicative professionals ready to hit the ground running.Learn more about White Knight Labs: https://itspm.ag/white-knight-labs-vukrGuests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/______________________Keywords: sean martin, marco ciappelli, greg hatcher, john stigerwalt, cybersecurity, pentesting, training, certification, whiteknightlabs, hacking, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Random and Unscripted episode, Marco Ciappelli and Sean Martin connect the dots between AI, robotics, connected systems, and human behavior. How do machines reshape society—and how do we reshape ourselves in response? A conversation born from their latest articles.This Random and Unscripted episode is exactly what the title promises—a raw, thoughtful exchange between Marco Ciappelli and Sean Martin, sparked by their most recent written reflections. The starting point? Two timely articles. Sean unpacks the complexity of securing connected environments—what happens when devices, vehicles, sensors, and platforms become part of something bigger? It's no longer about protecting individual elements, but understanding how they operate as “systems of systems”—intertwined, dynamic, and vulnerable. Meanwhile, Marco revisits Robbie, Isaac Asimov's iconic robot story, to explore how our relationship with technology evolves over time. What felt like distant science fiction in the 1980s now hits closer to home, as AI simulates understanding, machines mimic empathy, and humans blur the lines between organic and artificial. The discussion drifts from cybersecurity to human psychology, questioning how interacting with AI reshapes society—and whether our own behavior starts reflecting the technology we create. Machines are learning, systems are growing more complex, and somewhere along the way, humanity is changing too. Stay random. Stay curious. ⸻

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________Robbie, From Fiction to Familiar — Robots, AI, and the Illusion of Consciousness June 29, 2025A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliI recently revisited one of my oldest companions. Not a person, not a memory, but a story. Robbie, the first of Isaac Asimov's famous robot tales.It's strange how familiar words can feel different over time. I first encountered Robbie as a teenager in the 1980s, flipping through a paperback copy of I, Robot. Back then, it was pure science fiction. The future felt distant, abstract, and comfortably out of reach. Robots existed mostly in movies and imagination. Artificial intelligence was something reserved for research labs or the pages of speculative novels. Reading Asimov was a window into possibilities, but they remained possibilities.Today, the story feels different. I listened to it this time—the way I often experience books now—through headphones, narrated by a synthetic voice on a sleek device Asimov might have imagined, but certainly never held. And yet, it wasn't the method of delivery that made the story resonate more deeply; it was the world we live in now.Robbie was first published in 1939, a time when the idea of robots in everyday life was little more than fantasy. Computers were experimental machines that filled entire rooms, and global attention was focused more on impending war than machine ethics. Against that backdrop, Asimov's quiet, philosophical take on robotics was ahead of its time.Rather than warning about robot uprisings or technological apocalypse, Asimov chose to explore trust, projection, and the human tendency to anthropomorphize the tools we create. Robbie, the robot, is mute, mechanical, yet deeply present. He is a protector, a companion, and ultimately, an emotional anchor for a young girl named Gloria. He doesn't speak. He doesn't pretend to understand. But through his actions—loyalty, consistency, quiet presence—he earns trust.Those themes felt distant when I first read them in the '80s. At that time, robots were factory tools, AI was theoretical, and society was just beginning to grapple with personal computers, let alone intelligent machines. The idea of a child forming a deep emotional bond with a robot was thought-provoking but belonged firmly in the realm of fiction.Listening to Robbie now, decades later, in the age of generative AI, alters everything. Today, machines talk to us fluently. They compose emails, generate artwork, write stories, even simulate empathy. Our interactions with technology are no longer limited to function; they are layered with personality, design, and the subtle performance of understanding.Yet beneath the algorithms and predictive models, the reality remains: these machines do not understand us. They generate language, simulate conversation, and mimic comprehension, but it's an illusion built from probability and training data, not consciousness. And still, many of us choose to believe in that illusion—sometimes out of convenience, sometimes out of the innate human desire for connection.In that context, Robbie's silence feels oddly honest. He doesn't offer comfort through words or simulate understanding. His presence alone is enough. There is no performance. No manipulation. Just quiet, consistent loyalty.The contrast between Asimov's fictional robot and today's generative AI highlights a deeper societal tension. For decades, we've anthropomorphized our machines, giving them names, voices, personalities. We've designed interfaces to smile, chatbots to flirt, AI assistants that reassure us they “understand.” At the same time, we've begun to robotize ourselves, adapting to algorithms, quantifying emotions, shaping our behavior to suit systems designed to optimize interaction and efficiency.This two-way convergence was precisely what Asimov spoke about in his 1965 BBC interview, which has been circulating again recently. In that conversation, he didn't just speculate about machines becoming more human-like. He predicted the merging of biology and technology, the slow erosion of the boundaries between human and machine—a hybrid species, where both evolve toward a shared, indistinct future.We are living that reality now, in subtle and obvious ways. Neural implants, mind-controlled prosthetics, AI-driven decision-making, personalized algorithms—all shaping the way we experience life and interact with the world. The convergence isn't on the horizon; it's happening in real time.What fascinates me, listening to Robbie in this new context, is how much of Asimov's work wasn't just about technology, but about us. His stories remain relevant not because he perfectly predicted machines, but because he perfectly understood human nature—our fears, our projections, our contradictions.In Robbie, society fears the unfamiliar machine, despite its proven loyalty. In 2025, we embrace machines that pretend to understand, despite knowing they don't. Trust is no longer built through presence and action, but through the performance of understanding. The more fluent the illusion, the easier it becomes to forget what lies beneath.Asimov's stories, beginning with Robbie, have always been less about the robots and more about the human condition reflected through them. That hasn't changed. But listening now, against the backdrop of generative AI and accelerated technological evolution, they resonate with new urgency.I'll leave you with one of Asimov's most relevant observations, spoken nearly sixty years ago during that same 1965 interview:“The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom.”In many ways, we've fulfilled Asimov's vision—machines that speak, systems that predict, tools that simulate. But the question of wisdom, of how we navigate this illusion of consciousness, remains wide open.And, as a matter of fact, this reflection doesn't end here. If today's machines can already mimic understanding—convincing us they comprehend more than they do—what happens when the line between biology and technology starts to dissolve completely? When carbon and silicon, organic and artificial, begin to merge for real?That conversation deserves its own space—and it will. One of my next newsletters will dive deeper into that inevitable convergence—the hybrid future Asimov hinted at, where defining what's human, what's machine, and what exists in-between becomes harder, messier, and maybe impossible to untangle.But that's a conversation for another day.For now, I'll sit with that thought, and with Robbie's quiet, unpretentious loyalty, as the conversation continues.Until next time,Marco_________________________________________________

