POPULARITY
Categories
Send us a textUnlocking the Future of Physical Security with PhySaaS – Josh Dickinson's JourneyJoin us for an enlightening episode of The Wireless Way with Josh Dickinson, leader at PhySaaS (Physical Security as a Service). Hear about Josh's entrepreneurial journey, from starting in telecom at 16 to co-founding multiple successful companies. Learn about PhySaaS's unique approach to physical security, incorporating advanced AI and Verkada hardware into a turnkey solution for businesses. Josh details the state of the security industry, the importance of integrating physical security into cybersecurity, and practical advice for partners looking to enhance their offerings. With engaging insights on market trends, customer profiles, and the ROI of security solutions, this episode is a must-watch for tech enthusiasts and business leaders alike. Don't miss out on Josh's unique perspective and invaluable advice!00:00 Introduction and Guest Welcome01:38 Josh Dickinson's Career Journey02:48 Founding PhySaaS04:21 Understanding PhySaaS and Its Offerings06:00 State of the Security Industry10:20 AI Integration in Security Solutions12:24 Event Highlights and Industry Insights15:22 Access Control and Compliance17:13 Innovative Security Solutions: License Plate Reading Cameras17:30 Integrating Access Control Systems with Emerging Technologies18:18 Partner Profiles: How to Sell Security Solutions18:42 Six-Step Process for Simplifying Security Sales21:01 Maximizing ROI and Overcoming Security Challenges24:57 Trends in Security: New Builds vs. Existing Structures29:11 The Importance of Managed Security Solutions30:31 Final Thoughts and EncouragementLearn more about PhySaaS hereLearn more about Josh hereSupport the showCheck out my website https://thewirelessway.net/ use the contact button to send request and feedback.
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can't control what you can't see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.The Zero Trust Mindset: Assume Breach, Limit AccessRob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It's not about waiting to detect bad behavior—it's about blocking the behavior before it starts.The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker's automation is designed to lower that barrier and get organizations to meaningful control faster.Modern Threats, Simplified DefensesAs AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don't require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it's created. Whether it's PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you're ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.' Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB Knostic's Website - https://www.knostic.ai/solution-brief-request Chapters 00:00 Introduction to Microsoft Copilot Risks 00:32 Meet the Guest: Sounil Yu 02:51 Understanding Microsoft 365 Copilot 06:09 The DIKW Pyramid and Knowledge Management 08:34 Challenges of Data Permissions and Oversharing 19:01 Need to Know: A New Approach to Access Control 35:10 Measuring and Mitigating Risks with Copilot 39:46 Conclusion and Next Steps
➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, enabling fine-grained actions like MFA prompts, access revocation, or full session shutdowns—triggered by dynamic, multi-signal rule sets. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - Welcome & High-Level Overview of Material Security02:04 - Common Threats: Phishing and Lateral Movement in Cloud Office05:30 - Access Control in Collaborative Workspaces (2FA, Just-in-Time, Aging Content)08:43 - Connecting Signals: From Login to Exfiltration via Rule Automation12:25 - Real-World Scenario: Suspicious Login and Automated Response15:08 - Rules, Templates, and Customer Customization at Onboarding18:46 - Accidental Risk: Sensitive Document Sharing and Exposure21:04 - Security Misconfigurations and Internal Abuse Cases23:43 - Full Control Points: IP, Behavior, Classification, Sharing Patterns27:50 - Integrations, Notifications, and Real-Time Security Team Coordination31:13 - Lateral Movement: How Attacks Spread Across the Workspace34:25 - Use Cases Involving Google Gemini and AI Exposure Risks36:36 - Upcoming Features: Deeper Remediation and Contextual Integration39:30 - Closing Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
In this Brand Story episode, Sean Martin and Marco Ciappelli sit down with Rob Allen, Chief Product Officer at ThreatLocker, to unpack how the company is reshaping endpoint security through a unique, control-first approach. Rob shares how ThreatLocker is challenging long-held assumptions about trust, visibility, and control in enterprise environments—and why the traditional “trust but verify” model is no longer good enough.From Default Permit to Default DenyThreatLocker's philosophy centers on a fundamental shift: moving from a default permit posture to a default deny stance. This approach, according to Rob, doesn't hinder operations—it creates boundaries that allow organizations to function safely and efficiently. It's not about locking systems down; it's about granting permissions with precision, so users can operate without even noticing security is present.Product Innovation Driven by Real FeedbackThe conversation highlights how customer input—and CEO Danny Jenkins' relentless presence at industry events—drives product development. New solutions like Web Control and Patch Management are designed as logical extensions of existing tools, allowing security teams to reduce risk without creating friction for end users. The addition of a software store, suggested by enterprise customers, gives users clarity on what's approved while reducing IT support tickets.Insights and the Detect DashboardRob also explains how ThreatLocker is unlocking the value of big data. With billions of data points collected every hour, their new Insights platform aggregates and analyzes cross-customer trends to better inform security decisions. Combined with the Detect Dashboard, teams now gain not only visibility but actionable intelligence—supported by polished visuals and streamlined workflows.More Than Just Tech—It's Peace of MindWhile the technology is impressive, Rob says the most rewarding feedback is simple: “ThreatLocker helps me sleep at night.” For many customers, that level of confidence is priceless. And in unexpected situations—like a blue-screen incident caused by third-party software—ThreatLocker has even been used to mitigate impacts in creative ways.Whether you're leading a global IT team or managing a growing MSP, this episode will make you think differently about how security fits into your operational strategy. Tune in to hear how ThreatLocker is turning bold ideas into real-world control.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer at ThreatLockerOn LinkedIn | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
