Podcasts about Authentication

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

One of the key highlights of the Defense Department's recent memo on multi-factor authentication for unclassified and secret networks is the clarification that DoD Public Key Infrastructure — not the common access card itself — is the department's primary authenticator. Previous policies would often go back and forth between describing the CAC or PKI as DoD's primary credential, creating confusion. Plus, the memo finally introduces passwordless authentication methods designed to give service members faster, more flexible access to systems. For more, Federal News Network's Anastasia Obis spoke with Alex Antrim and Adam Oliver, senior solutions engineers at Yubico..See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The bois discuss Face/Off, Sovereign, Grease, Dogman, and more!Join our Patreon for bonus episodes, supplements, Discord access, and more: https://www.patreon.com/therearetoomanymoviesMerch: https://www.toomanymovies.com/shopInstagram:https://www.instagram.com/therearetoomanymovies/TikTok:https://www.tiktok.com/@therearetoomanymoviesListen on Spotify:https://open.spotify.com/show/7lwOlPvIGdlmr6XjnLIAkG?si=4e3d882515824466Subscribe on iTunes:https://podcasts.apple.com/us/podcast/there-are-too-many-movies/id1455789421Twitch:https://www.twitch.tv/therearetoomanymoviesTwitter:http://www.twitter.com/tatmmpod00:00:00 Cold Open00:00:34 Intro00:05:53 3:10 To Yuma00:08:01 Sovereign00:11:00 The Big Hit00:14:07 The Alamo00:22:03 Grease00:24:03 How To Marry A Millionaire00:25:16 The Aristocats00:27:06 Schitt's Creek00:29:26 In My Skin00:31:40 Dogman00:34:12 Portrait Of A Lady On Fire00:35:21 Strange Harvest00:37:43 Face/Off01:08:57 Is It Cinema?01:11:07 DMT (Dumb Movie Title)01:12:28 Guess The Budget01:13:44 Actor Game01:16:18 Outro

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Show Notes: https://securityweekly.com/asw-369

Authorization is changing, moving from static roles and provisioning to dynamic, real-time, policy-based decisions. But without standardization, modern authorization quickly becomes fragmented and unmanageable. In this episode of the Analyst Chat, Matthias Reinwarth is joined by David Brossard, contributor and co-chair of the OpenID AuthZEN Working Group, and Phillip Messerschmidt, Lead Advisor at KuppingerCole, to discuss how authorization is evolving — and why AuthZEN is a critical missing standard. You’ll learn:✅ Why RBAC is still relevant, but no longer sufficient on its own✅ How ABAC and PBAC address scalability, context, and dynamic access✅ Why role explosion and authorization silos limit visibility and governance✅ How runtime, continuous authorization supports Zero Trust architectures✅ What AuthZEN standardizes — and what it deliberately does not✅ How externalized authorization improves auditability and compliance✅ Why CISOs and architects should start asking vendors for AuthZEN support✅ How AuthZEN fits into the Identity Fabric and Road to EIC vision Authentication has been standardized for years — authorization is finally catching up. Watch now to understand how AuthZEN enables scalable, future-proof authorization for modern applications, APIs, and identity fabrics.

Authorization is changing, moving from static roles and provisioning to dynamic, real-time, policy-based decisions. But without standardization, modern authorization quickly becomes fragmented and unmanageable. In this episode of the Analyst Chat, Matthias Reinwarth is joined by David Brossard, contributor and co-chair of the OpenID AuthZEN Working Group, and Phillip Messerschmidt, Lead Advisor at KuppingerCole, to discuss how authorization is evolving — and why AuthZEN is a critical missing standard. You’ll learn:✅ Why RBAC is still relevant, but no longer sufficient on its own✅ How ABAC and PBAC address scalability, context, and dynamic access✅ Why role explosion and authorization silos limit visibility and governance✅ How runtime, continuous authorization supports Zero Trust architectures✅ What AuthZEN standardizes — and what it deliberately does not✅ How externalized authorization improves auditability and compliance✅ Why CISOs and architects should start asking vendors for AuthZEN support✅ How AuthZEN fits into the Identity Fabric and Road to EIC vision Authentication has been standardized for years — authorization is finally catching up. Watch now to understand how AuthZEN enables scalable, future-proof authorization for modern applications, APIs, and identity fabrics.

Send us a textA surprising number of security leaders admit they're flying blind on hardware and firmware. We start by exposing how shared BIOS passwords, slow maintenance cycles, and careless e‑waste practices create avoidable risk, then lay out the fixes: privileged vaulting, disciplined asset disposition, and practical ways to repurpose gear without leaking data. That real-world foundation sets the stage for a focused tour through CISSP Domain 5—Identity and Access Management—built for practitioners who want clarity over jargon.We break down least privilege in plain terms and show how to reduce the initial friction with cleanly defined roles and entitlement catalogs. From there, we compare RBAC and ABAC: when baseline roles are enough, and when context-aware attributes like device, location, and data sensitivity should drive policy. Authentication gets the same treatment. Multi-factor authentication, biometrics, and phishing-resistant methods raise the bar, while single sign-on and identity federation streamline access across cloud apps using standards like OAuth, OpenID Connect, and SAML. In modern cloud environments, token-based models win for scalability and security, and we explain why.Governance ties it all together. We walk through identity proofing for solid onboarding, separation of duties to curb fraud, and IGA workflows that make approvals, recertifications, and audits far less painful. Regular access reviews emerge as the unsung hero that prevents privilege creep before it becomes an incident. If you're prepping for the CISSP—or just tightening your IAM program—this episode gives you the why behind the what, with steps you can apply today.Enjoyed the conversation and want more deep dives? Subscribe, share with a teammate who needs a quick IAM refresher, and leave a review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The U.S. government wants the rest of the world to adopt its artificial intelligence cybersecurity standards, a top official with the Office of the National Cyber Director said Thursday. As part of an effort to advance American AI, the administration will be “undertaking diplomacy efforts to promote American AI cybersecurity standards and norms, establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools,” said Alexandra Seymour, principal deputy assistant national cyber director for policy. Seymour's comments at the 2026 Identity, Authentication, and the Road Ahead Policy Forum in Washington, D.C. partially reflect the Trump administration's AI Action Plan released last summer, which said the departments of Commerce and State would “vigorously advocate for international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence,” but doesn't explicitly mention international promotion of cybersecurity standards. Some of that effort has already materialized, with internationally oriented guides released in both May and December. The United States also isn't the only one looking to influence international standards for AI security. AI also figures into the yet-to-be-released national cybersecurity strategy that Seymour's office has been developing. And it dovetails with a pillar of the strategy focused on defending federal networks. Seymour said: “While AI is already helping industries enhance security and address the challenge of escalating cyberattacks, this administration will promote the rapid implementation of AI-enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors on our federal systems. We must get our house in order. They need rapid modernization, and we're working on policies to harden our networks, update our technologies and ensure we're prepared for a post-quantum future.”

Quantum computing isn’t just a future threat to encryption, it’s a direct risk to identity and authentication. In this week's episode, Matthias is joined by Jonathan Care to explore why identity is the quantum bullseye and what organizations must do now to prepare for a post-quantum world. You’ll learn: ✅ Why authentication protocols depend entirely on cryptography✅ How “harvest now, decrypt later” (HNDL) already puts identity data at risk✅ Why identity, not data encryption, is the weakest point in a quantum future✅ What post-quantum cryptography standards (FIPS 203, 204, 205) change — and what they don’t✅ How Passkeys and FIDO2 are quietly becoming post-quantum ready✅ Why PKI, certificates, federation, and non-human identities face massive scale challenges✅ What crypto agility really means for IAM and Zero Trust✅ A practical 4-phase roadmap for CISOs to start preparing today The biggest risk isn’t a future quantum computer — it’s the long-lived certificates and identity data issued today.

Welcome to the Fraudian Slip, the Identity Theft Resource Center's (ITRC's) podcast, where we talk about all things identity theft, fraud and scams that impact people and businesses. Last week, we published our 2025 Annual Data Breach Report by ITRC. ITRC President James E. Lee presented the findings at the Identity, Authentication and the Road Ahead Identity Policy Forum, hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC. The 2025 Annual Data Breach Report by ITRC looks at the number of data compromises, the root cause of the compromises, the types of data compromised, trends, solutions and much more.   Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

Quantum computing isn’t just a future threat to encryption, it’s a direct risk to identity and authentication. In this week's episode, Matthias is joined by Jonathan Care to explore why identity is the quantum bullseye and what organizations must do now to prepare for a post-quantum world. You’ll learn: ✅ Why authentication protocols depend entirely on cryptography✅ How “harvest now, decrypt later” (HNDL) already puts identity data at risk✅ Why identity, not data encryption, is the weakest point in a quantum future✅ What post-quantum cryptography standards (FIPS 203, 204, 205) change — and what they don’t✅ How Passkeys and FIDO2 are quietly becoming post-quantum ready✅ Why PKI, certificates, federation, and non-human identities face massive scale challenges✅ What crypto agility really means for IAM and Zero Trust✅ A practical 4-phase roadmap for CISOs to start preparing today The biggest risk isn’t a future quantum computer — it’s the long-lived certificates and identity data issued today.

Bonus "In which:" In which Two Factor Authentication would be a great title for this episode if any of us said that phraseArticlesThe Accounts of JingkangDragostea din tei Martha's Vineyard Sign LanguageJabberwock (magazine)Follow us on the social medias! - The show: https://bsky.app/profile/podofwonder.bsky.social - Danny: https://bsky.app/profile/dannyplaysrpgs.bsky.social & http://dannymakesrpgs.itch.io - Morgan: http://instagram.com/morganthefae & https://bsky.app/profile/m0rgan.bsky.social - Matt: https://bsky.app/profile/mattprovance.bsky.social

God transforms us from insecurity and false identity into people divinely authenticated by Him, just as Jacob became Israel. 하나님께서는 야곱이 이스라엘로 변화된 것처럼, 우리의 불안과 거짓된 정체성을 거두시고 하나님께서 친히 확증하신 존재로 변화시키십니다.

Building on the web is like working with the perfect clay. It's malleable and can become almost anything. But too often, frameworks try to hide the web's best parts away from us. Today, we're looking at PyView, a project that brings the real-time power of Phoenix LiveView directly into the Python world. I'm joined by Larry Ogrodnek to dive into PyView. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Larry Ogrodnek: hachyderm.io pyview.rocks: pyview.rocks Phoenix LiveView: github.com this section: pyview.rocks Core Concepts: pyview.rocks Socket and Context: pyview.rocks Event Handling: pyview.rocks LiveComponents: pyview.rocks Routing: pyview.rocks Templating: pyview.rocks HTML Templates: pyview.rocks T-String Templates: pyview.rocks File Uploads: pyview.rocks Streams: pyview.rocks Sessions & Authentication: pyview.rocks Single-File Apps: pyview.rocks starlette: starlette.dev wsproto: github.com apscheduler: github.com t-dom project: github.com Watch this episode on YouTube: youtube.com Episode #535 deep-dive: talkpython.fm/535 Episode transcripts: talkpython.fm Theme Song: Developer Rap

In episode 275 of our SAP on Azure video podcast we talk about Identity Managment and authentication for SAP. We have covered several times already identity and authetnication topics with Martin Raepple in the past. Together with Cameron Gardiner we take another look at Identity Management, especially in the context of the end of life for SAP IDM. Find all the links mentioned here: https://www.saponazurepodcast.de/episode275Reach out to us for any feedback / questions:* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #Security #Authentication #SSO #IdentityManagement

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

This conversation explores the profound transformation in the criminal justice system driven by technological advancements, particularly in the realm of cybercrime, data analysis, and artificial intelligence. It delves into the challenges of jurisdiction, the complexities of cross-border evidence collection, and the implications of encryption on privacy and security. The discussion also highlights systemic biases revealed through data, the fairness paradox in algorithmic risk assessments, and the need for legislative reforms to adapt to these changes. Ultimately, it emphasizes the importance of AI literacy within the justice system to ensure that core principles of due process are upheld in a digital world.In today's rapidly evolving legal landscape, the traditional foundations of criminal justice are being reshaped by three transformative forces. As we delve into these changes, we uncover the profound impact of cybercrime, data-driven insights into systemic bias, and the philosophical shift towards restorative justice.Cybercrime and Jurisdiction: The borderless nature of cybercrime challenges traditional notions of jurisdiction. With crimes often spanning multiple countries, the Budapest Convention on Cybercrime emerges as a critical framework for international cooperation. However, the absence of universal enforcement mechanisms highlights the need for continued legal innovation.Data-Driven Insights into Systemic Bias: Data analysis reveals deep-rooted biases in the justice system, particularly affecting marginalized communities. Tools like COMPASS, intended to introduce objectivity, have inadvertently amplified existing biases. This underscores the importance of transparency and fairness in algorithmic decision-making.Restorative Justice and Legislative Reform: The shift towards restorative justice emphasizes healing and accountability over punishment. By involving victims, offenders, and communities in the justice process, this approach aims to repair harm and reduce recidivism. Legislative reforms, such as the elimination of mandatory minimums and bail reform, further support this transformative vision.Conclusion: As we navigate these changes, the legal profession must adapt to ensure justice remains fair and equitable. By embracing technological advancements and addressing systemic biases, we can uphold the rule of law and protect the rights of all individuals.Subscribe Now: Stay informed about the latest developments in criminal justice by subscribing to our newsletter.TakeawaysThe traditional era of criminal justice is fundamentally over.Cybercrime challenges the concept of jurisdiction.International cooperation is essential for addressing cybercrime.Cross-border evidence collection is a significant bottleneck.Encryption poses a dilemma between privacy and security.Authentication of digital evidence is crucial but not sufficient for admissibility.Deepfakes threaten the integrity of multimedia evidence.Data analysis reveals systemic biases in sentencing.Algorithmic risk assessments can perpetuate existing biases.Legislative reforms are necessary to adapt to technological advancements.criminal justice, cybercrime, jurisdiction, international law, encryption, digital evidence, systemic bias, AI, legislative reform, due process

professorjrod@gmail.comWhat if the scariest hacks of 2025 never looked like hacks at all? We break down five real-world scenarios where attackers didn't smash locks—they used the keys we handed them. From an AI-cloned voice that sailed through a wire transfer to a building's HVAC console that quietly held elevators and doors hostage, the common thread is hard to ignore: trust. Trusted voices, trusted vendors, trusted “boring” systems, trusted sessions, and trusted APIs became the most valuable attack surface of the year.We start with a “boring” phone call that proves how caller ID and confidence can defeat policy when culture doesn't empower people to challenge authority. Then we step into the mechanical room: cloud dashboards for HVAC and badge readers, vendor-shared credentials, and thin network segmentation made physical denial of service as simple as logging in. The pivot continues somewhere few teams watch—libraries—where an unpatched management system bridged city HR, school portals, and public access with zero alarms, because nothing looked broken.Authentication takes a hit next. MFA worked, yet attackers won by stealing active LMS session tokens from a neglected component and riding valid access for weeks. No failed logins, no brute force—just continuation that our tools rarely question. Finally, we open the mobile app and watch the traffic. Clean, well-formed API calls mapped pricing rules, loyalty balances, and inventory signals at scale. Not a single malformed request, but plenty of business logic abuse that finance noticed before security did.If you care about cybersecurity, IT operations, or the CompTIA mindset, the takeaways are clear: shorten trust windows, verify context continuously, rotate and scope vendor access, segment OT from IT, treat libraries and civic tech as real attack surface, bind tokens to devices, and put rate limits and behavior analytics at the heart of your API strategy. Ready to rethink where your defenses are blind? Listen now, share with your team, and tell us which assumption you'll challenge first. And if this helped, subscribe, leave a review, and pass it on to someone who needs a wake-up call.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Matter of Ghanbari, 29 I&N Dec. 376 (BIA 2025)·       bond; mandatory detention; material support to a terrorist organization; propaganda; non-violent conductRamos-Hernandez v. Bondi, No. 25-1038 (1st Cir. Dec. 22, 2025)·       asylum; withholding of removal; Guatemala; particular social group; family-based; business ownership; persecution; isolated eventsCampuzano v. Bondi, No. 24-60575 (5th Cir. Dec. 22, 2025)·       authentication of criminal records; INA § 240(c)(3)(C); crime of child abuse; INA § 237(a)(2)(E)(i); categorical approach; modified categorical approachRuiz v. Bondi, No. 23-1095 (9th Cir. Dec. 22, 2025)·       jurisdiction; extraordinary circumstances; INA § 208(a)(2)(D); one-year filing deadline; 8 U.S.C. § 1252(a)(2)(D); mixed questions; discretion; asylum; withholding of removal; administrative closureKurzban Kurzban Tetzeli and Pratt P.A.Immigration, serious injury, and business lawyers serving clients in Florida, California, and all over the world for over 40 years. Eimmigration "Simplifies immigration casework. Legal professionals use it to advance cases faster, delight clients, and grow their practices."Special Link! Gonzales & Gonzales Immigration BondsP: (833) 409-9200immigrationbond.com  EB-5 Support"EB-5 Support is an ongoing mentorship and resource platform created specifically for immigration attorneys."Contact: info@eb-5support.comWebsite: https://eb-5support.com/Stafi"Remote staffing solutions for businesses of all sizes"Click me!Want to become a patron?Click here to check out our Patreon Page!CONTACT INFORMATION:Email: kgregg@kktplaw.comFacebook: @immigrationreviewInstagram: @immigrationreviewTwitter: @immreviewAbout your hostCase notesRecent criminal-immigration article (p.18)Featured in San Diego VoyagerSupport the show

Will We Say Goodbye to OTPs in 2026? As India enters the next authentication era, this episode of The Core Report explores whether one-time passwords are finally reaching the end of the road and what could replace them in banking, payments, and everyday digital life.In this special edition, Govindraj Ethiraj speaks with Pramod Varma, Co-Founder & Chief Architect, Networks For Humanity (NFH), Co-Creator, FINTERNET & BECKN Protocol, architect behind Aadhaar, UPI, DigiLocker, eSign, Account Aggregator, and ONDC, to unpack how India's digital public infrastructure is quietly moving beyond OTPs. From face authentication and biometrics to smartphone-based security, layered KYC, and verifiable credentials, this conversation explains why the current system feels broken and what a smarter, more inclusive model could look like by 2026.As digital scams rise and compliance burdens grow, are OTPs still the safest option or have they become a bottleneck? Why do banks still rely on paper, repeated KYC, and friction-heavy verification when India already has the technology to go fully digital? And could Aadhaar-based face authentication and app-driven cryptographic security offer a future that is both safer and easier for consumers and businesses?This episode breaks down the future of authentication in India, the shift away from OTP-based security, and what it means for financial services, digital identity, KYC reform, and ease of doing business. Essential viewing for professionals tracking fintech, policy, digital transformation, and India's evolving digital economy.Subscribe to The Core Report for conversations shaping India's business, policy, and digital economy.#OTPs #DigitalIndia #Authentication #Fintech #TheCoreReport #TheCore

Show Notes: 00:00 The Journey of Self-Reflection02:41 Understanding Failure and Fear05:25 Defining Success and Failure07:56 The Role of Trust in the Industry10:13 Navigating the Crypto Landscape13:03 The Evolution of Crypto Ventures15:33 Lessons from Early Experiences17:55 The Importance of User Value20:44 The Impact of Market Dynamics23:14 Reflections on Airdrops and User Engagement26:01 Navigating Challenges in the Crypto Space29:09 The Future of Crypto and Personal Growth38:34 The Call for Decentralization41:18 Building Jupnet: A New Era in Finance43:59 Innovations in Authentication and Sequencing48:49 The Multi-Chain Future: Embracing New Opportunities51:06 The Role of Empathy in Leadership59:54 Personal Growth and the Importance of Vision01:04:06 Studio and the Challenges of Launching Projects01:15:17 Focus on Building Strong Brands01:17:44 Navigating Support Frameworks and Expectations01:20:05 Leadership and Community Engagement01:23:00 The Importance of Sustainable Project Support01:26:18 Reflections on the JOO Token and Community Dynamics01:36:26 Rebuilding the Token Narrative and Community Trust If you like this episode, you're welcome to tip with Ethereum / Solana / Bitcoin:如果喜欢本作品，欢迎打赏ETH/SOL/BTC：ETH: 0x83Fe9765a57C9bA36700b983Af33FD3c9920Ef20SOL: AaCeeEX5xBH6QchuRaUj3CEHED8vv5bUizxUpMsr1KytBTC: 3ACPRhHVbh3cu8zqtqSPpzNnNULbZwaNqG Important Disclaimer: All opinions expressed by Mable Jiang, or other podcast guests, are solely their opinion. This podcast is for informational purposes only and should not be construed as investment advice. Mable Jiang may hold positions in some of the projects discussed on this show. 重要声明：Mable Jiang或嘉宾在播客中的观点仅代表他们的个人看法。此播客仅用于提供信息，不作为投资参考。Mable Jiang有时可能会在此节目中讨论的某项目中持有头寸。

I almost forgot that your manuscript will run through one or multiple programs to make sure your book is original, the authentication process, so when your writing forget the other books you read. write your true way, not standard. in your own thought process

The Tech talk to have with family over the holidays. We dive into why tracking passwords and setting up two-step authentication safely is a must—especially for seniors and elderly users. Plus we have hunting news of a rare pheasant. Join radio hosts Rebecca Wanner aka ‘BEC' and Jeff ‘Tigger' Erhardt (Tigger & BEC) with the latest in Outdoors & Western Lifestyle News! Rare White Pheasant Harvested in North Dakota According to KFYR TV, a Minot, North Dakota hunter harvested a rare white Pheasant south of the city on December 7, 2025. 37-year-old Eric Henke of Minot first saw the bird a few years ago on his family farm. A couple weeks ago, he and six others, plus four dogs, went out for a pheasant hunt. The group flushed the bird, and it flew into some brush. It was flushed again about 10 yards from Henke. With a pull of the trigger from his Benelli Super Black Eagle II 12 gauge, the bird dropped and ran, thankful to have one of the dogs retrieve it for him. Henke is now having the bird mounted by Dakota Taxidermy in Bismarck, North Dakota. In addition to being a rare white pheasant, it also had magnificent tail feathers that measured to about 22.5 inches long. Congrats Eric Henke! The Importance of Tracking Passwords and Two-Step Authentication for Seniors and Families Why Password Management Is More Important Than Ever In today's digital world, almost every essential service requires a password—banking, medical portals, email, social security accounts, utilities, and even prescription refills. For elderly and older adults, managing multiple passwords can quickly become overwhelming. Forgotten passwords, locked accounts, and inaccessible phones can lead to stress, financial risk, and complete loss of access to critical services. Common Problems Seniors Face: Forgotten passwords or PINs Locked accounts due to failed login attempts Smartphones breaking, updating, or resetting Two-step authentication codes sent to unavailable devices Difficulty remembering complex security rules Without a proper system in place, a simple phone update can become a major crisis. What Is Two-Step Authentication (2FA) — and Why It Can Be Risky Without Backup Two-step authentication (also called 2FA or multi-factor authentication) adds an extra layer of security by requiring: Something you know (password) Something you have (phone, text message, authentication app) While 2FA improves security, it can lock users out permanently if: The phone is lost or broken The phone number changes The device updates or resets The authentication app is deleted This is especially dangerous for seniors who rely on one single smartphone. How to Set Up Two-Step Authentication the Right Way (Senior-Friendly) To avoid lockouts, seniors and families should always set up backup access options. Best Practices: Save backup recovery codes on paper and digitally Add a trusted family member's email or phone number Use authentication apps that allow device recovery Avoid using only SMS codes when possible Tip: Print recovery codes and store them in a safe, labeled folder at home. Final Checklist for Seniors and Caregivers Track all passwords in one secure place Set up 2FA with backup recovery options Share access with trusted family members Store printed recovery information safely Review passwords yearly or after major updates Final Thought - A broken phone or forgotten password should never mean losing access to your life. OUTDOORS FIELD REPORTS & COMMENTS We want to hear from you! If you have any questions, comments, or stories to share about bighorn sheep, outdoor adventures, or wildlife conservation, don't hesitate to reach out. Call or text us at 305-900-BEND (305-900-2363), or send an email to BendRadioShow@gmail.com. Stay connected by following us on social media at Facebook/Instagram @thebendshow or by subscribing to The Bend Show on YouTube. Visit our website at TheBendShow.com for more exciting content and updates! https://thebendshow.com/ https://www.facebook.com/thebendshow WESTERN LIFESTYLE & THE OUTDOORS Jeff ‘Tigger' Erhardt & Rebecca ‘BEC' Wanner are passionate news broadcasters who represent the working ranch world, rodeo, and the Western way of life. They are also staunch advocates for the outdoors and wildlife conservation. As outdoorsmen themselves, Tigger and BEC provide valuable insight and education to hunters, adventurers, ranchers, and anyone interested in agriculture and conservation. With a shared love for the outdoors, Tigger & BEC are committed to bringing high-quality beef and wild game from the field to your table. They understand the importance of sharing meals with family, cooking the fruits of your labor, and making memories in the great outdoors. Through their work, they aim to educate and inspire those who appreciate God's Country and life on the land. United by a common mission, Tigger & BEC offer a glimpse into the life beyond the beaten path and down dirt roads. They're here to share knowledge, answer your questions, and join you in your own success story. Adventure awaits around the bend. With The Outdoors, the Western Heritage, Rural America, and Wildlife Conservation at the forefront, Tigger and BEC live this lifestyle every day. To learn more about Tigger & BEC's journey and their passion for the outdoors, visit TiggerandBEC.com. https://tiggerandbec.com/

Jack Harrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStack Special Guest: Tanner Linsley.

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

Advances in quantum computing by 2029 will weaken and break the conventional asymmetric cryptography that underpins many authentication methods, Gartner has warned, significantly reducing their credence and increasing exposure to account takeover risks. The analyst firm's Hype Cycle for Digital Identity 2025 highlights the importance of post-quantum authentication (PQA), also known as quantum-safe authentication, which incorporates post-quantum cryptography to mitigate attacks using quantum computing. You can listen to all of the Quantum Minute episodes at https://QuantumMinute.com. The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. Learn more at https://AppliedQuantum.com.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

See more: https://thinkfuture.substack.comConnect with Bojan: https://www.linkedin.com/in/bojansimic---Passwords were supposed to die 20 years ago—so why are we still using them?In this episode of thinkfuture, host Chris Kalaboukis talks with Bojan Simic, co-founder and CEO of HYPR, a cybersecurity company on a mission to finally eliminate passwords for good.Bojan shares how a personal hacking experience early in his career sparked his obsession with fixing identity security. That moment eventually led to the creation of HYPR, a platform that uses biometrics, tokenization, and passwordless authentication to secure users while simplifying the login process.We discuss:- Why the password problem has persisted for decades- How HYPR's technology replaces passwords with biometrics and cryptographic keys- The challenges of mass adoption across enterprises and consumers- How HYPR is expanding into full identity verification—protecting the entire identity lifecycle- Why “passwordless” isn't just about convenience, but trust and security- What the future of authentication might look like in 2035- The role AI could play in identity assurance and fraud detectionBojan's vision is clear: the internet of the future won't rely on secrets—it'll rely on proof.If you're interested in cybersecurity, authentication, biometrics, or the future of digital identity, this episode is a must-listen.

Haven is a blockchain ecosystem based on the foundations of anonymity and authenticated ownership. Using real and continuous biometric authentication it verifies that the user is the true authenticated owner at all times. It protects users from fraud, loss, and impersonation by making your face the ultimate key. No passwords, no seed phrases, no risks of theft. Why you should listen Haven is building what it calls the world's first blockchain ecosystem powered by continuous biometric authentication. Instead of relying on passwords, seed phrases, or private keys, Haven ties wallet access directly to an encrypted, live biometric signature — essentially letting users interact with the blockchain simply by being themselves. The goal is to make digital ownership feel seamless and secure, removing one of the biggest points of friction in Web3: losing or managing keys. At the heart of the project is the Haven Blockchain, designed so every wallet and transaction is verified through the user's biometric identity. This creates a user experience where onboarding is immediate, recovery is intuitive, and security is built in from the ground up. Haven's approach also aims to bridge mainstream audiences into Web3 by offering familiar, easy-to-use authentication rather than complex crypto tooling. Haven is also positioning itself as a developer-friendly platform. Through Open Layer — their upcoming development environment — builders will be able to create dApps that automatically inherit Haven's secure, biometric-first design. Their roadmap includes the Haven Wallet & App launch in October 2025, followed by a pre-ICO in November and a full blockchain release in 2026, promising a growing ecosystem built around identity-native Web3 experiences. Supporting links Stabull Finance Haven Andy on Twitter  Brave New Coin on Twitter Brave New Coin If you enjoyed the show please subscribe to the Crypto Conversation and give us a 5-star rating and a positive review in whatever podcast app you are using.

Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Second Coming A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos. https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised Hacklore: Cleaning up Outdated Security Advice A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated. https://www.hacklore.org

On this week's episode, Kyle welcomes back Steve (@showley2003) to help wrap up the audio era of the Wax Museum Podcast. They talk mail days, Authentication nightmares, goofy eBay history, and a major Paul George patch pickup — plus what comes next as the show moves to YouTube.

This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In our ongoing series on AI in 1000 days, we describe the inevitable, complete distrust of voice printing as an authentication method, including why and what we think will happen.

Wultra provides post-quantum authentication for banks, fintechs, and governments—protecting digital identities from emerging quantum computing threats. In this episode, Peter Dvorak shares how he broke into the notoriously closed banking ecosystem by leveraging his early experience in mobile banking development. From navigating multi-stakeholder enterprise sales to positioning quantum-safe cryptography when the threat timeline remains uncertain (consensus: 2035, but could accelerate), Peter reveals the specific strategies required to sell mission-critical security infrastructure to regulated financial institutions. Topics Discussed How post-quantum cryptography runs on classical computers while protecting against quantum threats Why European banking regulation drives global authentication standards The multi-stakeholder sales process: quantum threat teams, CISOs, CTOs, and digital product owners Conference strategy and analyst relationships (Gartner, KuppingerCole) for category positioning Banking budget cycles and why June/July approaches fail Breaking the "who else is using this?" barrier with banking-specific proof points Positioning as the only post-quantum cryptography provider for digital identity in banking GTM Lessons For B2B Founders Layer future-proofing onto immediate ROI: Post-quantum cryptography doesn't require quantum computers to function—it runs on classical infrastructure while providing superior security. Peter sells banks on moving from SMS OTP to mobile app authentication (tangible, immediate benefit) while positioning quantum resistance as migration insurance: "You won't have to rip-and-replace in three years." For emerging tech, anchor value in today's operational wins, not future scenarios. Give struggling departments concrete wins: Large banks have quantum threat teams tasked with replacing every piece of software by 2030-2035. Peter gives them measurable progress: "We move you from 5% to 10% completion on authentication and digital identity." These teams need defensible projects to justify their existence. Identify which internal groups are fighting for relevance and deliver projects they can report upward. Banking references are binary gatekeepers: Every bank asks "who else is using this?" Non-banking customers (telcos, gaming, lottery) don't count—banking regulation and systems are fundamentally different. The first banking customer is the hardest barrier. Once cleared, subsequent conversations become tractable. Budget aggressively to land that first bank, even at unfavorable terms. Respect the annual budget cycle: Banks allocate resources 12 months ahead. Approaching in Q2/Q3 means budgets are locked—even free POCs fail because internal resources are committed. Peter's pipeline strategy: build relationships and maintain visibility throughout the year, then activate when budget windows open. Don't confuse market education with active pipeline. Map and sequence multi-stakeholder buys: Authentication purchases require alignment across quantum threat teams (if they exist), cybersecurity/compliance, CTO/CIO (infrastructure acceptance), and digital product owners (UX concerns affecting their KPIs). Start at director level—board executives are too removed from technical details. Research each bank's org structure before engaging, then tailor sequencing. EU regulatory leadership creates expansion vectors: European regulations like PSD2 and strong authentication requirements get replicated in Southeast Asia, MENA, and other regions. Peter benefits from solving EU compliance first, then riding regulatory diffusion. The US remains fragmented with smaller regional banks still using username/password. Founders should analyze which geographies lead regulatory adoption in their category. Maintain composure through 18+ month cycles: Peter's regret: losing his temper during negotiations cost him time. Banking doesn't buy impulsively—sales require patience through lengthy security reviews, compliance checks, and committee approvals. Incremental progress and rational positioning matter more than aggressive closing. Emotional control is operational discipline. // Sponsors:  Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role.  Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:02:51) MCP Architecture & Authentication(00:13:08) Roots, Sampling, & Elicitation(00:19:15) Tools and Resources

In this episode of Builders Wanted, we're joined by Filip Verley, Chief Innovation Officer at Liminal. Filip sheds light on the challenges companies face with increasing fraud due to advances in generative AI and deepfakes, and the importance of balancing security with customer experience. The conversation covers practical strategies for unifying data across teams, leveraging behavioral signals, and investing in converged identity platforms.-------------------Key Takeaways: Digital fraud is rapidly evolving due to generative AI and deepfakes, making it harder for companies to distinguish between real and fake interactions.Unifying data and aligning company goals around trust and security is essential for effective fraud prevention.Balancing customer experience with security requires smart, context-aware friction and continuous monitoring.-------------------“ The best teams or organizations don't think in an either-or, it's the balance. They always are able to balance and they design these systems to adapt to what they need.  It's not just about reducing the fraud, it's making sure that users are protected without slowing them down. Smart friction.” – Filip Verley-------------------Episode Timestamps:‍*(01:52) - How generative AI and deepfakes are making fraud detection harder ‍*(04:07) - Insights from Liminal's Seminal Report‍*(16:19) - Why behavioral intent is a game changer for fraud detection‍*(22:54) - The 4 layers of defense every company needs ‍*(25:52) - Where companies are investing for the biggest impact‍*(35:13) - Quick hits-------------------Links:Connect with Filip on LinkedInRead Liminal's Seminal ReportConnect with Kailey on LinkedInLearn more about Caspian Studios-------------------SponsorBuilders Wanted is brought to you by Twilio – the Customer Engagement Platform that helps builders turn real-time data into meaningful customer experiences. More than 320,000 businesses trust Twilio to transform signals into connections—and connections into revenue. Ready to build what's next? Learn more at twilio.com.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Send us a textWe explore why most breaches are identity failures and how to flip the model with hardware-backed, device-bound credentials that never move. Jason shares global threat trends, startup lessons, and a blueprint for preventing credential theft across people, agents, and machines.• life on the road, burnout signals and recovery• global threats to critical infrastructure and state actor pressure• startup culture, expectations and keeping teams healthy• Jason's path through engineering to entrepreneurship• identity's failure modes and why credentials are stolen• asymmetric, hardware-bound authentication and device posture• extending identity to agents, drones and satellites• cyber-physical risk and why finance invests heavily• identity as the universal control plane in cloud• practical steps to prevent session hijack and MFA fatigueConnect with Jason: “Hit me up on LinkedIn… our website, beyondidentity.com… even X”Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

There are many ways to frame conversations around cyber security. They can take on many aspects of security, ranging across the technical to the human. With the press towards platform consolidation, it's critical to reconsider the interaction between the human and technical elements and research director Scott Crawford and Javvad Malik, CISO advisor at KnowBe4, join host Eric Hanselman to dig into this important interplay. It's all too easy to fall into security practices that focus on technical requirements and don't account for the friction that is created for the people who use them. It's also easy to drop into a mindset that better security is just a matter of user education. Effective security requires thinking about user experience, as well as technical controls. Authentication is one of the most frequently experienced security interactions and also one where a technical focus can have the highest impact on the people using. Authentication happens often and is also a key element in securing IT environments. The push to multifactor authentication, for example, is an important step in security enforcement and can require a significant change in how people interact with the systems that support their daily lives. A wholistic approach to security can help teams move beyond the frustrating cycle of user training and shift to collaborative security implementations. More S&P Global Content: The evolution of security platforms – 6 centers of gravity shaping the market AI for security: Agentic AI will be a focus for security operations in 2025 From KnowBe4: The Hidden Cybersecurity Threat: Securing the Human-AI Relationship For S&P Global Subscribers: Security for agentic AI: Key areas of focus Worlds colliding: Uniting proactive and reactive security Identity & Access Management Market Monitor & Forecast Beyond ITDR: Viewing identity security through a wider lens Credits: Host/Author: Eric Hanselman Guests: Scott Crawford, Javvad Malik Producer/Editor: Feranmi Adeoshun Published With Assistance From: Sophie Carr, Kyra Smith

Galatians 6:11 Thanks to everyone who supports TMBH at patreon.com/thetmbhpodcast You're the reason we can all do this together! Discuss the episode here Music by Jeff Foote