Podcasts about Authentication

Wultra provides post-quantum authentication for banks, fintechs, and governments—protecting digital identities from emerging quantum computing threats. In this episode, Peter Dvorak shares how he broke into the notoriously closed banking ecosystem by leveraging his early experience in mobile banking development. From navigating multi-stakeholder enterprise sales to positioning quantum-safe cryptography when the threat timeline remains uncertain (consensus: 2035, but could accelerate), Peter reveals the specific strategies required to sell mission-critical security infrastructure to regulated financial institutions. Topics Discussed How post-quantum cryptography runs on classical computers while protecting against quantum threats Why European banking regulation drives global authentication standards The multi-stakeholder sales process: quantum threat teams, CISOs, CTOs, and digital product owners Conference strategy and analyst relationships (Gartner, KuppingerCole) for category positioning Banking budget cycles and why June/July approaches fail Breaking the "who else is using this?" barrier with banking-specific proof points Positioning as the only post-quantum cryptography provider for digital identity in banking GTM Lessons For B2B Founders Layer future-proofing onto immediate ROI: Post-quantum cryptography doesn't require quantum computers to function—it runs on classical infrastructure while providing superior security. Peter sells banks on moving from SMS OTP to mobile app authentication (tangible, immediate benefit) while positioning quantum resistance as migration insurance: "You won't have to rip-and-replace in three years." For emerging tech, anchor value in today's operational wins, not future scenarios. Give struggling departments concrete wins: Large banks have quantum threat teams tasked with replacing every piece of software by 2030-2035. Peter gives them measurable progress: "We move you from 5% to 10% completion on authentication and digital identity." These teams need defensible projects to justify their existence. Identify which internal groups are fighting for relevance and deliver projects they can report upward. Banking references are binary gatekeepers: Every bank asks "who else is using this?" Non-banking customers (telcos, gaming, lottery) don't count—banking regulation and systems are fundamentally different. The first banking customer is the hardest barrier. Once cleared, subsequent conversations become tractable. Budget aggressively to land that first bank, even at unfavorable terms. Respect the annual budget cycle: Banks allocate resources 12 months ahead. Approaching in Q2/Q3 means budgets are locked—even free POCs fail because internal resources are committed. Peter's pipeline strategy: build relationships and maintain visibility throughout the year, then activate when budget windows open. Don't confuse market education with active pipeline. Map and sequence multi-stakeholder buys: Authentication purchases require alignment across quantum threat teams (if they exist), cybersecurity/compliance, CTO/CIO (infrastructure acceptance), and digital product owners (UX concerns affecting their KPIs). Start at director level—board executives are too removed from technical details. Research each bank's org structure before engaging, then tailor sequencing. EU regulatory leadership creates expansion vectors: European regulations like PSD2 and strong authentication requirements get replicated in Southeast Asia, MENA, and other regions. Peter benefits from solving EU compliance first, then riding regulatory diffusion. The US remains fragmented with smaller regional banks still using username/password. Founders should analyze which geographies lead regulatory adoption in their category. Maintain composure through 18+ month cycles: Peter's regret: losing his temper during negotiations cost him time. Banking doesn't buy impulsively—sales require patience through lengthy security reviews, compliance checks, and committee approvals. Incremental progress and rational positioning matter more than aggressive closing. Emotional control is operational discipline. // Sponsors:  Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role.  Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:02:51) MCP Architecture & Authentication(00:13:08) Roots, Sampling, & Elicitation(00:19:15) Tools and Resources

