POPULARITY
Categories
API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “Mr. Robot Hack - Password Cracking - Episode 1.” YouTube Video. YouTube, September 21, 2016.
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “Mr. Robot Hack - Password Cracking - Episode 1.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices
GoldenGate 23ai takes security seriously, and this episode unpacks everything you need to know. GoldenGate expert Nick Wagner breaks down how authentication, access roles, and encryption protect your data. Learn how GoldenGate integrates with identity providers, secures communication, and keeps passwords out of storage. Understand how trail files work, why they only store committed data, and how recovery processes prevent data loss. Whether you manage replication or just want to tighten security, this episode gives you the details to lock things down without slowing operations. Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Welcome, everyone! This is our fourth episode on Oracle GoldenGate 23ai. Last week, we discussed the terminology, different processes and what they do, and the architecture of the product at a high level. Today, we have Nick Wagner back with us to talk about the security strategies of GoldenGate. 00:56 Lois: As you know by now, Nick is a Senior Director of Product Management for GoldenGate at Oracle. He's played a key role as one of the product designers behind the latest version of GoldenGate. Hi Nick! Thank you for joining us again. Can you tell us how GoldenGate takes care of data security? Nick: So GoldenGate authentication and authorization is done in a couple of different ways. First, we have user credentials for GoldenGate for not only the source and target databases, but also for GoldenGate itself. We have integration with third-party identity management products, and everything that GoldenGate does can be secured. 01:32 Nikita: And we must have some access roles, right? Nick: There's four roles built into the GoldenGate product. You have your security role, administrator, operator, and user. They're all hierarchical. The most important one is the security user. This user is going to be the one that provides the administrative tasks. This user is able to actually create additional users and assign roles within the product. So do not lose this password and this user is extremely important. You probably don't want to use this security user as your everyday user. That would be your administrator. The administrator role is able to perform all administrative tasks within GoldenGate. So not only can they go in and create new extracts, create new replicats, create new distribution services, but they can also start and stop them. And that's where the operator role is and the user role. So the operator role allows you to go in and start/stop processes, but you can't create any new ones, which is kind of important. So this user would be the one that could go in and suspend activity. They could restart activity. But they can't actually add objects to replication. The user role is really a read-only role. They can come in. They can see what's going on. They can look at the log files. They can look at the alerts. They can look at all the watches and see exactly what GoldenGate is doing. But they're unable to make any changes to the product itself. 02:54 Lois: You mentioned the roles are hierarchical in nature. What does that mean? Nick: So anything that the user role does can be done by the operator. Anything that the operator and user roles can do can be done by the administrator. And anything that the user, operator, and administrator roles do can be done by the security role. 03:11 Lois: Ok. So, is there a single sign-on available for GoldenGate? Nick: We also have a password plugin for GoldenGate Connections. A lot of customers have asked for integration with whatever their single sign-on utility is, and so GoldenGate now has that with GoldenGate 23ai. So these are customer-created entities. So, we have some examples that you can use in our documentation on how to set up an identity provider or a third-party identity provider with GoldenGate. And this allows you to ensure that your corporate standards are met. As we started looking into this, as we started designing it, every single customer wanted something different. And so instead of trying to meet the needs for every customer and every possible combination of security credentials, we want you to be able to design it the way you need it. The passwords are never stored. They're only retrieved from the identity provider by the plugin itself. 04:05 Nikita: That's a pretty important security aspect…that when it's time to authenticate a user, we go to the identity provider. Nick: We're going to connect in and see if that password is matching. And only then do we use it. And as soon as we detect that it's matched, that password is removed. And then for the extract and replicats themselves, you can also use it for the database, data source, and data target connections, as well as for the GoldenGate users. So, it is a full-featured plugin. So, our identity provider plugin works with IAM as well as OAM. These are your standard identity manager authentication methods. The standard one is OAuth 2, as well as OIDC. And any Identity Manager that uses that is able to integrate with GoldenGate. 04:52 Lois: And how does this work? Nick: The way that it works is pretty straightforward. Once the user logs into the database, we're going to hand off authentication to the identity provider. Once the identity provider has validated that user's identity and their credentials, then it comes back to GoldenGate and says that user is able to log in to either GoldenGate or the application or the database. Once the user is logged in, we get that confirmation that's been sent out and they can continue working through GoldenGate. So, it's very straightforward on how it works. There's also a nice little UI that will help set up each additional user within those systems. All the communication is also secured as well. So any communication done through any of the GoldenGate services is encrypted using HTTPS. All the REST calls themselves are all done using HTTPS as well. All the data protection calls and all the communication across the network when we send data across a distribution service is encrypted using a secure WebSocket. And there's also trail file encryption at the operating system level for data at REST. So, this really gives you the full level of encryption for customers that need that high-end security. GoldenGate does have an option for FIPS 140-2 compliance as well. So that's even a further step for most of those customers. 06:12 Nikita: That's impressive! Because we want to maintain the highest security standards, right? Especially when dealing with sensitive information. I now want to move on to trail files. In our last episode, we briefly spoke about how they serve as logs that record and track changes made to data. But what more can you tell us about them, Nick? Nick: There's two different processes that write to the trail files. The extract process will write to the trail file and the receiver service will write to the trail file. The extract process is going to write to the trail file as it's pulling data out of that source database. Now, the extract process is controlled by a parameter file, that says, hey, here's the exact changes that I'm going to be pulling out. Here's the tables. Here's the rows that I want. As it's pulling that data out and writing it to the trail files, it's ensuring that those trail files have enough information so that the replicat process can actually construct a SQL statement and apply that change to that target platform. And so there's a lot of ways to change what's actually stored in those trail files and how it's handled. The trail files can also be used for initial loads. So when we do the initial load through GoldenGate, we can grab and write out the data for those tables, and that excludes the change data. So initial loads is pulling the data directly from the tables themselves, whereas ongoing replication is pulling it from the transaction logs. 07:38 Lois: But do we need to worry about rollbacks? Nick: Our trail files contain committed data only and all data is sequential. So this is two important things. Because it contains committed data only, we don't need to worry about rollbacks. We also don't need to worry about position within that trail file because we know all data is sequential. And so as we're reading through the trail file, we know that anything that's written in a prior location in that trial file was committed prior to something else. And as we get into the recovery aspects of GoldenGate, this will all make a lot more sense. 