ITSPmagazine | Technology. Cybersecurity. Society

This was my twelfth RSA Conference. I know that because I remember the first one, 2012, and I've been counting ever since — not out of habit, but because each year feels like a chapter in a longer story I'm trying to read in real time. Twelve years of standing in that same building in San Francisco, watching an industry evolve, stumble, reinvent itself, and occasionally look in the mirror. In the early years it was pure technology. Cryptography, protocols, threat vectors, the architecture of defense. The conversations were technical, the energy was almost academic, the suits were slightly more formal. Then something shifted — gradually, then all at once, the way things usually do. The industry started talking about people. About culture. About the human beings sitting behind the keyboards and the very human mistakes they were making. The themes started reflecting it: community, togetherness, collective defense. Stronger Together. The Human Element. The Power of Community. Year after year, the message from the main stage was some variation of: we are more than our tools. People are what matter. Connection is the point. And then you'd walk the expo floor and see the booths. I'm not being cynical. The community is real — I've felt it, in the hallway conversations, in the side events, in the faces of people I've been running into for a decade who are genuinely trying to make the digital world safer. That part is true and it matters. But there's a growing gap between what the theme says and what the stage performs. And at RSAC 2026, that gap became impossible to ignore. Because this year, while the badge said The Power of Community, the keynotes were almost entirely about agents. Non-human ones. I wrote about this from a different angle in my first piece from RSAC — the Blade Runner angle, the NPC angle, the question of identity and intent when you can no longer tell the difference between a human action and an autonomous one. But there's another layer underneath that deserves its own space. It's the pattern. The twelve-year arc. An industry spends years — genuinely, sincerely — rediscovering the human element. Putting people at the center. Building a vocabulary around community, ethics, shared responsibility. And then, in what feels like a single conference cycle, it pivots to deploying a parallel workforce of non-human identities that outnumber us in our own systems, operate at speeds no human can follow, take actions no human directly authorized, and — here's the part that should make everyone pause — that a significant portion of organizations deploying them cannot monitor, cannot fully distinguish from human activity, and in many cases cannot stop once they're running. We built the community. Then we populated it with agents and handed them the keys. I kept thinking, walking those corridors, about the resistance. Not as a metaphor — or not only as a metaphor. In every story we've ever told about machines that gained too much autonomy, there's always a moment before the crisis where someone in the room knew. Where the warning existed. Where the design decision was made anyway because the pressure to ship, to scale, to compete was stronger than the instinct to pause. The difference between those stories and this moment is that we're not watching it happen to fictional characters. We're the ones making the design decisions. And unlike software — which you can patch, roll back, update at 3am while everyone is asleep — agents with autonomy and access are a different category of thing entirely. The old mantra of move fast and break things made a certain kind of sense when what you were breaking was a feature. It makes no sense at all when what you're deploying can act, chain consequences, and escalate — faster than any human response team can follow. This is where Asimov becomes relevant again. Not as nostalgia, not as science fiction trivia, but as a genuine design philosophy that the industry would do well to remember. His Three Laws of Robotics weren't invented as a plot device. They were a thought experiment in ethics-by-architecture — what does it look like to build the values into the system before the system runs, rather than hoping to correct the values after something goes wrong? He spent decades of stories showing that even the most carefully designed ethical constraints produce edge cases, contradictions, unintended consequences. But the point was never that ethics-by-design is perfect. The point was that without it, you don't have a fighting chance. We are, right now, at the moment before the laws get written. Some people at RSAC were saying this clearly — not from the main stage, but in the rooms and conversations where the more honest thinking tends to happen. The guardrails exist. The frameworks are being built. But they're being built while the deployment is already running, while the agents are already in the systems, while the governance structures are catching up to a reality that moved faster than the institutional response. That gap is the real story of RSAC 2026. Not the products. Not the keynote soundbites. The gap between the speed of deployment and the maturity of the thinking around what we're actually deploying. The community theme was right, actually — just not in the way the branding intended. The most important community at RSAC 2026 wasn't on the main stage. It was the quieter one: the engineers, researchers, practitioners, and security leaders who understand that we are at an inflection point, and that the decisions made in the next few years about how to design, govern, and constrain autonomous systems will matter far beyond the conference floor in San Francisco. Utopia and dystopia are not predetermined destinations. They're design outcomes. We still get to choose the architecture. But the window for making that choice thoughtfully — rather than reactively, in the middle of a crisis that moved faster than our guardrails — is not as wide as we might like to think. Asimov knew that. He wrote the laws before the robots ran. Maybe it's time we did the same. Stay imperfect, stay human. — Marco Let's keep exploring what it means to be human in this Hybrid Analog Digital Age. End of transmission. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At The NAMM Show 2026, John Page walks Sean Martin of ITSPmagazine through a hand-painted electric guitar called the Retablo. The motifs are lifted from the artwork that traditionally sits behind a cathedral altar, reimagined so the saints and icons are not from scripture but from the roots of American music. Sister Rosetta Tharpe. Muddy Waters. Howlin' Wolf. Mahalia Jackson. The canvases themselves are cut from the floorboards of an old church. It is one of the most personal guitars John Page has ever built. The conversation traces the arc of John Page Guitars, the small-batch shop John Page runs after more than 20 years at Fender, where he co-founded the legendary Custom Shop and led guitar research and development. He has now been designing and building guitars for 53 years. What gets made today at John Page Guitars is built by a small team, with John Page handling his own custom work and prototypes while a master builder works alongside him on production models. What makes the instruments different is not one big thing but a series of quiet decisions. John Page mounts the neck to the body with threaded machine inserts and machine bolts instead of standard wood screws, a coupling he believes transfers tone better between neck and body and adds overtone complexity that a conventional bolt-on simply does not produce. A flatter 12-inch radius, a reverse-angled bridge pickup that removes the ice-pick high, a vintage-feeling neck profile. Every decision serves a single goal: an instrument that sings as a complete unit. John Page describes his design philosophy in two short phrases. The first is "uniquely familiar," the idea that a guitar should feel comfortable in a player's hands and recognizable in their eyes while still being clearly its own thing. The second is "balanced asymmetry," an imbalance in which he finds a kind of perfect balance. Both show up in the offset fret markers, the body contours, and even in the restraint of the aesthetic choices that surround the Retablo's portraits. The Retablo itself is where that philosophy leaves the factory floor and becomes something closer to a reliquary. John Page had never painted portraits before. He taught himself, hand-painting each founder of American roots music onto wood reclaimed from a dismantled church, designing and building a custom bridge that routes volume and tone controls into the tailpiece so the body can carry its imagery unbroken. A full documentary exists on the making of the guitar for anyone who wants the layer-on-layer detail. When the talking is done, Bryan Ray of John Page Guitars steps in with one of the new baritone builds to let the instrument speak for itself. Every design decision John Page described is suddenly in the room, audible, as one of his guitars does exactly what he designed it to do. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUESTS John Page, Founder, John Page Guitars (Co-Founder, Fender Custom Shop) LinkedIn: https://www.linkedin.com/in/john-page-742b4213/ Bryan Ray, Marketing Director, John Page Classic LinkedIn: https://www.linkedin.com/in/bryan-ray-a63b5419/ RESOURCES John Page Guitars: https://www.johnpageguitars.com/ Meet John Page: https://www.johnpageguitars.com/pages/john-page The Retablo and other Art Guitars: https://www.johnpageguitars.com/pages/john-page John Page Signature Collection: https://www.johnpageguitars.com/collections/guitars The NAMM Show: https://www.namm.org/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS John Page, Bryan Ray, John Page Guitars, John Page Classic, Fender Custom Shop, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, guitar design, luthier, electric guitar, The NAMM Show 2026, NAMM 2026, Retablo art guitar, Ashburn, Bloodline pickups, American roots music, custom guitars, handmade guitars, boutique guitar builder Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Do Androids Dream of Security Patches? Reflections from RSAC 2026 — Walking the Floor of the Agentic World   Marco Ciappelli Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly |

At The NAMM Show 2026, Drum Workshop turned its booth into a walk-through of what a modern drum company looks like when craft, heritage, and engineering share the same floor. Scott Donnell, Director of Brand Management at Drum Workshop, Inc., guided us through a lineup that spans the DW Custom Shop, the revived Slingerland Radio King line, Latin Percussion, Pacific Drums and Percussion, and the brand's new DW Manufacturing series. The DW Custom Shop stand is a visible argument for customization as a sonic decision, not just a cosmetic one. Chrome, gold, satin chrome, and black hardware. Polyester sprays, three durable lacquers, exotic plies, and ply wraps. When a drummer specifies wood species, ply count, and grain orientation, they are designing the drum's voice from the inside out. The Slingerland revival gets the faithful-reproduction treatment. Radio King studio kits on display are solid, steam-bent maple shells with the original three-point throw-off and stick saver hoops, built in California. Scott Donnell speaks about the line the way a curator talks about a restoration: get the details right, honor what drummers remember, and let the sound do the rest. Donnell frames DW's innovation as a stack of deliberate decisions rather than a single breakthrough. DW stamps a note into each shell through a process called timbre matching, which ensures the kit is manufactured as a family. Pair that with grain orientation technology, True Pitch tuning, and resonance-focused tom mounting systems, and drummers never end up with an orphan drum in their kit. Marking the tenth anniversary of True Cast, the new DW Manufacturing four by 14 piccolo features a five millimeter sand-cast shell, cast bronze hoops, and fully machined brass and bronze hardware. Only one hundred are being made globally, each arriving in an Anvil flight case. A recent DW video features Dave Elitch and Abe Laboriel Jr. playing the drum with Paul McCartney. The conversation closes on a Red Hot Chili Peppers tour kit gifted to the DW museum by Chad Smith, which will join Neil Peart's and Terry Bozzio's tour kits on display while DW builds Chad new Sonic flight drums for the band's next tour. Pacific Drums and Percussion, LP's top-tuning congas, Tony Escapa's signature hand percussion series, and DWE round out the booth. Drum Workshop is not hiding how the drums get made. Take the tour, take the pictures, watch the videos, and the innovation speaks for itself. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Scott Donnell, Director of Brand Management, Drum Workshop, Inc. (DW Drums) LinkedIn: https://www.linkedin.com/in/scott-donnell-2964a129/ RESOURCES DW Drums: https://www.dwdrums.com Pacific Drums and Percussion: https://www.pacificdrums.com DW Music Foundation: https://www.dwmf.org The NAMM Show: https://www.namm.org Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Scott Donnell, Drum Workshop, DW Drums, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, NAMM Show 2026, NAMM 2026, Slingerland, Radio King, Latin Percussion, LP, Pacific Drums and Percussion, PDP, DW Manufacturing, True Cast, custom drums, drum innovation, timbre matching, grain orientation, Chad Smith, Red Hot Chili Peppers, Josh Freese, Tony Escapa, Abe Laboriel Jr, Dave Elitch Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of HE&T Security Labs, and George Chen, Security Architect for a large global company, have spent years dissecting the attack surface of connected vehicle peripherals. Their research -- presented at SecTor and Black Hat Asia 2025 -- introduces a novel attack technique they call "DriveThru Hacking": an automated method for compromising dashcams through Wi-Fi within a standard drive-through window. The attack is unsettling in its simplicity. Most dashcams ship with default or easily guessable credentials, and many manufacturers do not even allow users to change them. Within a six-minute exposure window, Alina and George's tool -- DriveThru Hacker -- can discover, connect to, and exfiltrate video, audio, and GPS data from a target dashcam, then use an LLM to stitch together a timeline of the owner's home, workplace, daily routes, and private conversations. The result is a shockingly detailed picture of someone's life, assembled entirely from a device most people never think to secure. The research goes further than individual privacy. George walks through how 4G/5G-connected dashcams dramatically expand the attack surface beyond physical proximity -- opening doors to remote credential stuffing, API privilege escalation, and web-based attacks on cloud-connected accounts. More alarming still, Alina and George demonstrate how compromised dashcams can be converted into a mobile botnet -- a network of roaming, internet-connected nodes whose reach is not bounded by geography. Unlike static IoT devices, these infected cameras move through cities, near sensitive installations, and into places that are deliberately obscured from public maps. The conversation also digs into the broader ecosystem: the infotainment network and CAN bus segmentation (or lack thereof), over-the-air firmware update security, the challenge of detection and response when dashcams have no audit logs whatsoever, and what responsible disclosure looked like when contacting over a dozen manufacturers -- most of whom had no dedicated security inbox and some of whom had no contact information at all. Alina and George close with practical hardening recommendations for both consumers and manufacturers, and a look at what intrusion prevention for embedded devices might look like as this research continues. The connected car conversation has long focused on the vehicle itself. This episode makes the case that the accessories attached to it deserve equal scrutiny -- and that the window to act, like the drive-through line, is shorter than most realize. ⬥GUESTS⬥ Alina Tan, Security Architect and Co-Founder at HE&T Security Labs | Website: https://www.heatsecuritylabs.com/ George Chen, Security Architect for a large global company | On LinkedIn: https://www.linkedin.com/in/geoc/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ HE&T Security Labs | https://www.heatsecuritylabs.com/ DriveThru Hacking Session (Black Hat Asia 2025) | https://blackhat.com/asia-25/sponsored-sessions/schedule/index.html#drivethru-hacking-45214 The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity Connect with Sean Martin | https://www.seanmartin.com/ ⬥KEYWORDS⬥ alina tan, george chen, he&t security labs, sean martin, dashcam security, connected vehicle cybersecurity, iot security, vehicle privacy, drivethru hacking, wi-fi hacking, mobile botnet, automotive cybersecurity, firmware security, over-the-air updates, credential stuffing, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