In this episode of Builders Wanted, we're joined by Filip Verley, Chief Innovation Officer at Liminal. Filip sheds light on the challenges companies face with increasing fraud due to advances in generative AI and deepfakes, and the importance of balancing security with customer experience. The conversation covers practical strategies for unifying data across teams, leveraging behavioral signals, and investing in converged identity platforms.-------------------Key Takeaways: Digital fraud is rapidly evolving due to generative AI and deepfakes, making it harder for companies to distinguish between real and fake interactions.Unifying data and aligning company goals around trust and security is essential for effective fraud prevention.Balancing customer experience with security requires smart, context-aware friction and continuous monitoring.-------------------“ The best teams or organizations don't think in an either-or, it's the balance. They always are able to balance and they design these systems to adapt to what they need.  It's not just about reducing the fraud, it's making sure that users are protected without slowing them down. Smart friction.” – Filip Verley-------------------Episode Timestamps:‍*(01:52) - How generative AI and deepfakes are making fraud detection harder ‍*(04:07) - Insights from Liminal's Seminal Report‍*(16:19) - Why behavioral intent is a game changer for fraud detection‍*(22:54) - The 4 layers of defense every company needs ‍*(25:52) - Where companies are investing for the biggest impact‍*(35:13) - Quick hits-------------------Links:Connect with Filip on LinkedInRead Liminal's Seminal ReportConnect with Kailey on LinkedInLearn more about Caspian Studios-------------------SponsorBuilders Wanted is brought to you by Twilio – the Customer Engagement Platform that helps builders turn real-time data into meaningful customer experiences. More than 320,000 businesses trust Twilio to transform signals into connections—and connections into revenue. Ready to build what's next? Learn more at twilio.com.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How do all your devices connect and stay safe in the cloud? In this episode, Lois Houston and Nikita Abraham talk with OCI instructors Sergio Castro and Orlando Gentil about the basics of how networks work and the simple steps that help protect them.   You'll learn how information gets from one place to another, why tools like switches, routers, and firewalls are important, and what goes into keeping access secure.   The discussion also covers how organizations decide who can enter their systems and how they keep track of activity.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hi everyone! In the last episode, we spoke about local area networks and domain name systems. Today, we'll continue our conversation on the fundamentals of networking, covering a variety of important topics.  00:50 Lois: That's right, Niki. And before we close, we'll also touch on the basics of security. Joining us today are two OCI instructors from Oracle University: Sergio Castro and Orlando Gentil. So glad to have you both with us guys. Sergio, with so many users and devices connecting to the internet, how do we make sure everyone can get online? Can you break down what Network Address Translation, or NAT, does to help with this? Sergio: The world population is bigger than 4.3 billion people. That means that if we were to interconnect every single human into the internet, we will not have enough addresses. And not all of us are connected to the internet, but those of us who are, you know that we have more than one device at our disposal. We might have a computer, a laptop, mobile phones, you name it. And all of them need IP addresses. So that's why Network Address Translation exists because it translates your communication from a private IP to a public IP address. That's the main purpose: translate. 02:05 Nikita: Okay, so with NAT handling the IP translation, how do we ensure that the right data reaches the right device within a network? Or to put it differently, what directs external traffic to specific devices inside a network? Sergio: Port forwarding works in a reverse way to Network Address Translation. So, let's assume that this PC here, you want to turn it into a web server. So, people from the outside, customers from the outside of your local area network, will access your PC web server. Let's say that it's an online store. Now all of these devices are using the same public IP address. So how would the traffic be routed specifically to this PC and not to the camera or to the laptop, which is not a web server, or to your IP TV? So, this is where port forwarding comes into play. Basically, whenever it detects a request coming to port, it will route it and forward that request to your PC. It will allow anybody, any external device that wants to access this particular one, this particular web server, for the session to be established. So, it's a permission that you're allowing to this PC and only to this PC. The other devices will still be isolated from that list. That's what port forwarding is. 03:36 Lois: Sergio, let's talk about networking devices. What are some of the key ones, and what role do they play in connecting everything together? Sergio: There's plenty of devices for interconnectivity. These are devices that are different from the actual compute instances, virtual machines, cameras, and IPTV. These are for interconnecting networks. And they have several functionalities. 03:59 Nikita: Yeah, I often hear about a default gateway. Could you explain what that is and why it's essential for a network to function smoothly? Sergio: A gateway is basically where a web browser goes and asks a service from a web server. We have a gateway in the middle that will take us to that web server. So that's basically is the router. A gateway doesn't necessarily have to be a router. It depends on what device you're addressing at a particular configuration. So, a gateway is a connectivity device that connects two different networks. That's basically the functionality.  04:34 Lois: Ok. And when does one use a default gateway? Sergio: When you do not have a specific route that is targeting a specific router. You might have more than one router in your network, connecting to different other local area networks. You might have a route that will take you to local area network B. And then you might have another router that is connecting you to the internet. So, if you don't have a specific route that will take you to local area network B, then it's going to be utilizing the default gateway. It directs data packets to other networks when no specific route is known. In general terms, the default gateway, again, it doesn't have to be a router. It can be any devices. 05:22 Nikita: Could you give us a real-world example, maybe comparing a few of these devices in action, so we can see how they work together in a typical network? Sergio: For example, we have the hub. And the hub operates at the physical layer or layer 1. And then we have the switch. And the switch operates at layer 2. And we also have the router. And the router operates at layer 3. So, what's the big difference between these devices and the layers that they operate in? So, hubs work in the physical layer of the OSI model. And basically, it is for connecting multiple devices and making them act as a single network segment. Now, the switch operates at the data link layer and is basically a repeater, and is used for filtering content by reading the addresses of the source and destination. And these are the MAC addresses that I'm talking about. So, it reads where the packet is coming from and where is it going to at the local area network level. It connects multiple network segments. And each port is connected to a different segment. And the router is used for routing outside of your local area network, performs traffic directing functions on the internet. A data packet is typically forwarded from one router to another through different networks until it reaches its destination node. The switch connects multiple network segments. And each port of the switch is connected to a different segment. And the router performs traffic directing functions on the internet. It takes data from one router to another, and it works at the TCP/IP network layer or internet layer. 07:22 Lois: Sergio, what kind of devices help secure a network from external threats? Sergio: The network firewall is used as a security device that acts as a barrier between a trusted internal network and an untrusted external network, such as the internet. The network firewall is the first line of defense for traffic that passes in and out of your network. The firewall examines traffic to ensure that it meets the security requirements set by your organization, or allowing, or blocking traffic based on set criteria. And the main benefit is that it improves security for access management and network visibility. 08:10 Are you keen to stay ahead in today's fast-paced world? We've got your back! Each quarter, Oracle rolls out game-changing updates to its Fusion Cloud Applications. And to make sure you're always in the know, we offer New Features courses that give you an insider's look at all of the latest advancements. Don't miss out! Head over to mylearn.oracle.com to get started.  08:36 Nikita: Welcome back! Sergio, how do networks manage who can and can't enter based on certain permissions and criteria? Sergio: The access control list is like the gatekeeper into your local area network. Think about the access control list as the visa on your passport, assuming that the country is your local area network. Now, when you have a passport, you might get a visa that allows you to go into a certain country. So the access control list is a list of rules that defines which users, groups, or systems have permissions to access specific resources on your networks.  It is a gatekeeper, that is going to specify who's allowed and who's denied. If you don't have a visa to go into a specific country, then you are denied. Similar here, if you are not part of the rule, if the service that you're trying to access is not part of the rules, then you cannot get in. 09:37 Lois: That's a great analogy, Sergio. Now, let's turn our attention to one of the core elements of network security: authentication and authorization. Orlando, can you explain why authentication and authorization are such crucial aspects of a secure cloud network? Orlando: Security is one of the most critical pillars in modern IT systems. Whether you are running a small web app or managing global infrastructure, every secure system starts by answering two key questions. Who are you, and what are you allowed to do? This is the essence of authentication and authorization. Authentication is the first step in access control. It's how a system verifies that you are who you claim to be. Think of it like showing your driver's license at a security checkpoint. The guard checks your photo and personal details to confirm your identity. In IT systems, the same process happens using one or more of these factors. It will ask you for something you know, like a password. It will ask you for something that you have, like a security token, or it will ask you for something that you are, like a fingerprint. An identity does not refer to just a person. It's any actor, human or not, that interacts with your systems. Users are straightforward, think employees logging into a dashboard. But services and machines are equally important. A backend API may need to read data from a database, or a virtual machine may need to download updates. Treating these non-human identities with the same rigor as human ones helps prevent unauthorized access and improves visibility and security. After confirming your identity, can the system move on to deciding what you're allowed to access? That's where authorization comes in. Once authentication confirms who you are, authorization determines what you are allowed to do. Sticking with the driver's license analogy, you've shown your license and proven your identity, but that doesn't mean that you can drive anything anywhere. Your license class might let you drive a car, not a motorcycle or a truck. It might be valid in your country, but not in others. Similarly, in IT systems, authorization defines what actions you can take and on which resources. This is usually controlled by policies and roles assigned to your identity. It ensures that users or services only get access to the things they are explicitly allowed to interact with. 12:34 Nikita: How can organizations ensure secure access across their systems, especially when managing multiple users and resources?  Orlando: Identity and Access Management governs who can do what in our systems. Individually, authentication verifies identity and authorization grants access. However, managing these processes at scale across countless users and resources becomes a complex challenge. That's where Identity and Access Management, or IAM, comes in. IAM is an overarching framework that centralizes and orchestrates both authentication and authorization, along with other critical functions, to ensure secure and efficient access to resources.  13:23 Lois: And what are the key components and methods that make up a robust IAM system? Orlando: User management, a core component of IAM, provides a centralized Identity Management system for all user accounts and their attributes, ensuring consistency across applications. Key functions include user provisioning and deprovisioning, automating account creation for new users, and timely removal upon departure or role changes. It also covers the full user account lifecycle management, including password policies and account recovery. Lastly, user management often involves directory services integration to unify user information. Access management is about defining access permissions, specifically what actions users can perform and which resources they can access. A common approach is role-based access control, or RBAC, where permissions are assigned to roles and users inherit those permissions by being assigned to roles. For more granular control, policy-based access control allows for rules based on specific attributes. Crucially, access management enforces the principle of least privilege, granting only the minimum necessary access, and supports segregation of duties to prevent conflicts of interest. For authentication, IAM systems support various methods. Single-factor authentication, relying on just one piece of evidence like a password, offers basic security. However, multi-factor authentication significantly boosts security by requiring two or more distinct verification types, such as a password, plus a one-time code. We also have biometric authentication, using unique physical traits and token-based authentication, common for API and web services. 15:33 Lois: Orlando, when it comes to security, it's not just about who can access what, but also about keeping track of it all. How does auditing and reporting maintain compliance? Orlando: Auditing and reporting are essential for security and compliance. This involves tracking user activities, logging all access attempts and permission changes. It's vital for meeting compliance and regulatory requirements, allowing you to generate reports for audits. Auditing also aids in security incident detection by identifying unusual activities and providing data for forensic analysis after an incident. Lastly, it offers performance and usage analytics to help optimize your IAM system.  16:22 Nikita: That was an incredibly informative conversation. Thank you, Sergio and Orlando, for sharing your expertise with us. If you'd like to dive deeper into these concepts, head over to mylearn.oracle.com and search for the Cloud Tech Jumpstart course. Lois: I agree! This was such a great conversation! Don't miss next week's episode, where we'll continue exploring key security concepts to help organizations operate in a scalable, secure, and auditable way. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 16:56 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.  