When Karim Ben Dhia founded Adveez in 2011, the company wasn't focused on airports at all - it was building hands-free access control systems for buildings. Today, with nearly 20,000 GSE units monitored worldwide, Adveez stands at the forefront of a technological revolution transforming ground operations at airports globally.Product and Customer Success Director Matthias Moulinier takes us through this remarkable journey, revealing how their first aviation client simply wanted to prevent competitors from using their equipment on the ramp. That single need quickly expanded into a comprehensive tracking system collecting everything from GPS coordinates to engine hours, shock detection, and battery management data.What makes GSE telematics fundamentally different from standard vehicle tracking? The lack of standardization. While passenger vehicles have universal OBD connections, every GSE manufacturer implements different systems requiring specialized hardware solutions. This technical challenge became Adveez's opportunity to develop purpose-built systems for the unique airport environment.Perhaps most revealing is what the data shows about equipment utilization. Despite ramp operators consistently claiming equipment shortages, the metrics tell a different story - no customer ever utilizes more than 80-85% of their equipment simultaneously. This insight allows procurement teams to make data-driven investments rather than reacting to perceived shortages.Looking forward, Adveez is pioneering innovations like charger management systems to optimize electric GSE infrastructure and camera monitoring to enhance safety. They're also developing AI algorithms that predict maintenance needs based on patterns detected across thousands of operating hours, moving from reactive to predictive operations.As the industry gradually moves toward factory installations rather than field retrofits, Mathias works closely with manufacturers like Oshkosh to integrate these systems during production. However, challenges remain, particularly the lack of standardized data protocols - a topic currently being addressed in IATA and SAE working groups.Curious about the future of GSE management or how these systems might benefit your operation? Visit www.adveez.com or connect with their team on LinkedIn to learn more about this rapidly evolving technology.Looking for reliable and flexible ground support equipment leasing solutions? Look no further than Xcēd! As your trusted partner, Xcēd specializes in tailored operating leases for ground handlers and airlines, offering top-notch equipment and flexible terms to suit your needs. Whether you're seeking the latest electric GSE or traditional equipment, Xcēd has you covered with competitive rates and exceptional customer service. Keep your operations running smoothly and efficiently with Xcēd. Visit xcedgse.com today and soar to new heights with Xcēd Ground Support Equipment Leasing!
In this episode, SAP's Lalit Patil explores the impact of AI on cybersecurity within cloud ERP. It emphasizes the need for agile business transformation, sustainability, and robust security. The discussion includes cybersecurity strategies like zero trust, and AI's role in threat detection/response. The speaker highlights balancing AI benefits with data integrity risks, advocating for proactive, AI-enabled security measures to protect sensitive business data in the cloud.
In this episode of the Other Side of the Firewall podcast, the hosts discuss the critical role of identity management in cybersecurity. They emphasize the importance of access control, risk management, and the need for proper onboarding and offboarding procedures to mitigate insider threats. The conversation also highlights the necessity of integrating IT and HR processes to enhance security measures and ensure effective cyber hygiene. Article: Identity: The New Cybersecurity Battleground https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html Please LISTEN
Understanding Insider Threats in Cybersecurity with Eran Barak Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from innocent mistakes to malicious actors, and how companies can effectively protect their sensitive data. Learn about data loss prevention strategies, the impact of remote work, and the role of AI in enhancing data security. Get insights on practical steps that CISOs can take to mitigate risks and safeguard their organization's crown jewels. 00:00 Introduction and Guest Welcome 00:10 Understanding Insider Threats 01:20 Types of Insider Threats 02:18 Monitoring and Preventing Data Leaks 03:37 Remote Work and Security Risks 06:03 Access Control and Permissions 08:41 Real-World Scenarios and Solutions 21:20 The Role of AI in Data Security 34:53 Final Thoughts and Conclusion
Zero Trust World 2025: Strengthening Cybersecurity Through Zero TrustZero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.A Deep Dive into Windows Security and Zero Trust
This case study demonstrates that In an era where ensuring student and faculty safety is paramount, Illinois' Leyden District 212 has taken a significant step forward by awarding Umbrella Security Systems a contract for an access control system renovation project. Umbrella Security Systems City: Naperville Address: 1240 Iroquois Ave. Suite 200 Website: https://www.umbrellasecurity.com
Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.Defining Zero Trust in PracticeSean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.A Focus on Security OperationsSecurity operations and incident response are among the core themes of this year's discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.Learning Through EngagementOne of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.The Power of CommunityBeyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.Zero Trust World 2025 is just getting started, and there's much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
How did a UK
Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In the fast-paced world of technology, the ability to innovate is often seen as the hallmark of success. However, innovation does not occur in a vacuum; it is frequently born from the challenges we face. The recent discussion with Gaël Lededantec, co-founder of Akidaia, underscores the significance of embracing challenges as a catalyst for innovation, … Continue reading How Akidaia is Changing the Game with Decentralized Access Control → The post How Akidaia is Changing the Game with Decentralized Access Control appeared first on Tech Podcast Network.