Guest and HostGuest: Regan Sommer McCoy, Chief Curator of Mixtape Museum | Website: https://sommer.nyc/Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesIn this episode of Music Evolves, host Sean Martin connects with Sommer McCoy, founder of the Mixtape Museum, to explore how a simple cassette tape became a cultural vehicle for creativity, connection, and entrepreneurship—especially within hip hop. Sommer's journey starts with managing hip hop artists like the Clipse, where a label dispute revealed the real power of mixtapes as grassroots distribution tools when the industry's gatekeepers were roadblocks.Sommer describes mixtapes as more than just homemade compilations; they are living archives of personal and collective history. From recording DJ sets off the radio to carefully curating tapes for summer camp, these stories form a thread that binds generations. Through the Mixtape Museum, Sommer captures not only the tapes themselves but also the hidden data inside—the handwritten J-cards, the audio quality that degrades with each copy, and the layers of social exchange that gave rise to underground music scenes.What's striking is that the Mixtape Museum does not seek to own every cassette but instead to document, digitize, and study them. Sommer, a database manager by day, focuses on preserving the stories and metadata behind each tape, spotlighting the artists, DJs, collectors, and communities that sustained the mixtape era. Supported by a Grammy Preservation Grant, she's already digitized dozens of tapes while helping other collectors understand how to safeguard their archives.The conversation touches on how mixtapes laid the groundwork for today's playlists and streaming culture—yet today's digital curation lacks the physical, handcrafted artistry that made each cassette unique. Sommer's mission is to encourage collectors and students alike to look deeper: to uncover forgotten shoebox treasures in attics, to share memories, and to research how these tapes shaped music and culture long before social algorithms took over.At its heart, the Mixtape Museum is an open invitation to honor the past while inspiring new ways to think about music's role in documenting who we are. For Sommer, each cassette holds more than songs—it holds a memory worth saving.SponsorsAre you interested in sponsoring this show or placing an ad in the podcast?Sponsorship

Cyber threats are not static—and HITRUST knows assurance can't be either. That's why HITRUST's Michael Moore is leading efforts to ensure the HITRUST framework evolves in step with the threat environment, business needs, and the technologies teams are using to respond.In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that's about improving phishing defenses or updating incident response playbooks.From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.Note: This story contains promotional content. Learn more.Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/Hosts:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/______________________Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com Title: Bridging Worlds: How Technology Connects — or Divides — Our Communities Guest: Lawrence EtaGlobal Digital AI Thought Leader | #1 International Best Selling Author | Keynote Speaker | TEDx Speaker | Multi-Sector Executive | Community & Smart Cities Advocate | Pioneering AI for Societal AdvancementWebSite: https://lawrenceeta.comOn LinkedIn: https://www.linkedin.com/in/lawrence-eta-9b11139/ Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Consultant | Journalist | Writer | Podcasts: Technology, Cybersecurity, Society, and Storytelling.WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ In this episode of Redefining Society and Technology, I sit down with Lawrence Eta — global technology leader, former CTO of the City of Toronto, and author of Bridging Worlds. We explore how technology, done right, can serve society, reduce inequality, and connect communities. From public broadband projects to building smart — sorry, connected — cities, Lawrence shares lessons from Toronto to Riyadh, and why tech is only as good as the values guiding it. ⸻ Article ⸻ As much as I love shiny gadgets, blinking lights, and funny noises from AI — we both know technology isn't just about cool toys. It's about people. It's about society. It's about building a better, more connected world. That's exactly what we explore in my latest conversation on Redefining Society and Technology, where I had the pleasure of speaking with Lawrence Eta. If you don't know Lawrence yet — let me tell you, this guy has lived the tech-for-good mission. Former Chief Technology Officer for the City of Toronto, current Head of Digital and Analytics for one of Saudi Arabia's Vision 2030 mega projects, global tech consultant, public servant, author… basically, someone who's been around the block when it comes to tech, society, and the messy, complicated intersection where they collide. We talked about everything from bridging the digital divide in one of North America's most diverse cities to building entirely new digital infrastructure from scratch in Riyadh. But what stuck with me most is his belief — and mine — that technology is neutral. It's how we use it that makes the difference. Lawrence shared his experience launching Toronto's Municipal Broadband Network — a project that brought affordable, high-speed internet to underserved communities. For him, success wasn't measured by quarterly profits (a refreshing concept, right?) but by whether kids could attend virtual classes, families could access healthcare online, or small businesses could thrive from home. We also got into the “smart city” conversation — and how even the language we use matters. In Toronto, they scrapped the “smart city” buzzword and reframed the work as building a “connected community.” It's not about making the city smart — it's about connecting people, making sure no one gets left behind, and yes, making technology human. Lawrence also shared his Five S principles for digital development: Stability, Scalability, Solutions (integration), Security, and Sustainability. Simple, clear, and — let's be honest — badly needed in a world where tech changes faster than most cities can adapt. We wrapped the conversation with the big picture — how technology can be the great equalizer if we use it to bridge divides, not widen them. But that takes intentional leadership, community engagement, and a shared vision. It also takes reminding ourselves that beneath all the algorithms and fiber optic cables, we're still human. And — as Lawrence put it beautifully — no matter where we come from, most of us want the same basic things: safety, opportunity, connection, and a better future for our families. That's why I keep having these conversations — because the future isn't just happening to us. We're building it, together. If you missed the episode, I highly recommend listening — especially if you care about technology serving people, not the other way around. Links to connect with Lawrence and to the full episode are below — stay tuned for more, and let's keep redefining society, together. ⸻ Keywords ⸻ Connected Communities, Smart Cities, Digital Divide, Public Broadband, Technology and Society, Digital Infrastructure, Technology for Good, Community Engagement, Urban Innovation, Digital Inclusion, Public-Private Partnerships, Tech LeadershipEnjoy. Reflect. Share with your fellow humans.And if you haven't already, subscribe to Musing On Society & Technology on LinkedIn — new transmissions are always incoming.You're listening to this through the Redefining Society & Technology podcast, so while you're here, make sure to follow the show — and join us as we continue exploring life in this Hybrid Analog Digital Society.End of transmission.____________________________Listen to more Redefining Society & Technology stories and subscribe to the podcast:

FORBIX — THE HAIRDRESSER WITH AN ARTIST'S TOUCHIn the heart of the town of Tagliaspunta, nestled among shops of all kinds, there's a hairdresser named Forbix, for women, men, teenagers, and children — though not too little. Forbix is no ordinary hairdresser: he has the magical touch of an artist. His scissors are made of silver and, as they cut, they whisper stories. His ivory comb makes hair shine, and his hairdryer doesn't blow air — it blows dreams.At his cutting station, he becomes a magician: the scissors, guided by his hand, flutter through the hair and, touch after touch — voilà! — the result is perfect.One day, the tree standing in front of his shop said to Forbix:“You are an artist, and I'm tired of my tangled mop of leaves. I'd love a little makeover,” it sighed, “and I'd make a great advertisement for you.”The hairdresser didn't need to be asked twice: he stepped outside with his enchanted scissors.Circling the tree with the flair of a genius, after a few confident snips, he trimmed the branches and turned the dry leaves into silver confetti that the wind carried away. The tree looked more radiant and alive than it had ever been, with fresh green leaves adorning it like braided ringlets.The next morning, two children — Sara and David — playful as ever, were hopping along the sidewalk when they saw the tree, so elegant and in a good mood, its leaves joyfully whistling.Sara had curls like little summer clouds, and David's hair stuck up like a tiny hedgehog.As they came closer, they asked in unison:“Who's the artist who did all this?”The tree replied: “The hairdresser, Forbix.”“We'd love to go too! Our hair is all messy and really needs a good fix. Our moms have been saying so for quite a while now.”“Well then, you'd better listen to them. Go on, go in,” the tree encouraged them with a whisper.David went in first, tripping over the marble step, followed by Sara who smiled and waved.Forbix, ever observant, welcomed them in and, running his hands through their hair one at a time, slowly began to cut with his magical scissors. The comb gently caressed their hair, which began to shine, and with the blow-dryer, dreams swirled through the air along with whispered stories.Looking at themselves in the mirror, their faces lit up with big smiles, while Forbix, pleased in turn, gave them a wink.Sara and David happily thanked him with a bow and a wave.Out on the sidewalk, they danced in a joyful circle around the tree, on whose branches little songbirds had perched — giving a cheerful concert, along with the leaves and the children.The true magic of Forbix lies not only in the tools of his trade, which he uses with an artist's passion, but also in his ability to listen — and bring a smile.-- Written by Lucia & Marco Ciappelli

Guest: Justin Thompson, Senior Artist at Charles M. Schulz Creative AssociatesOn LinkedIn | https://www.linkedin.com/in/justin-thompson-91a47339/On Instagram | https://www.instagram.com/mythtickle/_____________________________Host:  Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode's SponsorsAre you interested in sponsoring an ITSPmagazine Channel?

Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

William Lyne of the UK's National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.When the UK's top cyber intelligence strategist sits down with you in London, you listen — and you hit record.At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK's National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It's not just a conversation — it's a rare front-row seat into how one of the world's most serious crime-fighting agencies is tackling ransomware 3.0.The message? Ransomware isn't just a cyber issue. It's a societal one. And it's evolving faster than we're prepared for — unless we change the game.“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn't just about tech — it's about access, scale, and business models. And most importantly, it's no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.Sean brings up the obvious: “Why does this still feel like we're always reacting?”Lyne responds: “We've shifted. We're going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.Marco flips the script by comparing today's cyber landscape to something deeply human. “Extortion is nothing new — we've just digitalized it. This is human behavior, scaled by tech.”From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it's all on their radar. But he's quick to note that cybercriminals aren't bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That's coming. And it will reshape how efficient — and damaging — these threats become.”And then the real insight lands:“You can't wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”That kind of operational openness isn't something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it's essential.William also highlights the NCA's partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.Why does this matter?Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It's not theory. It's strategy, lived on the front lines. 