Send us a textWe explore why most breaches are identity failures and how to flip the model with hardware-backed, device-bound credentials that never move. Jason shares global threat trends, startup lessons, and a blueprint for preventing credential theft across people, agents, and machines.• life on the road, burnout signals and recovery• global threats to critical infrastructure and state actor pressure• startup culture, expectations and keeping teams healthy• Jason's path through engineering to entrepreneurship• identity's failure modes and why credentials are stolen• asymmetric, hardware-bound authentication and device posture• extending identity to agents, drones and satellites• cyber-physical risk and why finance invests heavily• identity as the universal control plane in cloud• practical steps to prevent session hijack and MFA fatigueConnect with Jason: “Hit me up on LinkedIn… our website, beyondidentity.com… even X”Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Welcome to Episode 35 of Season 4 of The Vaguely Vaping Related Podcast. In this episode, we talk about Jimmy's ankle, and Dave's Norovirus. Both slightly more interesting than Chandler's trip to Alton Towers. We also talk about vape stuff too. ThunderCloud X Infinite Modz Hyperion V2 Mech Mod https://ecigone.co.uk/products/thundercloud-x-infinite-modz-hyperion-v2-mech-mod NUGG RBA for Orion II By 909 Modify https://www.custom-vapes.co.uk/product/nugg-rba-for-orion-ii-by-909-modify/ OneOrion RBA By Sturdy MFG https://www.custom-vapes.co.uk/product/oneorion-rba-by-sturdy-mfg/ LVE Orion II Pro Pod Kit https://www.custom-vapes.co.uk/product/lve-orion-ii-pro-pod-kit/ Enjoy Chandler, Jimmy & Dave