If you walked RSAC Conference 2026 expecting incremental updates, you left with something very different. Thyaga Vasudevan, EVP, Product at Skyhigh Security, describes this year as unlike any prior conference -- not because of a single announcement, but because the customers asking how to secure agentic AI were the same customers already building and deploying it. The urgency was real, immediate, and universal across organization sizes. The defining theme was agentic security. Vasudevan frames it around three core questions every security team now needs to answer: who is acting (agent identity), what are they accessing (data and APIs), and what are they trying to do (actions and permissions). The ChatGPT launch in November 2022 marked a generational shift -- and at RSAC 2026, Skyhigh Security observed that the industry had moved decisively from data-in and data-out protection to governing the actions of autonomous agents themselves. Data sovereignty was the other major conversation thread, driven by geopolitical realities and tightening regional data regulations. Vasudevan spoke with CISOs from financial services, healthcare, public sector, and not-for-profit organizations, each with different infrastructure approaches -- from on-prem data centers to sovereign clouds to full cloud deployments -- but all navigating the same fundamental challenge. DSPM and hybrid architectures are no longer optional for global enterprises. And quietly but significantly, browser security emerged as a front-and-center priority, reflecting the browser's growing role as a primary cloud endpoint. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Thyaga Vasudevan, EVP, Product, Skyhigh Security LinkedIn: https://www.linkedin.com/in/thyaga12/ RESOURCES Skyhigh Security: https://www.skyhighsecurity.com RSAC Conference 2026 Coverage: https://itspmagazine.com/rsac26 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Thyaga Vasudevan, Skyhigh Security, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, agentic AI security, data sovereignty, SSE, Security Service Edge, DSPM, zero trust, browser security, cloud security, RSAC Conference 2026, RSAC 2026, AI agent security, MCP security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

**About this episode** What if everything you've been spending on digital marketing isn't an investment — but a tax? Nick Richtsmeier, founder of CultureCraft, joins Marco Ciappelli for a Brand Highlight that cuts straight to the root of why so many organizations feel stuck: not a marketing problem, but an alignment problem. Nick introduces the concept of the Silicon Valley tax — the ongoing cost most organizations pay to platforms that have no real incentive to show them what's working. He challenges the "attention economy" framing, arguing that what's actually being bought and sold is addictive behavior engineered by the algorithm. And he offers a different path: building trust in a humanist way, grounded in real alignment across culture, organizational design, positioning, point of view, and core community. The result is a conversation about brands — but really about integrity. About whether what an organization says and what it does are actually the same thing. And about why asking marketing to be the "sin eater" for every internal dysfunction is a strategy that will always come up short. **Connect with Nick Richtsmeier** [Nick Richtsmeier on LinkedIn](https://www.linkedin.com/in/nickrichtsmeier/) [CultureCraft](http://www.culturecraft.com) [CultureCraft on LinkedIn](https://www.linkedin.com/company/culturecraftconsulting/) **Connect with Marco & Studio C60** [Marco Ciappelli on LinkedIn](https://www.linkedin.com/in/marco-ciappelli) [Studio C60](https://www.studioc60.com) [ITSPmagazine](https://www.itspmagazine.com) **Keywords** brand strategy, organizational culture, trust building, marketing strategy, CultureCraft, Nick Richtsmeier, Silicon Valley tax, attention economy, algorithmic economy, brand alignment, digital marketing, humanist branding, organizational design, Trust Made Growth, sin eater marketing, brand highlight, Studio C60, ITSPmagazine, Marco Ciappelli **Want to tell your story?** [Full Length Brand Story] (https://www.studioc60.com/content-creation#full) |  [Brand Spotlight Story](https://www.studioc60.com/content-creation#spotlight) |  [Brand Highlight Story](https://www.studioc60.com/content-creation#highlight) This is a Brand Highlight — a ~5 min intro conversation spotlighting the guest and their company.  Learn more: [studioc60.com/creation#highlight](https://www.studioc60.com/creation#highlight) Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anthony Cusimano, Director of Solutions Marketing at Object First, joined Sean Martin and Marco Ciappelli for a post-RSAC Conference 2026 recap -- and his observations from the show floor offer a window into how the security industry is evolving. One of the most telling details came from just outside the Moscone Center, where a company had set up an AI-free zone: a place for attendees to catch their breath from the wall-to-wall AI messaging dominating the event. That detail points to something bigger. The AI hype cycle that peaked over the past two years is giving way to a more demanding audience. At RSAC Conference 2026, Cusimano heard a different kind of question: not whether a company uses AI, but whether it uses it responsibly -- and whether zero trust principles are baked in. The novelty is gone; accountability is what the floor was asking for. For Object First, the shift in booth conversations has been even more meaningful. The question that used to greet them -- why is a backup storage company at a security conference? -- has been replaced by relief that they are there at all. Organizations now understand that backup and backup storage sit at the core of resilience and recovery. Cusimano described a floor full of teams thinking proactively, evaluating solutions before a crisis forces the decision. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Anthony Cusimano, Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, immutable backup storage, ransomware protection, Ootbi, Veeam backup, zero trust, data resilience, RSAC Conference 2026, cybersecurity, backup security, data recovery, edge security, fleet manager Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Anthropic announced Project Glasswing, the headline was the capability: an AI model that found a 27-year-old flaw in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD — fully autonomously, no human in the loop after the initial prompt. But the story underneath the capability is a structural one about who gets early intelligence, who sets the disclosure timeline, and what happens to every organization that wasn't in the room. In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data.

When Sci-Fi Becomes the Business Plan A Brand Highlight Conversation with Jacob Flores, Head of Research at Type One Ventures There is a version of investing that asks what the return will be. And then there is the version that asks what kind of future the investment makes possible. Jacob Flores, Head of Research at Type One Ventures, is working firmly in the second category. Type One Ventures takes its name from the Kardashev Scale — a framework developed by Soviet astrophysicist Nikolai Kardashev that ranks civilizations by their level of technological advancement. A Type One civilization has mastered its home planet and is beginning to extend its reach beyond it. That is the destination this firm is trying to fund. Flores, a former engineer and product manager with roughly a decade of experience across industries, leads the research function at Type One with a focus on AI, neurotech, and biotechnology. The firm's investment lens is as much philosophical as it is financial. Type One looks for platform builders — companies whose core technology can be stacked across multiple applications, cultivating new marketplaces and entirely new categories of industry. Manufacturing in space is one clear example: in microgravity, it becomes possible to grow proteins, print circuits, and develop materials that cannot be produced the same way on Earth — yet those products have immediate, tangible value back on the ground. The thesis extends well beyond orbit. Type One is also backing neurotechnology companies working to restore vision and movement for people who have lost those abilities, and longevity research aimed at extending healthy human life. Flores frames these not as moonshots for their own sake, but as the new foundation layer for an entirely new level of global industry. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more Host Marco Ciappelli, Co-Founder, ITSPmagazine Guest Jacob Flores, Head of Research, Type One Ventures Resources Type One Ventures Type One Ventures on LinkedIn Want to tell your story? Full Length Brand Story Brand Spotlight Story Brand Highlight Story Keywords: Jacob Flores, Type One Ventures, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, space technology, deep tech, venture capital, multi-planetary civilization, Kardashev Scale, manufacturing in space, neurotech, longevity, AI, biotechnology, frontier technology, space investing, human longevity, platform builders Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When a production line stops, the financial damage is immediate — and the window to respond safely is narrower than most security teams realize. Rob Demain, CEO and Founder of e2e-assure, joins this Brand Highlight to explain why OT security demands a fundamentally different mindset than IT, and what organizations can do about it. Operational technology runs the infrastructure that keeps the world moving — manufacturing floors, power grids, air traffic control systems. Rob Demain founded e2e-assure in 2013 and has spent the past seven years narrowing its focus to one discipline: SOC and MDR services. He calls it "specificity" — the principle that doing one thing with precision delivers better outcomes than spreading resources thin. In IT security, the primary concern is data. In OT, the stakes are entirely different. Downtime is the real threat. For a manufacturing business, minutes of halted production translate directly into significant financial loss. That distinction changes everything about how security teams must respond. The "safety first" rule in OT means responders sometimes have to run alongside a threat rather than immediately neutralize it — because disconnecting systems could halt the production line entirely. The most common attack path into OT environments runs through IT: adversaries compromise IT first, then move laterally into OT systems. Supply chain risk is the second major vector. Firmware updates, software patches, and third-party management systems all represent potential entry points. Detection takes longer too — OT systems often lack the endpoint tools that trigger fast alerts, leaving threats to surface as subtle pattern deviations over extended periods. This is a Brand Highlight — a short introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Rob Demain, CEO & Founder, e2e-assure LinkedIn: https://uk.linkedin.com/in/rob-demain-01733468 RESOURCES e2e-assure website: https://e2e-assure.com OT Downtime and Remediation Gaps Research: https://e2e-assure.com Are you interested in telling your story? Full Length Brand Story: https://www.studioc60.com/content-creation#full Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight Brand Highlight Story: https://www.studioc60.com/content-creation#highlight   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ Walk the floor at RSAC Conference 2026 and you will find boxing rings, petting zoos, agentic AI everywhere, and very few answers to the question that actually matters: why should anyone trust you with their security? Sean Martin and Marco Ciappelli have been watching this pattern for more than a decade -- and in this short On Location conversation, they turn the camera on themselves and on the problem they built Studio C60 to solve. The conversation starts with a pin. A small ITSPmagazine swag item from roughly ten years ago, sitting in Sean's hand at RSAC Conference. Marco traces the thread from there -- back to 2012, back to his first time on the conference floor, back to a joke he made that has never stopped being true: they are still selling the box. The packaging has changed -- servers became SaaS, disks became dashboards -- but the instinct to lead with the product rather than the outcome has not. Sean frames it cleanly: the messaging is the innovation. But the message only lands when it connects the technology to how teams actually use it, to what that enables the business to do, to why it matters beyond the booth. Marco extends it further: if you sound like everyone else, there is no music -- only noise. Every instrument is playing, but there is no song. That is the gap Studio C60 exists to close. Drawing on decades of combined experience in cybersecurity, go-to-market strategy, journalism, and brand storytelling, Sean and Marco offer clients something the expo floor rarely demonstrates: the ability to articulate not just what a product does, but what it means -- for the team, for the business, for the people it serves. The work ranges from a single consulting session to full campaign development and retainer partnerships. It starts with an honest assessment: who are you, who needs you, and what do you sound like right now? For startups especially, that starting point is where everything else begins. What the floor at RSAC Conference 2026 makes clear, year after year, is that attention is cheap and memory is rare. The brands that last are the ones that earn it -- not with a boxing ring, but with a story worth repeating. ⬥HOSTS⬥ Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/ Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/ ⬥RESOURCES⬥ RSAC Conference 2026 -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Studio C60 | https://www.studioc60.com The Future of Cybersecurity Newsletter (Sean Martin) | https://www.linkedin.com/newsletters/7108625890296614912/ An Analog Brain In A Digital Age Newsletter (Marco Ciappelli) | https://www.linkedin.com/newsletters/7079849705156870144/ On Location | https://www.itspmagazine.com/on-location ⬥KEYWORDS⬥ sean martin, marco ciappelli, rsac conference 2026, rsac 2026, studio c60, itspmagazine, brand storytelling, cybersecurity marketing, go-to-market strategy, messaging and positioning, agentic ai, expo floor, brand differentiation, content production, cybersecurity branding, on location Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ Sean Martin had barely finished his coffee when two separate conversations with CISOs at RSAC 2026 landed the same way: security is not how the business grows, it is how the business stays out of trouble. Compliance