Podcasts about Authentication

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In this Road to Macstock Conference and Expo conversation we welcome longtime speaker Kirschen Seah to discuss her upcoming session, Passkeys Demystified. Kirschen explains the promise of passkeys as a more secure, user-friendly alternative to passwords, and why adoption has been slower than expected. She shares insights into how passkeys work using public key cryptography, addresses common concerns about biometric data, and outlines how password managers like Apple Keychain and 1Password integrate with the system. With real-world scenarios and practical examples, Kirschen aims to help attendees confidently adopt passkeys and understand the evolving standards behind them.  Show Notes: Chapters: 00:08 Introduction to MacVoices 00:45 Kirschen Seah Joins the Conversation 02:20 Passkeys Demystified 08:44 Managing Multiple Accounts 10:32 The Role of Password Managers 13:15 Preparing for the Session 15:55 Macstock Conference Details 17:51 The Value of Curiosity at Macstock Links: Macstock Conference and Expo Save $50 with the Kirschen's discount code: freerangecoder Save $50 with Chuck's discount code: macvoices50 Guests: Kirschen Seah's background is Computer Sciences with interests in Software Engineering, User Experience, and Mac OS X / iPhone OS development. She started programming with BASIC in 1978 on an Apple ][ and have over 30 years of experience in the field. Kirschen worked on OPENSTEP (precursor to Mac OS X Cocoa) graphical prototyping applications initially when she joined Rockwell Collins (now Collins Aerospace) in 1999, and was a Senior Principal Systems Engineer in the Flight Management Systems department focussed on the user interface for pilot interaction. Prior to joining Rockwell Collins Kirschen worked at Acuity (formerly ichat) developing interactive user interfaces for live chat customer service agents. Now retired, there's now more time to share technical insights on her blog, develop useful scripts (Python, shell), and write Shortcuts. Kirschen is really motivated to share her experience to help fellow software practitioners develop better skills – be that in good design, implementation, or computer science fundamentals. As much as she can, Kirschen tries to share the delight in discovering how iOS and macOS applications for productivity and creativity have helped her do better in her personal and (former) work life. Connect with her on her web site, FreeRangeCoder Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Jack Friks (@jackfriks) is the founder of PostBridge, a social media scheduling tool that grew from his own frustration with spending hours posting across platforms to a $18k/month business. We explore the evolution of social media toward authenticity, the challenges of building lean products as a solopreneur, and how to navigate the noise while maintaining a genuine human connection in an AI-driven world.The blog post: https://thebootstrappedfounder.com/jack-friks-building-tools-that-empower-without-overwhelming/ The podcast episode: https://tbf.fm/episodes/396-jack-friks-building-tools-that-empower-without-overwhelmingCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

On this episode, I provide an update on the recent Windows updates and report of an issue caused by one of the updates. I cover some new enhancements from OpenAI, the culmination of a 4 year study into remote work and more! Reference Links: https://www.rorymon.com/blog/microsoft-365-authentication-issues-danish-agency-to-ditch-office-june-update-issue/

Send us a textCybersecurity vulnerabilities continue to emerge in unexpected places, as evidenced by the recent Iranian-backed attacks on U.S. water treatment facilities through poorly secured Unitronics PLCs. This alarming development sets the stage for our deep dive into API security - a critical yet often overlooked aspect of modern cybersecurity strategy.APIs form the connective tissue of our digital world, enabling seamless communication between different software systems. However, this interconnectivity creates numerous potential entry points for attackers. From RESTful APIs with their statelessness to enterprise-focused SOAP protocols and the newer GraphQL systems, each implementation brings unique security challenges that must be addressed proactively.We explore the most common API security threats facing organizations today: injection attacks that exploit poorly coded interfaces, broken authentication mechanisms that enable unauthorized access, sensitive data exposure through improper configurations, and man-in-the-middle attacks that intercept communications. Understanding these threats is just the beginning - implementing robust countermeasures is where real security happens.Authentication and access controls form the foundation of API security. OAuth, OpenID Connect, and token-based authentication systems provide powerful protection when implemented correctly. However, token management practices - including secure storage, proper revocation procedures, and regular refreshing - are equally critical yet frequently overlooked components of a comprehensive security strategy.API gateways emerge as perhaps the most valuable security control in your arsenal. Acting as centralized checkpoints, they provide enhanced visibility, consistent authentication enforcement, traffic throttling capabilities, and simplified management across numerous API connections. Cloud-based API gateways from major providers offer scalability and robust features that on-premises solutions struggle to match.Beyond the technical controls, we discuss the human element of API security. The most secure implementations balance protection with functionality while fostering collaboration between security professionals and developers. As I emphasize throughout the episode, effective security isn't about forcing compliance - it's about building bridges of understanding between teams with different expertise.Ready to strengthen your API security posture or prepare for your CISSP exam? Visit cisspcybertraining.com for free questions, comprehensive courseware, and a proven blueprint for certification success.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

Here's a payments conundrum for you: We now have more ways to authenticate access to an online account or app than ever before. And yet, account takeover (ATO) - basically unauthorized access to an account - is at record levels. In this episode, Glenbrook's Yvette Bohanan and Chris Uriarte are joined by Rocky Scales, CEO of IDgo, to explore this multifaceted problem.  Tune in as they discuss the vulnerabilities in authentication techniques, the need for better consumer education, and how financial institutions and businesses can implement more secure and user-friendly authentication systems to counteract evolving threats from sophisticated fraud methods. 

Getting Graded: Inside the Wild World of Card Authentication with TGA's TylerEver wondered how a piece of cardboard can be worth millions of dollars? This week, we dive deep into the fascinating (and slightly insane) world of sports card grading with Tyler, founder of TGA(True Grade Authentication), a new Canadian authentication company that's shaking up an industry dominated by American giants.What You'll Learn:Why getting a Wayne Gretzky card graded can cost you $1,000+ (hint: it's not just the grading fee)How the hobby transformed from 25-cent packs to $25,000 boxes with "bounty" cards worth seven figuresThe four critical factors that determine if your childhood card collection is treasure or trashWhy Canadian collectors were getting squeezed out by tariffs and how one entrepreneur saw an opportunityThe Real Talk: Tyler shares his journey from 11-year-old collector to business owner, explaining how a $25 Darryl Sittler rookie card sparked a 30+ year passion that led to launching TGA. We explore the tension between old-school collecting (nostalgia, sentiment, fun) and the new reality where cards are treated like stock investments.Phil's Journey: Watch our co-host Phil go from complete card skeptic to cautiously intrigued, despite his horror at modern pack prices and complexity. Spoiler alert: Kenny's still trying to drag him to a Toronto card show, and Phil's still saying absolutely not. Find Tyler at: https://tgagrading.com/Thank you to Field Agent Canada for sponsoring the podcast: https://www.fieldagentcanada.com/Thank you to LeBeau Excel for sponsoring this episode: https://lebeauexcel.com/  

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Back by popular demand, Mike and Jesse begin the show by ripping packs of cards (00:00). Then, the guys discuss Walmart's role in the hobby, and the top 10 greatest Yankees of all time, before Jesse questions why all these women want to go on dates with Troy. After that, Upper Deck president Jason Masherah joins the show to talk about some bad apples in the breaking industry, the future of authentication and grading, and innovation in the hobby (28:52). And to round out the show, the guys open the mailbag (56:24). Hosts: Jesse Gibson and Mike GioseffiGuest: Jason MasherahProducer: Troy Farkas Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode, we hear from Janikiram MSV, an industry analyst and advisor based in Hyderabad, India, who specializes in AI agents and cloud native technology. We spoke about the evolution of AI agents, from chatbots to personalized AI assistants, and their advancement to AI agents that can access data, utilize APIs, and perform tasks autonomously. The discussion also covers the impact of these technologies on various fields, especially for developers, through examples like app modernization and AI-driven tools. We address important considerations such as authentication, authorization, and the future role of junior developers in an AI-augmented world. This episode sheds light on how AI agents can significantly transform workflow efficiency across multiple domains. 00:00 Introduction 00:56 Evolution of AI Agents 06:10 Impact on Developers and IT Operations 07:17 Authentication and Authorization Challenges 09:41 Future of AI in Development 20:19 Advice for Junior Developers 22:23 Conclusion and Future Discussions   Guest:   Janakiram MSV is an an industry analyst, strategic advisor, and a practicing architect. Through his speaking, writing, and analysis, he helps businesses take advantage of emerging technologies.

Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices

GoldenGate 23ai takes security seriously, and this episode unpacks everything you need to know. GoldenGate expert Nick Wagner breaks down how authentication, access roles, and encryption protect your data.   Learn how GoldenGate integrates with identity providers, secures communication, and keeps passwords out of storage. Understand how trail files work, why they only store committed data, and how recovery processes prevent data loss.   Whether you manage replication or just want to tighten security, this episode gives you the details to lock things down without slowing operations.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services.  Nikita: Welcome, everyone! This is our fourth episode on Oracle GoldenGate 23ai. Last week, we discussed the terminology, different processes and what they do, and the architecture of the product at a high level. Today, we have Nick Wagner back with us to talk about the security strategies of GoldenGate. 00:56 Lois: As you know by now, Nick is a Senior Director of Product Management for GoldenGate at Oracle. He's played a key role as one of the product designers behind the latest version of GoldenGate. Hi Nick! Thank you for joining us again. Can you tell us how GoldenGate takes care of data security? Nick: So GoldenGate authentication and authorization is done in a couple of different ways. First, we have user credentials for GoldenGate for not only the source and target databases, but also for GoldenGate itself. We have integration with third-party identity management products, and everything that GoldenGate does can be secured. 01:32 Nikita: And we must have some access roles, right? Nick: There's four roles built into the GoldenGate product. You have your security role, administrator, operator, and user. They're all hierarchical. The most important one is the security user. This user is going to be the one that provides the administrative tasks. This user is able to actually create additional users and assign roles within the product. So do not lose this password and this user is extremely important. You probably don't want to use this security user as your everyday user. That would be your administrator. The administrator role is able to perform all administrative tasks within GoldenGate. So not only can they go in and create new extracts, create new replicats, create new distribution services, but they can also start and stop them. And that's where the operator role is and the user role. So the operator role allows you to go in and start/stop processes, but you can't create any new ones, which is kind of important. So this user would be the one that could go in and suspend activity. They could restart activity. But they can't actually add objects to replication. The user role is really a read-only role. They can come in. They can see what's going on. They can look at the log files. They can look at the alerts. They can look at all the watches and see exactly what GoldenGate is doing. But they're unable to make any changes to the product itself. 02:54 Lois: You mentioned the roles are hierarchical in nature. What does that mean? Nick: So anything that the user role does can be done by the operator. Anything that the operator and user roles can do can be done by the administrator. And anything that the user, operator, and administrator roles do can be done by the security role. 03:11 Lois: Ok. So, is there a single sign-on available for GoldenGate? Nick: We also have a password plugin for GoldenGate Connections. A lot of customers have asked for integration with whatever their single sign-on utility is, and so GoldenGate now has that with GoldenGate 23ai. So these are customer-created entities. So, we have some examples that you can use in our documentation on how to set up an identity provider or a third-party identity provider with GoldenGate. And this allows you to ensure that your corporate standards are met. As we started looking into this, as we started designing it, every single customer wanted something different. And so instead of trying to meet the needs for every customer and every possible combination of security credentials, we want you to be able to design it the way you need it. The passwords are never stored. They're only retrieved from the identity provider by the plugin itself. 04:05 Nikita: That's a pretty important security aspect…that when it's time to authenticate a user, we go to the identity provider. Nick: We're going to connect in and see if that password is matching. And only then do we use it. And as soon as we detect that it's matched, that password is removed. And then for the extract and replicats themselves, you can also use it for the database, data source, and data target connections, as well as for the GoldenGate users. So, it is a full-featured plugin. So, our identity provider plugin works with IAM as well as OAM. These are your standard identity manager authentication methods. The standard one is OAuth 2, as well as OIDC. And any Identity Manager that uses that is able to integrate with GoldenGate. 04:52 Lois: And how does this work? Nick: The way that it works is pretty straightforward. Once the user logs into the database, we're going to hand off authentication to the identity provider. Once the identity provider has validated that user's identity and their credentials, then it comes back to GoldenGate and says that user is able to log in to either GoldenGate or the application or the database. Once the user is logged in, we get that confirmation that's been sent out and they can continue working through GoldenGate. So, it's very straightforward on how it works. There's also a nice little UI that will help set up each additional user within those systems. All the communication is also secured as well. So any communication done through any of the GoldenGate services is encrypted using HTTPS. All the REST calls themselves are all done using HTTPS as well. All the data protection calls and all the communication across the network when we send data across a distribution service is encrypted using a secure WebSocket. And there's also trail file encryption at the operating system level for data at REST. So, this really gives you the full level of encryption for customers that need that high-end security. GoldenGate does have an option for FIPS 140-2 compliance as well. So that's even a further step for most of those customers. 06:12 Nikita: That's impressive! Because we want to maintain the highest security standards, right? Especially when dealing with sensitive information. I now want to move on to trail files. In our last episode, we briefly spoke about how they serve as logs that record and track changes made to data. But what more can you tell us about them, Nick? Nick: There's two different processes that write to the trail files. The extract process will write to the trail file and the receiver service will write to the trail file. The extract process is going to write to the trail file as it's pulling data out of that source database. Now, the extract process is controlled by a parameter file, that says, hey, here's the exact changes that I'm going to be pulling out. Here's the tables. Here's the rows that I want. As it's pulling that data out and writing it to the trail files, it's ensuring that those trail files have enough information so that the replicat process can actually construct a SQL statement and apply that change to that target platform. And so there's a lot of ways to change what's actually stored in those trail files and how it's handled. The trail files can also be used for initial loads. So when we do the initial load through GoldenGate, we can grab and write out the data for those tables, and that excludes the change data. So initial loads is pulling the data directly from the tables themselves, whereas ongoing replication is pulling it from the transaction logs. 07:38 Lois: But do we need to worry about rollbacks? Nick: Our trail files contain committed data only and all data is sequential. So this is two important things. Because it contains committed data only, we don't need to worry about rollbacks. We also don't need to worry about position within that trail file because we know all data is sequential. And so as we're reading through the trail file, we know that anything that's written in a prior location in that trial file was committed prior to something else. And as we get into the recovery aspects of GoldenGate, this will all make a lot more sense. 08:13 Lois: Before we do that, can you tell us about the naming of trail files? Nick: The trail files as far as naming, because these do reside on the operating system, you start with a two-letter trail file abbreviation and then a nine-digit sequential value. So, you almost look at it as like an archive log from Oracle, where we have a prefix and then an affix, which is numeric. Same kind of thing. So, we have our two-letter, in this case, an ab, and then we have a nine-digit number. 08:47 Transform the way you work with Oracle Database 23ai! This cutting-edge technology brings the power of AI directly to your data, making it easier to build powerful applications and manage critical workloads. Want to learn more about Database 23ai? Visit mylearn.oracle.com to pick from our range of courses and enroll today! 09:12 Nikita: Welcome back! Ok, Nick. Let's get into the GoldenGate recovery process. Nick: When we start looking at the GoldenGate recovery process, it essentially makes GoldenGate kind of point-in-time like. So on that source database, you have your extract process that's going to be capturing data from the transaction logs. In the case of Oracle, the Oracle Database is actually going to be reading those transaction logs from us and passing the change records directly to GoldenGate. We call them an LCR, Logical Change Record. And so the integrated extract and GoldenGate, the extract portion tells the database, hey, I'm now going to be interested in the following list of tables. And it gives a list of tables to that internal component, the log mining engine within the database. And it says, OK, I'm now pulling data for those tables and I'm going to send you those table changes. And so as the extract process gets sent those changes, it's going to have checkpoint information. So not only does it know where it was pulling data from out of that source database, but what it's also writing to the trail file. The trail files themselves are all sequential and they have only committed data, as we talked about earlier. The distribution service has checkpoint information that says, hey, I know where I'm reading from in the previous trail file, and I know what I've sent across the network. The receiver service is the same thing. It knows what it's receiving, as well as what it's written to the trail file and the target system. The replicat also has a checkpoint. It knows where it's reading from in the trail file, and then it knows what it's been applying into that target database.  This is where things start to become a little complicated. Our replicat process in most cases are parallel, so it'll have multiple threads applying data into that target database. Each of those threads is applying different transactions. And because of the way that the parallelism works in the replicat process, you can actually get situations where one replicat thread might be applying a transaction higher than another thread. And so you can eliminate that sequential or serial aspect of it, and we can get very high throughput speeds to the replicat. But it means that the checkpoint needs to be kind of smart enough to know how to rebuild itself if something fails. 11:32 Lois: Ok, sorry Nick, but can you go through that again? Maybe we can work backwards this time?  Nick: If the replicat process fails, when it comes back up, it's going to look to its checkpoint tables inside that target database. These checkpoint tables keep track of where each thread was at when it crashed. And so when the replicat process restarts, it goes, oh, I was applying these threads at this location in these SCNs. It'll then go and read from the trail file and say, hey, let me rebuild that data and it only applies transactions that it hasn't applied yet to that target system. There is a synchronized replicat command as well that will tell a crashed replicat to say, hey, bring all your threads up to the same high watermark. It does that process automatically as it restarts and continues normal replication. But there is an option to do it just by itself too. So that's how the replicat kind of repairs and recovers itself. It'll simply look at the trail files. Now, let's say that the replicat crashed, and it goes to read from the trail files when it restarts and that trail profile is missing. It'll actually communicate to the distribution, or excuse me, to the receiver service and say, hey, receiver service, I don't have this trail file. Can you bring it back for me? And the receiver service will communicate downstream and say, hey, distribution service, I need you to resend me trail find number 6. And so the distribution service will resend that trail file so that the replicat can reprocess it. So it's often nice to have redundant environments with GoldenGate so we can have those trail files kind of around for availability. 13:13 Nikita: What if one of these files gets corrupted? Nick: If one of those trail files is corrupt, let's say that a trail file on the target site became corrupt and the replicat can't read from it for one reason or another. Simply stop the replicat process, delete the corrupt trail file, restart the replicat process, and now it's going to rebuild that trail file from scratch based on the information from the source GoldenGate environment. And so it's very recoverable. Handles it all very well. 13:40 Nikita: And can the extract process bounce back in the same way? Nick: The extract process can also recover in a similar way. So if the extract process crashes, when it restarts itself, there's a number of things that it does. The first thing is it has to rebuild any open transactions. So it keeps all sorts of checkpoint information about the oldest transaction that it's keeping track of, any open transactions that haven't been committed, and any other transactions that have been committed that it's already written to the trail file. So as it's reprocessing that data, it knows exactly what it's committed to trail and what hasn't been committed. And there's a number of ways that it does this.  There's two main components here. One of them is called bounded recovery. Bounded recovery will allow you to set a time limit on transactions that span a certain length of time that they'll actually get flushed out to disk on that GoldenGate Hub. And that way it'll reduce the amount of time it takes GoldenGate to restart the extract process. And the other component is cache manager. Cache manager stores uncommitted transactions. And so it's a very elegant way of rebuilding itself from any kind of failure. You can also set up restart profiles so that if any process does crash, the GoldenGate service manager can automatically restart that service an x number of times across y time span. So if I say, hey, if my extract crashes, then attempt to restart it 100 times every 5 seconds. So there's a lot of things that you can do there to make it really nice and automatic repair itself and automatically resilient.  15:18 Lois: Well, that brings us to the end of this episode. Thank you, Nick, for going through the security strategies and recovery processes in such detail. Next week, we'll look at the installation of GoldenGate. Nikita: And if you want to learn more about the topics we discussed today, head over to mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Nikita Abraham… Lois: And Lois Houston signing off! 15:44 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of The Other Side of the Firewall podcast, Ryan Williams and Shannon Tynes discuss the latest developments in cybersecurity, focusing on Microsoft's shift to passwordless accounts and the implications for users. They explore the challenges of password management, the benefits of passkeys and biometric authentication, and the future of cybersecurity in the context of emerging technologies like quantum computing. Article: Microsoft makes all new accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/?fbclid=IwY2xjawKIWopleHRuA2FlbQIxMAABHod4579kkkG2HEuaLmQVIdGGMKHARmAvA3vXcVN_PutWmqk3mTsLO1emRVqk_aem_SCwuxj4mNbRstoBAlI0Xgg Please LISTEN

Azure IAM is offering dynamic, cloud-based ransomware protection to hospitals and healthcare organizations. Want to defend yourself against this rampant threat? Visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com

It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.

In this episode, Ellie sits down with Don Spaulding, a seasoned innovation and product leader with over 17 years at Verizon. Don shares his remarkable journey from educational psychology to tech leadership, bringing a unique human-centered perspective to digital transformation. We explore how his background helps him develop data-driven strategies that improve customer experiences while maintaining trust and security. Don dives deep into the evolving landscape of AI in customer service, the growing threats of voice fraud, and the delicate balance between security and user experience.

AWS SSO vs AWS IAM

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

Episode SummaryIn this episode of The Secure Developer, host Danny Allan sits down with Alex Salazar, founder and CEO of Arcade, to discuss the evolving landscape of authentication and authorization in an AI-driven world. Alex shares insights on the shift from traditional front-door security to back-end agent interactions, the challenges of securing AI-driven agents, and the role of identity in modern security frameworks. The conversation delves into the future of AI, agentic workflows, and how organizations can navigate authentication, authorization, and security in this new era.Show NotesDanny Allan welcomes Alex Salazar, an experienced security leader and CEO of Arcade, to explore the transformation of authentication and authorization in AI-powered environments. Drawing from his experience at Okta, Stormpath, and venture capital, Alex provides a unique perspective on securing interactions between AI agents and authenticated services.Key topics discussed include:The Evolution of Authentication & Authorization: Traditional models focused on front-door access (user logins, SSO), whereas AI-driven agents require secure back-end interactions.Agentic AI and Security Risks: How AI agents interact with services on behalf of users, and why identity becomes the new perimeter in security.OAuth and Identity Challenges: Adapting OAuth for AI agents, ensuring least-privilege access, and maintaining security compliance.AI Hallucinations & Risk Management: Strategies for mitigating LLM hallucinations, ensuring accuracy, and maintaining human oversight.The Future of AI & Agentic Workflows: Predictions on how AI will continue to evolve, the rise of specialized AI models, and the intersection of AI and physical automation.Alex and Danny also discuss the broader impact of AI on developer productivity, with insights into how companies can leverage AI responsibly to boost efficiency without compromising security.LinksArcade.dev - Make AI Actually Do ThingsOkta - IdentityOAuth - Authorization ProtocolLangChain - Applications that Can ReasonHugging Face - The AI Community Building the FutureSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

Is an Authentication Sticker Worth It? The Pros & Cons for Collectors In this episode of The Powers Sports Memorabilia Show, we dive into one of the most debated topics in the hobby: should you add an authentication sticker or hologram to your signed sports cards?We surveyed collectors and the results might surprise you—50% said no, 30% said yes, and 20% landed somewhere in the middle. So why the divide?We break down the reasons behind each stance: ✅ Why some collectors prefer authentication: 61% value the witness certification, 15% say it's hard to get 3rd-party authentication, and 17% don't plan on using PSA. ❌ Why others avoid it: 40% dislike the look of the sticker, 39% believe it hurts the card's value, and 12% don't want to spend the extra money.We also talk about when it actually makes sense to sticker your card—think high-end autographs, cards that won't be sent to PSA, or signatures that are tough to authenticate later.Whether you love the hologram or hate the sticker, this episode will help you make a smarter decision next time you get a card signed.https://powerssportsmemorabilia.com/

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

Jason Barr, Vice President of Healthcare at ID.me joins Russ Branzell, President and CEO of CHIME to breakdown the complexities of federated identity in healthcare – including the implications of TEFCA and its impact on patient authentication and interoperability. Jason discusses identity verification's impact on data sharing, security, and patient trust in an increasingly digital healthcare ecosystem and advises healthcare leaders on how to secure workforce identities from the cyberattacks targeting healthcare employees throughout the industry. Key Takeaways:The crucial importance of federated identity in securing patient and workforce authentication.How to navigate federal compliance requirements and security protocols related to TEFCA and the final authentication rule.Actionable strategies for balancing security, privacy, and user experience in identity management.Emerging technologies in identity security solutions.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdf

⬥GUEST⬥Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.Practical Applications and Emerging Use CasesKen outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce's AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.Implications for Development and Security TeamsDevelopment teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.The Call for Collaboration and Mindset ShiftAgentic AI isn't just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMRMore books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GNVideo Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=falsePodcast: The 2025 OWASP Top 10 for LLMs: What's Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the barriers preventing open source developers from improving industry standards despite their expertise. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/

This week, we discuss Google acquiring Wiz, the rise of Vibe Coding, and what really counts as legacy software. Plus, Coté runs a post-acquisition all-hands meeting. Watch the YouTube Live Recording of Episode 511 (https://www.youtube.com/live/ok8lLHFCCRY?si=aos-m8eR1iYcR12v) Runner-up Titles Tattoo “BUSINESS AS USUAL” on the inside of your eyelids BUSINESS AS USUAL One billion a month Turns out they're gonna put lions in the product. Vibe coding is outcomes-focused. Cote's AI Thunderdome Don't make me learn Think About Time VibeCOBOL I don't like the no-head Rundown Google in Fresh Talks to Buy Cybersecurity Startup Wiz for $30 Billion (https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?mod=tech_lead_story) Intel board announces Lip-Bu Tan as new CEO (https://www.theregister.com/2025/03/12/intel_lip_bu_tan_new_ceo/) Vibe Coding AI IDEs Need Moats (https://materializedview.io/p/ai-ides-need-moats?ref=dailydev) AI coding assistant refuses to write code, tells user to learn programming instead (https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead/) Github Coploit does have an agent mode (https://github.com/features/copilot) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (https://techcrunch.com/2025/03/14/ai-coding-assistant-cursor-reportedly-tells-a-vibe-coder-to-write-his-own-damn-code/) Vibe Coder job listing (https://getcoai.com/careers/vibe-coder-frontend-developer-role/) Legacy Software Relevant to your Interests Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (https://www.404media.co/saudi-arabia-buys-pokemon-go-and-probably-all-of-your-location-data/) Open R1: Update #3 (https://huggingface.co/blog/open-r1/update-3) Sonos has canceled its streaming video player (https://www.theverge.com/tech/628297/sonos-pinewood-streaming-box-canceled) ServiceNow releases no-code, low-code AI agent builder (https://www.ciodive.com/news/servicenow-yokohama-agentic-ai-low-code-development-tool/742275/) Meta Seeks to Block Further Sales of Ex-Employee's Scathing Memoir (https://www.nytimes.com/2025/03/12/technology/meta-book-sales-blocked.html) AirPods Getting Live Translation Feature Later This Year (https://www.macrumors.com/2025/03/13/airpods-live-translation-ios-19/) Clouded Judgement 3.14.25 - Authentication in the Age of AI Agents (https://cloudedjudgement.substack.com/p/clouded-judgement-31425-authentication?utm_source=post-email-title&publication_id=56878&post_id=159023089&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Google allows users to personalize their Gemini conversations with new features (https://www.cnbc.com/2025/03/13/google-now-allows-users-to-personalize-their-gemini-conversations.html) Undergraduate Upends a 40-Year-Old Data Science Conjecture (https://www.wired.com/story/undergraduate-upends-a-40-year-old-data-science-conjecture/) Job Seekers Hit Wall of Salary Deflation - WSJ (https://archive.ph/Gn0F9) Something Is Rotten in the State of Cupertino (https://daringfireball.net/2025/03/something_is_rotten_in_the_state_of_cupertino) OpenStack comes to the Linux Foundation | TechCrunch (https://techcrunch.com/2025/03/12/openstack-comes-to-the-linux-foundation/?trk=feed-detail_main-feed-card_feed-article-content) Accusations of Corporate Espionage Shake a Software Rivalry (https://www.nytimes.com/2025/03/17/business/dealbook/rippling-deel-corporate-spy.html?smid=nytcore-ios-share&referringSource=articleShare) IBM Mergers: Closing on HashiCorp and Intent to Acquire Data (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)S (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)tax (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/) Nonsense The Problem with Time & Timezones - Computerphile (https://www.youtube.com/watch?v=-5wpm-gesOY&t=7s) Southwest Airlines CEO Video via WFAA (https://www.tiktok.com/@wfaach8/video/7480585081753537835?_t=ZT-8ufHaixEbks&_r=1) Southwest Airlines Just Broke the $5 Chicken Rule, and There Goes What Once Made It Great (https://www.inc.com/bill-murphy-jr/southwest-airlines-just-broke-the-5-chicken-rule-and-there-goes-what-once-made-it-great/91161331). Conferences SREday London (https://sreday.com/2025-london-q1/), March 27-28, Coté speaking (https://sreday.com/2025-london-q1/Michael_Cote_VMware__Pivotal_Platform_Engineering_for_Private_Cloud). 10% with code LDN10 Monki Gras (https://monkigras.com/), London, March 27-28, Coté speaking. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA NDC Oslo (https://ndcoslo.com/), May 21-23, Coté speaking. KubeCon EU (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/), April 1-4, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Severance (https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://tv.apple.com/us/show/severance/umc.cmc.1srk2goyh2q2zdxcx605w8vtx&ved=2ahUKEwiJ95mBjZeMAxXo4skDHWOrJ3gQFnoECGwQAQ&usg=AOvVaw06Jqv4WAF89UKW2fy4RaHx) ** Matt: Geoff Huntley's blog (https://ghuntley.com/) Coté: Barthes: A Very Short Introduction (https://academic.oup.com/book/28389), Coté — When Shit Hits the Fan (https://overcast.fm/+AAxlGT9_-n8). Photo Credits Header (https://unsplash.com/photos/people-sitting-on-chairs-watching-a-game-6vAjp0pscX0)

At Enterprise Connect 2025, Gerry Christensen, founder of Wireless Waypoint, is preparing for an important panel discussion: “Building Trust in Outbound Calling Systems” on Thursday, March 20, at 9 a.m. Restoring Trust in Caller ID Many consumers no longer trust unknown calls, assuming they're scams. Even essential calls—like fraud alerts from banks—are often ignored because they appear as "Spam Likely." Christensen emphasized that branded calling, authentication, and consent management are key to rebuilding trust. Steps for IT Managers For enterprises managing outbound calls, Christensen suggests: Know Your Customer (KYC) – Verify who is making calls on your behalf. Authentication & Validation – Ensure calls originate from trusted sources. Branded Calling – Display logos, reasons for calls, and verified IDs. Call Routing Awareness – Understand how calls travel through the network to avoid losing attestation levels. A-B Testing & Industry-Specific Approaches Companies can experiment with branded calling by A/B testing: A Group – Calls with branding, such as a company logo and caller ID. B Group – Standard outbound calls. This helps businesses measure response rates and effectiveness. Additionally, Christensen stressed the importance of industry-specific use cases—such as banks notifying customers of fraud alerts or healthcare providers confirming appointments. Where to Learn More Christensen encourages IT leaders to analyze their call origination process, work with trusted providers, and optimize call routing. For more insights or consulting, he is available via: Enterprise Connect app Wireless Waypoint website LinkedIn As outbound calling evolves with AI and authentication tools, Christensen's insights at Enterprise Connect are essential for companies looking to boost answer rates and improve customer trust. #EnterpriseConnect #WirelessWaypoint #BrandedCalling #CX #Trust #Telecom #OutboundCalls

Revolutionizing Memorabilia: The Realist's Authentic Collectibles Marketplace Therealest.com About the Guest(s): Base Naaman is the Co-founder and Head of Brand at The Realist, a pioneering firm in the memorabilia market. He is responsible for directing the company's creative strategy and overseeing partnerships with major industry names such as the Philadelphia Eagles, Miami Heat, Snoop Dogg, Usher, and Paramount Studios. The Realist is renowned for setting the next-generation standards in sports and entertainment memorabilia authentication, sourcing items directly from athletes and artists, powered by cutting-edge identification technology. Episode Summary: Welcome to the latest episode of The Chris Vos Show, where we're joined by Base Naaman from The Realist. This episode unfolds the intriguing world of authentic sports and entertainment memorabilia, highlighting the technology and strategy behind ensuring authenticity. Base Naaman shares insights into The Realist's mission to bridge the gap in memorabilia collectability between sports and music industries and the untapped potential of these sectors for collectors and fans. Base Naaman elaborates on how The Realist implements groundbreaking authentication methods akin to those used by Major League Baseball, minimizing fraud within the memorabilia industry. By deploying witnesses at live events and maintaining a transparent transfer chain, The Realist sets high standards in provenance verification. Base Naaman also narrates fascinating stories behind significant partnerships with legendary bands like Megadeth and critical events like partnering with the Philadelphia Eagles during their Super Bowl victory journey, offering fans a tangible piece of history. Key Takeaways: The Realist closes the gap between sports and music memorabilia collecting by making genuine items accessible to fans. Authentication involves real-time, witnessed verification to ensure 100% authenticity for memorabilia. High-profile partnerships, such as with Megadeth and the Philadelphia Eagles, demonstrate The Realist's capacity to bring authentic, collectible items to fans. Efforts are made not only to monetize collectibles but to preserve and respect the legacy of artists and athletes by minimizing fraud. The Realist promotes environmental sustainability by repurposing items and preventing memorabilia from ending up as waste. Notable Quotes: "It's all about trust really. It's like building these relationships directly with the artists and teams." "You are some of the most followed and loved and admired people on this planet. Why are people not able to own items that you've used on stage?" "We kind of doubled down on the authentication because we are big sports fans." "They don't realize how much of their stuff is being sold online and their fans are getting ripped off." "Nothing's impossible. I think we'll be able to reach everyone soon enough."

In this episode of the Identity Center Podcast, Jim McDonald discusses policy enforcement, adaptive authentication, and fraud prevention with Patrick Harding, Chief Product Architect at Ping Identity. They delve into how policy enforcement can be managed locally to maintain performance for SaaS applications while ensuring greater flexibility using standards like AuthZEN. Jim and Patrick also cover the benefits and challenges of using SAML and OpenID Connect for single sign-on (SSO) and explore the future role of AI agents in identity and access management. Additionally, they provide valuable tips for attending identity-focused conferences in Berlin and Las Vegas.Chapters00:00 Introduction to Policy Enforcement01:29 Welcome to the Identity Center Podcast01:54 Conference Discount Codes03:03 Guest Introduction: Patrick Harding from Ping Identity03:54 Patrick's Journey into Identity06:56 Challenges in Adaptive Authentication10:50 SaaS Applications and Policy Enforcement21:18 Advanced Fraud Analytics29:23 Integrating On-Premise and Cloud Applications30:35 Effort and Challenges in Modernizing Applications31:22 The Shift to OpenID Connect32:22 SaaS Applications and Single Sign-On Costs33:52 AI Agents and Adaptive Authentication34:54 The Future of AI Agents in Business39:15 Delegation and Authentication for AI Agents43:46 The Impact of AI on Jobs and Efficiency47:11 Advice for Future Careers in a Tech-Driven World52:57 Conference Tips and Final ThoughtsConnect with Patrick: https://www.linkedin.com/in/pharding/Conference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Next in Media spoke with Larry Allen, VP & GM Data & Addressable Enablement at Comcast about the challenge in getting everyone in media to speak the same language when it comes to targeted TV ads. Allen also talked about why he think the TV business needs to ditch identifiers for old school household data, and why he thinks that media companies are ready to work together to broaden the TV ad pie.Takeaways:Addressable TV is Evolving – It's no longer just about traditional cable ad slots. Today, addressable TV spans streaming, connected devices, and multi-screen environments

Organizations build and deploy applications at an unprecedented pace, but security is often an afterthought. This episode of ITSPmagazine's Brand Story features Jim Manico, founder of Manicode Security, in conversation with hosts Sean Martin and Marco Ciappelli. The discussion explores the current state of application security, the importance of developer training, and how organizations can integrate security from the ground up to drive better business outcomes.The Foundation of Secure DevelopmentJim Manico has spent decades helping engineers and architects understand and implement secure coding practices. His work with the Open Web Application Security Project (OWASP), including contributions to the OWASP Top 10 and the OWASP Cheat Sheet Series, has influenced how security is approached in software development. He emphasizes that security should not be an afterthought but a fundamental part of the development process.He highlights OWASP's role in providing documentation, security tools, and standards like the Application Security Verification Standard (ASVS), which is now in its 5.0 release. These resources help organizations build secure applications, but Manico points out that simply having the guidance available isn't enough—engineers need the right training to apply security principles effectively.Why Training MattersManico has trained thousands of engineers worldwide and sees firsthand the impact of hands-on education. He explains that developers often lack formal security training, which leads to common mistakes such as insecure authentication, improper data handling, and vulnerabilities in third-party dependencies. His training programs focus on practical, real-world applications, allowing developers to immediately integrate security into their work.Security training also helps businesses beyond just compliance. While some companies initially engage in training to meet regulatory requirements, many realize the long-term value of security in reducing risk, improving product quality, and building customer trust. Manico shares an example of a startup that embedded security from the beginning, investing heavily in training early on. That approach helped differentiate them in the market and contributed to their success as a multi-billion-dollar company.The Role of AI and Continuous LearningManico acknowledges that the speed of technological change presents challenges for security training. Frameworks, programming languages, and attack techniques evolve constantly, requiring continuous learning. He has integrated AI tools into his training workflow to help answer complex questions, identify knowledge gaps, and refine content. AI serves as an augmentation tool, not a replacement, and he encourages developers to use it as an assistant to strengthen their understanding of security concepts.Security as a Business EnablerThe conversation reinforces that secure coding is not just about avoiding breaches—it is about building better software. Organizations that prioritize security early can reduce costs, improve reliability, and increase customer confidence. Manico's approach to education is about empowering developers to think beyond compliance and see security as a critical component of software quality and business success.For organizations looking to enhance their security posture, developer training is an investment that pays off. Manicode Security offers customized training programs to meet the specific needs of teams, covering topics from secure coding fundamentals to advanced application security techniques. To learn more or schedule a session, Jim Manico can be reached at Jim@manicode.com.Tune in to the full episode to hear more insights from Jim Manico on how security training is shaping the future of application security.Learn more about Manicode: https://itspm.ag/manicode-security-7q8iNote: This story contains promotional content. Learn more.Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/ResourcesDownload the Course Catalog: https://itspm.ag/manicode-x684Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-securityAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

E-mail marketing has changed, and so must your approach if you want to reach your audience in 2025. I chatted with MV Braverman, founder of Inbox Welcome, to talk about e-mail deliverability—a topic often overlooked but absolutely essential. While we all obsess over catchy subject lines and beautiful designs, none of that matters if your e-mails never make it to the inbox. MV shared practical advice to help you understand deliverability and improve your results. Here are a few of the key takeaways: Authentication is Non-Negotiable To combat spam, providers like Google and Yahoo now require senders to authenticate their e-mails. Tools like SPF, DKIM, and DMARC ensure your e-mails are verified and trustworthy. But here's the catch: while platforms like MailChimp can help you authenticate campaign emails, that's only part of the puzzle. MV recommends a comprehensive setup covering all your email streams—like invoices, auto-responders, and proposals. Reporting Matters DMARC doesn't just verify your emails—it also provides detailed reports about where your emails are landing (inbox vs. spam) and how they're being perceived by providers like Microsoft. These insights are invaluable for spotting problems early. Focus on the Reader's Experience Your emails should be accessible, mobile-friendly, and readable in both light and dark modes. MV pointed out that ignoring dark mode—a preference for up to one-third of email users—can make your emails nearly impossible to read. Don't Rely Solely on Images While image-only emails may look appealing, they're a disaster for accessibility. Many readers (including me!) block images by default, and with AI tools summarizing content, text is more important than ever. Always include descriptive, clear text in your emails. What You Can Do: Review your email authentication settings across all platforms, not just your email marketing tool, to ensure full coverage. Download MV's DMARC guide to learn how to set up reporting and spot deliverability issues before they become major problems. Email marketing isn't just about what you say—it's about making sure people actually receive it.