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

Ryan Carson (ex-Treehouse, Intel; now Builder-in-Residence at Sourcegraph's AMP) shares his origin story and a practical playbook for shipping software with AI agents. We cover why “tokens aren't cheap,” how AMP made pro-level coding free via developer ads, a concrete workflow (PRD → atomic dev tasks → agent execution with self-tests), and why managers should spend time as ICs “managing AI.” We close with advice for raising AI-native kids and a perspective on this moment in tech (think integrated circuit–level shift).Timestamps00:00 – The beginning of intelligence: how LLMs changed Ryan's view of computing00:23 – Apple IIe → Turbo Pascal → Computer Science: the maker bug bites03:20 – DropSend: early SaaS, Dropbox name clash, first acquisition04:30 – Treehouse: teaching coding without a CS degree; $20M raised, acquired in 202105:02 – The “bigger than a computer” moment: discovering LLMs06:15 – Joining Intel: learning GPUs and the scale of silicon (“my adult internship”)07:09 – Building an AI divorce assistant → joining AMP as Builder-in-Residence09:38 – AMP vs ChatGPT/Claude/Cursor: agentic coding with contextual developer ads11:09 – Token economics: why AI isn't really cheap17:27 – Frontier vs Flash models (Sonnet 4.5 vs Gemini 2.5) — how costs scale21:31 – Private startup: vertical AI for specialized domains22:36 – The new wave of small, vertical AI businesses23:01 – Live demo: building a news app end-to-end with AMP28:18 – How to plan like a pro: write the PRD before you build30:02 – “Outsource the work, not your thinking.”32:28 – Turning PRDs into atomic tasks (1.0, 1.1…)35:50 – Competing in an AI world = planning well36:28 – Managers should schedule IC time to “manage AI”37:14 – Designing feedback loops so agents can test themselves39:47 – “AI lied to me”: why verifiable tests matter41:11 – Raising AI-native kids: build trust, context, and agency43:59 – “We're living in the integrated circuit moment of intelligence.”Tools & Technologies MentionedAMP (Sourcegraph) – Agentic coding tool/IDE copilot that plans, edits, and ships code. Now offers a high-end, ad-supported free tier; ads are contextual for developers and don't influence code outputs.Sourcegraph (Code Search) – Parent company; enterprise code intelligence/search.ChatGPT / Claude – General-purpose LLM assistants commonly used alongside coding agents.Cursor / Windsurf – AI-first code editors that integrate LLMs for completion and refactors.Bolt / Lovable – Text-to-app builders for rapid prototyping from prompts.WhisperFlow / SuperWhisper – Voice-to-text tools for fast prompting and dictation.Anthropic Sonnet 4.5 – Frontier-grade reasoning/coding model; powerful but pricier per token.Google Gemini 2.5 Flash – Fast, lower-cost model; “good enough” for many workloads.Auth0 (example) – Authentication-as-a-service mentioned as a contextual ad use case.GPUs / TPUs – Compute for training/inference; token cost drivers behind AI pricing.PRD + Atomic Tasks Workflow – Ryan's method: record spec → generate PRD → expand to dot-notated tasks → let the agent implement.Self-testing Scripts – Ask agents to generate runnable tests/health checks and loop until passing to reduce back-and-forth and prevent “it passed” hallucinations.Family ChatGPT Accounts – Tip for raising AI-native kids; teach sourcing, context, and trust calibration.Subscribe at⁠ thisnewway.com⁠ to get the step-by-step playbooks, tools, and workflows.

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

There are many ways to frame conversations around cyber security. They can take on many aspects of security, ranging across the technical to the human. With the press towards platform consolidation, it's critical to reconsider the interaction between the human and technical elements and research director Scott Crawford and Javvad Malik, CISO advisor at KnowBe4, join host Eric Hanselman to dig into this important interplay. It's all too easy to fall into security practices that focus on technical requirements and don't account for the friction that is created for the people who use them. It's also easy to drop into a mindset that better security is just a matter of user education. Effective security requires thinking about user experience, as well as technical controls. Authentication is one of the most frequently experienced security interactions and also one where a technical focus can have the highest impact on the people using. Authentication happens often and is also a key element in securing IT environments. The push to multifactor authentication, for example, is an important step in security enforcement and can require a significant change in how people interact with the systems that support their daily lives. A wholistic approach to security can help teams move beyond the frustrating cycle of user training and shift to collaborative security implementations. More S&P Global Content: The evolution of security platforms – 6 centers of gravity shaping the market AI for security: Agentic AI will be a focus for security operations in 2025 From KnowBe4: The Hidden Cybersecurity Threat: Securing the Human-AI Relationship For S&P Global Subscribers: Security for agentic AI: Key areas of focus Worlds colliding: Uniting proactive and reactive security Identity & Access Management Market Monitor & Forecast Beyond ITDR: Viewing identity security through a wider lens Credits: Host/Author: Eric Hanselman Guests: Scott Crawford, Javvad Malik Producer/Editor: Feranmi Adeoshun Published With Assistance From: Sophie Carr, Kyra Smith

How is the transition to passkeys going in 2025?

Video version of this episode is here TakeawaysJosh Horwitz is a serial entrepreneur with a focus on cybersecurity.Bootstrapping businesses can lead to successful exits without external funding.Product-market fit is crucial for entrepreneurial success.Validating product ideas through low-cost market testing is essential.Credential stuffing is a significant threat in cybersecurity.Innovative solutions can turn attack vectors into defensive strategies.The future of authentication is moving towards passwordless solutions.User experience must be balanced with security measures.Adaptive security is becoming increasingly important in technology.Understanding customer needs is vital for product development. Chapters00:00 Introduction to Entrepreneurship and Background02:42 Bootstrapping and Product-Market Fit09:29 Cybersecurity Landscape and Credential Stuffing14:57 The Future of Passwords and Authentication22:49 Balancing Business Needs with User Experience

As I'm building yet another software service business after having built and sold one back in 2019, I keep wrestling with a fundamental question that might sound simple but has profound implications: What do I actually own in this business?This episode of The Bootstraped Founder is sponsored by Paddle.comThe blog post: https://thebootstrappedfounder.com/the-ownership-paradox-what-do-you-really-control-in-your-software-business/The podcast episode: https://tbf.fm/episodes/416-the-ownership-paradox-what-do-you-really-control-in-your-software-businessCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

professorjrod@gmail.comEver wonder what happens behind the scenes when you tap "Login" on your favorite app? Authentication is the invisible guardian standing between your personal data and potential attackers, and it's more sophisticated than you might think.Authentication systems rely on three critical principles: Confidentiality keeps your credentials private, Integrity ensures no one can fake their way past security, and Availability guarantees you can access your accounts when needed. These principles form the foundation of digital security across every platform you use.The strongest protection comes from combining multiple authentication factors. Your passwords represent "something you know," while those codes texted to your phone verify "something you have." Fingerprint and facial recognition add "something you are" to the equation. When companies layer these factors together, they create robust security that can stop 99% of automated attacks according to Microsoft research.Despite advances in authentication technology, passwords remain the primary defense for most accounts. Security experts now recommend longer passphrases over complex combinations with special characters. A memorable phrase like "Purple Dungeon eats pizza at noon!" creates a formidable 27-character barrier against brute force attacks. Password managers have become essential tools for generating and storing unique credentials for each service, protecting against credential stuffing attacks where hackers try stolen login information across multiple sites.Beyond basic authentication lies the world of access control – determining what you can do once your identity is verified. Modern systems implement various models from Discretionary Access Control to Attribute-Based Access Control, applying the principle of least privilege to minimize potential damage from compromised accounts or insider threats.Ready to strengthen your digital security? Start by enabling multi-factor authentication on your critical accounts today. Consider using a password manager to generate strong, unique passwords for each site. Remember that authentication isn't just about keeping the bad guys out – it's about protecting what matters most to you online.The Dom Sub Living BDSM and Kink PodcastCurious about Dominance & submission? Real stories, real fun, really kinky.Listen on: Apple Podcasts SpotifySupport the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

In this episode of the Ardan Labs Podcast, Bill Kennedy talks with Jasson Casey, CEO and co-founder of Beyond Identity, about modern cybersecurity. Jasson shares his journey from early interests in technology and networking to leading startups and building products that address today's security challenges. They explore the evolution of authentication, the need for hardware-backed identity systems, the realities of insider threats, and how cultural and customer insights shape better security solutions.00:00 Introduction00:30 What is Jasson Doing Today?7:00 Fundamentals of Security15:30 First Memory of a Computer22:00 Interest in Physics 36:00 Working in College43:00 Joining a Startup50:00 Becoming a Product Manager at 2158:30 Culture Shock 1:03:20 Moving to Executive Roles1:10:00 Starting Beyond Identity1:19:00 Monitoring Threats1:34:00 Contact InfoConnect with Jasson: Linkedin: https://www.linkedin.com/in/jassoncasey/X: https://x.com/jassoncaseyMentioned in this Episode:Beyond Identity: https://www.beyondidentity.com/Want more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

Deepak Dutt, founder of Zighra, reveals how continuous behavioral authentication is changing the game—from stopping $200M fraud schemes to securing military operations. Deepak: https://www.linkedin.com/in/deepakdutt/ Zighra: https://zighra.com/ Jon: https://www.linkedin.com/in/jon-mclachlan Sasha: https://www.linkedin.com/in/aliaksandr-sinkevich YSecurity: https://www.ysecurity.io

“Noncompliance isn't just risky—it can mean lost licenses, lost trust, and lost business,” says Joe Garner of dmarcian. At the MSP Summit in Orlando, Doug Green, Publisher of Technology Reseller News, caught up with Garner and colleague Billy Muldoon to discuss why DMARC—the standard for authenticating email—should be a top priority for MSPs and their clients. Founded by Tim Draegen, the primary author of DMARC, dmarcian's mission is to spread adoption of the open standard across the email ecosystem. DMARC builds on earlier protocols (SPF and DKIM) by providing visibility, daily reports, and strong policy enforcement—giving organizations the ability to stop phishing and spoofing attacks at the domain level. For MSPs, the opportunity is clear: DMARC not only protects customer brands but also creates billable project work and recurring revenue streams. By moving client domains from “none” to “reject” policies, MSPs can deliver compliance, reduce support tickets, and demonstrate measurable value. Muldoon emphasized that while AI dominates industry headlines, DNS and email remain critical points of vulnerability. “Email is still the biggest attack vector,” he said. “MSPs can't overlook DMARC—it's both a defensive necessity and a revenue opportunity.” With Google, Yahoo, and now Microsoft requiring DMARC alignment for bulk senders, enterprises must act or risk delivery failures. dmarcian provides MSPs with the tools to visualize mail streams, track compliance, and guide customers through the journey to strong DMARC policies. Learn more at dmarcian.com.

Show #2489 Show Notes: Communion Verses: Hebrews 9:20-28: https://www.biblegateway.com/passage/?search=Hebrews%209%3A%2020-28%20&version=KJV Matthew 26:26-29: https://www.biblegateway.com/passage/?search=Matthew%2026%3A26-29&version=KJV Find Rick: https://c2kreport.com/

Galatians 6:11 Thanks to everyone who supports TMBH at patreon.com/thetmbhpodcast You're the reason we can all do this together! Discuss the episode here Music by Jeff Foote

FaceTec is so confident in its face verification technology that it launched a Spoof Bounty Program to challenge anyone to bypass its system with a Spoof artifact or deepfake video. Bounties are a practice common among top security firms but unique in the biometric industry. Jay Meier, Chief Identity Technology Strategist, notes that the program attracted 150,000 attack attempts, with only two minor successes in the first six months, both quickly resolved.In our video interview with Meier, he explains FaceTec's advanced face-matching system, highlighting its precision and critical role in industries like healthcare. Applications include verifying clinicians' identities for login, UR Codes for local, decentralized patient ID Verification authorizing prescriptions, and ensuring the correct patient receives medication.Learn more about FaceTec: https://www.facetec.com/Healthcare IT Community: https://www.healthcareittoday.com/

This conversation delves into the complexities of authentication in evidence law, focusing on the Federal Rules of Evidence, particularly Article IX. It explores the practical methods for authenticating evidence, the challenges posed by digital evidence, the critical role of chain of custody, and the implications of spoliation. The discussion also highlights the distinction between authentication and relevance, the standards for expert testimony, and provides practical guidance for law students preparing for exams and legal practice.TakeawaysAuthentication is crucial for establishing the reliability of evidence.The judge's role is to determine if evidence can be considered by a jury.Rule 901 outlines the basic requirements for authentication.Digital evidence presents unique challenges due to its manipulability.Chain of custody is essential for maintaining evidence integrity.Spoliation can lead to severe legal consequences.Relevance and authentication are distinct legal hurdles.Expert testimony must meet specific admissibility standards.Law students should anticipate authentication objections in court.Understanding the evolving nature of evidence law is vital for legal professionals.authentication, evidence law, Federal Rules of Evidence, digital evidence, chain of custody, spoliation, relevance, expert testimony, law students, legal practice