Send us a textDiscover the game-changing strategies to strengthen your company's cybersecurity posture with our latest episode on CISSP Cybersecurity Training and Board Expertise. We reveal shocking insights: only 5% of company boards have cybersecurity expertise, a glaring gap that can jeopardize risk management and financial stability. Listen as we advocate for the integration of cybersecurity professionals into risk committees, a move proven to enhance security measures and boost shareholder confidence. Get ready to transform your board's approach to cybersecurity.Unlock the secrets to effective Role-Based Access Control (RBAC) and learn how to shield your organization from credential creep threats. Long-term employees and contractors like Sean are especially vulnerable, but with well-defined roles and responsibilities, you can assign privileges with precision and prevent conflicts of interest. This episode unpacks the complexities of role hierarchy and the importance of role lifecycle management, emphasizing regular audits and compliance to keep your security framework airtight and aligned with business needs.Managing employee transitions is a critical challenge, and we discuss how deprovisioning and offboarding are vital components in maintaining security integrity. Prompt account deactivation, asset retrieval, and data retention management are just the beginning; delve into the role of identity and access management tools like single sign-on systems and multi-factor authentication. Discover how adaptive authentication and compliance considerations ensure your protocols meet regulatory standards while safeguarding your company's digital assets and data. Prepare to step up your cybersecurity game with expert insights and proven strategies from our podcast.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
In the fast-paced world of technology, the ability to innovate is often seen as the hallmark of success. However, innovation does not occur in a vacuum; it is frequently born from the challenges we face. The recent discussion with Gaël Lededantec, co-founder of Akidaia, underscores the significance of embracing challenges as a catalyst for innovation, particularly in the realm of security and access control.The Traditional Model of Access ControlHistorically, access control solutions have relied on a centralized model, where various forms of identification - be it badges, QR codes, or biometrics - are processed through a reader connected to a central database. This infrastructure-heavy approach presents several challenges: it is often expensive to install, vulnerable to cyber threats, and limited in deployment flexibility. The reliance on connectivity means that securing isolated or temporary locations becomes a logistical nightmare, often requiring the use of traditional keys and manual oversight.The Decentralized Approach: A Paradigm ShiftAkidaia's innovative solution disrupts this conventional model by decentralizing access rights. Instead of depending on a connected reader that communicates with a central database, Akidaia's system operates as a "black box." This reader functions independently, allowing for quick installation in just five minutes, even in remote locations. By removing the need for constant connectivity, the system is inherently more secure against cyber threats, as it operates offline and does not store user data.The decentralized nature of Akidaia's technology not only enhances security but also reduces installation costs and time. This is particularly beneficial for industries such as construction, where temporary sites frequently change and the investment in security infrastructure can often be wasted once a project concludes. With Akidaia's solution, companies can simply unplug the reader from one site and move it to another, maximizing efficiency and resource allocation.Applications Across IndustriesThe versatility of Akidaia's decentralized access control system opens the door to a multitude of applications across various sectors. In construction, for instance, the ability to secure temporary sites without heavy investment in infrastructure is a game-changer. The system's plug-and-play nature means that it can be deployed rapidly, allowing companies to focus on their core operations rather than on complex security logistics.Moreover, the technology has garnered interest from high-security sectors, including the French army, which values the system's resilience against cyber attacks. This speaks to the broader applicability of decentralized security solutions in environments where data integrity and access control are critical.The Vision Behind InnovationLededantec's journey into the realm of access control innovation was born from a recognition of the pain points within the industry. Drawing from previous experiences in creating digital keys for cars and other technological advancements, he and his team identified a significant opportunity to revolutionize access control. The immediate interest and willingness of potential clients to invest in their concept, even before a prototype was developed, underscore the pressing need for such innovations.Conclusion: Decentralized Security is a Game ChangerThe discussion with Gaël Lededantec highlights a pivotal shift in how we approach security and access control. By decentralizing the process, Akidaia not only simplifies installation and reduces costs but also enhances security in an increasingly connected world. As industries continue to evolve and the threat landscape expands, such innovative solutions will be crucial in safeguarding access to sensitive areas and information. The future of access control lies in decentralization, and Akidaia is at the forefront of this transformation, paving the way for a more secure and efficient approach to managing access rights.Interview by Don Baine, The Gadget Professor.Sponsored by: Get $5 to protect your credit card information online with Privacy. Amazon Prime gives you more than just free shipping. Get free music, TV shows, movies, videogames and more. The most flexible tools for podcasting. Get a 30 day free trial of storage and statistics.