08:13 Lois: Before we do that, can you tell us about the naming of trail files? Nick: The trail files as far as naming, because these do reside on the operating system, you start with a two-letter trail file abbreviation and then a nine-digit sequential value. So, you almost look at it as like an archive log from Oracle, where we have a prefix and then an affix, which is numeric. Same kind of thing. So, we have our two-letter, in this case, an ab, and then we have a nine-digit number. 08:47 Transform the way you work with Oracle Database 23ai! This cutting-edge technology brings the power of AI directly to your data, making it easier to build powerful applications and manage critical workloads. Want to learn more about Database 23ai? Visit mylearn.oracle.com to pick from our range of courses and enroll today! 09:12 Nikita: Welcome back! Ok, Nick. Let's get into the GoldenGate recovery process. Nick: When we start looking at the GoldenGate recovery process, it essentially makes GoldenGate kind of point-in-time like. So on that source database, you have your extract process that's going to be capturing data from the transaction logs. In the case of Oracle, the Oracle Database is actually going to be reading those transaction logs from us and passing the change records directly to GoldenGate. We call them an LCR, Logical Change Record. And so the integrated extract and GoldenGate, the extract portion tells the database, hey, I'm now going to be interested in the following list of tables. And it gives a list of tables to that internal component, the log mining engine within the database. And it says, OK, I'm now pulling data for those tables and I'm going to send you those table changes. And so as the extract process gets sent those changes, it's going to have checkpoint information. So not only does it know where it was pulling data from out of that source database, but what it's also writing to the trail file. The trail files themselves are all sequential and they have only committed data, as we talked about earlier. The distribution service has checkpoint information that says, hey, I know where I'm reading from in the previous trail file, and I know what I've sent across the network. The receiver service is the same thing. It knows what it's receiving, as well as what it's written to the trail file and the target system. The replicat also has a checkpoint. It knows where it's reading from in the trail file, and then it knows what it's been applying into that target database. This is where things start to become a little complicated. Our replicat process in most cases are parallel, so it'll have multiple threads applying data into that target database. Each of those threads is applying different transactions. And because of the way that the parallelism works in the replicat process, you can actually get situations where one replicat thread might be applying a transaction higher than another thread. And so you can eliminate that sequential or serial aspect of it, and we can get very high throughput speeds to the replicat. But it means that the checkpoint needs to be kind of smart enough to know how to rebuild itself if something fails. 11:32 Lois: Ok, sorry Nick, but can you go through that again? Maybe we can work backwards this time? Nick: If the replicat process fails, when it comes back up, it's going to look to its checkpoint tables inside that target database. These checkpoint tables keep track of where each thread was at when it crashed. And so when the replicat process restarts, it goes, oh, I was applying these threads at this location in these SCNs. It'll then go and read from the trail file and say, hey, let me rebuild that data and it only applies transactions that it hasn't applied yet to that target system. There is a synchronized replicat command as well that will tell a crashed replicat to say, hey, bring all your threads up to the same high watermark. It does that process automatically as it restarts and continues normal replication. But there is an option to do it just by itself too. So that's how the replicat kind of repairs and recovers itself. It'll simply look at the trail files. Now, let's say that the replicat crashed, and it goes to read from the trail files when it restarts and that trail profile is missing. It'll actually communicate to the distribution, or excuse me, to the receiver service and say, hey, receiver service, I don't have this trail file. Can you bring it back for me? And the receiver service will communicate downstream and say, hey, distribution service, I need you to resend me trail find number 6. And so the distribution service will resend that trail file so that the replicat can reprocess it. So it's often nice to have redundant environments with GoldenGate so we can have those trail files kind of around for availability. 13:13 Nikita: What if one of these files gets corrupted? Nick: If one of those trail files is corrupt, let's say that a trail file on the target site became corrupt and the replicat can't read from it for one reason or another. Simply stop the replicat process, delete the corrupt trail file, restart the replicat process, and now it's going to rebuild that trail file from scratch based on the information from the source GoldenGate environment. And so it's very recoverable. Handles it all very well. 13:40 Nikita: And can the extract process bounce back in the same way? Nick: The extract process can also recover in a similar way. So if the extract process crashes, when it restarts itself, there's a number of things that it does. The first thing is it has to rebuild any open transactions. So it keeps all sorts of checkpoint information about the oldest transaction that it's keeping track of, any open transactions that haven't been committed, and any other transactions that have been committed that it's already written to the trail file. So as it's reprocessing that data, it knows exactly what it's committed to trail and what hasn't been committed. And there's a number of ways that it does this. There's two main components here. One of them is called bounded recovery. Bounded recovery will allow you to set a time limit on transactions that span a certain length of time that they'll actually get flushed out to disk on that GoldenGate Hub. And that way it'll reduce the amount of time it takes GoldenGate to restart the extract process. And the other component is cache manager. Cache manager stores uncommitted transactions. And so it's a very elegant way of rebuilding itself from any kind of failure. You can also set up restart profiles so that if any process does crash, the GoldenGate service manager can automatically restart that service an x number of times across y time span. So if I say, hey, if my extract crashes, then attempt to restart it 100 times every 5 seconds. So there's a lot of things that you can do there to make it really nice and automatic repair itself and automatically resilient. 15:18 Lois: Well, that brings us to the end of this episode. Thank you, Nick, for going through the security strategies and recovery processes in such detail. Next week, we'll look at the installation of GoldenGate. Nikita: And if you want to learn more about the topics we discussed today, head over to mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Nikita Abraham… Lois: And Lois Houston signing off! 15:44 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
Patrick Lemay, Head of Corporate Development, PayRetailersBiometric authentication solutions are about more than just security. While multi-modal authentication is reducing fraud, it also holds the potential to create a more seamless and personalised payment experience. Robin Amlôt of IBS Intelligence discusses the opportunities with Patrick Lemay, Head of Corporate Development at PayRetailers.
Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
In this episode of The Other Side of the Firewall podcast, Ryan Williams and Shannon Tynes discuss the latest developments in cybersecurity, focusing on Microsoft's shift to passwordless accounts and the implications for users. They explore the challenges of password management, the benefits of passkeys and biometric authentication, and the future of cybersecurity in the context of emerging technologies like quantum computing. Article: Microsoft makes all new accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/?fbclid=IwY2xjawKIWopleHRuA2FlbQIxMAABHod4579kkkG2HEuaLmQVIdGGMKHARmAvA3vXcVN_PutWmqk3mTsLO1emRVqk_aem_SCwuxj4mNbRstoBAlI0Xgg Please LISTEN
Azure IAM is offering dynamic, cloud-based ransomware protection to hospitals and healthcare organizations. Want to defend yourself against this rampant threat? Visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com
It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.
In this episode, Ellie sits down with Don Spaulding, a seasoned innovation and product leader with over 17 years at Verizon. Don shares his remarkable journey from educational psychology to tech leadership, bringing a unique human-centered perspective to digital transformation. We explore how his background helps him develop data-driven strategies that improve customer experiences while maintaining trust and security. Don dives deep into the evolving landscape of AI in customer service, the growing threats of voice fraud, and the delicate balance between security and user experience.
In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf
In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.
In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf
Send us a textCybersecurity professionals know that mastering identity and access management concepts is essential for CISSP certification success. This deep dive into Domain 5.2 tackles fifteen carefully crafted questions covering everything from just-in-time provisioning to federated identity systems and session security.We begin by examining the accelerating adoption of generative AI in healthcare organizations, where approximately 85% are investigating or implementing these technologies. This trend spans industries from manufacturing to financial services, creating both opportunities and serious security challenges for professionals who must balance innovation with appropriate safeguards.The heart of our discussion focuses on critical IAM concepts, including how just-in-time provisioning minimizes attack surfaces by limiting standing privileges, particularly vital in cloud environments. We explore SAML as the primary protocol enabling federated architectures, while highlighting their potential single point of failure risks. Session management security receives special attention, emphasizing secure token storage with appropriate expiration times, and protection against cross-site scripting attacks that target cookie theft.Throughout our exploration, practical security principles are reinforced: the dangers of shared credentials, the necessity of multi-factor authentication, and the security benefits of automated access revocation. Whether you're preparing for the CISSP exam or looking to strengthen your security knowledge, these concepts represent core knowledge every practicing security professional must internalize.Ready to accelerate your CISSP journey? Visit CISSP Cyber Training for additional resources and guidance from experienced security professionals who understand the practical applications beyond theoretical knowledge. Let's grow your cybersecurity expertise together!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.
Episode SummaryIn this episode of The Secure Developer, host Danny Allan sits down with Alex Salazar, founder and CEO of Arcade, to discuss the evolving landscape of authentication and authorization in an AI-driven world. Alex shares insights on the shift from traditional front-door security to back-end agent interactions, the challenges of securing AI-driven agents, and the role of identity in modern security frameworks. The conversation delves into the future of AI, agentic workflows, and how organizations can navigate authentication, authorization, and security in this new era.Show NotesDanny Allan welcomes Alex Salazar, an experienced security leader and CEO of Arcade, to explore the transformation of authentication and authorization in AI-powered environments. Drawing from his experience at Okta, Stormpath, and venture capital, Alex provides a unique perspective on securing interactions between AI agents and authenticated services.Key topics discussed include:The Evolution of Authentication & Authorization: Traditional models focused on front-door access (user logins, SSO), whereas AI-driven agents require secure back-end interactions.Agentic AI and Security Risks: How AI agents interact with services on behalf of users, and why identity becomes the new perimeter in security.OAuth and Identity Challenges: Adapting OAuth for AI agents, ensuring least-privilege access, and maintaining security compliance.AI Hallucinations & Risk Management: Strategies for mitigating LLM hallucinations, ensuring accuracy, and maintaining human oversight.The Future of AI & Agentic Workflows: Predictions on how AI will continue to evolve, the rise of specialized AI models, and the intersection of AI and physical automation.Alex and Danny also discuss the broader impact of AI on developer productivity, with insights into how companies can leverage AI responsibly to boost efficiency without compromising security.LinksArcade.dev - Make AI Actually Do ThingsOkta - IdentityOAuth - Authorization ProtocolLangChain - Applications that Can ReasonHugging Face - The AI Community Building the FutureSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn
In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.
