Podcasts about attack surface

Not all cyber threats target your systems, some target your reputation, your customers, and your brand. In this episode, Matthias Reinwarth sits down with research analyst Osman Celik to unpack three closely related but distinct markets: Attack Surface Management (ASM), Digital Risk Protection (DRP), and Brand Protection — and help organizations figure out which one they actually need. Key Topics: ✅ What Attack Surface Management is and its four subcategories (CAASM, EASM, TPRM, DRP)✅ How Digital Risk Protection monitors dark web, social media, and hacker forums✅ What Brand Protection adds on top of DRP — from takedown services to counterfeit detection✅ DRP vs. Brand Protection: lightweight vs. full-spectrum — and when you need which✅ Why brand reach matters more than company size when assessing risk✅ What KuppingerCole research is available now — and what's coming in August Someone may be selling counterfeit versions of your product right now — or impersonating your brand online. DRP and Brand Protection tools exist to catch exactly that. Check out KuppingerCole's Brand Protection Buyer's Compass here.

Not all cyber threats target your systems, some target your reputation, your customers, and your brand. In this episode, Matthias Reinwarth sits down with research analyst Osman Celik to unpack three closely related but distinct markets: Attack Surface Management (ASM), Digital Risk Protection (DRP), and Brand Protection — and help organizations figure out which one they actually need. Key Topics: ✅ What Attack Surface Management is and its four subcategories (CAASM, EASM, TPRM, DRP)✅ How Digital Risk Protection monitors dark web, social media, and hacker forums✅ What Brand Protection adds on top of DRP — from takedown services to counterfeit detection✅ DRP vs. Brand Protection: lightweight vs. full-spectrum — and when you need which✅ Why brand reach matters more than company size when assessing risk✅ What KuppingerCole research is available now — and what's coming in August Someone may be selling counterfeit versions of your product right now — or impersonating your brand online. DRP and Brand Protection tools exist to catch exactly that. Check out KuppingerCole's Brand Protection Buyer's Compass here.

The latest Open Source Startup Podcast episode has our co-hosts Robby and Tim in conversation with Neal Swaelens and Oleks Yaremchuk, 2 of the Co-Founders of runtime agent security company Manifold Security. Manifold recently released Manifest, their open-access, graph-based supply chain intelligence tool for users to scan skills and plugins to uncover any potential supply chain risks. In this episode, Neal and Oleks explain why AI agents are reshaping cybersecurity - shifting the focus from guardrails to runtime security. As tools like Claude Code and Codex spread rapidly, companies often have little visibility into the agents, plugins, skills, and external assets employees are using, creating major supply chain and runtime risks. Drawing on their experience building LLMGuard and leading security teams at Protect AI and Palo Alto Networks, they argue that runtime detection and response is still a wide-open market opportunity.They also discuss what it takes to build in the crowded AI security space, where buyers now expect real products instead of roadmap promises. The conversation highlights lessons from open projects like LLMGuard and Manifest, why reducing noise and false positives matters, and how open ecosystems can help establish trust and industry standards for securing AI agents and assets.

Podcast: Exploited: The Cyber Truth Episode: The Invisible Attack Surface: Cybersecurity for Embedded SystemsPub date: 2026-04-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEmbedded systems power everything from critical infrastructure to defense systems, yet vulnerabilities in those systems often go unseen and unaddressed. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and special guests Mario Zuniga and Matt Janson of MITRE to discuss the “invisible attack surface” lurking within embedded and cyber-physical systems. Drawing on their frontline experience in cyber operations and resiliency engineering, Mario and Matt explain why embedded systems demand a fundamentally different approach to cybersecurity. From limited patching capabilities and long system lifecycles to unique hardware and firmware attack vectors, traditional IT security models fall short in these environments. Together, they discuss: Why embedded systems are often overlooked in cybersecurity strategiesHow attackers exploit firmware, hardware interfaces, and air-gapped environmentsThe challenges of securing systems that must remain operational for decadesThe role of MITRE's embedded threat matrix (ESTEEM) in mapping adversary behaviorWhy resilience—not just prevention—is key to defending critical infrastructure From industrial control systems to national defense, this episode reveals what it takes to secure the technologies that quietly underpin modern society and why the time to act is now.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Reid and Aria unpack the geopolitical battle over chips, from U.S. export controls to China's push for self-sufficiency, and how the race for compute is reshaping global power. They then turn to how AI is rapidly expanding the attack surface, driving more frequent breaches and exposing new vulnerabilities deep in the software stack as speed and scale outpace traditional defenses. Finally, they explore why enterprise AI adoption has been slower and more uneven than expected, and how network effects, organizational inertia, and trust constraints are shaping the path forward. Together, these forces show how AI is not just advancing technologically, but quietly transforming the foundations of security, competition, and economic power.

Or Eshed, co-founder and CEO of LayerX Security, shares why the browser has become the most critical (and overlooked) security layer in modern work. He explains key browser risk areas including phishing, cookie theft, compromised extensions, and data exfiltration, and how AI now increases the urgency around these risks. He also provides examples of real-world breaches that are reshaping how organizations think about risk. Key Takeaways:  Security risks that are unique to the browser along with simple habits you can adopt to reduce browser-based risk How extensions like Grammarly use browser APIs to learn from user interaction behind the scenes Why most existing security tools fail to detect browser-based threats and the rising costs of account takeovers How AI-powered copilots could ultimately become a key defensive layer by reducing human error in real time Guest Bio: Or Eshed is co-founder and CEO of LayerX Security. Or has over 15 years of cybersecurity experience as an ML developer, security and intelligence researcher, and cybersecurity analyst. His work has led to the arrest of at least 15 threat actors and the exposure of the largest browser hijacking operation in history, with over 50 million browsers compromised. He has also written and spoken extensively on topics of cybersecurity, including at key conferences such as DEF CON and BSides Las Vegas. ---------------------------------------------------------------------------------------- About this Show: The Brave Technologist is here to shed light on the opportunities and challenges of emerging tech. To make it digestible, less scary, and more approachable for all! Join us as we embark on a mission to demystify artificial intelligence, challenge the status quo, and empower everyday people to embrace the digital revolution. Whether you're a tech enthusiast, a curious mind, or an industry professional, this podcast invites you to join the conversation and explore the future of AI together. The Brave Technologist Podcast is hosted by Luke Mulks, VP Business Operations at Brave Software—makers of the privacy-respecting Brave browser and Search engine, and now powering AI everywhere with the Brave Search API. Music by: Ari Dvorin Produced by: Sam Laliberte  

A world renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole – founder and CEO of Secure Anchor – helps organizations curtail the risk of cyber threats. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. In this episode, Dr. Cole and host Scott Schober discuss AI vendor's and the increased risk they pose to the cyber attack landscape. To learn more about our sponsor, visit https://drericcole.org

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

Alexander Feick is the Vice President of eSentire Labs at eSentire. In this episode, he joins host Charlie Osborne to discuss AI and how the technology has redrawn the attack surface. eSentire is the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

You said, "That sounds really hard," so why is your partner still upset? It's called the Empathy Dash — that moment you touch your partner's pain just long enough to check a box, then sprint toward solutions, silver linings, or your own experience. In over 1,500 couples sessions, Tony has watched this pattern quietly erode trust while both partners swear they're trying. This episode unpacks why your empathy isn't landing, what your nervous system is actually doing when you rush to fix, and a deceptively simple practice that changes everything. In this episode, you'll discover: Why "me too" on the inside lands like "not you" on the outside — and the intent-vs-impact gap where relationships slowly erode Stealing Thunder: the real-time couples session moment that perfectly captures how sharing gets hijacked before it even lands How your Adaptive Child — the survival strategy that kept you safe growing up — is now sabotaging your closest relationship The neuroscience of co-regulation and why your calm presence does more than your best advice ever could The 3-Before-1 Rule: a concrete practice for staying present when every instinct says fix, solve, or flee Tony Overbay, LMFT, draws from over two decades of couples therapy, Terry Real's relational framework, and Dan Siegel's interpersonal neurobiology to redefine what empathy actually looks like in practice. If you've ever left a conversation thinking "I said all the right things" while your partner felt completely unseen — this one's for you. You're not broken. You just don't know what you don't know yet. 00:00 Welcome and Where to Follow 01:15 Retreat Story Mental Load Misfire 04:56 Intent vs Impact in Bids 06:08 Attack Surface and Pathological Kindness 09:37 Sequencing the Conversation 12:26 Stealing Thunder Named 17:02 Catching the Thunder Grab 18:17 Drive By Empathy Metaphor 21:03 Empathy vs Sympathy Basics 22:36 Why Optimism Can Dismiss 24:02 What Empathy Actually Does 26:58 Real Life Fixing Examples 28:39 Spotting the Empathy Dash 29:30 Why We Do It 30:12 Adaptive Child Origins 31:39 Fixer vs Avoider Examples 33:49 Co-Regulation Explained 34:44 Two Ways to Respond 37:16 Four Pillars Framework 38:11 Questions Before Comments 38:58 Curiosity in Action 42:19 Three Before One Rule 45:40 When Effort Feels Unseen 47:35 Handling Your Triggers 49:27 Closing Encouragement Get on the waitlist today for Tony's upcoming Magnetic Marriage live course! Head to https://tonyoverbay.com/magnetic Contact Tony at contact@tonyoverbay.com to learn more about his Emotional Architects men's group.

Cyberattacks that used to take months now take minutes. And your defenders still can't keep up.Rob T. Lee, Chief AI Officer of the SANS Institute, and David A. Bray, Chair of the Accelerator at the Stimson Center, explain why AI gives attackers a structural advantage. Attackers don't care if their AI breaks something. Your security team can't take that risk. That asymmetry changes everything.✅ You'll discover:✅ Why attackers will always remove the human in the loop faster than defenders can, and the risk calculus that creates✅ How "death by 1,000 cuts" works: $300 per person times 10,000 targets via SIM farms equals a single ransomware payout✅ The federated learning approach that lets organizations share threat intelligence without exposing their own data or vulnerabilities✅ Why hackers are exploiting AI hallucinations by writing real code libraries for packages that models reliably hallucinate✅ How to identify the right cybersecurity talent: hire for learning velocity and the "fiddling mindset," not static AI credentials✅ Why boards must stop treating cybersecurity as prevention and start rewarding rapid detection and response✅ The pre-compute vs. post-compute distinction for AI agent safety that most executives are missing entirely✅ When autonomous cyber defense will actually be viable (hint: think pilotless planes and robotic surgeons)⏱️ TIMESTAMPS0:00 AI has made "death by 1,000 cuts" attacks scalable0:39 Why the AI security lifecycle matters now2:27 Military history lessons for cyber defense strategy5:00 Federated learning: sharing threat intelligence without exposing data6:48 How incident response must evolve for AI-speed attacks8:05 The human-in-the-loop dilemma: defenders vs. attackers11:37 Distraction attacks: coordinated multi-target campaigns15:37 Autonomous agents as a new attack surface19:44 Hackers weaponizing AI hallucinations against developers22:23 Development velocity as the real "swarm" capability24:20 Perverse incentives: why stopping an attack still counts as failure27:09 Your personal attack surface grew from 3 devices to 5031:22 Protecting AI tool chains from becoming prime targets34:25 Hackathons as the future of cybersecurity hiring36:53 Patterns of life: instrumenting your enterprise for anomaly detection38:18 When will we trust AI defenders without human oversight?41:09 Pre-compute vs. post-compute: where AI agent safety rules must live46:45 AI trust, hallucinations, and prompt injection as information warfare51:42 Building security culture: leadership, not blame

Fraudsters aren't only targeting customers anymore. They're targeting fraud teams.In this episode of Fraud Forward, Hailey Windham sits down with Jared Gruenberg to explain how fake LinkedIn companies are using Easy Apply and “pre-interview” screening emails to harvest operational intelligence; the exact tools, signals, and investigation workflows that fraud, AML, and compliance teams use to stop bad actors.Jared shares the real-world pattern he found across multiple impersonated companies, including suspicious hiring volume, fake employee profiles, brand-new domains, and fast follow-ups that push candidates to answer detailed technical questions. The goal isn't just personal data, it's industry mapping. When attackers collect hundreds of answers from experienced candidates, they can tune their tactics, probe specific vendor controls, and even train themselves to pass recruiter screens.Hailey and Jared also dig into why this works: LinkedIn's trust factor, the low-friction nature of Easy Apply, and the human reality of burnout, layoffs, and career pressure that makes “two taps on your phone” feel worth it.Topics covered: • How fake LinkedIn companies use Easy Apply as an attack surface • The signals that reveal impersonation and resume-harvesting rings • Why fraud, AML, and compliance resumes are especially valuable • How “technical screening” emails turn into playbook extraction • What attackers can do with aggregated investigator responses • Why burnout and layoffs increase vulnerability, even for experts • Practical steps to protect fraud knowledge and share intelligence safely

In this video David speaks to Peter Bailey (SVP and GM of Cisco's Security business). AI agents are moving fast inside enterprises, and CISOs are hitting the brakes for one reason: the attack surface is expanding at machine speed. In this interview, we break down how agentic AI changes security, why MCP servers and agent tool access create new risks, and what a zero trust approach looks like when the “user” is a non-deterministic agent. We cover real-world problems like shadow MCP servers, agents touching sensitive systems and PII, and why traditional perimeter controls and firewalls are not enough when traffic is encrypted and actions happen too quickly downstream. You'll also hear what Cisco is doing across the AI lifecycle: AI Defense for model scanning, provenance and guardrails, plus new protections focused on agent identity, dynamic authorization, behavior monitoring, and revocation. On the networking side, we discuss how SD-WAN and secure access (SASE) can add visibility and policy control for AI usage, including prioritizing latency-sensitive AI traffic while still enforcing security. If you're a security engineer, network engineer, or CISO trying to move from AI hype to safe deployment, this video gives you a practical mental model and the controls to start building now. Big thank you to ‪@Cisco‬ for sponsoring this video and for sponsoring my trip to Cisco Live Amesterdam. // Peter Baily' SOCIALS // LinkedIn: / peterhbailey Guest Bio: https://newsroom.cisco.com/c/r/newsro... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:30 - Introduction 01:15 - CISOs Problems with AI 02:35 - Real Issues with AI Agents 04:29 - Growth of the Attack Surface 05:34 - Concern of Poisoned AI and MCP 08:09 - What is the Kill-chain 10:16 - AI with Built-in Security 11:56 - Best Practises for AI Security 14:08 - Cisco Innovations for AI 16:48 - Cisco's Red Team for own AI 18:27 - Secure AI in Public Places 20:09 - Should You get into Cyber Security 21:26 - Advice To Your Younger Self 22:29 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cisco #ciscoemea #ciscolive

Mai menü:The ROI Problem in Attack Surface Management Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

When your firewall forgets to buckle up, the crash doesn't happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aquia and host of the Resilient Cyber podcast. Chris helps reframe vulnerability work as exposure management, connect technical risk to human resilience, and break down the scoring and runtime tools security teams actually need today. Expect clear takeaways on EPSS, reachability analysis, ADR, AI's double-edged role, and the one habit Chris swears by as a CEO. This episode fuses attack-surface reality with mental-attack-surface strategy so you walk away with both tactical moves and daily practices that protect systems and people. Impactful Moments: 00:00 - Intro 02:00 - Breaking: Fortinet WAF zero-day & visibility lesson 05:00 - Meet Chris Hughes: CEO, author, Resilient Cyber host 08:00 - Mental attack surface explained and why it matters 18:00 - From CVSS to EPSS, reachability, and ADR realities 21:00 - AI as force-multiplier for attackers and defenders 24:30 - Exposure vs vulnerability naming, market trends 26:00 - Chris's book & how to follow his work 30:00 - Ron's solo: 3 pillars to patch your mindset 34:00 - Closing takeaways and subscribe reminder Links: Connect with our guest, Chris Hughes, on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out the article on the Fortinet exploit here: https://www.helpnetsecurity.com/2025/11/14/fortinet-fortiweb-zero-day-exploited/  Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

As enterprises embrace agentic AI, a new security risk equation emerges. In this episode of Security Matters, host David Puner sits down with Lavi Lazarovitz, VP of Cyber Research at CyberArk Labs, to unpack how AI agents and identity security are reshaping the threat landscape. Learn why privileged access is now the fault line of enterprise security, how attackers exploit overprivileged AI agents, and what security teams must rethink before scaling AI. Packed with real-world examples and actionable insights, this is a must-listen for anyone meeting the challenges of AI and cybersecurity.

In Episode 162 of Cybersecurity Where You Are, Tony Sager sits down with Tina Williams-Koroma, Founder and CEO of TCecure, LLC and CyDeploy, Inc. Together, they discuss why "cyber insecurity is not inevitable" and how organizations can take a managed approach to attack surface management.Along the way, Tina shares her journey from software development to cybersecurity entrepreneurship and explains why proactive measures like hardening systems and automating patching are critical for reducing risk. Here are some highlights from our episode:00:50. Introductions to Tina, her career pivot, and her entrepreneurial path03:35. The value of the secure configuration guidance provided by the CIS Benchmarks®07:35. Why a well-managed system makes for a hard target11:00. Marketing against “magic” in a hype-driven cybersecurity market13:44. The translative work of moving well-managed infrastructure beyond "mere hygiene"19:14. Tina's faith-based inspiration for helping others get as far as she's gotten27:23. Soccer analogies for a managed attack surface33:54. Tina's pep talk: "Why cyber insecurity is not inevitable"38:38. Free cybersecurity resources for small businessesResourcesMapping and Compliance with the CIS BenchmarksGuide to Asset Classes: CIS Critical Security Controls v8.1Gartner Says That in the Age of GenAI, Preemptive Capabilities, Not Detection and Response, Are the Future of CybersecurityCIS Community Defense Model 2.0OwlThis — Powered By CyDeployIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Building Better Defenses: RedTail Observations Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use. https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312 Sonicwall: It wasn t the user s fault Sonicwall admits to a breach resulting in the loss of user configurations stored in its cloud service https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330 Crowdstrike has Issues Crowdstrike fixes two vulnerabilities in the Windows version of its Falcon sensor. https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/ Interrogators: Attack Surface Mapping in an Agentic World A SANS.edu master s degree student research paper by Michael Samson https://isc.sans.edu/researchpapers/pdfs/michael_samson.pdf keywords: ai; agentic; attack surface; crowdstrike; sonicwall; ivanti; zero day; initiative; redline

Identity theft affects millions of people every year — but do you really know how it works, or how to protect yourself? This week, we're joined by Eva Velasquez, CEO of the Identity Theft Resource Center, who shares the latest trends in identity crime and what steps you can take if it ever happens to you.

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM's Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

Digital risk is no longer confined to the enterprise perimeter. Executives and board members—along with their families—are increasingly targeted outside of work, in personal settings, and online. Dr. Chris Pierson, Founder and CEO of BlackCloak, joins Sean Martin and Marco Ciappelli to discuss the current state of digital executive protection and why a piecemeal approach is insufficient.Chris outlines how threats to privacy, cybersecurity, and physical safety intersect across personal and professional domains. A breached home network, a deepfake circulating online, or a targeted social engineering campaign could all become entry points back into a company's infrastructure—or lead to reputational or financial fallout. That's why BlackCloak takes a holistic view, combining identity protection, device hardening, social listening, concierge response, and physical risk monitoring into a single service.One of the key resources discussed is the vendor-agnostic Digital Executive Protection Framework. Free to download and use, it offers CISOs and CSOs a 14-point checklist covering areas like financial data protection, social media monitoring, physical threats, and personal cyber hygiene. According to Chris, it's designed to be practical, actionable, and easy to integrate into quarterly reviews and budget planning cycles.While many security vendors promise protection through tools alone, BlackCloak emphasizes relationships—human connection is built into the service. The platform includes real-time threat response and one-on-one interaction, going far beyond 1-800 numbers or chatbots.Whether you're managing executive risk for a Fortune 500 company or navigating new board-level cyber obligations, this conversation outlines the real gaps in current corporate protections—and a solution that meets executives where they are.Learn more about BlackCloak: https://itspm.ag/itspbcwebNote: This story contains promotional content.Learn more.Guest:Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations

Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality by DomainTools

In this episode, Erika Dean dives into the evolution of attack surface management (ASM) in financial tech. From foundational strategies to future-focused threats, she explores how shifts in the fintech landscape demand deeper organizational awareness, ongoing tabletop exercises, and proactive preparation. This segment is sponsored by Axonius. Visit https://cisostoriespodcast.com/axonius to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-212

Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer speaks with Muninder Singh Sambi from Google Cloud to explore how AI and GenAI are reshaping both sides of the cybersecurity battlefield. From threat detection to prompt injection risks, learn how telcos and enterprises can leverage AI to protect their infrastructure—while staying one step ahead of attackers. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstoreToday's guest: https://x.com/spaceraccoonsec====== Resources ======Buy SpaceRaccoon's Book: From Day Zero to Zero Dayhttps://nostarch.com/zero-dayUSE CODE 'ZERODAYDEAL' for 30% OFFPwning Millions of Smart Weighing Machines with API and Hardware Hackinghttps://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/====== Timestamps ======(00:00:00) Introduction(00:04:58) From Day Zero to Zero Day(00:12:06) Mapping Code to Attack Surface(00:17:59) Day Zero and Taint Analysis(00:22:43) Automated Variant Analysis & Binary Taxonomy(00:31:35) Source and Sink Discovery(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero(01:02:16) Bug bounty, Vuln research, & Governmental work(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

In this OODAcast, Chris Wysopal shares his insights from decades in cybersecurity, detailing his journey from the early hacking collective "The L0pht" to co-founding Veracode. Wysopal reflects on the evolution of cybersecurity, highlighting his early contributions to vulnerability research and advocating the importance of adversarial thinking in security practices. He emphasizes the transition from traditional vulnerability testing to comprehensive application risk management, recognizing the increased reliance on third-party software and the escalating complexity of securing modern applications. Wysopal also discusses how generative AI technologies are significantly accelerating application development but simultaneously creating substantial security challenges. He stresses that while AI-generated applications multiply rapidly, their vulnerability density remains comparable to human-written code. To manage this growing risk, Wysopal underlines the necessity of integrating automated, AI-driven vulnerability remediation into the software development lifecycle. Looking forward, Wysopal advocates for embedding security deeply within the application creation process, anticipating that AI will eventually assist in producing inherently secure software. However, he also underscores the enduring threat of social engineering attacks, urging enterprises to prioritize comprehensive security awareness programs to bolster their overall cybersecurity posture and resilience. The conversation examines some very interesting correlations between the mindset of the great hackers and the success of great entrepreneurs. Both take a good bit of grit, an ability to focus and be creative and perhaps most importantly: Persistence. Learn more about Chris Wysopal's approaches and the company he founded at Veracode. For insights into reducing your organization's attack surface see: State of Software Security 2025

It's no surprise that our systems are under attack by all sorts of criminals. Some organized, some opportunistic, some just aiming for vandalism. We need to protect our digital systems to prevent issues, and a part of better protection is reducing the number of places that are vulnerable. Those places include databases. This article discusses the rising costs of data breaches and the increased frequency of attacks. It also examines the increasing number of regulations that are demanding proof of stricter security measures. It can be hard enough to defend production systems, let alone protecting dev/test environments. I see an increasing number of organizations that limit access to production systems, even to the point that this impedes some of the daily work habits of technology professionals, but that is probably a good thing. Too many of us are too lax when it comes to security. Read the rest of Lower Your Attack Surface Area

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Matt Lembright, Global Lead of Censys Search, discusses the company's role in scanning the entire internet for threats, focusing on frequency, accuracy, and data richness. Censys helps government agencies and private organizations manage their attack surfaces by identifying exposed devices and vulnerabilities. The conversation highlights the challenges of securing operational technology (OT) and Internet of Things (IoT) devices, emphasizing the importance of understanding device protocols and maintaining up-to-date software. Lembright stresses the need for community engagement, local government involvement, and effective communication to protect critical infrastructure. He also mentions Censys' cybersecurity glossary as a resource for understanding key terms and concepts.

Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure.Define and understand attack surface and attack vectorsDistinguish between physical and digital attack surfacesExplore DIY vs. commercial tools for attack surface monitoringLearn from bug bounty industry methodologies and resourcesEmphasize the importance of continuous monitoring and asset managementCheck out our show notes for additional resources, and don't forget to like, share, and subscribe!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Did you know nearly half of your enterprise devices are agentless—leaving your attack surface wide open? In this episode, Ron is joined by Pandian Gnanaprakasam, Co-Founder and Chief Product Officer at Ordr, to discuss the critical risks posed by agentless devices and how orchestration can strengthen your defenses. Pandian shares key findings from Ordr's 2024 "Rise of the Machines" report, highlighting the risks of overlooked agentless devices. He covers the rapid growth of these devices, strategies to manage vulnerabilities, and how automation can strengthen your defenses.   Impactful Moments: 00:00 - Introduction 04:15 - Why agentless devices dominate the next decade 06:30 - Insights from Ordr's “Rise of the Machines” report 08:50 - Hidden risks: 42% of devices are agentless 11:15 - Solving the "Swiss cheese" problem of security gaps 14:30 - Prioritizing vulnerabilities with business context 18:10 - Orchestration vs. automation: The harmony difference 22:00 - Why visibility is the foundation of security 27:30 - Ordr's unique approach to securing the attack surface Links: Connect with our guest, Pandian Gnanaprakasam: https://www.linkedin.com/in/gpandian/ Check out Ordr's Rise of the Machines report here: https://ordr.net/resources/rise-of-the-machines-report-2024 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

In this Risky Business News sponsor interview, Catalin Cimpanu talks with runZero founder and CEO HD Moore about the company's latest capability, a feature called Inside-Out Attack Surface Management that takes internal fingerprints and scans the internet to discover possible exposures. Show notes Inside-Out Attack Surface Management: Identify the risk before hackers bridge the gap

Odysseas is co-founder and CEO of Phylax, a web3 security company building a security layer for blockchain-based protocols. Before Phylax, Odysseas worked at Nomad, a crypto exchange which suffered a $190M breach in August 2022. In the episode, we talk about his unique background as a developer relations manager, the approach law enforcement takes to recover funds in the wake of a crypto breach, the different attack surfaces for the web3 ecosystem, and more. If you are not a blockchain expert, do not worry, me neither. There are still plenty of interesting high level conversation points throughout!

SaaS (Software as a Service) applications, due to their ease of launch and proliferation, have created a “perfect storm” for attackers, and a significant challenge for cybersecurity professionals. Organizations with over 1,000 employees typically use 150+ SaaS applications, often unmanaged, which expands the attack surface and poses a unique threat to entities like the federal government.    This week on Feds At the Edge, we discuss where the threats may lie and give practical information on attempting to control this new threat vector.      Mark Canter, CISO at US GAO, highlights the widespread lack of understanding about where data is used, emphasizing the importance of good data management practices. AI can play a pivotal role in systematically addressing this issue.    Tune in on your favorite podcasting platform as we explore why organizations should maintain accurate inventories of SaaS applications, identifying and managing shadow SaaS apps, and implementing robust governance practices to secure and optimize their SaaS ecosystems.       

October 23, 2024: Founder and CTO at Tausight, David Ting, joins Bill for a deep dive into one of healthcare's most significant vulnerabilities—attack surfaces. With up to 75% of staff holding dangerous admin privileges, health systems may be more exposed than they realize. Ting reveals eye-opening strategies to secure systems by limiting access, but at what cost? Can healthcare strike the right balance between security and efficiency? Tune in to uncover the trade-offs that could make or break an organization's defenses.Key Points:04:15 Current Threats and Strategies07:09 Attack Surface Reduction11:16 Statistics on Employee Access13:42 Windows vs. Linux16:49 Data HoardingNews articles:Texas hospital keeps diverting patients after cyberattack: 5 updatesThis Week Health SubscribeThis Week Health TwitterThis Week Health LinkedinAlex's Lemonade Stand: Foundation for Childhood Cancer Donate

Have you ever opened up to someone, only to have your vulnerability used against you? In this episode of Waking Up to Narcissism, we introduce the concept of the “attack surface”—that uncomfortable dynamic where emotionally immature or narcissistic partners turn your honesty into their weapon of control. We'll also explore how this need for control originates from emotional immaturity, dive into the origin story of our deep-seated fear of abandonment, and discuss practical ways to develop your emotional maturity. From separating observations from judgments to the 4 Points of Balance in differentiation, this episode offers tools to help you confront unresolved personal issues in relationships with integrity and create healthier, more connected interactions. Are you in the mental health profession and are curious about using AI (artificial intelligence) notes? Check out Berries, the notes Tony described in today's episode. Click here https://berries.icu/?code=4952 Or use code Tony50 when you sign up to get $50 off your first month of Berries revolutionary AI, HIPPA-compliant mental health notes. If you are interested in seeing an example of a note, email tony at contact@tonyoverbay.com. 00:00 Introduction and Welcome 00:18 Speaking Engagements and Personal Anecdotes 03:13 The Concept of Attack Surface 11:36 Real-Life Example: Alex and Taylor 15:03 Understanding Emotional Immaturity 22:39 Control as a Defense Mechanism 26:57 Origins of Fear and Emotional Abandonment 28:02 Example Scenario: Jamie and Sam 29:09 Sam's Fear and Defensive Reactions 31:00 The Impact of Emotional Immaturity 38:21 Observations vs. Judgments 42:08 Developing Emotional Maturity 45:22 The Four Points of Balance 49:55 Confronting Personal Issues with Integrity If you are interested in joining Tony's private Facebook group for women in narcissistic or emotionally immature relationships of any type, please reach out to him at contact@tonyoverbay.com or through the form on the website, HTTP://www.tonyoverbay.com If you are a man interested in joining Tony's "Emotional Architects" group to learn how to better navigate your relationship with a narcissistic or emotionally immature partner or learn how to become more emotionally mature yourself, please reach out to Tony at contact@tonyoverbay.com or through the form on the website, HTTP:www.tonyoverbay.com

Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don't want you to know about and show you how to use them to your advantage. Jason, CEO of Arcanum Information Security and Field CISO at Flare, helps us step into the mind of a hacker. With stories and insights that will change how you think about cybersecurity, he talks about the tactics that can turn any security program into a fortress. From exploiting the overlooked to using AI for unbeatable defense, this conversation will revolutionize your approach to cybersecurity.   00:00 Introduction 01:29 Jason Haddix, CEO at Arcanum and Field CISO for Flare 04:48 Origins of Arcanum 07:04 Recon in Cybersecurity 12:22 Recon Discoveries 27:41 Flare's Role in Credential Management 33:47 Tooling for Small Businesses 35:47 Using AI for Cybersecurity 41:23 Flare Platform Deep Dive 43:20 Conclusion   Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://flare.io Check out Arcanum here: https://www.arcanum-sec.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Text us feedback!In this episode Brad and Spencer discuss Attack Surface Monitoring, what it is, and why it's important for defending against cyber-attacks. They give into the difference between attack vectors and attack surface and share a high-level overview on how to go about monitoring your own attack surface. Finally, they share tools and techniques for attack surface monitoring, many of which are key concepts taken from the world of bug bounty.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Jeremy Snyder, founder and CEO of FireTail, joins the show to discuss the rising importance of API security in a world where over 80% of internet requests are API calls. Jeremy shares his journey from launching FireTail to becoming a leading voice in cybersecurity, providing insights into how organizations can protect their APIs from increasingly common cyber threats. Learn the strategies to secure your APIs against breaches, understand the critical role of APIs in modern infrastructure, and discover how to mitigate risks that could expose sensitive data. Jeremy also offers advice for tech professionals on how to leverage AI to stay competitive and advance in the evolving job market.

Over its 11 years in publication, the BeyondTrust Microsoft Vulnerabilities Report has been downloaded over 16,000 times, aiding thousands in enhancing their cyber defenses with detailed data analysis and expert insights. This year's report not only examines 2023 Microsoft vulnerabilities but also evaluates their use in identity-based attacks, highlights significant CVEs (9.0+ CVSS scores), and discusses mitigation strategies. In this special Alice & Bob episode, James is joined by top cybersecurity experts and report commentators Paula Januszkiewicz, Terry Cutler, Eliza-May Austin, and Sami Laiho. They discuss the report's findings, share their experiences with vulnerabilities, and explore the future of Microsoft security and AI.

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing.Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities.One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments.Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation.In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker's perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape.Top Questions AddressedWhat drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill?How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments?How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation?Learn more about Hadrian: https://itspm.ag/hadrian-5eiNote: This story contains promotional content. Learn more.Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity]On LinkedIn | https://www.linkedin.com/in/rogierfischer/ResourcesView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In the latest episode of the Trust Issues podcast, the focus is on the criticality of time in organizational security. The conversation with host David Puner and guest Katherine Mowen, SVP of Information Security at Rate (formerly Guaranteed Rate), highlights the importance of swift decision-making and prompt threat response. They discuss the role of just-in-time (JIT) access and AI in accelerating response times, as well as the ever-evolving threat landscape that requires constant vigilance. The episode emphasizes the strategies and technologies shaping the future of cybersecurity, particularly at the intersection of time management and identity protection. Join us for a timely discussion that underscores the intersection of time management and identity protection.

In this episode of Unspoken Security, host AJ Nash welcomes Jeff Foley, founder and leader of the OWASP AMASS flagship project and Vice President and Distinguished Fellow of Research at ZeroFox. They dive into the critical importance of attack surface management (ASM) in cybersecurity, emphasizing the need for visibility from an adversarial perspective. Jeff explains how attackers spend most of their time on surveillance to deeply understand their targets; a vital component to improving the likelihood of being successful during any attack.AJ and Jeff discuss the transition from government to commercial cybersecurity - including the challenges and opportunities - and Jeff shares his insights on how the commercial sector can benefit from the disciplined and thorough approaches used in government cybersecurity. He stresses the importance of ASM as a form of intelligence, advocating for organizations to identify and manage their attack surfaces as attackers do proactively.The episode also covers the terminology and misconceptions surrounding ASM, with both AJ and Jeff agreeing that "attack surface management" may not fully capture the essence of the practice, suggesting "attack surface intelligence" as a more accurate term. They underscore the necessity for continuous monitoring and adaptation in a constantly evolving cyber threat landscape.Finally, as with all episodes of Unspoken Security, our guest (Jeff, in this case), reveals a secret...something that - to this point - has remained unspoken. Like every episode, Jeff doesn't disappoint!

Ramin Lamei is a cybersecurity expert with over 20 years of experience. He has held significant roles at Fortune 500 companies, contributing to multi-billion dollar revenues and managing extensive secured financial transactions. He now leads TechCompass, where he helps businesses of all sizes secure their digital operations and achieve strategic growth. In this podcast you will learn: - Understand the major cybersecurity challenges that small to medium-sized businesses face today - Learn how cybersecurity needs vary between small to medium-sized businesses and larger enterprises. - Find out the initial steps a business should take to assess its current cybersecurity risk level. -Explore how businesses can develop a roadmap to enhance their security posture after assessing their risks. -Learn how TechCompass assists businesses in implementing their cybersecurity strategies. -Discover the key steps a business should take to prepare for and respond to a ransomware attack. - Understand the importance of cybersecurity insurance and what to consider when selecting a policy. - Learn about the process and importance of Attack Surface & Application Penetration testing for businesses. - Explore the advantages of virtual or fractional Chief Information Security Officer (CISO) leadership for businesses. Connect with Ramin here: https://www.TechCompass.US

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScript Deobfuscation, the value of impactful POCs, hiding XSS payloads with URL path updates.Follow us on twitter at: @ctbbpodcastsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out Project Discovery's nuclei 3.2 release blog at nux.gg/podcastResources:.NET Remotinghttps://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/https://github.com/codewhitesec/HttpRemotingObjRefLeakDOM Purify BugCloudflare /cdn-cgi/https://developers.cloudflare.com/fundamentals/reference/cdn-cgi-endpoint/https://portswigger.net/research/when-security-features-collidehttps://twitter.com/kinugawamasato/status/893404078365069312https://twitter.com/m4ll0k/status/1770153059496108231XSSDoctor's writeup on Javascript deobfuscationrenniepak's tweetNaffy's tweetTimestamps:(00:00:00) Introduction(00:07:15) .Net Remoting(00:17:29) DOM Purify Bug(00:25:56) Cloudflare /cdn-cgi/(00:37:11) Javascript deobfuscation(00:47:26) renniepak's tweet(00:55:20) Naffy's tweet