In the fast-paced world of technology, the ability to innovate is often seen as the hallmark of success. However, innovation does not occur in a vacuum; it is frequently born from the challenges we face. The recent discussion with Gaël Lededantec, co-founder of Akidaia, underscores the significance of embracing challenges as a catalyst for innovation, particularly in the realm of security and access control.The Traditional Model of Access ControlHistorically, access control solutions have relied on a centralized model, where various forms of identification - be it badges, QR codes, or biometrics - are processed through a reader connected to a central database. This infrastructure-heavy approach presents several challenges: it is often expensive to install, vulnerable to cyber threats, and limited in deployment flexibility. The reliance on connectivity means that securing isolated or temporary locations becomes a logistical nightmare, often requiring the use of traditional keys and manual oversight.The Decentralized Approach: A Paradigm ShiftAkidaia's innovative solution disrupts this conventional model by decentralizing access rights. Instead of depending on a connected reader that communicates with a central database, Akidaia's system operates as a "black box." This reader functions independently, allowing for quick installation in just five minutes, even in remote locations. By removing the need for constant connectivity, the system is inherently more secure against cyber threats, as it operates offline and does not store user data.The decentralized nature of Akidaia's technology not only enhances security but also reduces installation costs and time. This is particularly beneficial for industries such as construction, where temporary sites frequently change and the investment in security infrastructure can often be wasted once a project concludes. With Akidaia's solution, companies can simply unplug the reader from one site and move it to another, maximizing efficiency and resource allocation.Applications Across IndustriesThe versatility of Akidaia's decentralized access control system opens the door to a multitude of applications across various sectors. In construction, for instance, the ability to secure temporary sites without heavy investment in infrastructure is a game-changer. The system's plug-and-play nature means that it can be deployed rapidly, allowing companies to focus on their core operations rather than on complex security logistics.Moreover, the technology has garnered interest from high-security sectors, including the French army, which values the system's resilience against cyber attacks. This speaks to the broader applicability of decentralized security solutions in environments where data integrity and access control are critical.The Vision Behind InnovationLededantec's journey into the realm of access control innovation was born from a recognition of the pain points within the industry. Drawing from previous experiences in creating digital keys for cars and other technological advancements, he and his team identified a significant opportunity to revolutionize access control. The immediate interest and willingness of potential clients to invest in their concept, even before a prototype was developed, underscore the pressing need for such innovations.Conclusion: Decentralized Security is a Game ChangerThe discussion with Gaël Lededantec highlights a pivotal shift in how we approach security and access control. By decentralizing the process, Akidaia not only simplifies installation and reduces costs but also enhances security in an increasingly connected world. As industries continue to evolve and the threat landscape expands, such innovative solutions will be crucial in safeguarding access to sensitive areas and information. The future of access control lies in decentralization, and Akidaia is at the forefront of this transformation, paving the way for a more secure and efficient approach to managing access rights.Interview by Don Baine, The Gadget Professor.Sponsored by: Get $5 to protect your credit card information online with Privacy. Amazon Prime gives you more than just free shipping. Get free music, TV shows, movies, videogames and more. The most flexible tools for podcasting. Get a 30 day free trial of storage and statistics.
#297: In today's digital landscape, ensuring secure and efficient access to systems is crucial. Authorization plays a vital role in granting the right access levels — but how can businesses implement it effectively? In this episode, we speak with Alex Olivier, co-founder & CPO at Cerbos, about how Cerbos presents an adaptable solution that streamlines access control and governance by externalizing authorization logic and focusing on policy-driven management. Alex's contact information: LinkedIn: https://www.linkedin.com/in/alexolivier/ X (Formerly Twitter): https://x.com/alexolivier YouTube channel: https://youtube.com/devopsparadox Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/ Slack: https://www.devopsparadox.com/slack/ Connect with us at: https://www.devopsparadox.com/contact/
In this episode of the Half Watt Podcast, Tyler and Gage discuss the journey of the podcast, including the challenges of finding recording spaces, personal life changes such as the birth of his second child, and insights into working in government facilities. The conversation also delves into technical aspects of fire alarm systems, access control, and the importance of continuous learning in the trades. Our hosts share experiences with troubleshooting and integrating various systems, highlighting the evolving technology in the industry. In this conversation, We discusses various technical aspects of access control systems, including the functionality of resistors, the complexity of monitoring systems, and the configurations of panels. Emphasizing the importance of training new hires in access control and the significance of networking and relay logic. The discussion also touches on community engagement through platforms like Reddit, highlighting the value of shared knowledge and experiences in the field. Be sure to follow us on Instagram @halfwattpod to follow all our dumb memes and join in on great giveaways! If you want to voice your opinion the please write to us. Halfwattpod@gmail.com Tell us about your thoughts on the show, opinions on our topics and general knowledge that you might want to share with your peers. As well, if you have stories from the field, terror ridden horror job sites, or praiseworthy work done well, or even funny anecdotes the write us and we'll share them on our round table episodes!
Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Abbas Kudrati, Asia's SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [@Microsoft]On LinkedIn | https://www.linkedin.com/in/akudrati/On Twitter | https://twitter.com/askudratiHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region.Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions.The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices.Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use.Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities.The conversation concluded with a forward-looking perspective on AI's role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Abbas Kudrati, Asia's SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [@Microsoft]On LinkedIn | https://www.linkedin.com/in/akudrati/On Twitter | https://twitter.com/askudratiHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region.Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions.The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices.Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use.Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities.The conversation concluded with a forward-looking perspective on AI's role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Software Engineering Radio - The Podcast for Professional Software Developers
Jonathan Horvath of Z-bit discusses physical access control systems (PACS) with host Jeremy Jung. They start with an overview of PACS components and discuss the proprietary nature of the industry, the slow pace of migration to open standards, and why Windows is commonly used. Jonathan describes the security implications of moving from isolated networks to the cloud, as well as credential vulnerabilities, encryption using symmetric keys versus asymmetric keys, and the risks related to cloning credentials. They also consider several standards, including moving from Wiegand to the Open Supervised Device Protocol (OSDP), as well as the Public Key Open Credential (PKOC) standard, and the open source OSDP implementation that Jonathan authored. Brought to you by IEEE Computer Society and IEEE Software magazine.