In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.
Send us a textIdentity management sits at the core of effective cybersecurity, yet many organizations still struggle with implementing it correctly. In this comprehensive breakdown of CISSP Domain 5.2, we dive deep into the critical components of managing identification and authentication systems that protect your most valuable assets.Starting with a timely examination of the risks involved in the proposed rapid rewrite of the Social Security Administration's 60-million-line COBOL codebase, we explore why rushing critical identity systems can lead to catastrophic failures. This real-world example sets the stage for understanding why proper authentication management matters.The episode walks through the essential differences between centralized and decentralized identity approaches, explaining when each makes sense for your organization. We break down Single Sign-On implementation, multi-factor authentication best practices, and the often overlooked importance of treating Active Directory as the security tool it truly is—not just an open database for anyone to query.For security practitioners looking to level up their authentication strategy, we examine credential management systems like CyberArk, Just-in-Time access models, and federated identity frameworks including SAML, OAuth 2.0, and OpenID Connect. Each approach is explained with practical implementation considerations and security implications.Whether you're studying for the CISSP exam or working to strengthen your organization's security posture, this episode provides actionable insights on establishing robust authentication controls without sacrificing usability. Don't miss these essential strategies that form the foundation of your security architecture.Ready to master CISSP Domain 5.2 and all other CISSP domains? Visit CISSPCyberTraining.com for structured learning materials designed to help you pass the exam the first time.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Is an Authentication Sticker Worth It? The Pros & Cons for Collectors In this episode of The Powers Sports Memorabilia Show, we dive into one of the most debated topics in the hobby: should you add an authentication sticker or hologram to your signed sports cards?We surveyed collectors and the results might surprise you—50% said no, 30% said yes, and 20% landed somewhere in the middle. So why the divide?We break down the reasons behind each stance: ✅ Why some collectors prefer authentication: 61% value the witness certification, 15% say it's hard to get 3rd-party authentication, and 17% don't plan on using PSA. ❌ Why others avoid it: 40% dislike the look of the sticker, 39% believe it hurts the card's value, and 12% don't want to spend the extra money.We also talk about when it actually makes sense to sticker your card—think high-end autographs, cards that won't be sent to PSA, or signatures that are tough to authenticate later.Whether you love the hologram or hate the sticker, this episode will help you make a smarter decision next time you get a card signed.https://powerssportsmemorabilia.com/
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.
Jason Barr, Vice President of Healthcare at ID.me joins Russ Branzell, President and CEO of CHIME to breakdown the complexities of federated identity in healthcare – including the implications of TEFCA and its impact on patient authentication and interoperability. Jason discusses identity verification's impact on data sharing, security, and patient trust in an increasingly digital healthcare ecosystem and advises healthcare leaders on how to secure workforce identities from the cyberattacks targeting healthcare employees throughout the industry. Key Takeaways:The crucial importance of federated identity in securing patient and workforce authentication.How to navigate federal compliance requirements and security protocols related to TEFCA and the final authentication rule.Actionable strategies for balancing security, privacy, and user experience in identity management.Emerging technologies in identity security solutions.
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdf
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.
In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.
Welcome to the Fraudian Slip, the Identity Theft Resource Center's (ITRC) podcast, where we talk about all things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible and Amazon now. This month, we speak with an identity theft victim to gain insights into victimization. In this podcast, you will be listening in on a special conversation titled “Perspectives from an Identity Theft Victim.” In the session, which took place at the Identity, Authentication, and the Road Ahead Cybersecurity Policy Forum, ITRC CEO Eva Velasquez sat down with identity theft victim Linda Matchan of the Boston Globe to discuss her victimization experience. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
⬥GUEST⬥Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.Practical Applications and Emerging Use CasesKen outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce's AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.Implications for Development and Security TeamsDevelopment teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.The Call for Collaboration and Mindset ShiftAgentic AI isn't just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMRMore books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GNVideo Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=falsePodcast: The 2025 OWASP Top 10 for LLMs: What's Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.Practical Applications and Emerging Use CasesKen outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce's AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.Implications for Development and Security TeamsDevelopment teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.The Call for Collaboration and Mindset ShiftAgentic AI isn't just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMRMore books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GNVideo Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=falsePodcast: The 2025 OWASP Top 10 for LLMs: What's Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the barriers preventing open source developers from improving industry standards despite their expertise. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/