What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]

What does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that's evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you've done the work beforehand.Preparation Over PanicCrisis management isn't just a technical checklist—it's a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions.Containment, Communication, and CulturePreparation leads naturally to containment—an organization's ability to limit the damage. Whether it's pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over.Trust and Accountability in a Global EcosystemDigital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who's responsible when things go wrong—becomes harder to establish, but more important than ever.Looking AheadWright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today.___________Guest: Steve Wright, Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

What if the key to cybersecurity isn't more tech—but more humanity?In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology.Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently.A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense.He also pushes back against the industry's obsession with tools for every symptom—drawing a parallel to big pharma's model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis.This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human.___________Guest: Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Dr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions.Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them.The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance's Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer's awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use.Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive.The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding.This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security?___________Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Geoff White, Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cybersecurity isn't just about code, controls, or compliance—it's about people. That's the core message from Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems, and Rob Black, founder of the UK Cyber Leaders Challenge, as they share how genuine collaboration is reshaping security success in high-stakes environments.In this InfoSecurity Europe conversation, Purvi emphasizes that cybersecurity is still too often seen as an IT issue, when in reality it cuts across every aspect of business. Her role spans cybersecurity strategy, leadership development, and advocacy—serving also as Chair of BAE's Women in Cyber program and as a neurodiversity champion. For her, inclusion is more than a policy—it's essential to mission success, especially when coordinating across trilateral government and industry teams on programs as complex as next-gen fighter aircraft.Rob reinforces this point with his focus on developing soft skills in future cybersecurity leaders. His work brings non-traditional talent into cyber, prioritizing communication, empathy, and multidisciplinary collaboration. These human-centric capabilities are crucial when bridging divides between security, legal, HR, and operations.Both guests highlight how assumptions, language, and siloed thinking obstruct progress. Purvi shares how cybersecurity has often been seen as a barrier—brought in too late, misunderstood, or left out of key decisions. She now champions “secure by design” practices through early involvement of cross-functional teams. Rob brings a memorable example: using marriage counseling techniques to help auditors and developers understand each other better—not to resolve personal conflict, but to decode cultural and professional misalignments.Their conversation also touches on practical methods for building shared understanding, from sketching “river journeys” to map project dynamics, to fostering stakeholder buy-in through intentional communication. Whether aligning three governments or managing internal procurement, they show that collaboration isn't just a buzzword—it's a structured, repeatable approach to managing complexity.This episode offers a thoughtful and grounded look at how meaningful human connection—across functions, cultures, and roles—forms the foundation of effective cybersecurity. It's a timely reminder that the path to resilience begins with listening, empathy, and a clear sense of shared purpose.___________Guests:Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems | https://www.linkedin.com/in/purvikay/Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Sometimes, the best conversations happen when there's no agenda. This is one of those moments. With London as the backdrop — its history, energy, and unpredictable charm — Sean and I sat on the grass in Hyde Park and hit record. No script, no plan. Just two friends talking about music, memories, meditation, and why we still believe in experiencing things without a phone between us and reality.From yoga poses on park benches to tales of Clapton at Royal Albert Hall and an upcoming Oasis reunion in Cardiff (yes, really), this is a meandering mix of thoughts and stories — like walking down Portobello Road not knowing what you'll find. We touch on the lost art of being present, why live music changes everything, and how the UK's cultural influence shaped our creative paths.Sure, we dip into punk, rock, film, and a few philosophical musings about why Florence isn't featured more in books and movies — but it's all under one theme: reconnecting with the world around us. It's a conversation that could only happen in a place like London — rich with culture, memories, and endless possibility.If you're tired of content that's too polished, too planned, or too promotional… this episode is a breath of fresh (sometimes damp) British air.⸻Hashtags:#storytelling, #london, #musiclovers, #meditation, #unscripted, #podcastlife, #travelstories, #creativelife, #liveinthemoment, #punkrockNew episodes drop when they drop. Expect the unexpected.Hosts links:

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it's the relationships and shared purpose that make this event resonate.Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she's learned that you don't need decades of experience to contribute—just a willingness to start.Keynotes and sessions this year reinforced a similar message: security isn't just about hard skills. It's about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané's encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it's your first conference or your tenth, there's always room to jump in.For Maria, OWASP no longer feels like a secret club—it's a growing, open collective focused on helping people bring their best selves to security. That's the power of community: not just lifting up software, but lifting up each other.And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As Chief Technology Officer at eSentire, Dustin Hillard brings a deeply rooted background in AI and machine learning—going back over 15 years—to the practical challenges of cybersecurity. In this episode, Hillard discusses how his team is using agentic AI not for the sake of hype, but to augment real human workflows and achieve measurable, high-impact outcomes for clients.The conversation begins with a critical point: AI should be an enabler, not a shiny object. Hillard contrasts the superficial marketing claims that dominate vendor messaging with the grounded, transparent approach his team takes—an approach that fuses technology with hands-on human expertise to deliver results.eSentire's focus is on containment and control. In over 99% of intrusion cases, their platform successfully stops threats at the first host. That is the benchmark by which Hillard wants AI judged—not by its novelty or buzz, but by whether it helps security teams stop attacks before damage spreads.Key to achieving this is the way automation is used to supercharge analysts. Instead of running just three or five high-value queries in a 15-minute response window, eSentire's AI framework runs 30. This allows the system to comb through a customer's historical data, generate hypotheses based on broader knowledge bases, and deliver structured, contextual findings. Analysts can then focus on judgment and decision-making, not searching logs or assembling fragments.Three pillars underpin this approach: direct telemetry gathering from tools like CrowdStrike and Microsoft, threat intelligence correlation, and contextual data from the customer environment. These layers combine to offer rich insights, fast. And importantly, the AI doesn't operate in a black box. Hillard stresses explainability and auditability—every recommendation must be traceable back to concrete evidence, not just LLM-generated summaries.He also touches on the eight assessment areas his team uses to evaluate AI readiness and safety: from autonomy and guardrails to data privacy, effectiveness metrics, and adversarial resilience. The point isn't to convince customers with buzzwords, but to earn trust by demonstrating measurable results and opening the door to real conversations.By encoding the investigative playbooks of seasoned analysts and executing them dynamically, agentic AI at eSentire isn't replacing humans—it's empowering them to respond faster and more accurately. That's the difference between checking a marketing box and actually making a difference when every second counts.Guest: Dustin Hillard | CTO, eSentire | https://www.linkedin.com/in/dustinhillard/RESOURCESSorry We're So Good: An Open Letter: https://itspm.ag/esentire-sorry4ekVisit the eSentire Website to learn more: https://itspm.ag/esentire-594149Learn more and catch more stories from eSentire on ITSPmagazine: https://www.itspmagazine.com/directory/esentireLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story______________________Keywords: dustin hillard, sean martin, marco ciappelli, cybersecurity, ai, machine learning, automation, investigation, containment, transparency, brand story, brand marketing, marketing podcast, brand story podcast

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk.Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they're often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact.Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It's a research-backed approach that has been known for decades but is often ignored in favor of convenience.False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter.What's missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making.To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram's call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business.GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization's impact: the projects and the people driving them forward.With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it's just one among many. Other significant projects include the Application Security Verification Standard (ASVS), the Software Assurance Maturity Model (SAMM), and the increasingly popular security games like Cornucopia, which use gamification to bring security concepts into business conversations and development workflows.AI is playing an increasingly prominent role in OWASP's work. Starr highlights the GenAI Security Project as a focal point, encompassing tools and guidance for LLM use, agentic AI, red teaming, and more. The scale of community engagement is equally impressive: around 33,000 people are active on Slack, and hundreds contribute to individual initiatives, reflecting the organization's truly global and grassroots structure.Beyond tools and documentation, OWASP is influencing regulation and policy through initiatives like the AI Exchange and the Transparency Exchange. These projects connect with government entities and standards bodies such as the European Commission and CEN/CENELEC to help shape responsible governance frameworks around software, AI, and cybersecurity.Listeners also get a glimpse into what's ahead. From upcoming events in Washington, D.C., to the OWASP Community Room at DEF CON in Las Vegas, the goal is to keep fostering connections and hands-on engagement. These gatherings not only showcase flagship tools and frameworks but create space for open dialogue, prototyping, and collaboration—whether you're breaking things or building them.To get involved, Starr encourages exploring the OWASP Projects page and joining their Slack community. The conversation makes it clear: OWASP is not just a collection of tools—it's a living, breathing network of contributors shaping the future of secure software.GUEST: Starr Brown | Director of Open Source Projects and Programs at OWASP | https://www.linkedin.com/in/starr-brown-8837547/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sarah-Jane Madden brings a unique lens to application security, shaped by her journey from developer to security leader and CSO. Speaking at OWASP AppSec Global, she tackles one of today's most pressing concerns: how AI is reshaping software engineering—and how we must respond without compromising core values like quality and security.Madden emphasizes that AI is only the latest in a series of major disruptions, comparing it to shifts like remote work triggered by COVID. Her message is clear: organizations must prepare for continuous change, not just chase the current trend. That means prioritizing adaptability and ensuring critical practices like application security are not sacrificed in the rush to speed up delivery.She makes the case for a layered, iterative approach to development—rejecting the outdated linear mindset. Developers, she argues, should leverage AI as an accelerator, not a replacement. Think of AI as your digital intern: handling the drudgery, automating boilerplate code, and even applying internal security standards to code before it reaches human hands. This frees developers to focus on creative problem-solving and thoughtful architecture.However, Madden cautions against blind enthusiasm. While experimentation is healthy, organizations must be discerning about outcomes. Speed is meaningless without quality, and quality includes security. She calls on developers to advocate for high standards and reminds business leaders not to fall for the allure of shortcut statistics or flashy claims that promise results without skilled labor. Her analogy of microwave dinners vs. proper cuisine illustrates the risk of prioritizing convenience over substance—especially in complex problem-solving environments.For line-of-business leaders, Madden urges realistic expectations. AI can enhance productivity, but it doesn't eliminate the need for thoughtful development. Ultimately, customers will notice if quality drops, and reputational damage is hard to undo.In closing, Madden celebrates OWASP as more than an organization—it's a source of support, camaraderie, and genuine community for those working to build secure, reliable systems. Her message? Embrace change, use tools wisely, protect your standards, and never forget the human side of engineering.GUEST: Sarah-Jane Madden | Global Director of Cyber Defense at Fortive | https://www.linkedin.com/in/sarahjanemadden/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