Send us a textUnlock the secrets to mastering access control models essential for conquering the CISSP exam and advancing your cybersecurity expertise. Imagine having a comprehensive understanding of how discretionary, mandatory, role-based, risk-based, rule-based, attribute-based, and hybrid models function in various scenarios. This episode features Sean Gerber as he navigates the complex world of access control frameworks, offering insightful questions and real-world applications. Whether you're dealing with military security labels or defining access based on job responsibilities, gain the clarity needed to apply these models effectively in your cybersecurity practice.Get ready to transform your CISSP exam preparation with unparalleled support from CISSP Cyber Training. Sean shares an exciting opportunity for exam success, emphasizing the power of dedicated study using a suite of comprehensive videos and guides. By committing to the program's blueprint, you can approach your certification journey with confidence and assurance. Join us and embrace this empowering learning experience that promises not just knowledge, but the keys to certification success.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Send us a textUnlock the secrets of cybersecurity in our latest episode where we promise to transform your understanding of access control mechanisms. We kick things off by dissecting the discretionary access controls (DAC) and the power dynamics behind resource ownership. Discover why assigning ownership is crucial to sidestep security pitfalls and how to tackle the double-edged sword of permission propagation and creep. We also unveil strategies for seamless security management, including the potential of document-level protections and data loss prevention tools.Transitioning to role-based and rule-based access control, we unravel their significance for those eyeing the CISSP certification. Picture a world where credential creep and role explosion are mitigated through strategic central management and diligent reviews. Learn how Segregation of Duties (SOD) safeguards against conflicts of interest, and grasp the fine line between roles and rules, arming you with the insight needed to choose the right strategy for your organization. Whether you're in finance or tech, these access controls are essential for preventing systemic risks.Finally, explore the future of security with adaptive authentication systems and non-discretionary access controls. Real-time risk assessment becomes a reality as we delve into adaptive authentication, incorporating contextual cues and threat intelligence. Meanwhile, non-discretionary access controls centralize authority, yet beware of potential bottlenecks and user frustration. Balancing these sophisticated systems is key to maintaining integrity and consistency on a large scale. Tune in as we navigate these intricate mechanisms to keep your cybersecurity robust and dynamic.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Manage your data access effectively while using Microsoft 365 Copilot. Navigate the SharePoint admin center to adjust site privacy settings, ensuring only authorized members can access sensitive content. Set up test accounts to identify potential oversharing and take corrective actions. By refining permissions, protect valuable information and enhance the relevance of AI-generated responses. Jeremy Chapman, Director of Microsoft 365, shares how to find and control oversharing, so you can confidently utilize Microsoft 365 Copilot for your small business needs. ► QUICK LINKS: 00:00 - Prepare data for search 01:22 - Search hygiene 02:04 - Test to see who has access 02:33 - How to set up a test account 03:32 - Search for items 05:08 - Information retrieval process 05:45 - Shared items by invitation link 06:19 - Oversharing 07:33 - How to reduce oversharing 08:35 - Check permissions 11:07 - Confirm permissions are in place 11:52 - Wrap up ► Link References Get to the SharePoint admin center from Microsoft 365's admin center at https://admin.microsoft.com ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Bobby DeSimone is the Founder and CEO of Pomerium, the best way to authenticate, authorize, monitor, and secure user access to any application without a VPN. Bobby explains why access control is so important, how it led to the biggest corporate hack ever, how its related to the day CrowdStrike took down the global economy, and how AI will change security. Pomerium has a unique open source approach, and Bobby takes us inside the early days of building the product, how he got the first customers, lessons learning enterprise sales as a technical founder, and inside his funding rounds, including a recent Series A led by Eric Vishria at Benchmark. Timestamps(00:00) Intro(02:02) Access Control: a sneaky large problem(07:22) How an unsecure air conditioner led to the biggest credit card breach in history(10:23) Google's internal security software inspiring Pomerium(16:41) Making his first money online selling a WoW bot(19:24) How CrowdStrike took down the global economy in July, 2024(22:29) Deep dive on access control and security(29:39) How access controls impacted Google vs Uber's self-driving lawsuit(30:52) Why Zero Trust security is marketing bullshit(32:09) Advice for building access control(34:39) How open source built early trust with customers(41:39) Missing a 7-figure deal because he didn't use LinkedIn(44:52) Everything he's learned about sales as a technical founder(50:06) Inside Pomerium's Series A(51:41) Advice on evaluating potential investors(56:06) How AI will change security(01:01:15) Getting in trouble at the first Pomerium board meeting(01:02:15) How to hire good engineers(01:04:00) When to scale back IC work as a founder(01:06:56) Favorite new AI tools(01:11:09) Why Meta's open sourcing its AI models(01:12:32) Life lessons from Charlie MungerReferencedCheck out Pomerium: https://www.pomerium.com/ Crowdstrike outage post-mortem: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Pomerium on GitHub: https://github.com/pomerium/pomeriumFollow BobbyTwitter: https://x.com/bdd_io LinkedIn: https://www.linkedin.com/in/bobby-desimone/Follow TurnerTwitter: https://twitter.com/TurnerNovak LinkedIn: https://www.linkedin.com/in/turnernovak Newsletter: https://www.thespl.it/
Oz is co-founder and CEO of Opsin, which provides access control capabilities to LLM outputs ensuring users only get appropriate outputs based on their access level. The company was founded earlier this year, but they have already seen strong customer and investor interest given they are aimed at a key roadblock in making gen AI more available within the enterprise. Before Opsin, Oz worked in product management at high profile technology and security companies for most of the last decade, including Fireeye and Abnormal (where he met his co-founder James). In the episode we discuss everything from the origin story to the technical challenges of applying access control to these outputs and how to maintain current records despite a constantly changing access landscape. Website Sponsor: VulnCheck
In this episode of The Digital Executive Podcast, Brian Thomas interviews Vince Gaydarzhiev, the founder and president of Alcatraz AI, a leader in frictionless AI-powered biometric access control solutions. Vince shares his journey from working on Apple's Face ID to pioneering facial authentication technology for the physical world.He discusses the importance of privacy and security in biometric data management, the challenges of navigating evolving AI regulations, and how Alcatraz AI is preparing to lead the future of AI-powered security. Vince also provides insights into the most promising advancements in AI security solutions, highlighting the potential of data-driven technologies to enhance both physical and cybersecurity. This episode offers a deep dive into the cutting-edge innovations that are set to redefine the security landscape.
In this episode, Frank Vukovits, Chief Security Scientist at Delinea, delves into why authentication alone isn't enough for robust cybersecurity. We discussed the critical role of authorization, the evolution of identity GRC, and the importance of least privilege access. Frank, a seasoned expert with over 30 years in audit and compliance, shares insights on mitigating internal and external threats, emphasizing the need for both authentication and authorization controls. If you want to be our guest or suggest someone, send your email to info@globalriskconsult.com with "Guest Inquiry" as the subject. Join us as we explore the intersection of risk management, cyber security, and sustainability with industry leaders.
In this On Location episode Brand Story, Sean Martin speaks with Artyom Poghosyan at the Black Hat conference in Las Vegas about Britive, a cloud privileged access management platform. They explore how Britive assists medium to large enterprises in tackling identity management and security issues across multi-cloud and hybrid environments.Sean and Artyom discuss the complexities that organizations face with cloud adoption, where traditional lift-and-shift approaches no longer suffice. Artyom outlines how the incorporation of new processes and tools, such as DevOps automation, complicates identity and access management in cloud environments. Britive's approach emphasizes the need for dynamic, scalable solutions that align with the speed and agility of cloud-based development while ensuring robust security controls.A key focus is the balance between granting necessary access for operational efficiency and minimizing security risks from overprivileged accounts. Artyom describes Britive's method of dynamically granting and revoking access based on justified needs, ensuring that temporary elevated access is appropriately controlled and removed post-use.Additionally, the conversation highlights the challenges of managing identities across multiple cloud platforms (AWS, GCP, Azure, etc.) and the diverse technologies used in modern enterprises. Artyom explains Britive's capability to provide a unified identity and access management approach that simplifies and secures these varied environments.The episode also emphasizes Britive's potential to significantly reduce the time required for onboarding DevOps engineers, streamlining the process from days to mere minutes through automation. This not only improves operational efficiency but also vastly reduces risk by limiting standing privileges, a key security vulnerability often exploited by cybercriminals.Finally, they touch upon how Britive fits within broader organizational security strategies, particularly Zero Trust initiatives. By eliminating standing access risks and offering integration with existing security processes, Britive supports the implementation of comprehensive identity security programs that align with modern security frameworks.Sean closes the episode by encouraging listeners to engage with Artyom and the Britive team to see how their solutions can enhance identity management and security within their organizations.Learn more about Britive: https://itspm.ag/britive-3fa6Note: This story contains promotional content. Learn more.Guest: Artyom Poghosyan, Co-Founder, Britive [@britive1]On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/ResourcesLearn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britiveView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of SaaS Fuel, we sit down with Sethu Meenakshisundaram, co-founder of Zluri - a SaaS management and identity governance company born out of the need to tackle hidden SaaS costs that surfaced during the COVID-19 pandemic.Sethu recounts the inception of Zluri during the COVID-19 pandemic, revealing how the founders identified a critical need for better visibility and control over hidden SaaS costs even for small businesses. Sethu highlights Zluri's evolution from a cost optimization tool to a proactive platform, addressing the diverse needs of both enterprises and smaller companies. Explore the value of integration, automation, and maintaining up-to-date to ensure scalable and adaptable IT management solutions. Additionally, Sethu shares insights on Managed IT, Shadow IT, and the emerging Shadow AI.Key Takeaways00:00 Ensure meaningful customer engagement with authentic SaaS.03:17 Utilize analytics tools for detailed user insights.07:06 Embracing problem led to $50,000 saving.12:16 Different service delivery models for varying sizes.13:37 Zulary needs integrations, highlights importance of security.19:46 Complexity of integration improved, faster value delivery.23:26 Questioning the purpose and value of work.24:50 Champion Leadership Group scales revenue and outwits competitors.29:02 Zluri offers exhaustive IT discovery engine.31:53 Admin roles crucial, over-permissioning poses security risk.36:52 Expand discovery, control and technology for visibility.38:27 Architecture supports user access reviews for scaling.42:16 Be prepared, but do it anyway.45:39 Investing is complex, understand it thoroughly.Tweetable Quotes"Without integration, the platform doesn't work, which means integration is a core story of Slurry." — Sethu 00:17:54Shadow AI: "People are using a lot of AI application that they don't want their IT to know of. And to use those apps, they are exchanging the company's data as a bottom." — Sethu 00:28:12"Importance of Access Control in Safeguarding Organizations": "People find it very hard to get access to a job, and sometimes they do not get the right level of access, which means they get over permissioned in an application. And that becomes a critical issue during times when bad actors pop up because they can do a lot of things." — Sethu 00:32:12But as our vision expands, do we have the technology today to expand along with that? And the answer is yes." — Sethu 00:37:19"Engagement is one of the most important metrics SaaS leaders can track. Why is that? Well, it's a forward-looking measure of revenue and an early warning system of churn." — Jeff Mains 00:01:01The importance of tracking authentic SaaS customer engagement: "You've got to go beyond vanity metrics and focus on actions that indicate genuine involvement and significant outcomes." — Jeff Mains 00:02:36Quote: "Got to implement customer feedback loops. And to do that, we wanna actively seek feedback from users through surveys, through interviews, through in-app prompts." — Jeff Mains 00:04:30 Quote: "Tracking authentic SaaS customer engagement requires focusing on the right metrics, using advanced tools, and incorporating continuous customer feedback." — Jeff Mains 00:05:08SaaS Leadership LessonsEmbrace the Problem You Love: Sethu's journey with Zluri began with a genuine passion for solving a significant problem they encountered during the COVID-19 pandemic– hidden SaaS costs. His deep connection to the issue drove the successful pivot from gamifying corporate learning to addressing...