This week, we discuss Google acquiring Wiz, the rise of Vibe Coding, and what really counts as legacy software. Plus, Coté runs a post-acquisition all-hands meeting. Watch the YouTube Live Recording of Episode 511 (https://www.youtube.com/live/ok8lLHFCCRY?si=aos-m8eR1iYcR12v) Runner-up Titles Tattoo “BUSINESS AS USUAL” on the inside of your eyelids BUSINESS AS USUAL One billion a month Turns out they're gonna put lions in the product. Vibe coding is outcomes-focused. Cote's AI Thunderdome Don't make me learn Think About Time VibeCOBOL I don't like the no-head Rundown Google in Fresh Talks to Buy Cybersecurity Startup Wiz for $30 Billion (https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?mod=tech_lead_story) Intel board announces Lip-Bu Tan as new CEO (https://www.theregister.com/2025/03/12/intel_lip_bu_tan_new_ceo/) Vibe Coding AI IDEs Need Moats (https://materializedview.io/p/ai-ides-need-moats?ref=dailydev) AI coding assistant refuses to write code, tells user to learn programming instead (https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead/) Github Coploit does have an agent mode (https://github.com/features/copilot) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (https://techcrunch.com/2025/03/14/ai-coding-assistant-cursor-reportedly-tells-a-vibe-coder-to-write-his-own-damn-code/) Vibe Coder job listing (https://getcoai.com/careers/vibe-coder-frontend-developer-role/) Legacy Software Relevant to your Interests Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (https://www.404media.co/saudi-arabia-buys-pokemon-go-and-probably-all-of-your-location-data/) Open R1: Update #3 (https://huggingface.co/blog/open-r1/update-3) Sonos has canceled its streaming video player (https://www.theverge.com/tech/628297/sonos-pinewood-streaming-box-canceled) ServiceNow releases no-code, low-code AI agent builder (https://www.ciodive.com/news/servicenow-yokohama-agentic-ai-low-code-development-tool/742275/) Meta Seeks to Block Further Sales of Ex-Employee's Scathing Memoir (https://www.nytimes.com/2025/03/12/technology/meta-book-sales-blocked.html) AirPods Getting Live Translation Feature Later This Year (https://www.macrumors.com/2025/03/13/airpods-live-translation-ios-19/) Clouded Judgement 3.14.25 - Authentication in the Age of AI Agents (https://cloudedjudgement.substack.com/p/clouded-judgement-31425-authentication?utm_source=post-email-title&publication_id=56878&post_id=159023089&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Google allows users to personalize their Gemini conversations with new features (https://www.cnbc.com/2025/03/13/google-now-allows-users-to-personalize-their-gemini-conversations.html) Undergraduate Upends a 40-Year-Old Data Science Conjecture (https://www.wired.com/story/undergraduate-upends-a-40-year-old-data-science-conjecture/) Job Seekers Hit Wall of Salary Deflation - WSJ (https://archive.ph/Gn0F9) Something Is Rotten in the State of Cupertino (https://daringfireball.net/2025/03/something_is_rotten_in_the_state_of_cupertino) OpenStack comes to the Linux Foundation | TechCrunch (https://techcrunch.com/2025/03/12/openstack-comes-to-the-linux-foundation/?trk=feed-detail_main-feed-card_feed-article-content) Accusations of Corporate Espionage Shake a Software Rivalry (https://www.nytimes.com/2025/03/17/business/dealbook/rippling-deel-corporate-spy.html?smid=nytcore-ios-share&referringSource=articleShare) IBM Mergers: Closing on HashiCorp and Intent to Acquire Data (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)S (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)tax (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/) Nonsense The Problem with Time & Timezones - Computerphile (https://www.youtube.com/watch?v=-5wpm-gesOY&t=7s) Southwest Airlines CEO Video via WFAA (https://www.tiktok.com/@wfaach8/video/7480585081753537835?_t=ZT-8ufHaixEbks&_r=1) Southwest Airlines Just Broke the $5 Chicken Rule, and There Goes What Once Made It Great (https://www.inc.com/bill-murphy-jr/southwest-airlines-just-broke-the-5-chicken-rule-and-there-goes-what-once-made-it-great/91161331). Conferences SREday London (https://sreday.com/2025-london-q1/), March 27-28, Coté speaking (https://sreday.com/2025-london-q1/Michael_Cote_VMware__Pivotal_Platform_Engineering_for_Private_Cloud). 10% with code LDN10 Monki Gras (https://monkigras.com/), London, March 27-28, Coté speaking. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA NDC Oslo (https://ndcoslo.com/), May 21-23, Coté speaking. KubeCon EU (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/), April 1-4, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Severance (https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://tv.apple.com/us/show/severance/umc.cmc.1srk2goyh2q2zdxcx605w8vtx&ved=2ahUKEwiJ95mBjZeMAxXo4skDHWOrJ3gQFnoECGwQAQ&usg=AOvVaw06Jqv4WAF89UKW2fy4RaHx) ** Matt: Geoff Huntley's blog (https://ghuntley.com/) Coté: Barthes: A Very Short Introduction (https://academic.oup.com/book/28389), Coté — When Shit Hits the Fan (https://overcast.fm/+AAxlGT9_-n8). Photo Credits Header (https://unsplash.com/photos/people-sitting-on-chairs-watching-a-game-6vAjp0pscX0)