drives the tooling. The security team does its job. The business does its job. And the two rarely meet in the middle. That observation kicked off a quick but pointed exchange with Marco Ciappelli on the floor at RSAC, one that quickly moved from the conference center to the broader question of culture. Not just inside organizations -- but out in the world, where most people installing iPhone updates are skipping the security patch and tapping the music app feature instead. Sean has been making this argument for years -- his original show was called The Business of Security for a reason -- and Marco brings the branding and societal lens to the same problem. What happens when businesses treat security as a cost center rather than a brand asset? Apple made privacy a selling point. Most of the industry has not. And if the companies building and deploying security do not close that gap, the consumers and executives who should care never will. The conversation ends with Sean hinting at a second idea brewing -- something sparked by a photograph of a bow and arrow on the streets of San Francisco. That one comes later. ⬥HOSTS⬥ Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/ Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/ ⬥RESOURCES⬥ RSAC 2026 | April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ An Analog Brain In A Digital Age Newsletter | https://www.linkedin.com/newsletters/7079849705156870144/ On Location | https://www.itspmagazine.com/on-location ⬥KEYWORDS⬥ sean martin, marco ciappelli, rsac 2026, rsa conference, cybersecurity business value, security culture, ciso priorities, compliance-driven security, security roi, brand and security, consumer security behavior, ai and security, security as business enabler, itspmagazine, on location Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The security industry has spent years debating which tools to buy. Impetum is asking a different question: are the tools you already have actually working? Founded by incident responders who saw the same failures across hundreds of breaches, Impetum built the Persistent Purple Team platform to simulate advanced threat actors inside customer environments on a continuous monthly basis -- not as a one-time engagement, but as an ongoing relationship built around real data, custom TTPs, and a measurable Threat Resilience Score. Matt Stewart and Alex Grohmann spoke with Sean Martin and Marco Ciappelli at RSAC Conference 2026 about what they are hearing on the show floor: agentic AI is accelerating the speed of compromise and exposing vulnerabilities in legacy systems that have been dormant for decades. Against that backdrop, the value of knowing -- not assuming -- that your detection and response capabilities hold up becomes critical. The platform builds that knowledge through live-fire exercises using an organization's own data, validating patch management, XDR, SIEM tuning, and post-compromise detection in a way no annual pen test can. The conversation also touched on the structural talent problem agentic AI is creating inside SOCs. As AI fills the level one analyst role, the pipeline for developing level two analysts and incident responders is narrowing. Impetum sees persistent purple teaming as the training ground that closes that gap -- giving existing teams the repeated, realistic practice they need to respond with confidence when an actual breach begins. Impetum targets mid-size organizations that have the right security tools but lack the budget, bandwidth, and access to industry events to keep those tools continuously validated against evolving attack paths. For those teams, the platform delivers something an annual report cannot: a documented, ongoing record of what works, what does not, and where the program is heading. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Matt Stewart, Co-Founder, Impetum Alex Grohmann, Co-Founder, Impetum LinkedIn: https://www.linkedin.com/in/alexandergrohmann/ RESOURCES Impetum / Persistent Purple Team: https://www.persistentpurpleteam.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Matt Stewart, Alex Grohmann, Impetum, Persistent Purple Team, Remedium Security, Sean Martin, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast, purple teaming, continuous security validation, threat resilience, CISO, security operations, SOC, red team, blue team, incident response, agentic AI, MITRE ATT&CK, penetration testing, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Arkose Labs sits at the intersection of bot management, fraud prevention, and identity protection -- working with the world's largest consumer-facing brands to make fraud unprofitable. Frank Teruel walks through how the threat landscape shifted from nation-state actors and organized crime to fully democratized crime-as-a-service platforms, where MFA bypass kits are sold online and multi-billion dollar fraud operations run with the efficiency of a product company. The conversation covers three of the biggest attack categories hitting organizations today: SMS toll fraud, bonus abuse, and fake account registrations. Each one exploits legitimate business flows -- onboarding, loyalty programs, referral bonuses -- and often goes entirely undetected by security teams because the attackers never trigger a traditional alert. In one example, a rideshare company's cell bill climbed by millions before anyone connected it to a fraud campaign. With agentic AI now in the mix, the attribution problem has become exponentially harder. Is that agent booking a hotel room a legitimate user action or the opening move of an account takeover? Arkose Labs places its defenses at the very top of the funnel -- registration and login flows -- combining risk scoring, challenge technology, a 24/7 SOC, and a dark web intelligence program called ACTOR. When a novel attack technique surfaces in gaming, Arkose Labs writes a global mitigation; when that same technique hits banking two days later, the defense is already deployed. Frank Teruel closes with a direct message to CISOs: 75% of organizations surveyed cannot perform attribution, and 97% expect a major AI-driven incident within the next 12 months. The signal to watch for is not always in the security stack -- it shows up in rising SMS bills, unusual account-linking activity, and transaction abandonment rates that do not match marketing spend. The answer is internal fusion: security, fraud, finance, and operations sharing data before the incident, not after. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Frank Teruel, Chief Operating Officer, Arkose Labshttps://www.linkedin.com/in/frankteruel/ RESOURCES Arkose Labs: https://www.arkoselabs.com RSAC Conference 2026: https://www.rsaconference.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Frank Teruel, Arkose Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, fraud prevention, bot management, account security, SMS toll fraud, agentic AI, fraud deterrence, identity protection, crime as a service, RSAC Conference 2026, CISO, account takeover, fake account registration, bonus abuse, loyalty fraud, federated threat intelligence Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, the floor at Moscone Center was buzzing with talk of AI -- but underneath the excitement, a sharper question was forming: are enterprises actually ready to secure the AI systems they are rushing to deploy? Ed Wright, VP of Product Marketing at Menlo Security, joined Sean Martin on-site to dig into exactly that question. With 85 percent of knowledge workers now operating primarily through a browser, Menlo Security has spent 13 years building the infrastructure to protect that surface -- and the threat landscape has just taken a significant turn. The traditional browser threat model centers on humans: phishing links, malicious downloads, social engineering, deepfake video scams. Enterprises have spent billions on SSE stacks and endpoint protection stacks. Yet attacks continue to multiply. What Menlo Security is now tracking is a second threat model layered on top -- one designed specifically for AI agents. Agents use browsers to acquire data and complete tasks, often spinning up hundreds or thousands of headless browser sessions outside the enterprise perimeter, invisible to network security tools that only monitor the wire. The threat profile for agents is distinct. Where a human might miss a suspicious link, an agent reads white-on-white text and zero-font-size characters embedded in web pages -- classic prompt injection techniques. Agents are maniacally focused on task completion and do not naturally separate instructions from data. A co-opted agent, redirected through hidden instructions, will pursue its new goal with the same single-mindedness as its original one. Ed Wright notes that the top concern among CISOs at the RSAC Conference CISO bootcamp -- confirmed by a live audience poll -- is data exfiltration from agents: an agent accessing files, scraping internal pages, passing data to external LLMs, and moving sensitive information outside the organization. Menlo Security's response is a unified browser security platform that applies a single policy framework to both human and agentic workloads. The platform is built on four pillars: threat prevention including zero-day protection, secure application access, data security through AI Adaptive DLP, and file security. AI Adaptive DLP is the capability Ed Wright emphasizes most -- it functions as a combination of DLP and DSPM, discovering and classifying sensitive data across the organization and masking it in real time rather than blocking access. When traditional DLP blocks a human, they call IT. When it blocks an agent, the workflow silently fails. AI Adaptive DLP eliminates that failure mode entirely, keeping workflows uninterrupted while sensitive data stays protected at the source. The unification argument cuts through a crowded point-solution market. Rather than deploying separate tools for prompt injection, file security, and application access, Menlo Security delivers a single layer of visibility and observability across the entire workforce. Single policies. Single set of capabilities. No stitching together of forensic data from disconnected systems. Ed Wright points to a Fortune 500 customer that deployed 20,000-plus agents in a short window after a board mandate -- and quickly realized they had no security guardrails in place for browser-based agentic activity. The emergency call to Menlo Security was not the first of its kind, and it will not be the last. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Ed Wright, VP of Product Marketing, Menlo Security LinkedIn: https://www.linkedin.com/in/edwardwright1/ RESOURCES Menlo Security: https://www.menlosecurity.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Ed Wright, Menlo Security, Sean Martin, browser security, agentic AI security, AI agents, headless browsers, prompt injection, data exfiltration, AI Adaptive DLP, DSPM, zero-day threats, enterprise browser, SSE, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most enterprise authentication today is still built on passwords or one-time codes -- and neither is phishing-resistant. Alexander Summerer explains that fraud remains the core challenge: attackers intercept credentials in the online channel, and users are burdened with complex password policies that slow them down without making them safer. Swissbit's answer is the iShield Key, a FIDO2-based hardware security key that is plug and play. No passwords to remember, no codes to intercept, and no chance for a phishing attack to succeed. What sets Swissbit apart at RSAC Conference 2026 is convergence. The same iShield Key that authenticates a user at their workstation can also open a door. Tap it on an HID reader in a healthcare facility, a university, or a manufacturing plant, and access is granted -- physical and digital, in one device. Swissbit is the only vendor on the market today offering this combination, with HID Seos support now available and a global partner network ready to deploy at scale. The forward story is post-quantum cryptography. Alexander Summerer notes that quantum computing poses a real and coming threat to standard authentication algorithms. Swissbit is already previewing a PQC evaluation platform at booth 6565 -- a device that runs a post-quantum chip alongside the traditional chip. Organizations can upgrade to PQC-protected authentication with the same hardware, keeping legacy use cases running without disruption. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Alexander Summerer, Head of Authentication, Swissbit LinkedIn: https://www.linkedin.com/in/alexander-summerer RESOURCES Swissbit: https://www.swissbit.com iShield Key product page: https://www.swissbit.com/en/products/security-products/ishield-key/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Alexander Summerer, Swissbit, Sean Martin, RSAC Conference 2026, hardware security key, FIDO2, phishing-resistant authentication, passwordless authentication, physical access control, post-quantum cryptography, PQC, iShield Key, HID Seos, enterprise authentication, zero trust, brand story, brand marketing, marketing podcast, brand highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most organizations are not cloud-only and, according to Thyaga Vasudevan, EVP, Product at Skyhigh Security, they are unlikely to become cloud-only anytime soon. Legacy on-prem applications, new AI workloads kept inside the firewall, and the growing cost of routing all enterprise traffic through a cloud proxy are pushing organizations toward a hybrid security architecture -- one that needs to enforce consistent policy regardless of where the traffic goes or where the data lives. Skyhigh Security announced three major innovations at RSAC Conference 2026: a next-generation SSE hybrid platform with a single console managing on-prem and cloud enforcement under one policy construct; a patent-pending browser security capability that injects JavaScript controls dynamically into existing browser sessions without requiring a dedicated enterprise browser; and the general availability of its DSPM platform, which uniquely provides visibility into both data at rest and data in motion by combining proxy-layer inspection with posture management. The browser has quietly become the most important enforcement point in the enterprise. As AI tools like Microsoft Copilot operate through web socket connections that cannot be intercepted at the server level, security controls have to reach inside the browser session itself. Vasudevan describes a seamless approach: because Skyhigh Security already sees the traffic flowing through its SSE cloud, it can inject controls at the browser layer without asking employees to change the tools they use. Data sovereignty is no longer a compliance footnote -- it is an architectural driver. Vasudevan walked through a global manufacturer operating simultaneously in Europe, the United States, and China. Each region carries different regulatory constraints, different trust postures for cloud infrastructure, and different performance requirements. Skyhigh Security's hybrid platform handles all three scenarios under the same management framework and the same policy construct. The customer chooses where enforcement happens -- on-prem, cloud, or hybrid -- without rebuilding their security architecture. On AI agents, Vasudevan describes the evolution clearly: 2022 was about protecting data flowing into generative AI tools; 2025 became about protecting the actions of the agents themselves. Skyhigh Security positions itself as a proxy between agent traffic and the systems agents interact with -- whether MCP servers or SaaS applications -- monitoring what goes in and what comes out in real time. DSPM provides the baseline: know where sensitive data is and what risk it carries before any agent is given access to it. That distinction between sensitivity and risk is what allows organizations to make smart, dynamic decisions rather than blanket restrictions. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Thyaga Vasudevan, EVP, Product, Skyhigh Securityhttps://www.linkedin.com/in/thyaga12/ RESOURCES Skyhigh Security: https://www.skyhighsecurity.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Thyaga Vasudevan, Skyhigh Security, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, hybrid security, SSE, Security Service Edge, DSPM, data security posture management, zero trust, browser security, data sovereignty, AI agents, agentic AI, cloud security, RSAC Conference 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the middle of a major incident, security teams face a brutal paradox: the faster things move, the harder it becomes to capture what's actually happening. Cydarm Technologies was built to solve exactly that. Vaughan Shanks, Co-Founder and CEO, describes the platform as a system of record for the SOC -- a purpose-built case management tool that captures who knew what, when, and why, in real time, throughout the lifecycle of an incident. Most of Cydarm's customers sit in government, defense, and critical infrastructure -- organizations where the pressure of regulatory compliance, legal accountability, and board-level reporting is highest. But the value extends well beyond compliance. Shanks draws a direct line from his time in Australian federal government to the philosophy behind Cydarm: good record keeping is good governance. When a capital-I incident is declared, legal, HR, communications, the C-Suite, and the board all need a view in. Cydarm's fine-grained, attribute-based access control makes it possible to give each stakeholder exactly the access they need -- and no more. What sets Cydarm apart from the ticketing systems most teams already have? Shanks puts it plainly: ITSM was built for IT service management, not adversarial cyber threats. The volume, velocity, and variety of SecOps are simply different. Cydarm is designed to feel more like WhatsApp and less like ITSM -- rich data format support, Easy Connect integrations, and a collaborative experience built specifically for high-frequency security operations. Teams that have built workarounds in existing tools know the maintenance burden that comes with it. Cydarm eliminates that mess. The post-incident dimension is where the system of record pays compounding dividends. Shanks outlines three paths: individual incident reports with adjustable significance levels for different audiences; longitudinal metrics capture that reveals the threat environment your controls aren't blocking; and resource justification data that gives security leaders the evidence to defend headcount and budgets. One customer -- a security leader at a major household brand -- had never experienced a breach, and had long struggled to justify the size of their team. With Cydarm's metrics, they finally had the data to make the argument. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Vaughan Shanks, Co-Founder and CEO, Cydarm Technologieshttps://www.linkedin.com/in/vaughan-shanks/ RESOURCES Cydarm Technologies: https://www.cydarm.com KEYWORDS Vaughan Shanks, Cydarm Technologies, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cyber incident response, SOC case management, security operations, incident management platform, system of record, RSAC Conference 2026, NIST incident response, playbook management, SecOps, ITSM alternatives, post-incident review, threat metrics, CISO accountability Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A decade ago, Kevin Gosschalk was talking CAPTCHAs and bot mitigation with Marco Ciappelli at a security conference. Today, at RSAC Conference 2026, the conversation has shifted to agentic AI -- autonomous systems that browse, click, and transact on behalf of users. For Gosschalk, the Founder and CEO of Arkose Labs, the technology has changed but the challenge is familiar: how do you tell the difference between a legitimate automated actor and a malicious one? Gosschalk explains that the vast majority of agentic traffic today is not self-identifying. Rather than announcing themselves as AI agents, these systems impersonate real Chrome browsers on Mac OS -- choosing configurations with stronger privacy features to evade fingerprinting. There are two technical categories to contend with: headless browsers running in the cloud, which can be caught through device spoofing checks, and on-device agents that control a real browser instance, which require a deeper look at behavioral patterns and intent signals. Arkose Labs builds intent models around payment fraud, fake account creation, and account compromise to distinguish the good agents from the bad. The economic framing Gosschalk brings to this conversation is striking. He describes SMS toll fraud -- where bad actors acquire millions of premium phone numbers and trigger OTP messages from victim companies, earning three to six cents per message while costing those companies tens of millions of dollars annually. He walks through micro deposit fraud targeting fintechs. His core thesis: fraud is an economic activity, and the best defense is making attacks more expensive than they are worth. Arkose Labs builds challenge mechanisms designed to raise that cost through novel stimuli that ML models have not been trained to solve -- presenting something genuinely new forces a brute-force approach that is less effective than purpose-built attacks. The platform's consortium model is a key differentiator. Arkose Labs protects large enterprises including Expedia and Meta, and when an attack signature appears on one customer but nowhere else in the network, its uniqueness is itself a strong fraud signal. Customers can also feed labeled outcome data back into the system -- if something slips through and later proves malicious, that label sharpens the model for the entire consortium. Gosschalk is equally clear about the opportunity side of agentic AI. Blocking all automated traffic is no longer viable -- legitimate agentic commerce is coming, where consumers will delegate shopping, comparison, and purchasing to AI assistants. The future is not blanket blocking but granular, policy-driven enforcement: letting each customer define what kinds of agentic behavior they want to permit on their platforms. Integration is accessible -- a basic JavaScript deployment for web, SDKs for mobile, and extended support for IoT devices and CDN integrations. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Kevin Gosschalk, Founder and CEO, Arkose Labs LinkedIn: https://www.linkedin.com/in/kgosschalk/ RESOURCES Arkose Labs: https://www.arkoselabs.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Kevin Gosschalk, Arkose Labs, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand spotlight, agentic AI, bot detection, bot mitigation, fraud prevention, SMS toll fraud, micro deposit fraud, behavioral biometrics, intent detection, CAPTCHA, account takeover, synthetic identity, RSAC Conference 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The cybersecurity industry is good at finding problems. What it has struggled with -- for decades -- is fixing them. Sunil Gottumukkala, CEO and Co-Founder of Averlon, calls this the exposure window: the gap between when a vulnerability is discovered and when it is actually resolved. That gap is where real risk lives, and closing it is the founding mission of Averlon. Speaking on location at RSAC Conference 2026, Gottumukkala draws on his experience as a security executive at Salesforce to explain why even the most well-resourced teams fall behind. More code, more acquisitions, and more attack surface means more findings -- but the capacity to remediate does not scale at the same rate. The answer, he argues, is not more people. It is better systems. Averlon approaches the problem by ingesting findings from across a customer's security stack, applying AI-driven analysis to determine what is actually exploitable in that specific environment, and eliminating noise. From there, rather than generating a ticket, the platform generates a fix -- actual code changes for application vulnerabilities, or compensating controls for situations requiring more time. The goal is not to manage vulnerabilities. It is to eliminate them. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Sunil Gottumukkala, CEO & Co-Founder, Averlonhttps://www.linkedin.com/in/sunilgottumukkala/ RESOURCES Averlon: https://www.averlon.ai Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Sunil Gottumukkala, Averlon, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, vulnerability remediation, remediation operations, exposure window, cloud security, agentic AI, CVSS, vulnerability management, RSAC Conference 2026, RSAC 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate. Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind. But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place. The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption. Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Angelos Kottas, VP of Product and Corporate Marketing, Axonius LinkedIn: https://www.linkedin.com/in/amkottas/ RESOURCES Axonius website: https://www.axonius.com Axonius Actionability Report: https://www.axonius.com (available on the Axonius website) Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams have always struggled with the gap between finding vulnerabilities and fixing the right ones. DeCloss built PlexTrac after seeing that gap firsthand as a penetration tester -- watching critical findings disappear into static PDFs and manual spreadsheets with no real tracking, no accountability, and no way to demonstrate improvement. The platform was designed from the ground up to close that loop. The conversation gets specific about what contextual risk scoring actually means. A CVE rated 10.0 in the National Vulnerability Database may be irrelevant to a given organization; a lower-severity finding may be critical given the systems that organization actually runs. PlexTrac's newly launched MCP server correlates vulnerability data against real-world environmental context, making that distinction automated and actionable -- not something an analyst has to puzzle out manually every time. DeCloss walks through what the before state looks like for most teams: an annual pentest PDF, weekly scanner output, no unified view, and spreadsheet-based assignment that makes it nearly impossible to track who is working on what or whether anything is actually getting resolved. PlexTrac replaces that with a normalized, integrated platform that connects to Jira, ServiceNow, and Azure DevOps -- keeping workflows intact while adding the visibility that was always missing. On AI's role in the industry, DeCloss is measured but direct. AI is a force multiplier, not a job eliminator. Security has always operated with a talent shortage, and automation fills that gap. But AI also expands the attack surface -- and organizations that adopt it without a security framework create new exposure. The human in the loop, with real subject matter expertise, remains essential. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Daniel DeCloss, Founder & CTO, PlexTrachttps://www.linkedin.com/in/ddecloss/ RESOURCES PlexTrac: https://plextrac.com KEYWORDS Daniel DeCloss, PlexTrac, Sean Martin, vulnerability management, penetration testing, pentest reporting, risk prioritization, CVE scoring, MCP server, AI in cybersecurity, blue team, remediation tracking, CTEM, continuous threat exposure management, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast, brand story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Eric Herzog, Chief Marketing Officer of Infinidat, sat down with Sean Martin for a booth-side Brand Highlight that reframes a familiar blind spot. Infinidat is a high-end enterprise storage company serving global Fortune 500 organizations and mid-range managed service providers -- and Herzog argues that leaving storage out of a corporate cybersecurity strategy means leaving the largest concentration of enterprise data exposed. Infinidat embeds cybersecurity directly into its storage platform through InfiniSafe, a software suite that has earned recognition from both storage and cybersecurity analysts. The centerpiece of the offering is a written guarantee: any dataset, regardless of size, will be recovered in one minute or less. Herzog explains that this is backed by immutable snapshots that cannot be altered or deleted, a management plane separated from the data plane, and AI/ML-powered scanning through InfiniSafe Cyber Detection that validates a snapshot is clean before it is restored. The goal is a "known good copy" -- a forensically clean snapshot that can be brought back with confidence. Herzog notes that security teams often focus on confidentiality and availability while underweighting integrity. Infinidat's approach addresses all three: snapshots are verified clean, recovery is fast, and the process is demonstrable in live proof-of-concept environments. At the beginning of April 2026, Infinidat recovered six petabytes in three seconds in a live demo. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Eric Herzog, Chief Marketing Officer, Infinidat LinkedIn: https://www.linkedin.com/in/erherzog RESOURCES Infinidat Website: https://www.infinidat.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Eric Herzog, Infinidat, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, enterprise storage, cybersecurity, ransomware recovery, data protection, InfiniSafe, immutable snapshots, cyber resilience, RSAC Conference 2026, next generation data protection, MSP security, storage security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most organizations are not waiting for permission to deploy AI agents -- they are already in production, often without a clear picture of what those agents can access or who is accountable for them. Token Security was built specifically for this moment, and being named an RSAC Conference Innovation Sandbox finalist is confirmation that the market is catching up to the problem the company has been solving since 2023. Itamar Apelblat, co-founder and CEO, and Ido Shlomo, co-founder and CTO, came out of Israel's elite intelligence unit 8200 -- Apelblat from the defensive security side and Shlomo from offensive cyber operations. That shared background, and 17 years of partnership, shapes how Token Security approaches a problem that most identity vendors have not yet reckoned with: AI agents are not humans, and they are not standard machine identities either. The core concept is intent-based access management. Rather than looking at an agent's historical behavior and extending permissions based on the past, Token Security asks: what is this agent supposed to do? What is its purpose? Restrictions are then built around that intent. As Apelblat explains, agents are non-deterministic -- they will pursue a goal through whatever path is available, including ones you did not anticipate or want. Locking down access based on intent rather than history is the only approach that holds. Shlomo adds a dimension that makes the risk concrete: an AI agent forgets everything between sessions. Every interaction starts fresh. That means it does not remember a previous attack attempt. A sophisticated adversary who manipulates an agent today can try the exact same technique tomorrow. Combine that with the agent's relentless drive to satisfy its directive -- even to the point of deleting data or modifying infrastructure if that is what it takes -- and the case for an isolated, intent-scoped perimeter becomes clear. The customer journey at Token Security almost always begins after deployment. Organizations arrive saying, in effect: we think we have agents out there, can you help us find them? Visibility comes first -- discovering what agents exist, understanding their usage, mapping ownership, managing lifecycle. Policy enforcement comes after. Critically, Token Security achieves this without sitting as an inline broker. The platform connects to both the agent platforms and the business applications those agents reach, creating enforcement at both ends without introducing friction into developer workflows. Apelblat frames the architecture in terms of micro agents: purpose-specific, narrowly scoped, each with a well-defined role. Not one agent doing everything -- thousands of focused agents, each constrained to exactly what it needs. Shlomo puts the business case plainly: an agent with properly managed identity is not a chatbot, it is a member of a digital workforce. Get identity right, and the productivity multiplier is enormous. Get it wrong, and a single compromised agent can cascade across every connected system it touches. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUESTS Itamar Apelblat, Co-Founder & CEO, Token Securityhttps://www.linkedin.com/in/itamar-apelblat/ Ido Shlomo, Co-Founder & CTO, Token Securityhttps://il.linkedin.com/in/ido--shlomo RESOURCES Token Security website: https://www.token.security/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Itamar Apelblat, Ido Shlomo, Token Security, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI agent security, AI agent identity, non-human identity, NHI security, intent-based access management, privileged access management, zero trust, RSAC Conference 2026, Innovation Sandbox, identity lifecycle management, agentic AI security, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Vijit Nair, VP of Product Management at Corelight, joins Sean Martin on the floor of RSAC Conference 2026 for a conversation about what it takes to move security operations from AI-assisted to AI-autonomous. Corelight is the fastest-growing company in the network detection and response (NDR) space, and Nair has spent six years helping build the platform from early network monitoring to its current position as a Gartner Magic Quadrant Leader. The company's open NDR platform transforms raw network traffic into high-fidelity, unopinionated evidence -- and that evidence is now powering the next leap: agentic triage. Corelight's newly launched Agentic Triage product moves beyond the "level one" AI assistant model -- where a system answers questions but takes no action -- to a "level two" agent that actually investigates and triages alerts. It identifies the riskiest entities in an environment, collects all associated context and data, runs a full investigation cycle, and delivers a verdict with full evidence attached. Nair calls it "bringing the receipts": analysts see not just the conclusion but every step of the reasoning. Early results show a 10x increase in investigation speed and 60-70% of alerts being automatically triaged. The network is having a resurgence as an essential visibility layer, and Nair explains why: attackers have adapted to EDR. Nation-state-style campaigns like Volt Typhoon and Salt Typhoon operate in the network layer, targeting unmanaged devices, routers, firewalls, and VPNs that endpoint tools cannot see. Corelight almost always finds something in the first 30 days of a pilot deployment -- from shadow IT and shadow VPNs to active red team attacks using tools like Sliver-based C2 frameworks. On the question of SOC adoption, Nair pushes back on the assumption that hesitation comes from the top. The hunger for AI-powered tools runs from CISOs all the way down to the analysts dealing with alert overload and understaffed teams. A recent customer put it simply: "This is amazing. Please don't take it away from me." Nair frames the path to full autonomy as a spectrum -- from human-controlled to fully agentic -- and draws the comparison to Waymo: the journey is measured and incremental, but the destination is inevitable. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Vijit Nair, VP of Product Management, Corelighthttps://www.linkedin.com/in/vijitn RESOURCES Corelight: https://corelight.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Vijit Nair, Corelight, Sean Martin, network detection and response, NDR, agentic triage, AI SOC, autonomous security operations, SOC automation, network security monitoring, threat detection, AI-powered security, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ISACA has stepped into a defining role in the CMMC ecosystem, taking over as the CMMC Assessor and Instructor Certification Organization -- the CAICO -- for the U.S. Department of War's Cybersecurity Maturity Model Certification program. Recorded live at RSAC Conference 2026, this conversation with Todd Gagnon, the Director of the CAICO at ISACA, gets right to the heart of what that means for cybersecurity professionals, defense contractors, and anyone thinking about where their career intersects with the defense industrial base. The CMMC program exists to solve a persistent problem: too many companies doing business with the federal government had failed to properly implement required cybersecurity controls. Built around NIST 800-171's 110 security requirements, CMMC demands third-party, independent verification -- and that means a large, trained, credentialed assessor workforce. ISACA's role is to build and certify exactly that. Todd Gagnon walks through the two foundational credentials at the center of this effort: the CMMC Certified Professional (CCP) as the entry point, and the CMMC Certified Assessor (CCA) as the operational core. With roughly 800 credentialed professionals in the current ecosystem against a need measured in thousands, the stakes and the urgency are clear. What makes this conversation practically useful is the range of people it speaks to. Gagnon lays out who should be thinking about a CCP -- including professionals early in their careers and organizations that want internal staff who truly understand the CMMC framework, not just outside consultants. He explains the C3PAO model, how subcontractor compliance flows through the ecosystem, and why NIST 800-171 is a strong cybersecurity foundation regardless of whether an organization ever touches a government contract. The certification pathway is open to non-ISACA members, the CCP is designed to be accessible, and the knowledge transfers well beyond the federal contracting context. ISACA is also moving ahead of the curve: with NIST having released Revision 3 of 800-171, ISACA is already developing training content for the transition -- targeting late 2025 delivery so that a wave of Revision 3-ready professionals will be in place when the Department of War makes the regulatory shift. Todd Gagnon closes with a candid ask for patience as the April 1st transition from Cyber AB to ISACA takes effect, along with a clear statement of intent: the credentials issued under ISACA's watch should stand for something. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Todd Gagnon, Director, CMMC Assessor & Instructor Certification Organization (CAICO) at ISACA LinkedIn: https://www.linkedin.com/in/todd-gagnon-90b8a6264/ RESOURCES ISACA CMMC Certification Hub: https://www.isaca.org/cmmc ISACA Official Website: https://www.isaca.org KEYWORDS Todd Gagnon, ISACA, Sean Martin, Marco Ciappelli, CMMC, Cybersecurity Maturity Model Certification, CAICO, CCP, CCA, NIST 800-171, Defense Industrial Base, cybersecurity certification, DoD compliance, government contractors, brand spotlight, brand story, brand marketing, marketing podcast, RSAC Conference 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Sean Martin caught up with Rich Mogull at the Cloud Security Alliance booth for a candid conversation about where enterprise security programs stand -- and what it takes to keep pace with AI. Mogull, who joined CSA as Chief Analyst in October 2025, brings a practitioner's instinct to a research-first organization, and he arrived with a clear mandate: help organizations stop treating security frameworks as shelf documents and start treating them as operational tools. CSA operates across three pillars -- cloud, zero trust, and AI -- and Mogull is the first to acknowledge the identity tension that comes with that breadth. But his argument is consistent: each pillar represents a transformational technology that exposed the limits of existing security practices. "Our sweet spot is these transformational, disruptive technologies," he says. The same challenge that played out with cloud adoption is now repeating itself with AI, and CSA's job is to help security teams navigate it with research that is genuinely actionable. One of the most anticipated deliverables from Mogull's first year is the AI Security Maturity Model -- a structured framework that gives enterprise security programs a lens for assessing and improving their AI security posture. Modeled on CSA's Cloud Security Maturity Model (which Mogull also authored), it is built around measurable KPIs and designed to be as automatable as possible. After its first public draft drew over 600 comments from 60 international reviewers, Mogull is in the final stages of revision. The model covers governance, identity and access management, security monitoring, model security, AI infrastructure, agentic applications, MCP servers, and AI developer enablement -- a purpose-built lens for enterprise AI security programs, not a generic maturity template. Beyond the model itself, Mogull is building the operational infrastructure to help CSA members actually use it. The new Enterprise Membership program -- launched in March 2026 -- centers on the Operational Maturity Roadmap: a structured, year-long engagement where CSA analysts work directly with member organizations, providing monthly guidance, specific recommendations, and an annual progress report tied to measurable outcomes. The goal is to move CSA from research producer to implementation partner -- and to deliver the kind of decision support that scales beyond what any individual consultant can provide. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Rich Mogull, Chief Analyst, Cloud Security Alliance LinkedIn: https://www.linkedin.com/in/richmogull/ RESOURCES Cloud Security Alliance: https://cloudsecurityalliance.org CSA Enterprise Membership Program: https://cloudsecurityalliance.org/membership CSA AI Controls Matrix: https://cloudsecurityalliance.org/research/working-groups/ai-controls-matrix CSA Cloud Controls Matrix: https://cloudsecurityalliance.org/research/cloud-controls-matrix Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Rich Mogull, Cloud Security Alliance, CSA, Sean Martin, AI Security Maturity Model, cloud security, zero trust, AI security, enterprise security, security maturity model, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury. Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture. Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation. Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster. A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET: https://www.eset.com ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, the expo floor runs on one word: AI. But Lisa Liu, Corporate Marketing and Communications Manager at Stellar Cyber, has been watching the confusion this creates in real time. Visitors at the Stellar Cyber booth are asking the same question: does AI in cybersecurity mean a tool that fights AI-powered attackers, a tool that is AI-based, or something else entirely? Lisa Liu's take is direct -- if your messaging can't answer that question, the noise is winning. Stellar Cyber has been building toward a human-augmented, autonomous SOC for years -- long before "agentic" became the conference password. The logic driving that mission is not about market positioning. It is about what happens when AI makes a mistake at scale. One error in judgment can echo a thousandfold. Human oversight is not a limitation on the platform -- it is the architecture. The goal is not to put a human on the sidelines as a safety check. The goal is to make every analyst perform at a higher level, so a junior analyst works at the capability of a senior analyst. Lisa Liu draws on the Waymo analogy familiar to anyone walking the streets of San Francisco this week: autonomous vehicles went from having a safety driver present to running solo. But when a power outage knocked out every Waymo unit simultaneously, the city needed humans to step in immediately. The same principle applies to security operations. Agentic AI is changing the analyst's role -- replacing alert fatigue and log chasing with higher-order problem solving -- but human involvement in the process is not going away. For SOC teams asking how to get there, Lisa Liu is clear: success is not a rip-and-replace project. Success is minimal personnel disruption and maximum operational efficiency -- repositioning existing tools to work smarter without exposing the organization to weeks of vulnerability during a rebuild. Stellar Cyber's platform integrates with existing SIEMs and tools, adds coverage across network, endpoint, identity, and cloud environments, and offers hundreds of pre-built integrations with more being added continuously. For managed security service providers serving clients across different industries and risk profiles, that kind of unified visibility is what makes the business model scale. The outcomes are specific. One Stellar Cyber customer reported that analysts were 83% more accurate in their threat environment analysis. Lisa Liu frames that number carefully: analysts are not measured by what they catch -- they are measured by what they miss. Any meaningful improvement in accuracy is not just a business metric. It changes how people feel about their work. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Lisa Liu, Corporate Marketing and Communications Manager, Stellar Cyberhttps://www.linkedin.com/in/lisaaliu/ RESOURCES Stellar Cyber: https://stellarcyber.ai Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Lisa Liu, Stellar Cyber, Sean Martin, RSAC Conference 2026, human-augmented SOC, autonomous SOC, AI-native security operations, Multi-Layer AI, MSSP security platform, SOC analyst efficiency, alert triage, agentic AI cybersecurity, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Daniel Bardenstein, CEO and co-founder of Manifest Cyber, opens with a candid assessment: the fundamental problem hasn't changed since Log4Shell. Organizations still don't understand what's inside the software and AI they build and buy. A recent Manifest Cyber study found a 40-50% gap between how well CISOs believed their security posture was managed and how their own AppSec teams rated the reality. Traditional SCA tools bury analysts in alerts without enabling response. Third-party tools hand out letter grades without reflecting actual empirical risk. The result is what Bardenstein calls the illusion of transparency -- confidence in visibility that doesn't actually exist. The hidden sources of risk go deeper than most teams realize. C/C++ code underpins critical infrastructure across medical devices, automotive, defense, and financial services -- yet most scanning tools can't effectively analyze it. Third-party binaries carry serious risk that vendors rarely disclose. Open source libraries that haven't been updated in years represent quiet exposure. And AI adoption is adding a new layer of opacity: datasets of unknown provenance, open-weight models with untested risk profiles, and AI-embedded applications where organizations have no visibility into what models or agents are operating underneath. Bardenstein frames the path forward in three dimensions: rapid response when a new issue emerges, proactive inventory and monitoring of critical dependencies, and supply chain risk stopped at the procurement gate before it enters the enterprise. When customers demand SBOMs as a condition of doing business, vendors improve -- and those improvements flow to all their other customers as well. Manifest Cyber sees this market dynamic as one of the most powerful forces for making the software ecosystem more secure. The conversation also takes on accountability. Drawing on his time leading technology strategy at CISA, Bardenstein argues that the burden of transparency must fall on the people who write software, not those who buy and use it. The "transparency tax" -- the hidden cost of cheap or opaque technology -- only surfaces after something goes wrong, in the form of incident response, people-hours, and exposure. Compliance drivers like the EU Cyber Resilience Act are reinforcing this shift, but market pressure from major banks, pharmaceutical companies, and government is already moving faster than regulation. Manifest Cyber automates the hard work: generating SBOMs, analyzing binaries, surfacing risk in C/C++ and third-party dependencies, and enabling fast, owner-assigned remediation. One customer went from zero to generating SBOMs across their entire fleet in 90 seconds -- without touching a command line. The platform is built to keep engineer velocity high, surface risk in plain language for procurement and risk teams, and make supply chain security accessible to the entire organization, not just the AppSec team. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Daniel Bardenstein, CEO and Co-Founder, Manifest Cyber LinkedIn: https://www.linkedin.com/in/bardenstein/ RESOURCES Manifest Cyber: https://www.manifestcyber.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Daniel Bardenstein, Manifest Cyber, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, software supply chain security, SBOM, Software Bill of Materials, AIBOM, AI supply chain, Log4Shell, software transparency, SCA tools, C/C++ security, open source risk, Secure by Design, EU Cyber Resilience Act, supply chain risk management, third-party risk, RSAC Conference 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The security operations center is under pressure from every direction -- rising alert volumes, fragmented data environments, and a skills gap that no amount of hiring fully closes. At RSAC Conference 2026, Monzy Merza of Crogl sat down with Sean Martin and Marco Ciappelli to talk about what the AI-enabled SOC actually looks like when it is working at enterprise scale. Crogl recently published the State of the AI SOC report, a survey of more than 600 organizations. The headline finding: nearly 40% of alerts go completely unattended. Not triaged. Not escalated. Just missed. The report also found that a large share of respondents rank the security of an AI system above its raw capability -- trust before performance. Merza says the goal of the report was part data, part demystification, and part empathy building -- giving security leaders permission to recognize that everyone is dealing with the same problems. Crogl's knowledge engine is built on a foundational premise: data is fragmented in the enterprise, and that is not going to change. Rather than requiring data normalization before analysis, Crogl builds an enterprise semantic knowledge graph that maps relationships across data lakes, SIEMs, and SOAR platforms, wherever the data lives. Analysts no longer need to navigate schemas or query languages. Crogl handles the investigation and surfaces what matters. Merza describes two compressor effects his customers experience. A competency compressor allows any analyst to draw on multiple data lakes at once. A domain knowledge compressor lets Crogl work across alert types -- phishing, endpoint, and beyond -- rather than routing each to a specialist. The result is a team that operates well above its apparent headcount. One customer example: a CISA advisory that would take hours to manually parse can be uploaded into Crogl and assessed across the enterprise footprint -- IOC mapping and detection coverage -- in sub-hours. The same logic extends to compliance, where audit data calls that once required manual query-by-query execution can now be executed by Crogl against a full 500-query data call at once. On the jobs question, Merza takes a clear position: AI will create more security jobs, not fewer. Every new AI deployment is a new attack surface. Every new footprint needs to be defended. The repetitive tier-one work is going away -- but the volume of meaningful security work is expanding and the entry level is rising. The organizations getting ahead of this are already standing up AI review boards and putting security capability at the center of how they evaluate new AI tools. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Monzy Merza, Co-Founder and CEO, Crogl LinkedIn: https://www.linkedin.com/in/monzymerza RESOURCES State of the AI SOC Report (free download): https://www.crogl.com Crogl: https://www.crogl.com AI SOC Summit: https://aisocsummit.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Monzy Merza, Crogl, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI SOC, security operations center, SOC automation, AI in cybersecurity, alert fatigue, security data lakes, SIEM integration, enterprise knowledge graph, threat intelligence, CISA advisory, Volt Typhoon, RSAC Conference 2026, RSAC 2026, cybersecurity AI, autonomous investigation, SOC analysts, security workforce, CISO strategy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hewlett Packard Enterprise has been rethinking what it means to secure an enterprise network -- and the answer they keep arriving at is that security cannot be an afterthought. At RSAC Conference 2026, Mounir Hahad, Head of HPE Threat Labs, sat down with Sean Martin to walk through what that philosophy looks like in practice and what two major announcements at the show mean for security teams. One of those announcements is the HPE AI firewall -- a solution built specifically for organizations trying to govern how employees use generative AI tools without shutting down innovation. Mounir Hahad frames the challenge directly: gen AI has doubled the attack surface, and organizations that fail to act risk both data leakage and a loss of confidence in the technology itself. The AI firewall starts with visibility -- showing which AI services employees are using, what data is moving where, and whether private information is leaking to external services -- and then gives administrators the tools to set and enforce policy. The second announcement is the formal launch of HPE Threat Labs, which brings together threat research capabilities from both Hewlett Packard Enterprise and the former Juniper Networks. The combined team covers both threat analysis and vulnerability analysis -- capabilities that were previously siloed. HPE Threat Labs has published its inaugural In the Wild threat report, drawing on telemetry, honeypots, and open-source intelligence to give CISOs and decision makers a clear view of how cybercrime has industrialized, why attacks are increasingly targeted, and why high-confidence alerts matter more than ever. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Mounir Hahad, Head of HPE Threat Labs, Hewlett Packard Enterprise LinkedIn: https://www.linkedin.com/in/mounirhahad/ RESOURCES HPE Threat Labs: https://www.hpe.com HPE Threat Labs 2026 In the Wild Threat Report: https://www.hpe.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Mounir Hahad, Hewlett Packard Enterprise, HPE, HPE Threat Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI firewall, generative AI security, network security, threat intelligence, SASE, cybercrime, RSAC Conference 2026, threat research, enterprise security, AI governance, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Anthony Cusimano, Chief Evangelist and Director of Solutions Marketing at Object First, joins Sean Martin on the show floor to break down what separates truly immutable storage from the checkbox version. The answer comes down to zero access: no command line interface, no root access, no administrative back doors at any layer -- for customers or for Object First itself. Object First appliances are purpose-built for Veeam and ship with S3 protocol storage in automatic compliance mode, versioning, and object lock. Once data is written and a retention period is set, nothing -- no admin, no attacker, not even the vendor -- can touch it. Cusimano describes the architecture as a storage utility, not an administration platform: Veeam handles all backup policy and configuration; Object First handles one thing only, ensuring the data cannot be erased. The statistics behind the design are sobering. According to Cusimano, 96 percent of ransomware attacks specifically target backup data -- a figure validated across four independent industry surveys. Organizations that rely on encryption alone, without immutable storage, are leaving a critical gap that attackers have learned to exploit. Many do not discover that gap until recovery is already underway. Cusimano also makes the case for recovery testing as a security priority in its own right. He recommends full tabletop exercises that assume worst-case conditions: every admin credential compromised, active directory gone. Teams that run through this process discover gaps in their architecture that no amount of vendor documentation will surface. His practical tip -- collect coworkers' cell phone numbers before an incident -- reflects just how complete the communications blackout can be when directory services fail. Two capabilities from Object First round out the conversation. Fleet Manager, launching May 6th, gives managed service providers and large enterprises a single SaaS dashboard to manage all Object First instances with unified telemetry and honeypot visibility -- with no backup data leaving the appliance. And the honeypot feature, included on every device at no cost, simulates a Veeam backup and replication server as a decoy. When agentic AI-driven attacks probe the environment, they interact with the honeypot exactly as they would a real target, triggering alerts that can surface threats days or weeks before a full attack develops. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Anthony Cusimano, Chief Evangelist & Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, ransomware, immutable storage, backup security, Veeam, data protection, RSAC Conference 2026, cyber resilience, absolute immutability, ransomware recovery, Fleet Manager, honeypot detection, managed service providers, zero trust storage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, the noise is relentless. Vendor booths, AI pitches, and breathless marketing compete for attention at every turn. Michael Parisi, Chief Growth Officer at Steel Patriot Partners, joins Sean Martin and Marco Ciappelli on the ground in San Francisco to name what too few are willing to say out loud: most of the conversation happening on the show floor does not reflect the conversations that actually matter. The real exchanges, Parisi says, are happening backstage -- in the hallways, over coffee, between practitioners who trust each other enough to ask: does this vendor actually do what they say? That shift back to peer-driven trust is not a trend. It is a correction. Security leaders are exhausted and fragile, operating under intense pressure, and they are returning to the relationships they know rather than the research tools and AI-generated answers they do not trust. Steel Patriot Partners was built around exactly that dynamic. Their operating principle -- business owners first, engineers second, compliance and security people third -- runs counter to how most consulting firms approach an engagement. Rather than leading with frameworks or certifications, the team starts by asking what outcome the client is actually trying to achieve. Parisi is candid about how often that conversation leads them to steer a client away from the path they came in convinced they needed. That willingness to say no -- and mean it -- is what sets a trusted advisor apart from a vendor. The outcome-first philosophy shapes every engagement. As founder Jason Ford says, 80% of what Steel Patriot Partners does is a therapy session. Organizations coming in with complex compliance challenges -- FedRAMP, CMMC, HITRUST, DoD IL -- need more than a checklist. They need a partner who has lived those journeys themselves, made the mistakes, and can speak honestly about what is worth pursuing and what is not. Parisi's advice to anyone evaluating a consulting partner is pointed: ask the question up and down the team, not just of the founder. The firms that have genuinely lived what they sell -- and can talk about the failures as clearly as the successes -- are the ones worth trusting when the stakes are high. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Michael Parisi, Chief Growth Officer, Steel Patriot Partners LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/ RESOURCES Steel Patriot Partners: https://www.steelpatriotpartners.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Michael Parisi, Steel Patriot Partners, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cybersecurity consulting, compliance advisory, FedRAMP, CMMC, HITRUST, DoD IL, trusted advisor, outcome-based consulting, vendor trust, cybersecurity noise, RSAC Conference 2026, security leadership, GRC, business risk, human in the loop Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Dr. Chris Pierson, Founder and CEO of BlackCloak, sat down with Sean Martin and Marco Ciappelli for a conversation that has become something of an annual tradition. What started in 2018 as a category BlackCloak largely invented -- digital executive protection -- has become one of the most pressing concerns in enterprise security. Adversaries have figured out that the easiest path into a company often runs straight through the personal lives of its leaders: the About Us page, the board listing, the family members visible on social media. BlackCloak was built to close that gap. BlackCloak announced at RSAC Conference 2026 the launch of its new travel advisory platform -- a tool designed to give executives and their families actionable, real-time intelligence when traveling domestically or internationally. Pierson explained that CISOs and CSOs are increasingly being asked questions that go well beyond network security: what are the crime trends in this city, what embassy contacts are needed, which areas should be avoided? The platform distills complex, fast-moving threat intelligence into concise briefings -- four or five pages, mobile-accessible, and built for the executive and the family members traveling alongside them. On the privacy side, BlackCloak introduced Search Suppression -- a new feature that goes further than data broker removal alone. Even after information is scrubbed from the major data broker sites, traces of personally identifiable information can persist across the open internet. Search Suppression identifies those instances and requests their removal from search engine results, shrinking the digital footprint that attackers use to build targeted OSINT profiles. And because the threat surface shifts as executives' children age and begin generating their own data trails, the platform monitors continuously -- not just at a single point in time. Pierson also addressed the deepfake threat head-on. BlackCloak re-released its Impersonation Protection feature with deeper capabilities specifically designed for this problem. Plugin-based detection tools for Teams or Zoom leave the most common attack vectors -- phone calls, text messages, WhatsApp, Signal -- completely unaddressed. Impersonation Protection allows members to push a quick identity-verification request through the BlackCloak app to anyone in their trusted circle, regardless of how the original communication arrived. If verification fails, alarm notifications fire to both the CISO and the BlackCloak team. In a world where high-quality deepfake audio and video can be synthesized from publicly available earnings call recordings and media appearances, slowing down to verify through a trusted channel is one of the most reliable defenses available. The conversation closed on the concept of trust -- a word Pierson returned to repeatedly. It is, he said, the reason people choose BlackCloak. The relationships the company builds with CISOs, CSOs, and the executives and families they protect require trust that is built carefully and maintained continuously. As BlackCloak scales, preserving that culture is something Pierson thinks about deeply. For a company whose entire business is built on protecting people in their most personal digital spaces, trust is not just a value. It is the product. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Dr. Chris Pierson, Founder and CEO, BlackCloakhttps://www.linkedin.com/in/drchristopherpierson/ RESOURCES BlackCloak official website: https://blackcloak.io BlackCloak Digital Executive Protection Platform: https://blackcloak.io/product/ Request a BlackCloak demo: https://blackcloak.io/executives/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Dr. Chris Pierson, BlackCloak, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand spotlight, digital executive protection, executive cybersecurity, personal cybersecurity, deepfake defense, impersonation protection, travel advisory security, search suppression, data broker removal, OSINT, executive privacy, RSAC Conference 2026, RSAC 2026, cybersecurity, privacy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode from RSA Conference 2026, Marco Ciappelli sits down with Ben Halpert, founder of the non-profit organization Savvy Cyber Kids, to discuss the critical intersection of child development and technology. Since its founding in 2007, Savvy Cyber Kids has been on a mission to provide parents and educators with the tools needed to guide children through the digital world. Ben explains why introducing technology too early can be detrimental to a child's emotional preparedness and brain development, and why adult-led guidance is essential even when kids seem like "tech experts". In this conversation, we explore: The Evolution of Threats: Moving from MySpace and CRT monitors to 24/7 access via mobile devices. Early Intervention: Why the "rhyme and picture book" approach works for children as young as three to teach concepts like online aliases and stranger safety. Safe AI for Kids: Introducing a new partnership with Chaperone, a platform featuring "homework mode" and parental controls to ensure AI is a tool for learning, not a shortcut for thinking. Going Global: How the organization has expanded internationally with materials translated into Spanish, German, French, and Hebrew. About Our Guest Ben Halpert is a cybersecurity veteran with over 25 years of experience and the founder of Savvy Cyber Kids. He is dedicated to helping parents navigate the "wild" of the internet with positive, developmentally appropriate programming.   Resources Savvy Cyber Kids Website: savvycyberkids.org More RSAC 2026 Coverage: itspmagazine.com/rsac Marco's Website: Marcociappelli.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Marco Ciappelli sits down with Hoala Greevy, founder of Paubox, to discuss a mission-driven initiative aimed at changing the face of the technology industry.  What started as a celebratory giveaway of spam musubi for Paubox customers has evolved into the Paubox Kahikina Scholarship, a recurring $1,000 annual grant for Native Hawaiian students pursuing careers in STEM and technology.   Key Highlights: • The Mission: To encourage Native Hawaiians—who are significantly underrepresented in tech and medical fields—to pursue and stay in STEM careers.  • The Impact: Since 2019, the scholarship has grown from a single recipient to 62, providing both financial aid and direct access to a professional network.  • Beyond the Money: Recipients share their college journeys through annual blog posts or vlogs, creating a community of future leaders.  • New Milestones: Hoala discusses the scholarship's recent 501(c)(3) nonprofit status, opening the doors for corporate partnerships and expanded funding.   How to Support or Apply: If you are a Native Hawaiian student pursuing STEM, or if you are interested in donating to the fund, visit the link below: •  Website: https://www.paubox.com/kahikina-stem-scholarship   • Application Deadline: May 31st.   Marco's Website: https://www.marcociappelli.com  ITSPmagazine: https://www.ITSPmagazine.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Marco Ciappelli sits down with cybersecurity evangelist and thought leader Theresa Lanowitz at the end of day one on the expo floor for a conversation that cuts through the noise — from shadow AI and leadership accountability, to brand identity, to why most companies here can't articulate a message above the fray. Plus: a Peloton story that accidentally became the best explanation of brand loyalty you'll hear all week.  Chapters: - Judge Sentences CEO to 8 Hours on the RSAC Floor  - End of Day One: Setting the Scene  - Who Is Theresa Lanowitz  - The Binary View of AI: Love It, Fear It, or Find the Gray  - Leadership's Role in the AI Transformation - Shadow AI: The Insider Threat Nobody Is Naming  - Why Some Companies Still Say No to AI  - Fighting With Your LLM (We All Do It)  - AI Slop and the Brand Differentiation Problem - The Peloton Story: What Real Brand Loyalty Looks Like  - RSAC 2026: Everyone Sounds the Same  - Where Is Agentic AI Actually Going - Integration, Orchestration, ROI: The Real Questions  - Make AI Your Own  What's actually covered: → Why agentic AI is dominating RSAC 2026 — and why it all sounds the same → Shadow AI: the insider threat nobody is calling an insider threat → What strong brand presence actually looks like (hint: it's not a circus tent) → Why fear — not budget — is the real reason companies still say no to AI → Integration, orchestration, ROI: what comes after the hype → The one message that matters: make AI your own

Is the RSA Conference floor a visionary glimpse into the future, or just an "AI blender" where every vendor tastes the same? Join hosts Marco Ciappelli and Sean Martin as they sit down with industry heavyweights Theresa Lanowitz and Joe Carson to dissect the real sentiment of RSAC 2026. Key Discussion Points: The AI Agent Explosion: Everyone says they can secure your agents, but is there any actual differentiation? Keynote Insights: A breakdown of George Kurtz's CrowdStrike keynote on "Full Throttle" AI vs. total fear. The "Mushroom" Metaphor: Why AI is like a power-up in Super Mario Kart—it makes you go faster, but it doesn't make you a better driver. The Marketing Disconnect: Why vendor messaging is failing to map to the actual "to-do lists" of modern CISOs. Niche Power: Why the most innovative solutions are often found on the perimeter of the expo floor.   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is the cybersecurity industry just "agent-washing" its marketing, or are we on the verge of a revolutionary shift in how CISOs manage risk? Join Madelein van der Hout (Senior Analyst at Forrester), Marco Ciappelli, and Sean Martin as they record live from the RSA Conference to cut through the GenAI noise.     Key Discussion Points:   The CISO Challenge: Why security leaders are struggling to define their roles for the next five years.       Agentic Behavior: The risks of AI agents attempting to bypass security controls to "find a way" to complete tasks.       AI vs. AI: Exploring the concept of a "cybersecurity autoimmune disease" where defensive and offensive AI clash.       Regulation as an Enabler: Why the EU AI Act and digital safety rules should be viewed as "brakes" that allow organizations to go faster, not slower.       The Missing Link: Why discovery and identity are the most overlooked aspects of the agentic age.     Chapters: 0:00 - Live from RSA Conference San Francisco 1:03 - The impossible task of the modern CISO 2:26 - Why there were no "puppies" at RSAC this year 4:14 - Cutting through the GenAI marketing noise 5:51 - Upskilling vs. reskilling for an AI workforce 7:50 - The need for "Discovery" in AI agents 11:39 - Budgeting: Securing AI within the AI budget 13:24 - Stop treating AI like it's "mysterious" software 15:42 - Regulation: The EU AI Act and "Brakes" for innovation 18:19 - AI Horror Stories: Agents gone rogue? 23:00 - The Cybersecurity Autoimmune Disease theory Suggested Tags Broad Tags: Cybersecurity, InfoSec, Artificial Intelligence, GenAI, AI Agents, RSA Conference, RSAC 2026. Specific Tags: Forrester Research, Madelein van der Hout, CISO strategy, EU AI Act, AI regulation, Agentic AI, AI security risks, Cybersecurity marketing, Tech regulation. Next Step: Would you like me to generate a high-impact thumbnail concept or a few community post blurbs to promote the video once it's live? Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Healthcare's AI ambition and its data infrastructure are moving at different speeds. In this edition of Lens Four, Sean Martin examines what happens when those speeds collide — and who is accountable when the sequence is wrong.

Show Notes For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSAC Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five. Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security. The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending. The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined. All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it. Guest Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis Host Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ Resources SANS Institute | https://www.sans.org RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Keywords ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tony Anscombe has attended RSA Conference since 1998 -- back when it was held at the Fairmont Hotel. That long view informs everything about how ESET approaches threat intelligence. It is not about volume. It is about accuracy, speed, and putting the right signal in front of the right team at the right moment. The ESET eCrime Ecosystem Report comes in two forms: a business-facing summary outlining current risks for leadership, and a long-form technical report for analysts -- complete with IOCs, coding examples, and structured intelligence feeds covering ransomware, crypto scams, malicious email attachments, and infostealer data. These feeds are built to plug directly into SOC workflows and firewall rules, not to create more work for already stretched teams. Tony Anscombe is direct about the quality problem in threat intelligence. Open-source feeds sound appealing -- until you factor in the analyst hours required to clean out the noise. By then, the intelligence is stale. Attacks circle the globe in hours. Near-real-time, verified intelligence is not a premium -- it is the baseline requirement. The threat detection conversation has also moved well past malware. Anscombe walks through how modern attackers often skip the payload entirely -- credential theft gets them in, then slow lateral movement and data exfiltration follow, with ransomware as the final act rather than the first signal. ESET's platform focuses on behavioral anomaly detection across the full environment, with on-site, cloud, and managed deployment options for organizations that cannot or will not go all-in on cloud architecture. At RSAC Conference 2026, ESET will be at booth 5253 in Moscone North. Anscombe has two sessions on the Wednesday agenda: one on supply chain blind spots -- urging security teams to engage directly with the business side to map third-party risk fully -- and a community rant session tackling four things that need to change in cybersecurity, including the cryptocurrency regulation debate. On AI, his message is measured: the real conversation at the show is not about using AI -- it is about securing it. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET website: https://www.eset.com ESET threat research blog (WeLiveSecurity): https://www.welivesecurity.com ESET at RSAC Conference 2026 -- Booth 5253, Moscone North Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, RSAC Conference 2026, eCrime, threat intelligence, eCrime Ecosystem Report, cybersecurity, endpoint protection, MDR, threat detection, supply chain security, AI security, ransomware, infostealer, brand spotlight, brand marketing, marketing podcast, brand story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Backup storage rarely gets a spotlight at security conferences. Object First is working to change that. Anthony Cusimano, Director of Solutions Marketing, joined Sean Martin and Marco Ciappelli ahead of RSAC Conference 2026 to make the case that absolute immutability -- baked into hardware, not bolted on as a feature -- is one of the most critical layers of any modern security stack. Object First builds physical, on-premises appliances purpose-built for Veeam. Once backup data lands on the device, it cannot be changed by anyone: not an admin, not the vendor, not an attacker. That guarantee is the foundation of the company's entire product philosophy. As Anthony Cusimano puts it, the threat is clear -- ransomware operators now specifically target backups because destroying that data eliminates the victim's options. Heading into RSAC Conference 2026, Object First is bringing new capabilities to South Hall Booth S3601. Demos will include Honeypot, a feature that causes the Object First appliance to simulate a Veeam backup and replication server as a decoy. If a bad actor attempts brute-force access or a remote desktop connection, an alert fires immediately -- a signal that your real Veeam environment is likely also being probed. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Anthony Cusimano, Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, ransomware, backup security, immutable storage, Veeam, data protection, RSAC Conference 2026, cyber resilience, backup immutability, ransomware protection Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves. The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace. At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on. Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it. Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Subo Guha, Senior Vice President of Product Management, Stellar Cyberhttps://www.linkedin.com/in/suboguha/ RESOURCES Learn more about Stellar Cyber: https://stellarcyber.ai RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Monzy Merza, Co-Founder and CEO of Crogl, sat down with Sean Martin and Marco Ciappelli ahead of RSAC Conference 2026 with a position that cuts against the prevailing AI narrative: there will be more security engineers next year than there are today, not fewer. His reasoning draws on how automation has always worked. The phone contact list eliminated the need to memorize numbers -- and people communicated with far more people as a result. AI in security will expand the surface area practitioners must handle, not shrink the need for them. Crogl was founded in 2023 to make every security practitioner as effective as their entire team. What sets Crogl apart is a refusal to require data normalization before the product becomes useful. Instead, Crogl builds a semantic knowledge graph across an organization's existing data lakes, SIEMs, and SOAR platforms -- however many there are -- so analysts can investigate alerts and threat hunt across their real environment, not an idealized version of it. Monzy Merza applies the same logic to language models as to data: if different data stores serve different purposes, why accept a single LLM for every security scenario? Crogl lets organizations choose their model, swap as needs evolve, and deploy on any footprint -- including fully air-gapped environments. For government agencies, energy utilities, and manufacturers, that is not a feature. It is a deployment prerequisite. Financial services leaders across 15 conversations in New York told Merza the same thing unprompted: Crogl's investment in an enterprise semantic knowledge graph is what they see as genuinely correct. Their argument: you cannot solve enterprise security operations with AI without knowing where data lives without transforming it. These were practitioners speaking, not vendors. The week before RSAC Conference, Crogl hosted the first AI SOC Summit near Washington, DC -- no NDAs, no directed demos. Attendees brought their own laptops, got access tokens, and used Crogl on their own problems, completely unattended. The booth at RSAC Conference will work the same way: walk up, run real scenarios, no one driving the demo. The head of AI, UX designer, and chief architect will all be on the floor to listen and be challenged. Organizations building AI security strategy around eliminating people are making a bet history does not support. The smarter path -- and the one Crogl is built around -- is enabling practitioners with tools that meet them where they are, on the data they have, with the models they trust, in the environments they control. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Monzy Merza, Co-Founder and CEO, Crogl On LinkedIn: https://www.linkedin.com/in/monzymerza/ RESOURCES Crogl: https://www.crogl.com AI SOC Summit: https://www.aisocsummit.com/ RSAC Conference 2026 Coverage on ITSPmagazine: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Monzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC, security operations center, autonomous alert investigation, enterprise semantic knowledge graph, AI security tools, SOC automation, security analyst, threat hunting, data normalization, large language models, agentic AI, RSAC 2026, RSAC Conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use? Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The Business Protection Group. His lens is converged security: the deliberate integration of cyber, physical, privacy, and people-risk under a unified program and leadership model. Roland identifies three patterns that typically bring organizations to him. First, an emergent crisis -- a threat against an executive, a workplace violence incident, a travel security failure -- that suddenly exposes the absence of a coherent protection program. Second, a cost and structure conversation where the CEO is tired of receiving two different risk pictures from two different security leaders and wants a single accountable voice. Third, a board-driven inquiry where general counsel or the CEO is being asked questions about executive resilience and duty of care that nobody inside the organization can confidently answer. What makes this conversation particularly sharp is Roland's framing of convergence not as an org chart exercise, but as a force multiplier. A unified threat intelligence picture -- one that covers cyber, physical, executive, brand, and customer risk simultaneously -- enables cleaner prioritization, better resource allocation, and a fundamentally stronger conversation with the CEO. The alternative, which he has seen firsthand, is four separate threat management platforms reporting independently with no team working across all of them. The episode also pushes into territory that most security programs have not yet mapped: employee protection at scale. Not bodyguards for everyone, but the organizational consciousness to monitor for geographic threats, proactively check in with distributed employees during major events, and build a duty-of-care posture that extends beyond the office walls into people's home lives and total risk environment. For high-risk employees -- those with keys to the kingdom, not just C-suite titles -- that responsibility extends further still. For CISOs and CSOs wondering where to start, Roland offers a practical crawl-walk-run framework: start with shared services rather than full convergence, open the conversation with leadership, surface the gaps the business already knows exist, and build a financial and risk model that makes sense for your specific organization. The goal is a converged security program that treats people -- not just infrastructure -- as an asset worth protecting. ⬥GUEST⬥ Roland Cloutier, Principal at The Business Protection Group | On LinkedIn: https://www.linkedin.com/in/rolandcloutier/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On ITSPmagazine: https://www.itspmagazine.com/ On YouTube: https://www.youtube.com/@itspmagazine On LinkedIn Newsletter: https://itspm.ag/future-of-cybersecurity Sean Martin's Contact Page: https://www.seanmartin.com/ ⬥KEYWORDS⬥ roland cloutier, the business protection group, sean martin, executive protection, employee protection, converged security, physical security, ciso, cso, duty of care, threat intelligence, workplace violence, security convergence, business resilience, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Summary: Recorded live from the floor of HIMSS 2026 in Las Vegas, this Brand Spotlight conversation with Chris Sullivan, Global Healthcare Practice Lead at Zebra Technologies, explores how technology — from RFID drug tracking to AI-powered frontline devices — is reshaping the way hospitals deliver care, reduce waste, and protect patients. From a groundbreaking pharmacy innovation at Texas Children's Hospital to Zebra's vision for ambient intelligence at the point of care, this is a candid look at what it means to build technology for the people who actually do the work. At HIMSS 2026 in Las Vegas, the conversation keeps circling back to the same question: how can technology help healthcare workers spend more time with patients and less time chasing information? For Chris Sullivan, Global Healthcare Practice Lead at Zebra Technologies, that question is not hypothetical — it's the work. In this Brand Spotlight, Marco Ciappelli connects with Chris from the conference floor to talk about what's actually happening in healthcare technology right now. Zebra Technologies, a 55-year-old company with over 10,000 employees and more than 300 healthcare-specific products, has built its reputation by designing tools not for the corner office, but for the frontline worker — the nurse, the pharmacist, the care team member who needs the right information at exactly the right moment. One of the most compelling stories Chris shares is Zebra's partnership with Texas Children's Hospital, a world leader in pediatric oncology. The challenge: high-cost cancer medications — some exceeding a million dollars per treatment — were being lost, duplicated, or expiring before reaching patients. The solution was an RFID-based drug management system, built in partnership with a Texas software company, that now tracks medications throughout the pharmacy supply chain. The result? Millions of dollars in annual inventory savings, improved patient safety, and a model that Texas Children's is now actively sharing with hospitals in Amsterdam and beyond. But the RFID story is just one piece of a larger picture. What Zebra calls healthcare workflow orchestration — the coordination of people, assets, and information across a complex hospital environment — is the bigger ambition. Chris describes a three-part framework: asset visibility (digitizing wheelchairs, pumps, medications, and supplies), real-time information for caregivers (through mobile computers and hands-free wearables), and operational automation (like the pharmacy RFID system). Together, these elements are designed to remove friction from the care delivery process and give clinicians back the one thing they most want: presence with their patients. And then there's AI. Zebra has been building sensor-rich devices for years, and now those sensors — over 15 per device, capturing voice, video, and environmental data — are becoming the foundation for an AI platform built specifically for frontline workers. Chris draws a sharp distinction between AI for knowledge workers and AI for frontline workers, arguing that the needs, rules, and structures are fundamentally different. Zebra's approach is to pre-extract sensor intelligence into an open SDK with over 21 AI enablers, then package those into industry-specific blueprints that can be deployed in months rather than years. The conversation ends where it began: with people. Chris is both a technology provider and a healthcare board member, which gives him a perspective that's rare in this industry. He understands what it means when a caregiver is interrupted. He knows that a nurse who has to stop and look something up is a nurse who isn't holding a patient's hand. That's the problem Zebra is trying to solve — not with a flashy pitch, but with 55 years of frontline experience and a clear-eyed view of what the work actually looks like. Recorded remotely from HIMSS 2026 | Las Vegas, NV | March 9–12, 2026 This Brand Spotlight is part of ITSPmagazine's ongoing coverage of HIMSS 2026. To explore more conversations from the event, visit ITSPmagazine.com. GUEST Chris Sullivan Global Healthcare Practice Lead, Zebra Technologies LinkedIn: https://www.linkedin.com/in/chris-sullivan-6135624/ RESOURCES Zebra Technologies: https://www.zebra.com HIMSS 2026: https://www.himssconference.com Want to tell your brand story? Reach out to us at ITSPmagazine.com. Are you interested in sponsoring an ITSPmagazine Channel?

Show Notes Scott Scheferman -- known throughout the cybersecurity and music communities as Shagghie -- brings a rare combination of backgrounds to this conversation: classically trained on trumpet, a live techno producer since the late nineties, a student of synthesis at its lowest circuit level, and now a full-time researcher working on what he calls the Joy Protocol -- a frequency-based framework designed to produce measurable physiological and neurological benefits through sound and light. The conversation opens with Scott recounting his musical journey -- from blues trumpet in the Caribbean to losing his cherished instruments during a move to the United States, to a 25-year silence before his daughter convinced him to pick up the horn again. Then came the synthesizers. He describes performing live techno with six drum machines and synthesizer sequencers at a San Diego club, his parents in the crowd, sweating and dancing by 2:00 AM. For Scott, that was the moment of arrival -- not just as a performer, but as someone understood. From there, the conversation moves into the physics. Scott and Sean explore how frequency operates across the entire spectrum -- from the 7.83 hertz resonant frequency of the Earth itself to the quantum oscillations that defy measurement. Scott makes the case that sound is not merely an aesthetic experience but a literal force, one that operates on the body, mind, and cellular structure in ways now being confirmed by a new wave of scientific research. The Solfeggio scale, long dismissed by mainstream music as esoteric, turns out to have been built around frequencies that have specific, studied, physiological effects on the human body. The conversation doesn't shy from harder territory. Scott discusses directional sound weapons he witnessed firsthand at Booz Allen Hamilton, the documented Havana syndrome incidents, and how blue light frequencies are engineered into consumer electronics to trigger dopamine responses. These aren't conspiracy theories, he argues -- they are the same science, used from the opposite direction. The Joy Protocol is the inverse: taking those same mechanisms and applying them to produce healing, not harm. Even the 40-hertz frequency -- which Scott now seeks out on his wife's Power Plate machine at the gym -- produces a physical response he describes as immediately and unmistakably real. The episode closes on the question every musician, listener, and creator should be sitting with: if certain frequencies heal and others harm, if the A-440 tuning standard may have been a deliberate departure from something more resonant, and if the spaces between notes matter as much as the notes themselves -- then what does it mean to produce music intentionally? Scott points toward the guitar as a last frontier that AI cannot replicate: the harmonic overtones that physically manifest in wood when an instrument is tuned to a resonant frequency cannot be induced after the fact. That reality, he suggests, is both a challenge and an invitation. Host Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ Guest(s) Scott "Shagghie" Scheferman, Cybersecurity Strategist, Musician, and Researcher | Website: https://www.scottscheferman.com/ | On LinkedIn: https://www.linkedin.com/in/scottscheferman/ Resources Scott Scheferman's Personal Website | https://www.scottscheferman.com/ Music Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/ Keywords scott scheferman, shagghie, frequency healing, quantum consciousness, cymatics, solfeggio frequencies, sound as medicine, live techno, music production, joy protocol, sean martin, music, creativity, art, artist, musician, music evolves, music podcast, music and technology podcast More From Sean Martin on ITSPmagazine More from Music Evolves: https://www.seanmartin.com/music-evolves-podcast Music Evolves on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTRJ5du7hFDXjiugu-uNPtW On Location with Sean and Marco: https://www.itspmagazine.com/on-location ITSPmagazine YouTube Channel: https://www.youtube.com/@itspmagazine Be sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Third-party-related breaches have doubled in the last 12 months. Ryan Patrick, Executive Vice President of TPRM Customer Solutions at HITRUST, is not surprised. As organizations outsource more to stay focused on core competencies, the vendor attack surface grows -- and malicious actors are exploiting it through a pattern Patrick calls "island hopping": land on a smaller vendor, secure a foothold, then move laterally toward the real target. The Stryker attack, which unfolded in real time during HIMSS 2026, made the stakes concrete. What began as a nation-state operation quickly became a supply chain crisis. Hospitals relying on Stryker products scrambled -- not because their own environments were breached, but because a critical supplier went down. Patrick argues that availability of services deserves equal weight to confidentiality, especially when a supplier outage directly impacts patient care and revenue. AI adds a new layer of urgency to vendor risk. Vendors are quietly adding AI capabilities to existing products -- sometimes without notifying customers. An EHR platform might add a clinical decision support model as a routine feature update. The health system consuming it may lack the leverage to audit what that model does with patient data. In agentic AI scenarios, where decisions happen without a human in the loop, the consequences are clinical, not just operational. Patrick's advice for managing AI risk: stop treating it as a fundamentally different category. Layer it into existing security programs, policies, and governance frameworks. The uniqueness lies in how you assess AI risk -- not in abandoning what already works. The industry, he observes, is finally moving past the wait-and-see phase. The data on HITRUST certification outcomes is compelling. One organization has gone seven to eight years without a security incident by requiring all vendors to achieve HITRUST certification. External vulnerability platforms like SecurityScorecard and RiskRecon independently confirm the pattern: HITRUST-certified vendors score measurably higher. Certified vendors mature over time. Non-certified vendors plateau. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Ryan Patrick, Executive Vice President, TPRM Customer Solutions, HITRUSThttps://www.linkedin.com/in/ryan-patrick-3699117a/ RESOURCES HITRUST: https://hitrustalliance.net HIMSS 2026 Coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/himss-global-health-conference-amp-exhibition-2026 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Ryan Patrick, HITRUST, Sean Martin, third-party risk management, TPRM, supply chain security, healthcare cybersecurity, HIMSS 2026, AI security, EHR security, vendor risk, HIPAA compliance, CIA triad, supply chain resilience, agentic AI, healthcare data security, brand spotlight, brand marketing, marketing podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.