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe core principles of cybersecurity aren't just theoretical concepts—they're the practical foundation every security professional needs to master. In this deep-dive episode, Sean Gerber breaks down the critical components of Domain 1.2 of the CISSP exam, unpacking confidentiality, integrity, availability, authenticity, and non-repudiation in clear, actionable terms.Starting with breaking news about Microsoft ending Windows 10 support on October 14th, Sean highlights the urgent security implications for organizations still running this widely-embedded operating system. He emphasizes the importance of comprehensive inventory management—especially for IoT devices that may contain embedded Windows components—and the available extension options for critical systems.The heart of the episode delivers a comprehensive exploration of the CIA triad. Sean walks through each element with real-world examples: confidentiality through encryption and access controls; integrity via change management and validation processes; and availability through redundant systems and business continuity planning. But he doesn't stop there. The discussion expands to cover the DAD triad (Disclosure, Alteration, Destruction) which helps identify security failures, and the AAA framework (Authentication, Authorization, Accounting) that provides essential security controls.What makes this episode particularly valuable is Sean's practical advice drawn from 25 years of cybersecurity experience. He emphasizes the importance of defense-in-depth strategies, network segmentation, and prioritizing critical systems rather than attempting to fix everything at once—"eating the elephant one toenail at a time." His methodical approach helps listeners understand not just the concepts themselves, but how to implement them effectively in real-world environments.Whether you're preparing for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the foundational knowledge and practical strategies you need. Visit CISSP Cyber Training for free study materials, practice questions, and mentoring options to accelerate your cybersecurity career.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren't bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we've learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress, especially when it comes to architecture and the potential for plugin-related vulnerabilities. Despite recent issues, we think the original design of Power Pages deserves credit for holding up well over time. References Power Pages security | Microsoft Learn Tip #1407: How to secure Power Apps portal from making the news - Power Platform & Dynamics CRM Tip Of The Day Engineered Code - Blog - Power Pages: Another “Leak” https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/ https://www.cnn.com/2021/08/24/tech/data-leak-microsoft-upguard/index.html   https://www.upguard.com/breaches/power-apps Get in touch voice@crm.audio Nick Hayduk @Engineered_Code George Doubinski @georgedude

The Textile Innovation Podcast speaks with MeiLin Wan, founder and CEO of GenuTrace.The US-based consulting business provides advisory services in supply chain traceability, brand protection and product authentication. Using multi-proof point technology, from forensic testing to digital tools, companies can back up sustainability claims with science-based evidence. Wan explains how GenuTrace partners with brands, producers, suppliers, and industry stakeholders to build supply chain integrity through collaboration, scientific verification, and strategic traceability. She also delves into what traceability means and how it differs to transparency. During the episode Wan unpacks GenuTrace's key question: If you claim it, can you prove it? She details some of the tests that the consultancy undertakes, such as stable isotope methodology to prove origin claims, for example that cotton is from Pakistan. She also touches upon the power of digital tools including blockchain, QR codes, product passports to help collect and share supply chain data in real time.For more information, please visit genutrace.com. You can listen to the episode above, or via Spotify and Apple Podcasts. To discuss any of our topics, get in touch by following and connecting with WTiN in LinkedIn, or email aturner@wtin.com directly. To explore sponsorship opportunities, please email sales@wtin.com.

Lisa and Amy are revisiting one of their personal property specific episodes in today's Summer Throwback.

Host Paul W. Grimm continues his conversation with Professor Maura R. Grossman on the legal system's growing challenges with generative AI and deepfakes. They explore how AI-generated images, video, and audio differ from traditional fakes—and why they present unique evidentiary challenges and ethical problems for lawyers and judges. They also discuss the legal implications of the “liar's dividend,” the psychological impact of AI-generated evidence on juries, and potential updates to the Federal Rules of Evidence. In the absence of new rules dealing with AI evidence, they explain how early case management, protective orders, and Rules 403 and 901 can address a few of these challenges.ADDITIONAL RESOURCESGrossman, Grimm & Coglianese "AI in the Courts: How Worried Should We Be?" (Judicature)This Judicature article offers a discussion of the pros and cons of AI in the legal profession following the rise of ChatGPT and other large language models (LLMs).Federal Rules of Evidence – In particular, this episode focuses on:Rule 104(a) & (b): Preliminary vs. conditional relevanceRule 403: Exclusion of prejudicial evidenceRule 901: Authentication of evidenceRule 702: Expert testimony ABOUT THE HOSTJudge Paul W. Grimm (ret.) is the David F. Levi Professor of the Practice of Law and Director of the Bolch Judicial Institute at Duke Law School. From December 2012 until his retirement in December 2022, he served as a district judge of the United States District Court for the District of Maryland, with chambers in Greenbelt, Maryland. Click here to read his full bio.

Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:"⁠Global Cyber Alliance's Phil Reitinger talks DMARC adoption⁠" “Global Cyber Alliance's Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018

From SAML to OAuth to FIDO2 to passwordless promises, we unpack what's working—and what's broken—in the world of identity and authentication. Today on the Packet Protector podcast, we're joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about authorization... Read more »

From SAML to OAuth to FIDO2 to passwordless promises, we unpack what's working—and what's broken—in the world of identity and authentication. Today on the Packet Protector podcast, we're joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about authorization... Read more »

Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:"⁠Global Cyber Alliance's Phil Reitinger talks DMARC adoption⁠" “Global Cyber Alliance's Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018 Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Q&A Quest, we discuss Shadow Labyrinth. We also continuing talking about the joy that is Donkey Kong Bananza. The post Episode 407: Proxy Authentication Required – Q&A Quest appeared first on RPGamer.

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

This episode of Wrist Check Podcast, brought to you by luxury watch marketplace Bezel, dives deep into the numbers behind the wrist game. Perri and Rashawn break down the latest Bezel Report, revealing how buyers and sellers are shaping the market—from the most in-demand metals to which eras of iconic models are rising or falling in favor. They also explore the growing concern around counterfeits, surprising brand sell-outs, and what collectors are really asking for. Tune in for an insightful, data-driven conversation, layered with real-world anecdotes from the community.Powered by @getbezel Shop 20,000+ watches at getbezel.com, and Download the Bezel app at download.getbezel.com⁠⁠⁠⁠⁠⁠⁠⁠SUBSCRIBE⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to get the latest Wrist Check Pod content ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Follow us on instagram⁠⁠⁠Chapters00:00 - Intro01:21 - Rashawn's Wrist Check03:26 - Perri's Wrist Check08:27 - What Is The Bezel Report10:28 - Authentication vs Rejection Rates12:02 - Counterfeit Watches16:08 - Rejections By Brand20:30 - Identifying Fake Watches25:53 - Requests By Brand33:41 - Sales By Brand 40:12 - Most Requested Decades For Watches46:19 - Sales By Case Size51:25 - Sales By Case Material55:29 - Tariffs Impact57:16 - Summary01:03:27 - Outro

“The simple believe everything, but the prudent give thought to their steps.” — Proverbs 14:15In an age where scams are becoming more sophisticated by the day, Scripture reminds us that discernment isn't optional—it's essential. As believers, protecting the resources God has entrusted to us is more than a practical concern—it's an act of stewardship. Here's how you can guard your finances with wisdom, not fear.Scams Are Everywhere—But So Is WisdomFraudsters use every channel available: phone calls, text messages, emails, and even impersonations of people you trust. But as followers of Christ, we're not called to panic. We're called to walk in wisdom (Ephesians 5:15). That begins with slowing down and thinking critically.Pause before you respond. Scammers rely on urgency. If someone pressures you to act immediately—whether claiming your account is locked or your money is at risk—take a step back. Hang up. Verify the source independently. Urgency is often a red flag. Avoid untraceable payments. No legitimate organization will ask for payment via wire transfer or gift cards. These are the preferred tools of scammers because they're nearly impossible to recover.Practical Steps for Digital ProtectionFinancial stewardship now includes digital awareness. Here are practical ways to protect yourself and your family:Use credit cards, not debit cards, for online purchases. Credit cards usually come with stronger fraud protection. Enable two-factor authentication (2FA) on all your financial accounts. Even if a scammer gets your password, they can't access your account without a second form of verification. Don't reuse passwords. Use a secure password manager, such as Bitwarden or NordPass, to create and store strong, unique passwords. Set up account alerts. Most banks allow you to monitor activity in real-time, giving you a heads-up if something unusual occurs. Freeze your credit. It's free to do and offers one of the best defenses against identity theft. You can always unfreeze it temporarily when needed. Avoid public Wi-Fi for financial transactions. Wait until you're on a secure network or at home to check your bank accounts or make purchases. Limit what you share on social media. Personal details, such as birthdays or family names, can be used to guess passwords or security questions. Adjust your privacy settings and post wisely. Shred sensitive documents before discarding them. Even in the digital age, identity thieves still dig through trash. Don't click on unfamiliar links, even if they appear to come from someone you know. When in doubt, contact the person or organization directly for clarification.Stewarding Wisdom in CommunityScammers often target the vulnerable, particularly older adults and teenagers. So make this a shared effort. Discuss online fraud with your family. Equip them with knowledge. If you receive a letter or email about identity protection following a data breach, verify it by contacting the company directly, rather than through the provided link or number.Financial faithfulness today includes digital vigilance. But there's no need for fear. By taking these simple steps, you can walk confidently, knowing you're stewarding God's resources with care.A Tool for Wise Stewardship: The FaithFi AppLooking for a practical way to manage your money with wisdom and peace of mind? The FaithFi app is a secure tool that helps you track your spending, plan your giving, and align your finances with biblical values. With 256-bit encryption, your data is protected, and your login credentials are never stored. FaithFi Pro users also receive exclusive articles, digital devotionals, and daily encouragement.Visit FaithFi.com and click “App” or search “FaithFi” in your app store to get started today.Steward your finances wisely. Protect what God has entrusted to you. And walk in peace, not panic.On Today's Program, Rob Answers Listener Questions:My 14-year-old son just started his first full-time summer job, working around 37 to 40 hours a week. I'd like to help him get started with investing and am considering opening a Roth IRA in his name. What's the best way to set that up, and where should we go to open the account?We're debt-free and recently bought a home. Our current vehicle is paid off, but we're thinking about adding a second car with a monthly payment of around $500. I'm a little uneasy about the added expense. How can we determine if this is a wise financial move for us at this time?Resources Mentioned:Faithful Steward: FaithFi's New Quarterly Magazine (Become a FaithFi Partner)The Money Challenge for Teens: Prepare for College, Run from Debt, and Live Generously by Dr. Art RainerThe Finish Line PledgeSchwab Intelligent Portfolios | BettermentBitwarden | NordPassWisdom Over Wealth: 12 Lessons from Ecclesiastes on MoneyLook At The Sparrows: A 21-Day Devotional on Financial Fear and AnxietyRich Toward God: A Study on the Parable of the Rich FoolFind a Certified Kingdom Advisor (CKA) or Certified Christian Financial Counselor (CertCFC)FaithFi App Remember, you can call in to ask your questions most days at (800) 525-7000. Faith & Finance is also available on the Moody Radio Network and American Family Radio. Visit our website at FaithFi.com where you can join the FaithFi Community and give as we expand our outreach.

Episode Title: Market Resilience, Counterfeit Realities, and the Future of Authentication with Perry Nguyen of Check Check Show Notes: In this episode, I'm joined by Perry Nguyen with Check Check, a cutting-edge digital authentication platform reshaping the luxury resale landscape. Our conversation explores the parallels between nature's most resilient species and the dynamic, ever-evolving global marketplace, particularly the explosive growth of luxury resale and the counterfeit economy. Perry shares how Check Check leverages a global team of expert authenticators to verify high-value goods, including sneakers, designer items, and collectibles. With the rise of “super fakes” and consumer trust hanging in the balance, Perry explains why real-time, mobile-first authentication is no longer a luxury—it's a necessity. We dig into Perry's fascinating career journey—from scaling a cannabis startup from zero to $11M in sales, to lobbying Congress (cowboy hat and all) in support of a groundbreaking antifungal vaccine for animals. His background in the music industry also adds a creative twist to his leadership style, which I found incredibly relatable. Perry also opens up about joining Check Check just 12 months ago and partnering with co-founders Arnold Luck and Eddie Abramov to scale their sneaker authentication platform into a robust enterprise solution. With over 3.3 million app downloads and 2.2 million items authenticated, they're redefining trust in the secondary market. We wrap the conversation with a look at global expansion—including a powerful new partnership with India's Culture Kicks—and discuss how APIs and mobile tech are driving the next phase of authentication for streetwear and luxury resale. I even encouraged my brother to download the app—because if you're going to invest in high-value items, you need to make sure they're the real deal. And yes, I even share a story about tracking down an elusive 90s rock vocalist named Kurt, plus what my cousin's DIY guitar pedal business taught me about creative frustration, innovation, and self-determination in leadership.

This episode is sponsored by Trusona. Visit trusona.com/idac to learn more.In this episode of the Identity of the Center podcast, Jeff and Jim discuss identity verification challenges with Ori Eisen, the founder and CEO of Trusona. The conversation explores the problems surrounding help desk authentication and how Trusona's new product, ATO Protect, aims to address these issues by confirming caller identities, even in scenarios involving social engineering and advanced AI threats. Ori explains the technology behind document scanning, data triangulation, and geolocation to validate identities. The episode also includes an intriguing hack challenge for listeners to test the robustness of Trusona's solutions. Check out the detailed demo on Trusona's website and join the challenge!Timestamps00:00 Introduction and Episode Excitement01:16 Introducing the Guest: Ori Eisen from Trusona02:11 The Problem with Passwordless Authentication03:53 The Rise of Gen AI and Its Impact on Security04:51 Understanding ATO Protect and Its Importance16:10 How ATO Protect Works: A Step-by-Step Guide27:51 The Puppeteering Scam Unveiled28:24 Fingerprinting the Fraudsters29:11 Real-Time Fraud Detection Demo29:42 Challenges in Penetration Testing30:08 Combating Man-in-the-Middle Attacks30:41 The Ultimate Security Challenge33:44 Verifying Caller Identity41:24 Future Threats in Cybersecurity42:10 AI: The Double-Edged Sword49:08 Issuing the Hack Challenge52:45 Conclusion and Final ThoughtsConnect with Ori: https://www.linkedin.com/in/orieisen/Learn more about Trusona: https://www.trusona.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Trusona, Ori Eisen, Identity Verification, Help Desk Security, Service Desk, Passwordless, Authentication, KBA, Knowledge-Based Authentication, Cybersecurity, Identity and Access Management, IAM, Multi-Factor Authentication, MFA, Zero Trust, Identity Proofing#IDAC #Trusona #Passwordless #Cybersecurity #IdentityManagement #HelpDesk #ZeroTrust

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In which the NetHeads talk about the latest and greatest in tech, pop culture, superhero stuff, and 3D printing. Plus, finally hear Tony's THUNDERBOLTS review here on NETHEADS. Enjoy hearing a show fall completely apart because honestly it was rushed. Also sorry for the delay on publishing, I waited until after I got back from vacation.

Itai Turbahn is Co-Founder and CEO of Dynamic (https://www.dynamic.xyz), a Web3 authentication platform that simplifies wallet-based login and onboarding through a flexible SDK, combining authentication, smart wallets, and secure key management. Itai shares his journey from product management leadership roles and consulting at the Boston Consulting Group to co-founding Dynamic, a company backed by a16z crypto, Founders Fund, and others. He discusses how Dynamic's growth, milestones, including sponsoring six major hackathons, supporting 400 teams, and powering millions of monthly user logins, has advanced Web3 adoption. Itai dives into the platform's role in simplifying developer workflows, enhancing user onboarding with features like social logins and Global Identities, and his vision for a more intuitive crypto future where wallet infrastructure empowers seamless cross-chain interactions.

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into the intricacies of Entra External ID, a customer identity and access management solution. They discuss the importance of security considerations in application development, the risks associated with customer-facing technologies, and the need for effective authentication methods. The conversation also touches on international revenue share fraud and the implementation of authentication context to enhance security measures. The episode concludes with insights on external authentication methods and their integration into existing systems, emphasizing the collaborative nature of cybersecurity.----------------------------------------------------YouTube Video Link: https://youtu.be/SKxShnv6z3I----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/entra/architecture/deployment-external-operationshttps://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-external-method-manage----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to implement security controls can have unintended consequences and introduces risk that may or may not be considered. This is followed by research from SquareX that claims Browser AI Agents are riskier and easier to target than employees. This results in opinions on phishing and protections against consumer/business targeting by attackers.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have a realistic, high impact action for you to take today to boost your practice security: set up two-factor authentication (2FA).  We discuss: What 2FA is and why it's so useful Where we recommend having 2FA set up How Google Authenticator works for 2FA and why we love it How to set up and use Google Authenticator Action steps to take today to boost practice security with 2FA Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources

Jack Friks (@jackfriks) is the founder of PostBridge, a social media scheduling tool that grew from his own frustration with spending hours posting across platforms to a $18k/month business. We explore the evolution of social media toward authenticity, the challenges of building lean products as a solopreneur, and how to navigate the noise while maintaining a genuine human connection in an AI-driven world.The blog post: https://thebootstrappedfounder.com/jack-friks-building-tools-that-empower-without-overwhelming/ The podcast episode: https://tbf.fm/episodes/396-jack-friks-building-tools-that-empower-without-overwhelmingCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

On this episode, I provide an update on the recent Windows updates and report of an issue caused by one of the updates. I cover some new enhancements from OpenAI, the culmination of a 4 year study into remote work and more! Reference Links: https://www.rorymon.com/blog/microsoft-365-authentication-issues-danish-agency-to-ditch-office-june-update-issue/

Here's a payments conundrum for you: We now have more ways to authenticate access to an online account or app than ever before. And yet, account takeover (ATO) - basically unauthorized access to an account - is at record levels. In this episode, Glenbrook's Yvette Bohanan and Chris Uriarte are joined by Rocky Scales, CEO of IDgo, to explore this multifaceted problem.  Tune in as they discuss the vulnerabilities in authentication techniques, the need for better consumer education, and how financial institutions and businesses can implement more secure and user-friendly authentication systems to counteract evolving threats from sophisticated fraud methods. 

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Back by popular demand, Mike and Jesse begin the show by ripping packs of cards (00:00). Then, the guys discuss Walmart's role in the hobby, and the top 10 greatest Yankees of all time, before Jesse questions why all these women want to go on dates with Troy. After that, Upper Deck president Jason Masherah joins the show to talk about some bad apples in the breaking industry, the future of authentication and grading, and innovation in the hobby (28:52). And to round out the show, the guys open the mailbag (56:24). Hosts: Jesse Gibson and Mike GioseffiGuest: Jason MasherahProducer: Troy Farkas Learn more about your ad choices. Visit podcastchoices.com/adchoices

API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.