At Enterprise Connect 2025, Gerry Christensen, founder of Wireless Waypoint, is preparing for an important panel discussion: “Building Trust in Outbound Calling Systems” on Thursday, March 20, at 9 a.m. Restoring Trust in Caller ID Many consumers no longer trust unknown calls, assuming they're scams. Even essential calls—like fraud alerts from banks—are often ignored because they appear as "Spam Likely." Christensen emphasized that branded calling, authentication, and consent management are key to rebuilding trust. Steps for IT Managers For enterprises managing outbound calls, Christensen suggests: Know Your Customer (KYC) – Verify who is making calls on your behalf. Authentication & Validation – Ensure calls originate from trusted sources. Branded Calling – Display logos, reasons for calls, and verified IDs. Call Routing Awareness – Understand how calls travel through the network to avoid losing attestation levels. A-B Testing & Industry-Specific Approaches Companies can experiment with branded calling by A/B testing: A Group – Calls with branding, such as a company logo and caller ID. B Group – Standard outbound calls. This helps businesses measure response rates and effectiveness. Additionally, Christensen stressed the importance of industry-specific use cases—such as banks notifying customers of fraud alerts or healthcare providers confirming appointments. Where to Learn More Christensen encourages IT leaders to analyze their call origination process, work with trusted providers, and optimize call routing. For more insights or consulting, he is available via: Enterprise Connect app Wireless Waypoint website LinkedIn As outbound calling evolves with AI and authentication tools, Christensen's insights at Enterprise Connect are essential for companies looking to boost answer rates and improve customer trust. #EnterpriseConnect #WirelessWaypoint #BrandedCalling #CX #Trust #Telecom #OutboundCalls
Revolutionizing Memorabilia: The Realist's Authentic Collectibles Marketplace Therealest.com About the Guest(s): Base Naaman is the Co-founder and Head of Brand at The Realist, a pioneering firm in the memorabilia market. He is responsible for directing the company's creative strategy and overseeing partnerships with major industry names such as the Philadelphia Eagles, Miami Heat, Snoop Dogg, Usher, and Paramount Studios. The Realist is renowned for setting the next-generation standards in sports and entertainment memorabilia authentication, sourcing items directly from athletes and artists, powered by cutting-edge identification technology. Episode Summary: Welcome to the latest episode of The Chris Vos Show, where we're joined by Base Naaman from The Realist. This episode unfolds the intriguing world of authentic sports and entertainment memorabilia, highlighting the technology and strategy behind ensuring authenticity. Base Naaman shares insights into The Realist's mission to bridge the gap in memorabilia collectability between sports and music industries and the untapped potential of these sectors for collectors and fans. Base Naaman elaborates on how The Realist implements groundbreaking authentication methods akin to those used by Major League Baseball, minimizing fraud within the memorabilia industry. By deploying witnesses at live events and maintaining a transparent transfer chain, The Realist sets high standards in provenance verification. Base Naaman also narrates fascinating stories behind significant partnerships with legendary bands like Megadeth and critical events like partnering with the Philadelphia Eagles during their Super Bowl victory journey, offering fans a tangible piece of history. Key Takeaways: The Realist closes the gap between sports and music memorabilia collecting by making genuine items accessible to fans. Authentication involves real-time, witnessed verification to ensure 100% authenticity for memorabilia. High-profile partnerships, such as with Megadeth and the Philadelphia Eagles, demonstrate The Realist's capacity to bring authentic, collectible items to fans. Efforts are made not only to monetize collectibles but to preserve and respect the legacy of artists and athletes by minimizing fraud. The Realist promotes environmental sustainability by repurposing items and preventing memorabilia from ending up as waste. Notable Quotes: "It's all about trust really. It's like building these relationships directly with the artists and teams." "You are some of the most followed and loved and admired people on this planet. Why are people not able to own items that you've used on stage?" "We kind of doubled down on the authentication because we are big sports fans." "They don't realize how much of their stuff is being sold online and their fans are getting ripped off." "Nothing's impossible. I think we'll be able to reach everyone soon enough."
In this episode of the Identity Center Podcast, Jim McDonald discusses policy enforcement, adaptive authentication, and fraud prevention with Patrick Harding, Chief Product Architect at Ping Identity. They delve into how policy enforcement can be managed locally to maintain performance for SaaS applications while ensuring greater flexibility using standards like AuthZEN. Jim and Patrick also cover the benefits and challenges of using SAML and OpenID Connect for single sign-on (SSO) and explore the future role of AI agents in identity and access management. Additionally, they provide valuable tips for attending identity-focused conferences in Berlin and Las Vegas.Chapters00:00 Introduction to Policy Enforcement01:29 Welcome to the Identity Center Podcast01:54 Conference Discount Codes03:03 Guest Introduction: Patrick Harding from Ping Identity03:54 Patrick's Journey into Identity06:56 Challenges in Adaptive Authentication10:50 SaaS Applications and Policy Enforcement21:18 Advanced Fraud Analytics29:23 Integrating On-Premise and Cloud Applications30:35 Effort and Challenges in Modernizing Applications31:22 The Shift to OpenID Connect32:22 SaaS Applications and Single Sign-On Costs33:52 AI Agents and Adaptive Authentication34:54 The Future of AI Agents in Business39:15 Delegation and Authentication for AI Agents43:46 The Impact of AI on Jobs and Efficiency47:11 Advice for Future Careers in a Tech-Driven World52:57 Conference Tips and Final ThoughtsConnect with Patrick: https://www.linkedin.com/in/pharding/Conference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com
In this episode of the Karma Stories Podcast, Rob shares five entertaining stories from the Tales from Tech Support subreddit. The stories cover a wide range of tech support mishaps, from a customer trying to get free adult content credits to a meat processing plant worker who can't print because the printer is out of paper. Other tales include a project manager who fixes an error by doing nothing, a struggling setup of multi-factor authentication, and a humorous incident involving a 'God computer' at a hospital. Tune in for laughs and insights into the world of tech support!Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.