Send us a Text Message.Emre Baran is the CEO and Co-Founder of Cerbos: an authorization management solution helping software companies implement and scale fine-grained access controls. Emre is an entrepreneur and a software expert with over twenty years of experience building and scaling B2B and B2C products. In this discussion, we start with Emre's experience Co-Founding and operating Yonja, Turkey's largest social network in the mid 2000s and work our way to the present, as we dig into how Cerbos gives developers a scalable experience for access control that just works.Where to find EmreLinkedIn: https://www.linkedin.com/in/emrebaran/Twitter: https://x.com/emreShow LinksCerbos raises $7.5 million: https://techcrunch.com/2023/04/12/cerbos-takes-its-open-source-access-control-software-to-the-cloud/Cerbos Hub goes GA: https://www.cerbos.dev/news/cerbos-hub-is-now-generally-availableFollow, Like, and Subscribe!Podcast: https://www.thecloudgambit.com/YouTube: https://www.youtube.com/@TheCloudGambitLinkedIn: https://www.linkedin.com/company/thecloudgambitTwitter: https://twitter.com/TheCloudGambitTikTok: https://www.tiktok.com/@thecloudgambit
Guest: Theodore Heiman, CEO, CISO GuruOn LinkedIn | https://www.linkedin.com/in/tedheimanOn Twitter | https://x.com/tedrheiman____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Ted Heiman, CEO of the cybersecurity practice CISO Guru, in an insightful conversation about the complexities and evolving landscape of password management and multi-factor authentication (MFA). Sean Martin introduces the session by highlighting the challenges practitioners and leaders face in building security programs that enable organizations to achieve their objectives securely.The discussion quickly steers towards the main topic - the evolution of passwords, the role of password managers, and the critical implementation of MFA. Ted Heiman shares his extensive experience from over 25 years in the cybersecurity industry, observing that passwords are a relic from a time when networks were isolated and less complex. As organizations have grown and interconnected, the weaknesses of static passwords have become more apparent. Heiman notes a striking statistic: 75 to 80 percent of breaches occur due to compromised static passwords.The conversation examines the history of passwords, starting as simple, memorable phrases and evolving into complex strings with mandatory special characters, numbers, and capitalization. This complexity, while intended to increase security, often leads users to write down passwords or repeat them across multiple platforms, introducing significant security risks. Solutions like password managers arose to mitigate these issues, but as Heiman highlights, they tend to centralize risk, making a single point of failure an attractive target for attackers.The discussion shifts to MFA, which Heiman regards as a substantial improvement over static passwords. He illustrates the concept by comparing it to ATM use, which combines something you have (a bank card) and something you know (a PIN). Applying this to cybersecurity, MFA typically involves an additional step, such as an SMS code or biometric verification, significantly reducing the possibility of unauthorized access.Looking forward, both Heiman and Martin consider the promise of passwordless systems and continuous authentication. These technologies utilize a combination of biometrics and behavioral analysis to constantly verify user identity without the need for repetitive password entries. This approach aligns with the principles of zero-trust architecture, which assumes that no entity, inside or outside the organization, can be inherently trusted. Heiman stresses that transitioning to these advanced authentication methods should be a priority for organizations seeking to enhance their security posture. However, he acknowledges the challenges, especially concerning legacy systems and human behaviors, emphasizing the importance of a phased and managed risk approach.For listeners involved in cybersecurity, Heiman's insights provide valuable guidance on navigating the intricate dynamics of password management and embracing more secure, advanced authentication mechanisms.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this episode of Access Control, we dive deep into the evolving world of security information and event management (SIEM) with Jack Naglieri, founder and CTO of Panther. Jack shares his insights on transitioning from traditional SIEM systems to modern, cloud-native approaches that leverage detection-as-code. Key topics include: - The importance of intentionality in security operations - Benefits of detection-as-code for governance, collaboration, and scalability - Challenges of monitoring diverse cloud environments and SaaS tools - Strategies for effective alert prioritization and reducing alert fatigue - Cost considerations and selling points for modernizing SIEM systems Jack emphasizes the need for a focused approach to security, starting with identifying an organization's most critical assets and potential threats. He discusses how detection-as-code can improve efficiency, collaboration, and adaptability in security teams. Whether you're a seasoned security professional or new to the field, this episode offers valuable insights on modernizing security operations for today's cloud-centric world. Join us for a thought-provoking discussion on the future of SIEM and practical tips for enhancing your organization's security postur
Send us a Text Message.This month, we welcome Swathi Joshi, VP of SaaS Cloud Security at Oracle, to discuss key moments and decisions that shaped her career path, including rejections from Google and Twitter. She emphasizes the importance of learning from rejection and seeking feedback to improve. Swathi also shares insights on the role of mentors and advises on finding and working with mentors. In the second part of the conversation, she discusses building a SaaS security program as an enterprise consumer of SaaS. She highlights the importance of addressing misconfigurations, ensuring visibility and access control, and meeting compliance needs. Swathi also suggests asking about backup and exploring risk scoring for vendors. In this conversation, Swathi discusses best practices for managing vendor risk, vulnerability management through third parties, and incident response in SaaS applications. She also shares insights on privacy operations and critical privacy controls in SaaS. Swathi emphasizes the importance of collaboration, robust incident response plans, and data lifecycle management. She also highlights the need for identity and access control and the challenges of normalizing incident response across different SaaS platforms. Swathi's leadership philosophy is collaborative and pace-setting, and she emphasizes the importance of stress management.TakeawaysLearn from rejection and seek feedback to improveBuild long-term relationships with mentors and create a personal advisory boardWhen building a SaaS security program, focus on addressing misconfigurations, ensuring visibility and access control, and meeting compliance needsAsk about backup and explore risk scoring for vendors. Managing vendor risk requires close collaboration with privacy, legal, and contract partners.Incident response in SaaS applications shares foundational principles with traditional on-prem software, but there are differences in data snapshotting and managing dependencies.Privacy operations can be operationalized by focusing on identity, access control, and data lifecycle management.Leadership should be collaborative, open to ideas, and adaptable to different situations.Stress management is crucial for effective leadership and should be acknowledged and actively managed.LinksPrivacy Operations TemplateSwathi's LI ProfileChapters00:00 Navigating Career Challenges and Learning from Rejection08:13 The Role of Mentors in Career Growth15:26 Building a Strong SaaS Security Program21:20 Meeting Compliance Needs in a SaaS Environment21:56 Backup and Risk Scoring for SaaS Vendors22:38 Managing Vendor Risk26:12 Improving Vulnerability Management through Third Parties26:35 Navigating Incident Response in SaaS Applications34:03 Operationalizing Privacy Operations in SaaS40:50 The Importance of Collaboration in Leadership43:04 Managing Stress for Effective LeadershipSecure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
In this engaging episode, hosts Jim McDonald and Jeff Steadman wrap up their Identiverse 2024 experience with a thought-provoking panel discussion. Joined by Alex Bovee, CEO and Co-Founder of ConductorOne; Ian Glazer, Founder and President of Weave Identity; and Lance Peterman, Identity Lead at Dick's Sporting Goods and Professor at UNC Charlotte, the conversation dives deep into the future of identity management. The panel explores the concept of Zero Standing Privileges (ZSP) as the evolution of least privilege, discussing its feasibility, operational challenges, and the maturity curve required for organizations to adopt such a model. Ian shares his perspective on the future of identity governance, while Alex and Lance provide insights into practical implementations and the role of automation in achieving ZSP. The discussion also touches on the importance of context, policy, and the need for better data orchestration to make identity management more effective. Tune in for an insightful conversation on the next frontier of identity management and the steps needed to get there. Connect with Alex Bovee - https://www.linkedin.com/in/alexbovee/ Learn about ConductorOne - https://www.conductorone.com/?utm_source=identityatthecenter&utm_medium=podcast&utm_campaign=c1-brand Connect with Ian: https://www.linkedin.com/in/iglazer/ Learn about Weave Identity - https://weaveidentity.com/ Connect with Lance - https://www.linkedin.com/in/lancepeterman/ Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast
On this episode of Identity at the Center, Jim McDonald and Jeff Steadman are joined by Chad Wolcott, Managing Director at RSM US LLP, to peel back the layers of the identity industry. They delve into the complexities of identity consulting, discussing the challenges and triumphs of implementing and managing IAM solutions. From Chad's early days of designing robots to Jim's arcade escapades, the trio shares their most unusual jobs and the lessons learned from their unique experiences. They also tackle pressing topics like the future of passwordless authentication, the role of AI and analytics in identity, and the evolution of authorization from RBAC to dynamic access models. The conversation takes a turn into the realm of IAM horror stories, highlighting the pitfalls of over-engineering solutions and the importance of aligning with organizational change. As they gear up for Identiverse, they share their excitement for reconnecting with industry peers, diving into sessions on AI and identity security, and enjoying the Vegas experience. Tune in for an insightful and candid discussion on the state of identity security, the potential of AI, and the power of automation in the ever-evolving IAM landscape. Connect with Chad: https://www.linkedin.com/in/chad-wolcott/ Meet up with our RSM team at Identiverse 2024! Schedule at https://rsmus.com/events/2024-events/join-rsm-at-identiverse-2024.html Learn more about RSM Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.html Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
In this episode of State of Identity, host Cameron D'Ambrosi welcomes Alex Bovee, co-founder and CEO of ConductorOne to explore the evolving challenges and solutions in the digital identity space. Learn what's driving the rise of identity-based security risks and how ConductorOne is tackling these issues through centralized identity governance and access controls. The conversation focuses on needing a more flexible approach to identity management, addressing common concerns like access control, multifactor authentication, and the ongoing struggle to balance security with productivity. It also offers insights on how businesses can better manage identity-related risks while ensuring a seamless user experience.
In today's podcast, Christin Cifaldi, Director of Product Development & Analytics, explains what a demilitarized zone network (DMZ) is and how it secures the perimeter around internal LANs. She also discusses a few key items on access control, network segmentation, and IP spoofing prevention. Listen in to learn more.
Access Control Versus Surveillance Cameras - Which one do you choose for your church security program and why? Decision Decks: Unique Scenario Cards for Church Safety and Security. Six Deck Box Set: https://a.co/d/8OUDO6q Conflict Deescalation Scenarios: https://a.co/d/6tNrJsZ Safety Team Scenarios: https://a.co/d/ciEwDJa Threat Assessment Scenarios: https://a.co/d/hkWkVih Suspicious Behavior Scenarios: https://a.co/d/0ilrAUV Medical Response Scenarios: https://a.co/d/aJgzLIr Crisis Intervention Scenarios: https://a.co/d/7SMgynD