When it comes to data protection, the word “immutability” often feels like it belongs in the realm of enterprise giants with complex infrastructure and massive budgets. But during this RSAC Conference conversation, Sterling Wilson, Field CTO at Object First, makes a strong case that immutability should be, and can be, for everyone.Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagious: not just among vendors, but also from practitioners expressing serious concerns about their ability to recover data post-incident. These conversations weren't hypothetical; they were real worries tied to rising insurance premiums, regulatory compliance, and operational survivability. And at the core of all this? Trust in the data backup process.Agentic AI, AI capable of making decisions independently, is one of the trends Wilson flags as both promising and risky. It offers potential for improving preparedness and accelerating recovery. But it also raises concerns around access and control of sensitive data, particularly if exploited by adversaries. For Sterling, the opportunity lies in combining proactive readiness with simplicity and control, especially for those who aren't traditional security practitioners.Object First is doing just that through OOTBI: Out of the Box Immutability. And yes, there's a mascot: OOTBI. More than just a marketing hook, OOTBI represents a shift toward making backup and recovery systems approachable, usable, and, importantly, accessible. According to Wilson, the product gets users from “box to backup” in 15 minutes... with encrypted, immutable storage that meets critical requirements for cyber insurance coverage.Cost, Wilson adds, is a key barrier that often prevents organizations from reaching data protection best practices. That's why Object First now offers consumption-based pricing models. Whether a business is cloud-first or scaling fast, it's a path to protection that doesn't require breaking the budget.Ultimately, Wilson emphasizes education and community as critical drivers of progress. From field labs where teams can configure their own Opi, to on-location conference conversations, the company is building awareness, and reducing fear, by making secure storage not just a feature, but a foundation.This episode is a reminder that effective cybersecurity isn't only about innovation; it's about inclusion, practicality, and trust... both in your tools and your team.Learn more about Object First: https://itspm.ag/object-first-2gjlNote: This story contains promotional content. Learn more.Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/ResourcesLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, sterling wilson, immutability, agentic, ai, backup, recovery, cybersecurity, insurance, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

From Cassette Tapes and Phrasebooks to AI Real-Time Translations — Machines Can Now Speak for Us, But We're Losing the Art of Understanding Each Other May 21, 2025A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliThere's this thing I've dreamed about since I was a kid.No, it wasn't flying cars. Or robot butlers (although I wouldn't mind one to fold the laundry). It was this: having a real conversation with someone — anyone — in their own language, and actually understanding each other.And now… here we are.Reference: Google brings live translation to Meet, starting with Spanish. https://www.engadget.com/apps/google-brings-live-translation-to-meet-starting-with-spanish-174549788.htmlGoogle just rolled out live AI-powered translation in Google Meet, starting with Spanish. I watched the demo video, and for a moment, I felt like I was 16 again, staring at the future with wide eyes and messy hair.It worked. It was seamless. Flawless. Magical.And then — drumroll, please — it sucked!Like… really, existentially, beautifully sucked.Let me explain.I'm a proud member of Gen X. I grew up with cassette tapes and Walkmans, boomboxes and mixtapes, floppy disks and Commodore 64s, reel-to-reel players and VHS decks, rotary phones and answering machines. I felt language — through static, rewinds, and hiss.Yes, I had to wait FOREVER to hit Play and Record, at the exact right moment, tape songs off the radio onto a Maxell, label it by hand, and rewind it with a pencil when the player chewed it up.I memorized long-distance dialing codes. I waited weeks for a letter to arrive from a pen pal abroad, reading every word like it was a treasure map.That wasn't just communication. That was connection.Then came the shift.I didn't miss the digital train — I jumped on early, with curiosity in one hand and a dial-up modem in the other.Early internet. Mac OS. My first email address felt like a passport to a new dimension. I spent hours navigating the World Wide Web like a digital backpacker — discovering strange forums, pixelated cities, and text-based adventures in a binary world that felt limitless.I said goodbye to analog tools, but never to analog thinking.So what is the connection with learning languages?Well, here's the thing: exploring the internet felt a lot like learning a new language. You weren't just reading text — you were decoding a culture. You learned how people joked. How they argued. How they shared, paused, or replied with silence. You picked up on the tone behind a blinking cursor, or the vibe of a forum thread.Similarly, when you learn a language, you're not just learning words — you're decoding an entire world. It's not about the words themselves — it's about the world they build. You're learning gestures. Food. Humor. Social cues. Sarcasm. The way someone raises an eyebrow, or says “sure” when they mean “no.”You're learning a culture's operating system, not just its interface. AI translation skips that. It gets you the data, but not the depth. It's like getting the punchline without ever hearing the setup.And yes, I use AI to clean up my writing. To bounce translations between English and Italian when I'm juggling stories. But I still read both versions. I still feel both versions. I'm picky — I fight with my AI counterpart to get it right. To make it feel the way I feel it. To make you feel it, too. Even now.I still think in analog, even when I'm living in digital.So when I watched that Google video, I realized:We're not just gaining a tool. We're at risk of losing something deeply human — the messy, awkward, beautiful process of actually trying to understand someone who moves through the world in a different language — one that can't be auto-translated.Because sometimes it's better to speak broken English with a Japanese friend and a Danish colleague — laughing through cultural confusion — than to have a perfectly translated conversation where nothing truly connects.This isn't just about language. It's about every tool we create that promises to “translate” life. Every app, every platform, every shortcut that promises understanding without effort.It's not the digital that scares me. I use it. I live in it. I am it, in many ways. It's the illusion of completion that scares me.The moment we think the transformation is done — the moment we say “we don't need to learn that anymore” — that's the moment we stop being human.We don't live in 0s and 1s. We live in the in-between. The gray. The glitch. The hybrid.So yeah, cheers to AI-powered translation, but maybe keep your Walkman nearby, your phrasebook in your bag — and your curiosity even closer.Go explore the world. Learn a few words in a new language. Mispronounce them. Get them wrong. Laugh about it. People will appreciate your effort far more than your fancy iPhone.Alla prossima,— Marco 

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Josh Grossman, co-leader of the OWASP Application Security Verification Standard (ASVS) project, shares key updates and strategic thinking behind the release of ASVS version 5. This release, years in the making, reflects a renewed focus on making the standard more approachable, practical, and actionable for development teams and security leaders alike.ASVS is designed to provide a comprehensive and verifiable set of security requirements for building and maintaining secure applications. More than just a checklist, it offers a clear blueprint for what a secure application should look like—making it easier to benchmark progress, develop secure design requirements, and implement effective controls. Version 5 emphasizes accessibility, particularly by lowering the barrier to entry for organizations adopting Level 1 of the standard, reducing the threshold of required controls from nearly 50% to under 30%.One of the major shifts in this new version is the tighter focus on the application itself, moving away from system-level topics like backup policies that tend to fall outside the scope of app development teams. This makes the standard more relevant to software architects, developers, and QA engineers—providing requirements that fall within their sphere of influence, while still covering the full software lifecycle from design to deployment.Grossman explains how organizations can customize ASVS to include their internal controls and build out secure coding checklists, implementation guides, and requirements documents tailored to their environments. He also highlights how ASVS aligns with other OWASP projects, like the Cheat Sheet Series and SAMM, for both control-level guidance and organizational process development.For security leaders looking to improve their application security programs, ASVS v5 offers a foundation to build on—clear, community-driven, and extensible. And true to OWASP's spirit, the project is backed by a passionate community, from project co-leads like Grossman and Elar Lang to contributors around the world. As Grossman puts it, OWASP is about connection—people tackling similar challenges, working together to make software safer.If you're looking for a way to bring practical, standards-based security into your software lifecycle, this conversation is your starting point.GUEST: Josh Grossman | CTO of Bounce Security and co-leader of the OWASP Application Security Verification Standard (ASVS) project | https://www.linkedin.com/in/joshcgrossman/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESOWASP Application Security Verification Standard (ASVS): https://owasp.org/www-project-application-security-verification-standard/Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Jim Manico's passion for secure coding has always been rooted in deeply technical practices—methods that matter most to developers writing code day in and day out. At OWASP Global AppSec EU 2025 Conference in Barcelona, Manico brings that same precision and care to a broader conversation around the intersection of application security and artificial intelligence.While many are still just beginning to assess how AI impacts application development, Manico has been preparing for this moment for years. Two and a half years ago, he saw a shift—traditional low-level technical bugs were being mitigated effectively by mature organizations. The new challenge? Business logic flaws and access control issues that scanners can't easily detect. This change signaled a new direction, prompting him to dive into AI security long before it became fashionable.Now, Manico is delivering AI-flavored AppSec training, helping developers understand the risks of insecure code generated by large language models. His research shows that even the best AI coding tools—from Claude to Copilot—still generate insecure code out of the box. That's where his work becomes transformative: by developing detailed, framework-specific prompts grounded in decades of secure coding knowledge, he has trained these tools to write safer code, using React, Django, Vue, and more.Beyond teaching, he's building. With 200 volunteers, he's leading the creation of the Artificial Intelligence Security Verification Standard (AISVS), a new OWASP project inspired by the well-known Application Security Verification Standard (ASVS). Generated with both AI and human collaboration, the AISVS already has a v0.1 release and aims for a major update by summer.For Manico, this isn't just a technical evolution—it's a personal renaissance. His deep catalog of secure coding techniques, once used primarily for human education, is now fueling a new generation of AI-assisted development. And he's just getting started.This episode isn't just about where AppSec is going. It's a call to developers and security professionals to rethink how we teach, how we build, and how we can use AI to enhance—not endanger—the software we create.Learn more about Manicode: https://itspm.ag/manicode-security-7q8iNote: This story contains promotional content. Learn more.Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/ResourcesJim's OWASP Session: https://owasp2025globalappseceu.sched.com/event/1wfpM/leveraging-ai-for-secure-react-development-with-effective-prompt-engineeringDownload the Course Catalog: https://itspm.ag/manicode-x684Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-securityAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: jim manico, sean martin, appsec, ai, owasp, securecoding, developers, aisvs, training, react, brand story, brand marketing, marketing podcast, brand story podcast

The introduction of the Cyber Resilience Act (CRA) marks a major shift for the software industry: for the first time, manufacturers are being held accountable for the cybersecurity of their products. Olle E. Johansson, a long-time open source developer and contributor to the Asterisk PBX project, explains how this new regulation reshapes the role of software creators and introduces the need for transparency across the entire supply chain.In this episode, Johansson breaks down the complexity of today's software supply ecosystems—where manufacturers rely heavily on open source components, and end users struggle to identify vulnerabilities buried deep in third-party dependencies. With the CRA in place, the burden now falls on manufacturers to not only track but also report on the components in their products. That includes actively communicating which vulnerabilities affect users—and which do not.To make this manageable, Johansson introduces the Transparency Exchange API (TEA), a project rooted in the OWASP CycloneDX standard. What started as a simple Software Bill of Materials (SBOM) delivery mechanism has evolved into a broader platform for sharing vulnerability information, attestations, documentation, and even cryptographic data necessary for the post-quantum transition. Standardizing this API through Ecma International is a major step toward a scalable, automated supply chain security infrastructure.The episode also highlights the importance of automation and shared data formats in enabling companies to react quickly to threats like Log4j. Johansson notes that, historically, security teams spent countless hours manually assessing whether they were affected by a specific vulnerability. The Transparency Exchange API aims to change that by automating the entire feedback loop from developer to manufacturer to end user.Although still in beta, the project is gaining traction with organizations like the Apache Foundation integrating it into their release processes. Johansson emphasizes that community feedback is essential and invites listeners to engage through GitHub to help shape the project's future.For Johansson, OWASP stands for global knowledge and collaboration in application security. As Europe's regulatory influence grows, initiatives like this are essential to build a stronger, more accountable software ecosystem.GUEST: Olle E Johansson | Co-Founder, SBOM Europe | https://www.linkedin.com/in/ollejohansson/HOST:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESCycloneDX/transparency-exchange-api on GitHub: https://github.com/CycloneDX/transparency-exchange-apiVIDEO: The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | With Sarah Fluchs: https://youtu.be/c30eG5kzqnYLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

⬥GUESTS⬥Frida Torkelsen, PhD | AI Solution Architect at Newcode.ai | On LinkedIn: https://www.linkedin.com/in/frida-h-torkelsen/Maged Helmy, PhD | Assoc. Professor - AI at University of South-Eastern Norway and Founder & CEO of Newcode.ai | On LinkedIn: https://www.linkedin.com/in/magedhelmy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Agentic AI is rapidly moving from theoretical promise to practical implementation, and few sectors are feeling this shift as acutely as the legal industry. In this episode of Redefining CyberSecurity, Sean Martin is joined by Frida Torkelsen, a Solution Architect, and Maged Helmy, a professor of AI, to explore how law firms and in-house counsel are applying AI agents to reduce costs, improve efficiency, and unlock strategic capabilities—while navigating critical privacy and security concerns.Frida explains how large firms are seeking to extract value from their troves of historical legal data through bespoke AI agents designed to automate workflows and improve institutional knowledge sharing. Smaller firms, on the other hand, benefit by building narrow, purpose-driven agents that automate core functions and give them a tactical edge. This democratization of capability—fueled by faster iteration and reduced development cost—could be a strategic win for niche firms that are disciplined in their focus.Maged emphasizes the architectural shift AI agents introduce. Unlike static queries to large language models with fixed knowledge, agents access tools, data, and live systems to execute tasks dynamically. This expands the use case potential—but also the risk. Because agentic systems operate probabilistically, consistent outputs aren't guaranteed, and testing becomes more about evaluating outcomes across a range of inputs than expecting deterministic results.Security risk looms large. Maged shares how a single oversight in permissions allowed an agent to make system-wide changes that corrupted his environment. Frida cautions against over-permissive access, noting that agents tapping into shared calendars or HR databases must respect internal boundaries and compliance obligations. Both guests agree that human-in-the-loop validation is essential, especially in environments with strict data governance needs.Law firms must reassess both internal information architecture and team readiness before implementing agentic systems. Start with a clear understanding of the business problem, validate access scopes, and track outcomes for accuracy, speed, and cost. Legal tech teams are forming around these efforts, but success will depend on whether these roles stay grounded in solving specific legal problems—not chasing the latest AI trend.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Newsletter: The Law's Great Recalibration: Inside the Tech-Driven Puzzle of Legal Firm Transformation: https://www.linkedin.com/pulse/laws-great-recalibration-inside-tech-driven-puzzle-sean-martin-cissp-clnoe/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren't simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.This is where science meets practice. Kate's work isn't about generating abstract theories. It's about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.By inviting companies to participate in research and engage with universities, Kate's message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn't gated behind academic walls. It's open to any team curious enough to ask better questions—and brave enough to challenge assumptions.GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/HOSTS:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESKate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-scienceLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn't frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure.ThreatLocker's mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia's Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what's working and where they need help.Why Being There MattersDifferent regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it's conversations about Cyber Essentials that shape booth discussions. Regulations aren't just compliance checklists; they're also conversation starters that change how organizations prioritize security.The ThreatLocker team doesn't rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what's necessary, and blocking what isn't.Booth D90 and BeyondRob Allen invites anyone—whether they're new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It's not just about showcasing technology; it's about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.If you're at InfoSecurity Europe, stop by. If you're not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerCyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcastAustralia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interviLearn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25 ______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.At the heart of the discussion is the question: Can my AI be hacked? Peter's answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we've seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.A key takeaway is that the issue isn't just technical. Many organizations are integrating AI capabilities without understanding what they're introducing. As Peter puts it, “You're plugging in software filled with features you don't need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.Peter's upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you're in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.___________Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesPeter's Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.htmlLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people's attention, though, wasn't the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker's controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.Zero Trust Is a Journey—But It Doesn't Have to Be ComplicatedOne key message Rob emphasizes is that true security doesn't come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they're all winter coats, you're not prepared for summer,” Sean Martin jokes, reinforcing Rob's point that layers should be distinct, not redundant.ThreatLocker's approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.From Technical Wins to Human ConnectionsThe conversation wraps with a reminder that cybersecurity isn't just about tools—it's about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974⸻Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More