Next in Media spoke with Larry Allen, VP & GM Data & Addressable Enablement at Comcast about the challenge in getting everyone in media to speak the same language when it comes to targeted TV ads. Allen also talked about why he think the TV business needs to ditch identifiers for old school household data, and why he thinks that media companies are ready to work together to broaden the TV ad pie.Takeaways:Addressable TV is Evolving – It's no longer just about traditional cable ad slots. Today, addressable TV spans streaming, connected devices, and multi-screen environments
News and Updates: Facebook will start deleting Live videos after 30 days HP halts the 15 minute wait to talk to customer service Gmail switching to QR Codes and Authentication App instead of SMS Chrome updated the Extensions Software and killed off a lot of extensions, including uBlock YouTube launches Premium Lite in US to be ad free for $7.99/month Microsoft testing a free version of Office with ads Microsoft will end Skype in May 2025
Organizations build and deploy applications at an unprecedented pace, but security is often an afterthought. This episode of ITSPmagazine's Brand Story features Jim Manico, founder of Manicode Security, in conversation with hosts Sean Martin and Marco Ciappelli. The discussion explores the current state of application security, the importance of developer training, and how organizations can integrate security from the ground up to drive better business outcomes.The Foundation of Secure DevelopmentJim Manico has spent decades helping engineers and architects understand and implement secure coding practices. His work with the Open Web Application Security Project (OWASP), including contributions to the OWASP Top 10 and the OWASP Cheat Sheet Series, has influenced how security is approached in software development. He emphasizes that security should not be an afterthought but a fundamental part of the development process.He highlights OWASP's role in providing documentation, security tools, and standards like the Application Security Verification Standard (ASVS), which is now in its 5.0 release. These resources help organizations build secure applications, but Manico points out that simply having the guidance available isn't enough—engineers need the right training to apply security principles effectively.Why Training MattersManico has trained thousands of engineers worldwide and sees firsthand the impact of hands-on education. He explains that developers often lack formal security training, which leads to common mistakes such as insecure authentication, improper data handling, and vulnerabilities in third-party dependencies. His training programs focus on practical, real-world applications, allowing developers to immediately integrate security into their work.Security training also helps businesses beyond just compliance. While some companies initially engage in training to meet regulatory requirements, many realize the long-term value of security in reducing risk, improving product quality, and building customer trust. Manico shares an example of a startup that embedded security from the beginning, investing heavily in training early on. That approach helped differentiate them in the market and contributed to their success as a multi-billion-dollar company.The Role of AI and Continuous LearningManico acknowledges that the speed of technological change presents challenges for security training. Frameworks, programming languages, and attack techniques evolve constantly, requiring continuous learning. He has integrated AI tools into his training workflow to help answer complex questions, identify knowledge gaps, and refine content. AI serves as an augmentation tool, not a replacement, and he encourages developers to use it as an assistant to strengthen their understanding of security concepts.Security as a Business EnablerThe conversation reinforces that secure coding is not just about avoiding breaches—it is about building better software. Organizations that prioritize security early can reduce costs, improve reliability, and increase customer confidence. Manico's approach to education is about empowering developers to think beyond compliance and see security as a critical component of software quality and business success.For organizations looking to enhance their security posture, developer training is an investment that pays off. Manicode Security offers customized training programs to meet the specific needs of teams, covering topics from secure coding fundamentals to advanced application security techniques. To learn more or schedule a session, Jim Manico can be reached at Jim@manicode.com.Tune in to the full episode to hear more insights from Jim Manico on how security training is shaping the future of application security.Learn more about Manicode: https://itspm.ag/manicode-security-7q8iNote: This story contains promotional content. Learn more.Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/ResourcesDownload the Course Catalog: https://itspm.ag/manicode-x684Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-securityAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
E-mail marketing has changed, and so must your approach if you want to reach your audience in 2025. I chatted with MV Braverman, founder of Inbox Welcome, to talk about e-mail deliverability—a topic often overlooked but absolutely essential. While we all obsess over catchy subject lines and beautiful designs, none of that matters if your e-mails never make it to the inbox. MV shared practical advice to help you understand deliverability and improve your results. Here are a few of the key takeaways: Authentication is Non-Negotiable To combat spam, providers like Google and Yahoo now require senders to authenticate their e-mails. Tools like SPF, DKIM, and DMARC ensure your e-mails are verified and trustworthy. But here's the catch: while platforms like MailChimp can help you authenticate campaign emails, that's only part of the puzzle. MV recommends a comprehensive setup covering all your email streams—like invoices, auto-responders, and proposals. Reporting Matters DMARC doesn't just verify your emails—it also provides detailed reports about where your emails are landing (inbox vs. spam) and how they're being perceived by providers like Microsoft. These insights are invaluable for spotting problems early. Focus on the Reader's Experience Your emails should be accessible, mobile-friendly, and readable in both light and dark modes. MV pointed out that ignoring dark mode—a preference for up to one-third of email users—can make your emails nearly impossible to read. Don't Rely Solely on Images While image-only emails may look appealing, they're a disaster for accessibility. Many readers (including me!) block images by default, and with AI tools summarizing content, text is more important than ever. Always include descriptive, clear text in your emails. What You Can Do: Review your email authentication settings across all platforms, not just your email marketing tool, to ensure full coverage. Download MV's DMARC guide to learn how to set up reporting and spot deliverability issues before they become major problems. Email marketing isn't just about what you say—it's about making sure people actually receive it.
Zero Trust World 2025: Strengthening Cybersecurity Through Zero TrustZero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.A Deep Dive into Windows Security and Zero Trust
Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.Defining Zero Trust in PracticeSean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.A Focus on Security OperationsSecurity operations and incident response are among the core themes of this year's discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.Learning Through EngagementOne of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.The Power of CommunityBeyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.Zero Trust World 2025 is just getting started, and there's much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Dean Stevenson is the director of pre-sales at Keyless. In this episode, he joins host Charlie Osborne to discuss biometrics and the role it plays in banking security, including common use cases, key business outcomes, and more. Keyless Technologies offers strong, privacy-focused passwordless authentication that dramatically reduces ATO fraud whilst improving the user experience for customers and the workforce. To learn more about our sponsor, visit https://keyless.io
AI customer service agents are quickly replacing the often clunky AI chatbots of years past, and revolutionizing how we all interact with customer service. In this episode, we dive into this rapid transformation with Mike Murchison, CEO of Ada, a fast-growing leader in the space.Mike shares how harnessing the power of several Generative AI models enables Ada to automate up to 83% of customer interactions, providing a seamless and empathetic service that rivals, and will soon surpass, human agents. We explore the challenges and triumphs of deploying AI in customer service in this new era, from the intricacies of model orchestration to the importance of resolution and empathy. Mike also teases the future of agentic AI in the enterprise, where AI agents collaborate across departments to innovate and improve products.AdaWebsite - https://www.ada.cxX/Twitter - https://x.com/ada_cxMike MurchisonLinkedIn - https://www.linkedin.com/in/mikemurchisonX/Twitter - https://x.com/mimurchisonFIRSTMARKWebsite - https://firstmark.comX/Twitter - https://twitter.com/FirstMarkCapMatt Turck (Managing Director)LinkedIn - https://www.linkedin.com/in/turck/X/Twitter - https://twitter.com/mattturck(00:00) Intro(02:27) Why is customer service a perfect use case for AI?(03:36) Why didn't foundation models replace AI “thin wrappers” out of the box?(05:27) What is Ada?(10:41) Reasoning engine, model orchestration, instruction following, routing(15:45) Hybrid systems, finetuning, customization(18:28) Prompt engineering, observability, self-improvement(22:07) RAG (Retrieval-Augmented Generation) and AI as a judge(23:06) Guardrails and security(24:33) Should we expect perfection from AI?(26:14) Measuring “resolution”(29:29) What actions can Ada AI Agents take?(32:12) Authentication and personalization(35:09) Handoff vs human delegation(38:12) ACX (AI Customer Experience) and the future of customer service professionals(42:13) Leveraging analytics and customer support data(45:54) AI agents for cross-selling and upselling(48:25) Traditional AI chatbots vs the new generation of AI Agents(51:24) Emotion, empathy, personality(54:56) Transparency and AI improvement(57:58) Managing AI: the measure-coach-improve loop(1:00:15) Ada Voice and Email(1:06:25) Future predictions for AI(1:07:56) Multi-agent collaboration
Send us fan responses! Prosperity is not just a dream but a divine birthright waiting to be claimed. Join me on a journey from modest beginnings to financial independence, where I share insights on building and nurturing private family wealth that anyone can achieve with determination and resourcefulness. Discover how self-education and taking control of your financial future can lead you to create a legacy of lasting wealth. Through the lens of my personal story, and the powerful legacy of the Don Kilam brand, we're diving into the principles of financial growth and the importance of family knowledge that can be passed down through generations.Explore the hidden world of private family wealth and security by examining unconventional yet successful groups like the Amish, Mormons, and others who thrive outside conventional systems. Learn how these communities gain selective governmental support and what this means for creating a 'private life.' From self-sufficiency to operating outside mainstream frameworks, this episode unpacks the strategies of these groups while offering thought-provoking insights into building your own financial fortress. Prepare to be motivated and inspired to seize control of your financial destiny and live a prosperous life on your own terms.FOLLOW THE YELLOW BRICK ROAD - DON KILAMGO GET HIS BOOK ON AMAZON NOW! https://www.amazon.com/Cant-Touch-This-Diplomatic-Immunity/dp/B09X1FXMNQ https://donkilam.com https://www.amazon.com/CapiSupport the showhttps://donkilam.com
In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about some of the history of authentication that got us here, and some technical details on how you should be implementing authentication into your application. We finish up with some passkey details and realize every authentication discussion really just turns into complaining how hard identity is. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-modern_day_authentication_with_marc_boorshtein/
Florian Forster is Co-Founder & CEO of Zitadel, the cloud security platform aiming to build the future of identity and access management. Their open source project, also called zitadel, provides identity infrastructure and has 10K stars on GitHub. In this episode, we dig into: The benefits of having an open source auth vendor Authentication vs. authorization Building the "GitLab for identity" Why customization matters for an auth product Demand for self-hosting options for auth Appealing to developers and security teams
What's the deal with Zero Sync? Scott and Wes dive into this cutting-edge database tech, exploring its real-time interactivity, blazing-fast performance, and how it stacks up against the competition. Plus, they break down setup, querying, authentication, and whether it's ready for prime time. Show Notes 00:00 Welcome to Syntax! 01:59 Brought to you by Sentry.io. 02:21 Today's agenda. 02:52 What is Zero Sync? The Docs. InstantDB. 07:02 Zerobugs loading speed. 11:04 Real-time interactivity. 11:38 Why is it different? 12:11 How to get it set up. 12:58 Querying Data. 16:22 Writing data. 16:31 Upsert. 17:39 Authentication and permissions. Johannes Schickling Ep 767. 19:27 Preloading. 19:41 Migrations and deployment. 20:17 Some extras. 21:16 CreateSubscriber. 23:08 Can you use this today? Zero Syn Roadmap. Scott's YouTube Video. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads