Podcasts about black hat usa

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft's new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches in the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it's a special “Women on the Street” segment with Halcyon's Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what's happening on the ground and what's top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw  (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids' sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco reveals a phishing related data breach. SonicWall warns users to disable SSLVPN services after reports of ransomware gangs exploiting a likely zero-day.  Researchers uncover a stealthy Linux backdoor and new vulnerabilities in Nvidia's Triton Inference Server. A new malware campaign targets Microsoft 365 users with fake OneDrive emails. The U.S. Treasury warns of rising criminal activity involving cryptocurrency ATMs. Cloudflare accuses an AI startup of using stealthy methods to bypass restrictions on web scraping. A global infostealer campaign compromises over 4,000 victims across 62 countries. Marty Momdjian, General Manager of Ready1 by Semperis, tells us about Operation Blindspot, a tabletop exercise taking place this week at Black Hat. On this week's Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠ from ⁠Sigma Healthcare⁠ about how CISOs can shift cybersecurity from a technical problem to a business priority. One hospital's data ends up in the snack aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Marty Momdjian, General Manager of Ready1 by Semperis, who is talking about Operation Blindspot, a tabletop exercise simulating a cyberattack against a rural water utility based in Nevada taking place this week at Black Hat USA 2025. Threat Vector Segment On this week's Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠, Executive General Manager of Cyber & Risk at ⁠Chemist Warehouse⁠ and ⁠Sigma Healthcare⁠. Nigel shares how CISOs can shift cybersecurity from a technical problem to a business priority. You can listen to the full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Cisco discloses data breach impacting Cisco.com user accounts (Bleeping Computer) SonicWall urges admins to disable SSLVPN amid rising attacks (Bleeping Computer) Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor (The Register) Nvidia Triton Vulnerabilities Pose Big Risk to AI Models (SecurityWeek) Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File (Hackread) Crypto ATMs fueling criminal activity, Treasury warns (The Record) AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges (CyberScoop) Python-powered malware grabs 200K passwords, credit cards (The Register) Thai hospital fined 1.2 million baht for data breach via snack bags (DataBreaches.Net) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

　これまで ScanNetSecurity は、巷（ちまた）で大声で喧伝される「いわゆる AI のセキュリティへの影響」に対して、一部を除いておおむね半笑いで接してきましたが、その編集方針を変えるかもしれない取材になりました。Black Hat 全体で AI エージェント技術が「意図から実運用へスケールする段階」にあり、本稿ではその具体例を示すいくつかのセッションを紹介します。

What happens when you inject thousands of fake identities into the political ecosystem to monitor how personal data is used—or abused? That's the question Virginia Tech's Alan Michaels and Jared Byers explore through their multi-year research project, “Use and Abuse of Personal Information: The Politics Edition.”With support from 130 students across 21 majors, Michaels and Byers create realistic digital personas—complete with phone numbers, emails, and physical addresses—and sign them up across 1,400 political campaigns. Their goal? Understand how political organizations treat personal data: whether it's used ethically, shared with third parties, or even exposed through insecure systems.The findings are both fascinating and concerning. Their data shows that candidates across the political spectrum often prioritize fundraising above all else. The language and targeting vary, but the endgame is consistent: solicit donations and votes. And yes—these candidates frequently share or leak personal data. Sometimes it's deliberate, sometimes it's sloppy, and occasionally it's the result of potential breaches.The team examines differences in how data is handled based on whether an identity donates or not, or whether it's tied to in-state versus out-of-state addresses. They even explore how generative AI and psychometric modeling can craft convincing personalities for these fake identities—tools that can just as easily be used for political influence campaigns and psychological manipulation.But this project isn't about political sides—it's about accountability. The research remains strictly apolitical, letting the data speak for itself. Michaels and Byers are careful to avoid influencing public opinion through misinformation, focusing instead on documenting the reality of digital privacy in modern campaigning.As more of the political playbook shifts into the digital arena, this session at Black Hat USA 2025 pushes attendees to confront an uncomfortable truth: the cost of participation in political life may include the exploitation of your digital identity.___________Guests:Alan Michaels, Professor and Director, Spectrum Dominance Division at Virginia Tech | On LinkedIn: https://www.linkedin.com/in/alan-michaels-1066814/Jared Byers, Research Associate at Virginia Tech National Security Institute | On LinkedIn: https://www.linkedin.com/in/jared-byers-8a477324b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesSession: Use and Abuse of Personal Information -- Politics Edition: https://www.blackhat.com/us-25/briefings/schedule/#use-and-abuse-of-personal-information----politics-edition-45529Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Digital risk is no longer confined to the enterprise perimeter. Executives and board members—along with their families—are increasingly targeted outside of work, in personal settings, and online. Dr. Chris Pierson, Founder and CEO of BlackCloak, joins Sean Martin and Marco Ciappelli to discuss the current state of digital executive protection and why a piecemeal approach is insufficient.Chris outlines how threats to privacy, cybersecurity, and physical safety intersect across personal and professional domains. A breached home network, a deepfake circulating online, or a targeted social engineering campaign could all become entry points back into a company's infrastructure—or lead to reputational or financial fallout. That's why BlackCloak takes a holistic view, combining identity protection, device hardening, social listening, concierge response, and physical risk monitoring into a single service.One of the key resources discussed is the vendor-agnostic Digital Executive Protection Framework. Free to download and use, it offers CISOs and CSOs a 14-point checklist covering areas like financial data protection, social media monitoring, physical threats, and personal cyber hygiene. According to Chris, it's designed to be practical, actionable, and easy to integrate into quarterly reviews and budget planning cycles.While many security vendors promise protection through tools alone, BlackCloak emphasizes relationships—human connection is built into the service. The platform includes real-time threat response and one-on-one interaction, going far beyond 1-800 numbers or chatbots.Whether you're managing executive risk for a Fortune 500 company or navigating new board-level cyber obligations, this conversation outlines the real gaps in current corporate protections—and a solution that meets executives where they are.Learn more about BlackCloak: https://itspm.ag/itspbcwebNote: This story contains promotional content.Learn more.Guest:Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations

At Black Hat USA 2025, Jennifer Granick—Surveillance and Cybersecurity Counsel at the American Civil Liberties Union—takes the keynote stage to make a bold case: we are long overdue for a new threat model, one that sees government surveillance not as a background risk, but as a primary threat to constitutional privacy.Granick draws from decades of experience defending hackers, fighting surveillance overreach, and engaging with the security community since DEFCON 3. She challenges the audience to reconsider outdated assumptions about how the Fourth Amendment is interpreted and applied. While technology has made it easier than ever for governments to collect data, the legal system hasn't kept pace—and in many cases, fails to recognize the sheer scope and sensitivity of personal information exposed through modern services.Her talk doesn't just raise alarm; it calls for action. Granick suggests that while legal reform is sluggish—stymied by a lack of political will and lobbying power—there's an urgent opportunity for the technical community to step up. From encryption to data minimization and anonymization, technologists have the tools to protect civil liberties even when the law falls short.The session promises to be a wake-up call for engineers, designers, policymakers, and privacy advocates. Granick wants attendees to leave not only more informed, but motivated to build systems that limit the unnecessary collection, retention, and exposure of personal data.Her keynote also surfaces a critical cultural shift: from the “Spot the Fed” days of DEFCON to a more nuanced understanding of government roles—welcoming collaboration where it serves the public good, but not at the expense of unchecked surveillance.This conversation reframes privacy as a design problem as much as a legal one—and one that requires collective effort to address. If the law can't fix it, the question becomes: will the technology community rise to the challenge?___________Guest:Jennifer Granick, Surveillance and Cybersecurity Counsel at American Civil Liberties Union | On LinkedIn: https://www.linkedin.com/in/jennifergranick/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesKeynote: Threat Modeling and Constitutional Law: https://www.blackhat.com/us-25/briefings/schedule/index.html#keynote-threat-modeling-and-constitutional-law-48276Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! ‍‍Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Cognitive Crucible is a forum that presents different perspectives and emerging thought leadership related to the information environment. The opinions expressed by guests are their own, and do not necessarily reflect the views of or endorsement by the Information Professionals Association. During this episode, Matthew Canham discusses agentic AI's potential to boost productivity by automating tasks and its anticipated influence on user interfaces, potentially creating new security vulnerabilities and opportunities for user manipulation. Matthew emphasized the importance of robust security measures to counteract such threats. He also touched on the "meaning crisis" in modern society, attributing it to increased free time and mental bandwidth, and its connection to rising rates of drug overdoses and suicides. As executive director of the Cognitive Security Institute, Matthew discusses the Institute's growth since 2023, now with over 550 members, and its focus on community engagement and education. He highlighted initiatives like the Cyber Talent Exchange program, connecting job seekers with cybersecurity roles, and addressed AI's significant impact on the job market, leading to overwhelming application numbers. Recording Date: 22 July 2025 Resources: Cognitive Crucible Podcast Episodes Mentioned #89 Ajit Mann and Paul Cobaugh on Narrative #138 Matthew Canham on Cognitive Security #212 Libby Lange on Algorithmic Cognitive Warfare #223 Paul Buvarp on the Demand-side of Disinformation #224 Jake Bebber on Cognitive Warfare #221 Carrick Longley on Influence Automation Cognitive Security Institute NYTimes: A.I. Sludge Has Entered the Job Search The Cognitive Attack Taxonomy (CAT) Crisis of Meaning John Vervaeke Youtube Series Link to full show notes and resources Guest Bio: Dr. Matthew Canham is the Executive Director of the Cognitive Security Institute and a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting research in cognitive security and human-technology integration. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on the cognitive factors in synthetic media social engineering and online influence campaigns. He was previously a research professor with the University of Central Florida, School of Modeling, Simulation, and Training's Behavioral Cybersecurity program. His work has been funded by NIST (National Institute of Standards and Technology), DARPA (Defense Advanced Research Projects Agency), and the US Army Research Institute. He has provided cognitive security awareness training to the NASA Kennedy Space Center, DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the Voting and Misinformation Villages at DefCon, and the Black Hat USA security conference. He holds a PhD in Cognition, Perception, and Cognitive Neuroscience from the University of California, Santa Barbara, and SANS certifications in mobile device analysis (GMOB), security auditing of wireless networks (GAWN), digital forensic examination (GCFE), and GIAC Security Essentials (GSEC). About: The Information Professionals Association (IPA) is a non-profit organization dedicated to exploring the role of information activities, such as influence and cognitive security, within the national security sector and helping to bridge the divide between operations and research. Its goal is to increase interdisciplinary collaboration between scholars and practitioners and policymakers with an interest in this domain. For more information, please contact us at communications@information-professionals.org. Or, connect directly with The Cognitive Crucible podcast host, John Bicknell, on LinkedIn. Disclosure: As an Amazon Associate, 1) IPA earns from qualifying purchases, 2) IPA gets commissions for purchases made through links in this post.

ITSPmagazine Weekly Update | From Black Hat to Black Sabbath / Ozzy: AI Agents and Guitars (again!) + Entry Level Cybersecurity Jobs, Robots Evolution, and the Weekly Recap You Didn't Expect  -  On Marco & Sean's Random & Unscripted Podcast  __________________Marco Ciappelli and Sean Martin are back with another random and unscripted weekly recap—from pre-Black Hat buzz and AI agents to vintage wood guitars, talent gaps, and Glen Miller debates. This week's reflection hits tech, music, and philosophy in all the right ways. Tune in, ramble with us, and subscribe. __________________Full Blog Article This week's recap was a ride.Sean and I kicked things off with the big news: we're officially consistent. Weekly recap number… I lost count. But we're doing it. We covered what ITSPmagazine's been working on, what we've been publishing, and where our minds are wandering lately (spoiler: everywhere).Black Hat USA 2025 is just around the corner, and we're deep into prep mode. I even bought a paper map. Why? I don't know. But we've got some great pre-event conversations already out—like our annual chat with Black Hat GM Steve Wylie, plus briefings with Dropzone AI (get ready for “agentic automation” to be the next big buzzword) and Akamai (yes, bots and APIs again, but with a solid strategy twist).We also talked about a fantastic episode Sean did on resonance and reinvention—featuring Cindy, a luthier in NYC who builds custom guitars using century-old beams from historic buildings. The pickups even use the old nails. Music and wood with a past life. It's beautiful stuff.Speaking of stories, I officially closed down the Storytelling podcast. But don't worry—I'm still telling stories. I've just shifted focus to “Redefining Society and Technology,” my newsletter and podcast series where I explore how humans and tech evolve together. This week's edition tackled the merging of humans and machines as a new species. Isaac Asimov meets Andy Clark.We also got a bit philosophical about AI and jobs. If machines take over the “easy” roles, where do humans begin? Are we cutting off our own training paths?Sean's episode with John Solomon dug into the cybersecurity hiring crisis—challenging the idea that we have a “talent gap.” The real issue? We're not hiring or nurturing people properly.Oh, and I finally released my long-overdue interview with Michael Sheldrick from Global Citizen. Music. Social impact. Doing good. It's all there. I'm honored to support even a small piece of what he's building.And yes… Ozzy. RIP. Music never dies.So if you're into random reflections with meaning, tech with humanity, and stories that don't always follow the rules—subscribe, share, and join the ride.See you in Vegas. Or the future. Or somewhere in between.________________ KeywordsBlack Hat USA 2025, ITSPmagazine recap, Marco Ciappelli, Sean Martin, cybersecurity podcast, AI in cybersecurity, agentic automation, Dropzone AI, Akamai APIs, HITRUST security, Global Citizen, Michael Sheldrick, storytelling podcast, Redefining Society, Andy Clark, Isaac Asimov, human-machine evolution, cybersecurity talent gap, custom guitar NYC, Ozzy tributeHosts links:

Ahead of Black Hat USA 2025, Sean Martin and Marco Ciappelli sit down once again with Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, for a forward-looking conversation on the state of AI security. From new threat trends to enterprise missteps, Rupesh lays out three focal points for this year's security conversation: protecting generative AI at runtime, addressing the surge in AI scraper bots, and defending the APIs that serve as the foundation for AI systems.Rupesh shares that Akamai is now detecting over 150 billion AI scraping attempts—a staggering signal of the scale and sophistication of machine-to-machine activity. These scraper bots are not only siphoning off data but also undermining digital business models by bypassing monetization channels, especially in publishing, media, and content-driven sectors.While AI introduces productivity gains and operational efficiency, it also introduces new and uncharted risks. Agentic AI, where autonomous systems operate on behalf of users or other systems, is pushing cybersecurity teams to rethink their strategies. Traditional firewalls aren't enough—because these threats don't behave like yesterday's attacks. Prompt injection, toxic output, and AI-generated hallucinations are some of the issues now surfacing in enterprise environments, with over 70% of organizations already experiencing AI-related incidents.This brings the focus to the runtime. Akamai's newly launched Firewall for AI is purpose-built to detect and mitigate risks in generative AI and LLM applications—without disrupting performance. Designed to flag issues like toxic output, remote code execution, or compliance violations, it operates with real-time visibility across inputs and outputs. It's not just about defense—it's about building trust as AI moves deeper into decision-making and workflow automation.CISOs, says Rupesh, need to shift from high-level discussions to deep, tactical understanding of where and how their organizations are deploying AI. This means not only securing AI but also working hand-in-hand with the business to establish governance, drive discovery, and embed security into the fabric of innovation.Learn more about Akamai: https://itspm.ag/akamailbwcNote: This story contains promotional content. Learn more.Guests:Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Steve Wylie is the Vice President and Head of Black Hat Cybersecurity Conferences. In this episode, he joins host Amanda Glassner to discuss Black Hat USA 2025, which is coming up in Las Vegas, Nevada with a 6-day program from August 2nd to 7th. The event will open with four days of specialized cybersecurity Trainings, with courses for all skill levels. Also taking place during Black Hat USA is Summit Day, followed by the two-day main conference on August 6 & 7 featuring more than 100 selected Briefings, dozens of open-source tool demos in Arsenal, a robust Business Hall, networking and social events, and much more. To learn more, visit https://blackhat.com. • For more on cybersecurity, visit us at https://cybersecurityventures.com.

As Black Hat USA 2025 approaches, the cybersecurity world is buzzing with innovation—and Dropzone AI is right at the center of it. With roots in Seattle and a mission to bring true intelligence into the security operations center (SOC), the Dropzone AI team is gearing up for a packed week in Las Vegas, from BSides to the AI Summit, and finally at Startup City (booth #6427).Founded by Edward Wu, former Head of AI/ML at ExtraHop Networks, Dropzone AI was built on a key realization: the last thing SOCs need is another flood of alerts. Instead, they need help processing and acting on them. That's where Dropzone comes in—offering an AI-powered security analyst that doesn't just detect threats, but investigates, correlates, and takes action.During a recent pre-event chat with ITSPmagazine's Sean Martin and Marco Ciappelli, Edward explained the core philosophy behind the platform. Unlike hype-driven claims of “fully autonomous SOCs,” Dropzone takes a practical, tiered approach to automation. Their agentic AI system performs full investigations, determines the nature of alerts (true vs. false positives), and recommends or executes containment actions depending on risk tolerance and policy.The tech has found particular traction with lean security teams, or those expanding toward 24/7 coverage without adding headcount. Rather than replacing humans, the platform augments them—freeing analysts from the drudgery of low-priority alert triage and giving them space to focus on strategic work. As Edward put it, “Nobody wants to be a tier-one analyst forever.” Dropzone helps make sure they don't have to be.The platform integrates across existing security stacks and data sources, drawing from threat intel, logs, and endpoint signals to build a full picture of every alert. Security teams retain full control, with human-in-the-loop decision-making remaining the standard in most use cases. However, for low-risk assets and off-hours scenarios, some customers are already authorizing autonomous action.With conversations at Black Hat expected to revolve around the reality of AI in production—not just the vision—Dropzone is entering the perfect arena. From demonstrating real-world impact to sharing insights on agentic design and trust boundaries, their presence will resonate with everyone from analysts to CISOs.Whether you're building out your SOC, questioning your MDR provider, or simply overwhelmed with alert fatigue, this may be your signal. Dropzone AI isn't selling buzzwords. They're delivering results. Visit them at Startup City, booth #6427, and see for yourself what the future of alert triage and SOC efficiency looks like—one investigation at a time. Note: This story contains promotional content. Learn more.Guests:Edward Wu, Founder/CEO at Dropzone AI On LinkedIn: https://www.linkedin.com/in/edwardxwu/DROPZONE AI: https://itspm.ag/dropzoneai-641Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesVisit the DROPZONE Website to learn more: https://itspm.ag/dropzoneai-641Learn more and catch more stories from Dropzone on ITSPmagazine: https://www.itspmagazine.com/directory/dropzoneaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

As Black Hat USA 2025 approaches, General Manager Steve Wylie joins Sean Martin and Marco Ciappelli for the annual pre-conference conversation to highlight what's new—and what's next—for one of cybersecurity's most iconic events. This year's themes and expansions signal a strong return to growth, technical depth, and strategic investment.AI Everywhere—from Training to the Show FloorArtificial intelligence emerges as the dominant force across the agenda. From the main stage to the training rooms, Black Hat is packed with AI-related content designed to meet the rising demand for education and clarity. New this year is a comprehensive lineup of instructor-led AI courses and expanded AI tool showcases in the Arsenal and Arsenal Labs programs. As Wylie notes, three of the four Spotlight competition finalists—FireTail, Keep Aware, and Twine Security—are AI-driven solutions, underscoring the technology's influence on innovation.Investor Energy and Startup MomentumCybersecurity investment is back. That momentum is reflected in the expanded Innovators and Investors Summit and the largest-ever Startup Zone on the show floor, now hosting more than 80 companies. This year's program builds on last year's debut and aims to connect entrepreneurs, investors, and CISOs in a more targeted and collaborative setting.Expanding the Audience: New Summits and KeynotesTo better serve cybersecurity leaders across sectors, Black Hat has introduced new summits tailored to financial services and supply chain security. These gatherings offer strategic-level insights for professionals who don't typically engage in technical briefings. Meanwhile, the keynote lineup includes prominent voices from both public and private sectors—such as Miko Hyppönen, Nicole Perlroth, and Chris Inglis—offering grounded perspectives in a time of uncertainty.Interactive Additions and Community GrowthAttendees can expect hands-on experiences like a new drone hacking zone and an expanded hardware lab area. A Career Development Zone also debuts this year, offering sessions designed to help attendees build or pivot their cybersecurity careers.___________Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech and General Manager at Black Hat | On LinkedIn: https://www.linkedin.com/in/swylie650/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

ITSPmagazine Weekly Update | From AI Agents to Tape Mixes, to Guitars and Black Hat Buzzwords and much more with Marco & Sean's Random & Unscripted Podcast ⸻ In this weekly unscripted update, Marco Ciappelli and Sean Martin catch up on their latest stories, from AI agents replacing SOC analysts to mixtape nostalgia and vintage guitars made from NYC history. They also tease big things coming at Black Hat USA and reflect on why collaboration is core to ITSPmagazine. ⸻ In this week's Random and Unscripted episode, Marco Ciappelli and Sean Martin return with another lively behind-the-scenes update from the ITSPmagazine world. As always, the conversation flows unpredictably—from music and nostalgia to cybersecurity, AI, and everything in between. Marco kicks off the episode by confessing he saw ASIS live—twice—and is now on a mission for the perfect mod haircut. Sean follows with an unexpected review of an avant-garde opera at Lincoln Center, which explores humanity's attempt to extend life through technology. That sets the stage for deeper reflection on AI, with both co-founders digging into the role of AI agents in cybersecurity operations. Sean recaps his recent contributor-led newsletters on threat intelligence and AI-powered SOC roles. Marco, meanwhile, teases the next chapter in his “Robbie the Robot” newsletter series, which will explore the merger of humans and machines. The episode also spotlights a series of published interviews: a brand story with Greg and John from White Knight Labs, Marco's conversation with Ken Munro wrapping up Infosecurity Europe 2025, and an episode with Abadesi from the Women in Cybersecurity track—discussing how diverse teams build better tech. Sean also drops new Music Evolves episodes, including a conversation with Summer McCoy of the Mixtape Museum and a new story on Carmine Guitars, where vintage NYC wood is repurposed into one-of-a-kind instruments. That sparks a philosophical reflection from Marco on the contrast between analog warmth and digital impermanence. As the episode winds down, Marco and Sean turn their attention to Black Hat USA 2025. With sponsorships nearly sold out, they encourage companies to claim one of the last remaining spots. They also preview an upcoming live webinar where they'll debate the event's inevitable buzzwords with industry peers. As always, the tone is informal, curious, and community-driven. If you want the inside scoop on what's shaping the stories and strategies at ITSPmagazine—this is the episode to hear. ⸻ Keywords: cybersecurity, AI agents, threat intelligence, SOC analyst, mixtape museum, custom guitars, Black Hat USA 2025, ITSPmagazine, analog vs digital, diversity in tech, robotic automation, newsletter strategy, editorial collaboration, pen testing, brand storytelling, tech culture, cybersecurity events, operational technology, digital transformation, music and techHosts links:

What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]

Jayesh Singh Chauhan is a security professional with 12 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, PwC, and was the Director of Product Security at Sprinklr Inc. in his last job. He currently runs his own Cloud Security Training and Consultancy firm, Cloudurance Security. He has been a trainer at conferences like Blackhat USA, Blackhat Asia, AppSec NZ, nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEF CON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.For more SecTools podcast episodes, visit https://infoseccampus.com

The Future Is a Place We Visit, But Never StayMay 9, 2025A Post-RSAC 2025 Reflection on the Kinda Funny and Pretty Weird Ways Society, Technology, and Cybersecurity Intersect, Interact, and Often Simply Ignore Each Other.By Marco Ciappelli | Musing on Society and TechnologyHere we are — once again, back from RSAC. Back from the future. Or at least the version of the future that fits inside a conference badge, a branded tote bag, and a hotel bill that makes you wonder if your wallet just got hacked.San Francisco is still buzzing with innovation — or at least that's what the hundreds of self-driving cars swarming the city would have you believe. It's hard to feel like you're floating into a Jetsons-style future when your shuttle ride is bouncing through potholes that feel more 1984 than 2049.I have to admit, there's something oddly poetic about hosting a massive cybersecurity event in a city where most attendees would probably rather not be — and yet, here we are. Not for the scenery. Not for the affordability. But because, somehow, for a few intense days, this becomes the place where the future lives.And yes, it sometimes looks like a carnival. There are goats. There are puppies. There are LED-lit booths that could double as rave stages. Is this how cybersecurity sells the feeling of safety now? Warm fuzzies and swag you'll never use? I'm not sure.But again: here we are.There's a certain beauty in it. Even the ridiculous bits. Especially the ridiculous bits.Personally, I'm grateful for my press badge — it's not just a backstage pass; it's a magical talisman that wards off the pitch-slingers. The power of not having a budget is strong with this one.But let's set aside the Frankensteins in the expo hall for a moment.Because underneath the spectacle — behind the snacks, the popcorns, the scanners and the sales demos — there is something deeply valuable happening. Something that matters to me. Something that has kept me coming back, year after year, not for the products but for the people. Not for the tech, but for the stories.What RSAC Conference gives us — what all good conferences give us — is a window. A quick glimpse through the curtain at what might be.And sometimes, if you're lucky and paying attention, that glimpse stays with you long after the lights go down.We have quantum startups talking about cryptographic agility while schools are still banning phones. We have generative AI writing software — code that writes code — while lawmakers print bills that read like they were faxed in from 1992. We have cybersecurity vendors pitching zero trust to rooms full of people still clinging to the fantasy of perimeter defense — not just in networks, but in their thinking.We're trying to build the future on top of a mindset that refuses to update.That's the real threat. Not AI and quantum. Not ransomware. Not the next zero-day.It's the human operating system. It hasn't been patched in a while.And so I ask myself — what are these conferences for, really?Because yes, of course, they matter.Of course I believe in them — otherwise I wouldn't be there, recording stories, chasing conversations, sharing a couch and a mic with whoever is bold enough to speak not just about how we fix things, but why we should care at all.But I'm also starting to believe that unless we do something more — unless we act on what we learn, build on what we imagine, challenge what we assume — these gatherings will become time capsules. Beautiful, well-produced, highly caffeinated, blinking, noisy time capsules.We don't need more predictions. We need more decisions.One of the most compelling conversations I had wasn't about tech at all. It was about behavior. Human behavior.Dr. Jason Nurse reminded us that most people are not just confused by cybersecurity — they're afraid of it.They're tired.They're overwhelmed.And in their confusion, they become unpredictable. Vulnerable.Not because they don't care — but because we haven't built a system that makes it easy to care.That's a design flaw.Elsewhere, I heard the term “AI security debt.” That one stayed with me.Because it's not just technical debt anymore. It's existential.We are creating systems that evolve faster than our ability to understand them — and we're doing it with the same blind trust we used to install browser toolbars in the ‘90s.“Sure, it seems useful. Click accept.”We've never needed collective wisdom more than we do right now.And yet, most of what we build is designed for speed, not wisdom.So what do we do?We pause. We reflect. We resist the urge to just “move on” to the next conference, the next buzzword, the next promised fix.Because the real value of RSAC isn't in the badge or the swag or the keynotes.It's in the aftershock.It's in what we carry forward, what we refuse to forget, what we dare to question even when the conference is over, the blinking booths vanish, the future packs up early, and the lanyards go into the drawer of forgotten epiphanies — right next to the stress balls, the branded socks and the beautiful prize that you didn't win.We'll be in Barcelona soon. Then London. Then Vegas.We'll gather again. We'll talk again. But maybe — just maybe — we can start to shift the story.From visiting the future… To staying a while.Let's build something we don't want to walk away from. And now, ladies and gentlemen… the show is over.The lights dim, the music fades, and the future exits stage left...Until we meet again.—Marco ResourcesRead first newsletter about RSAC 2025 I wrote last week " Securing Our Future Without Leaving Half Our Minds in the Past" https://www.linkedin.com/pulse/securing-our-future-without-leaving-half-minds-past-marco-ciappelli-cry1c/

Austin Shamlin is the CEO and Founder of Traverse Project—a nonprofit organization that combats the human trafficking threat through data intelligence—where has pioneered data-driven methodologies to combat human trafficking. He is a former police executive who currently sits on the Advisory Board for the University of Houston’s Center for Research Excellence to Counter Human Trafficking, as well as the Board of Directors for Operation Path Forward—a nonprofit supporting those who serve America. Previously, Austin directed international counter-human trafficking operations for a nonprofit under the Tim Tebow Foundation and managed law enforcement operations for D.C. Public Schools. He has also worked as a government contractor in Afghanistan, Haiti, Iraq, and Somalia. He is a recognized speaker at Blackhat USA, DefCon, BENS, and other major conferences.See omnystudio.com/listener for privacy information.

On this Screaming in the Cloud Replay, we're taking you back to our chat with Nick Frichette. He's the maintainer of hackingthe.cloud, and holds security and solutions architect AWS certifications, and in his spare time, he conducts vulnerability research at Hacking the Cloud. Join Corey and Nick as they talk about the various kinds of cloud security researchers and touch upon offensive security, why Nick decided to create Hacking the Cloud, how AWS lets security researchers conduct penetration testing in good faith, some of the more interesting AWS exploits Nick has discovered, how it's fun to play keep-away with incident response, why you need to get legal approval before conducting penetration testing, and more.Show Highlights(0:00) Intro(0:42) The Duckbill Group sponsor read(1:15) What is a Cloud Security Researcher?(3:49) Nick's work with Hacking the Cloud(5:24) Building relationships with cloud providers(7:34) Nick's security findings through cloud logs(13:05) How Nick finds security flaws(15:31) Reporting vulnerabilities to AWS and “bug bounty” programs(18:41) The Duckbill Group sponsor read(19:24) How to report vulnerabilities ethically(21:52) Good disclosure programs vs. bad ones(28:23) What's next for Nick(31:27) Where you can find more from NickAbout Nick FrichetteNick Frichette is a Staff Security Researcher at Datadog, specializing in offensive security within AWS environments. His focus is on discovering new attack vectors targeting AWS services, environments, and applications. From his research, Nick develops detection methods and preventive measures to secure these systems. Nick's work often leads to the discovery of vulnerabilities within AWS itself, and he collaborates closely with Amazon to ensure they are remediated.Nick has also presented his research at major industry conferences, including Black Hat USA, DEF CON, fwd:cloudsec, and others.LinksHacking the Cloud: https://hackingthe.cloud/Determine the account ID that owned an S3 bucket vulnerability: https://hackingthe.cloud/aws/enumeration/account_id_from_s3_bucket/Twitter: https://twitter.com/frichette_nPersonal website:https://frichetten.comOriginal Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/hacking-aws-in-good-faith-with-nick-frichette/SponsorThe Duckbill Group: duckbillgroup.com

In this episode of the PowerShell Podcast, we sit down with Miriam Wiesner, a Senior Security Research Program Manager at Microsoft, to dive into the fascinating world of security and identity hygiene. Miriam shares her expertise on the GraphAPI and the critical importance of maintaining proper identity hygiene in today's digital landscape. We explore the day-to-day life of a security researcher and discuss how tools like script block logging can provide invaluable insights. Miriam also highlights the power of Kusto for analyzing data and solving complex challenges in the security space. In addition to technical insights, Miriam opens up about the challenges of maintaining a healthy work-life balance, offering a candid look at the human side of working in a demanding and impactful field. Guest Bio and links: Miriam C. Wiesner is a Sr. Security Research Program Manager at Microsoft with over 15 years of experience in IT and IT Security. She has held various positions, including Administrator/System Engineer, Software Developer, Premier Field Engineer, Program Manager, and Security Consultant and Pentester. She is also a renowned creator of open-source tools based in PowerShell, including EventList and JEAnalyzer. She was invited multiple times to present her research behind her tools at many international conferences like Black Hat (USA, Europe & Asia), PSConf EU, MITRE ATT&CK workshop, and more. Miriam is the author of the book "PowerShell Automation and Scripting for CyberSecurity: Hacking and Defense for Red and Blue Teamers." Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany. Previous episode with Miriam - https://www.youtube.com/watch?v=0Csw8YYGyCg&pp=ygUObWlyaWFtIHdpZXNuZXI%3D Practical PowerShell Empowerment For Protectors - https://www.youtube.com/watch?v=JgqbR-7O7TI&pp=ygUObWlyaWFtIHdpZXNuZXI%3D Echoes of Intrusion: Demystifying commonly used MS Graph API Attacks - https://www.youtube.com/watch?v=YDK5xYx1rKg&t=677s&pp=ygUObWlyaWFtIHdpZXNuZXI%3D PowerShell ❤️ the Blue Team - https://devblogs.microsoft.com/powershell/powershell-the-blue-team/ https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-power-of-data-collection-rules-detect-disabling-windows-defender-real-time-p/4236540 PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/ Listen to the PowerShell Podcast: https://powershellpodcast.podbean.com/    

In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising. Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs. Guest Socials:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Lukasz's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (03:00) A bit about Lukasz (04:32) Security Challenges for Tech First advertising company (05:16) Security Challenges for Retail Industry (06:00) Difference between the two industries (07:01) Best way to build Cybersecurity Program (09:44) NIST CSF 2.0 (13:02) Why go with a framework? (16:26) Which framework to start with for your cybersecurity program? (18:33) Technical CISO vs Non Technical CISO (25:37) The Fun Section Resources spoken about during the interview: NIST CSF 2.0 CIS Benchmark ASD Essential Eight Mapping between the frameworks https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0 https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight Verizon Data Breach Investigations Report (DBIR) Lukasz Woodwork Channel BSides Melbourne

How does Edge Security fit into the future of Cloud Protection ? In this episode, we sat down with Brian McHenry, Global Head of Cloud Security Engineering at Check Point at BlackHat USA, to chat about the evolving landscape of cloud security in 2024. With cloud adoption accelerating and automation reshaping how we manage security, Brian spoke to us about the challenges that organizations face today—from misconfigurations and alert fatigue to the role of AI in application security. We tackle the question: Is CSPM (Cloud Security Posture Management) still enough, or do we need to rethink our approach? Brian shares his thoughts on edge security, why misconfigurations are more dangerous than ever, and how automation can quickly turn small risks into significant threats. Guest Socials:⁠ ⁠⁠⁠⁠⁠Brian's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (03:28) State of Cloud Market (04:44) Is CSPM not enough? (06:35) Edge Security in Cloud Context (08:31) Where is edge security going? (10:11) Where to start with Cloud Security Tooling? (11:08) Transitioning from Network Security to Cloud Security (13:11) How is AI Changing Edge Security? (14:45) How is WAF and DDos Protection evolving? (18:16) Should people be doing network pentest? (19:57) North Star for WAF in a cybersecurity program (20:55) The evolution to platformization (23:13) Highlight from BlackHat USA 2024

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jon France, CISO at ISC2, sharing his take on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." This is a session Jon presented at Black Hat USA 2024. You can check out his session's abstract. Also, N2K CyberWire is a partner of ISC2's Security Congress 2024. Learn more about the in-person and virtual event here.  Selected Reading UK Recognizes Data Centers as Critical National Infrastructure (Infosecurity Magazine) Cisco Patches High-Severity Vulnerabilities in Network Operating System (SecurityWeek) BYOD Policies Fueling Security Risks (Security Boulevard) Healthcare Provider to Pay $65M Settlement Following Ransomware Attack (SecurityWeek) Google Unveils Air-gapped Backup Vaults to Protect Data from Ransomware Attacks (Cyber Security News) New Android Banking Malware TrickMo Attacking Users To Steal Login Credentials (Cyber Security News) GitLab Releases Critical Security Update, Urges Users to Patch Immediately (Cyber Security News) Rogue WHOIS server gives researcher superpowers no one should ever have (Ars Technica) Pokémon GO was an intelligence tool, claims Belarus military official (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential security leaders in the industry. Learn more about our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Kali Fencl and Daniel Schwalbe sat down with Lesley Carhart, a seasoned incident responder specializing in Operational Technology (OT) cybersecurity at Dragos, in person at BlackHat USA 2024. Lesley shares their journey, from their unique background in avionics and electronics to becoming a leading expert in the field. We explore the evolving landscape of OT cybersecurity, the challenges of protecting legacy systems, and the critical importance of building strong relationships between cybersecurity teams and operational engineers. Lesley also discusses the realities of incident response in industrial environments, the misconceptions surrounding OT security, and the human-centric approach needed to tackle these complex issues. Tune in to learn about the delicate balance between innovation and safety in protecting the critical infrastructure that powers our world.

What were the main themes at BlackHat USA 2024? With respect to Cloud Security, maybe with a sprinkle of AI Security. Our team was on the ground at BlackHat and DefCon32 this year, we heard many talks and panels, spoke to many practitioner, leaders and CISOs and had the pleasure of recording some great interviews (coming soon!). This conversation is a distillation of everything we heard and the themes we saw. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:15) A word from our episode sponsor, ThreatLocker (04:35) Resiliency in Cybersecurity (07:00) Commentary on upcoming US elections (09:42) Identity Centric Security (15:55) Cloud Security is getting more Complex (23:47) Growing importance of Data Security (25:42) Use Cases for AI Security (31:25) Shared Responsibility and Shared Fate (33:21) Is CSPM Dead? (37:32) The Conclusion Resources from the episode: BlackHat USA Keynote - Democracy's Biggest Year: The Fight for Secure Elections Around the World Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data RSAC 2024 Innovation Sandbox Finalist BlackHat USA 2024 Startup Spotlight

Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of "On Location With Sean Martin and Marco Ciappelli," our hosts dive into their time at Black Hat 2024 in Las Vegas, reflecting on key takeaways and sharing what's next on their journey. Whether you're deep into cybersecurity or just curious about the industry, this blog post offers a snapshot of what to expect from Sean and Marco.Recapping Black Hat 2024Marco CiappelliChoo, choo . . .Sean MartinIs that the sound of the fast train back from Vegas? Or just the rush of everything we experienced?Marco CiappelliI'm still wondering why there's no train from LA to Vegas. And don't get me started on LA to San Francisco—that's another conversation entirely.The conversation kicks off with a lighthearted nod to travel woes before shifting to the core of the episode: their reflections on Black Hat 2024. Sean and Marco bring unique perspectives, emphasizing the importance of thinking beyond cybersecurity's technical aspects to consider its broader impact on society and business.Sean's Operational InsightsSean MartinI like to look at things from an operational angle—how can we take what we learn and bring it back to the business to help leaders and practitioners do what they love?Sean's Black Hat 2024 Recap Newsletter explores the evolution from reactive data responses to strategic enablement, AI and automation, modular cybersecurity, and the invaluable role of human insights. His focus is clear: helping businesses become more resilient and adaptable through smarter cybersecurity practices.Marco's Societal ImpactMarco CiappelliCybersecurity isn't a destination—it's a journey. We're never going to be fully secure, and that's okay. Cultures change, technology evolves, and we have to keep adapting.Marco's take highlights the societal implications of cybersecurity. He talk about how different fields and nations are breaking down silos to collaborate more effectively. His newsletter often reflects on the need for digital literacy across business, society, and education, emphasizing the importance of broadening our understanding of technology's role.Upcoming Events and ConferencesThe duo is excited about their packed schedule for the rest of 2024 and beyond, including:CyberTech New York (September 2024): Focused on policy, innovation, SecOps, AppSec, and sustainability.OWASP AppSec San Francisco (September 2024): Covering the OWASP Top 10 for LLMs and more.Sector in Toronto (October 2024): Offering unique coverage ideas, closely tied to Black Hat.Did someone said that they will be back covering an APJ event, in Melbourne, before the end of the year???  Additional VenturesThey'll also be hosting innovation panels and keynotes at a company event in New Orleans, with CES in Las Vegas and VivaTech in Paris on the horizon for 2025, blending B2B startup insights with consumer tech, all with a cybersecurity twist.Subscribe and Stay TunedMarco and Sean invite you to subscribe to their newsletters and follow their podcast, "On Location," as they continue their journey around the globe—both physically and virtually—bringing fresh perspectives on business, technology, and cybersecurity. You'll also find unique "brand stories" that highlight innovations making our world safer and more sustainable.Stay connected, enjoy the ride, and don't forget to subscribe to both their newsletters and the "On Location" podcast on YouTube!Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

At Black Hat USA 2024, the spotlight is on redefining and rethinking security, as discussed in this Brand Story episode with Resecurity. Sean Martin, Christian Lees, and Shawn Loveland share the mic to explore the cutting-edge innovations shifting paradigms within the cybersecurity domain. Christian Lees and Shawn Loveland from Resecurity dive deep into the substance of their work and its impact on modern security teams. The primary focus is Resecurity's approach towards threat intelligence and how it aids organizations in proactively mitigating risks.The discussion kicks off with an overview of Resecurity's approach to threat intelligence. Unlike conventional models that operate from within the firewall, Resecurity adopts an outside-in perspective, helping clients understand what attackers might know about their infrastructure. Shawn Loveland emphasizes this unique viewpoint by illustrating how Resecurity helps organizations identify potential breaches and vulnerabilities from the attacker's perspective, well before any threats materialize.One intriguing point discussed by Lees and Loveland is Resecurity's comprehensive data sourcing from the dark web. Resecurity does not simply rely on common threat intel from visible websites but digs deep into exclusive, invitation-only forums and other obscure corners of the web. This meticulous venture results in a much more profound understanding of potential threats, minimizing blind spots and the risk of data inaccuracies or AI hallucinations. By drawing on diverse data sources, Resecurity promises more significant and accurate insights into the motives and methods of cybercriminals.Moreover, Loveland highlights the technologically sophisticated tactics employed by Resecurity, combining AI to convert unstructured data into structured, actionable intelligence for security teams. This automation not only boosts efficiency but also empowers analysts to make more informed decisions swiftly. AI in Resecurity's arsenal is not a standalone entity but integrates deeply with the human-driven aspects of threat intelligence, enriching the overall analytic experience with contextual understanding and tangible evidence.The guests also touch on Resecurity's AI capabilities, illustrating this through scenarios where AI accelerates threat detection and response. By transforming vast amounts of data into comprehensible formats, and even summarizing complex situations into actionable insights, AI significantly reduces the ordeal for security analysts while enhancing precision.In conclusion, Resecurity's state-of-the-art threat intelligence solutions, emphasized by the knowledgeable insights from Christian Lees and Shawn Loveland, represent a proactive and innovative approach to modern cybersecurity.Learn more about Resecurity: https://itspm.ag/resecurb51Note: This story contains promotional content. Learn more.Guests: Christian Lees, CTO, Resecurity [@RESecurity]On LinkedIn | https://www.linkedin.com/in/christian-lees-72886b3/Shawn Loveland, Chief Operating Officer, Resecurity [@RESecurity]On LinkedIn | https://www.linkedin.com/in/shawn-loveland/ResourcesLearn more and catch more stories from Resecurity: https://www.itspmagazine.com/directory/resecurityView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Windows 11 Synchronicity achieved! Patch Tuesday updates put 22H2, 23H2, and 24H2 on the same page, as expected Dev and Beta channels (last week) - simplified system tray is back, new jump list behavior is optional Clipchamp is getting two new AI features soon, for free AI/Developer Security researcher (and ex-Microsoftie) demonstrates several Copilot flaws. He at least did the right thing and disclosed them to Microsoft first Intel delays Innovation event to 2025. And innovation to 2028, presumably. But we kid Google's Pixel event was really about Gemini AI. But it was also really about Pixel Paul bought a Pixel 9 Pro XL. Yes, he may have a problem. But it kind of pays for itself, too iPhone 16 series to be minor update. All phones are minor updates now UK CMA investigating Amazon + Anthropic partnership Visual Studio something something VS 2022 17.11 is here VS 2022 17.12 is in preview, will be the release with .NET 9 .NET 9 preview 7 is here, no WPF improvements Antitrust U.S. government is weighing a Google breakup - This isn't as out there as it may seem After changing App Store rules that violate the DMA to new rules that also violate the DMA, Apple finally lets Spotify communicate with its own customers! Apple sets a date for opening up NFC, and it will be worldwide Xbox There's a BIG QuakeCon sale on Bethesda games you need to check out - and a "new" OG DOOM/DOOM II bundle Microsoft starts testing a Compact Mode for Game Bar Next Flight Simulator will let gamers walk around the world as well Microsoft might be working on a new mixed reality something for some reason Tips and Picks Tip of the week: Proton offers a Duo plan App pick of the week: More web browsers RunAs Radio this week: Implementing Passkeys with Tarek Dawoud Brown liquor pick of the week: Bowmore 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: 1password.com/windowsweekly Melissa.com/twit lookout.com cachefly.com/twit

Windows 11 Synchronicity achieved! Patch Tuesday updates put 22H2, 23H2, and 24H2 on the same page, as expected Dev and Beta channels (last week) - simplified system tray is back, new jump list behavior is optional Clipchamp is getting two new AI features soon, for free AI/Developer Security researcher (and ex-Microsoftie) demonstrates several Copilot flaws. He at least did the right thing and disclosed them to Microsoft first Intel delays Innovation event to 2025. And innovation to 2028, presumably. But we kid Google's Pixel event was really about Gemini AI. But it was also really about Pixel Paul bought a Pixel 9 Pro XL. Yes, he may have a problem. But it kind of pays for itself, too iPhone 16 series to be minor update. All phones are minor updates now UK CMA investigating Amazon + Anthropic partnership Visual Studio something something VS 2022 17.11 is here VS 2022 17.12 is in preview, will be the release with .NET 9 .NET 9 preview 7 is here, no WPF improvements Antitrust U.S. government is weighing a Google breakup - This isn't as out there as it may seem After changing App Store rules that violate the DMA to new rules that also violate the DMA, Apple finally lets Spotify communicate with its own customers! Apple sets a date for opening up NFC, and it will be worldwide Xbox There's a BIG QuakeCon sale on Bethesda games you need to check out - and a "new" OG DOOM/DOOM II bundle Microsoft starts testing a Compact Mode for Game Bar Next Flight Simulator will let gamers walk around the world as well Microsoft might be working on a new mixed reality something for some reason Tips and Picks Tip of the week: Proton offers a Duo plan App pick of the week: More web browsers RunAs Radio this week: Implementing Passkeys with Tarek Dawoud Brown liquor pick of the week: Bowmore 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: 1password.com/windowsweekly Melissa.com/twit lookout.com cachefly.com/twit

00:00 - PreShow Banter™ — Scotty's Pizza (Not Sponsored)03:38 - BHIS - Talkin' Bout [infosec] News 2024-08-1203:59 - Hacker Summer Camp Report 202408:56 - Story # 1: ‘Sinkclose' Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections14:26 - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks29:49 - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work30:06 - New raspberry pi chip in badge33:31 - Story # 4: Exploit released for Cisco SSM bug allowing admin password changes34:12 - Story # 5: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser38:02 - Story # 6: Intelligence bill would elevate ransomware to a terrorist threat44:36 - Story # 6b: Proposed bill would block large ransomware payments by financial institutions46:26 - Story # 6c: Report shows decreased ransomware payments54:26 - Story # 7: After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude55:12 - Story # 8: CrowdStrike pursuing deal to buy patch management specialist Action157:24 - Story # 9: Microsoft punches back at Delta Air Lines and its legal threats

Windows 11 Synchronicity achieved! Patch Tuesday updates put 22H2, 23H2, and 24H2 on the same page, as expected Dev and Beta channels (last week) - simplified system tray is back, new jump list behavior is optional Clipchamp is getting two new AI features soon, for free AI/Developer Security researcher (and ex-Microsoftie) demonstrates several Copilot flaws. He at least did the right thing and disclosed them to Microsoft first Intel delays Innovation event to 2025. And innovation to 2028, presumably. But we kid Google's Pixel event was really about Gemini AI. But it was also really about Pixel Paul bought a Pixel 9 Pro XL. Yes, he may have a problem. But it kind of pays for itself, too iPhone 16 series to be minor update. All phones are minor updates now UK CMA investigating Amazon + Anthropic partnership Visual Studio something something VS 2022 17.11 is here VS 2022 17.12 is in preview, will be the release with .NET 9 .NET 9 preview 7 is here, no WPF improvements Antitrust U.S. government is weighing a Google breakup - This isn't as out there as it may seem After changing App Store rules that violate the DMA to new rules that also violate the DMA, Apple finally lets Spotify communicate with its own customers! Apple sets a date for opening up NFC, and it will be worldwide Xbox There's a BIG QuakeCon sale on Bethesda games you need to check out - and a "new" OG DOOM/DOOM II bundle Microsoft starts testing a Compact Mode for Game Bar Next Flight Simulator will let gamers walk around the world as well Microsoft might be working on a new mixed reality something for some reason Tips and Picks Tip of the week: Proton offers a Duo plan App pick of the week: More web browsers RunAs Radio this week: Implementing Passkeys with Tarek Dawoud Brown liquor pick of the week: Bowmore 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: 1password.com/windowsweekly Melissa.com/twit lookout.com cachefly.com/twit

My Reflections from ITSPmagazine's Black Hat USA 2024 Coverage: 
The State of Cybersecurity and Its Societal ImpactPrologueEach year, Black Hat serves as a critical touchpoint for the cybersecurity industry—a gathering that offers unparalleled insights into the latest threats, technologies, and strategies that define our collective defense efforts. Established in 1997, Black Hat has grown from a single conference in Las Vegas to a global series of events held in cities like Barcelona, London, and Riyadh. The conference brings together a diverse audience, from hackers and security professionals to executives and non-technical individuals, all united by a shared interest in information security.What sets Black Hat apart is its unique blend of cutting-edge research, hands-on training, and open dialogue between the many stakeholders in the cybersecurity ecosystem. It's a place where corporations, government agencies, and independent researchers converge to exchange ideas and push the boundaries of what's possible in securing our digital world. As the cybersecurity landscape continues to evolve, Black Hat remains a vital forum for addressing the challenges and opportunities that come with it.Sean and I engaged in thought-provoking conversations with 27 industry leaders during our coverage of Black Hat USA 2024 in Las Vegas, where the intersection of society and technology was at the forefront. These discussions underscored the urgent need to integrate cybersecurity deeply into our societal framework, not just within business operations. As our digital world grows more complex, the conversations revealed a collective understanding that the true challenge lies in transforming these strategic insights into actions that shape a safer and more resilient society, while also recognizing the changes in how society must adapt to the demands of advancing technology.As I walked through the bustling halls of Black Hat 2024, I was struck by the sheer dynamism of the cybersecurity landscape. The conversations, presentations, and cutting-edge technologies on display painted a vivid picture of where we stand today in our ongoing battle to secure the digital world. More than just a conference, Black Hat serves as a barometer for the state of cybersecurity—a reflection of our collective efforts to protect the systems that have become so integral to our daily lives. The Constant Evolution of ThreatsOne of the most striking observations from Black Hat 2024 is the relentless pace at which cyber threats are evolving. Every year, the threat landscape becomes more complex, with attackers finding new ways to exploit vulnerabilities in areas that were once considered secure. This year, it became evident that even the most advanced security measures can be circumvented if organizations become complacent. The need for continuous vigilance, constant updating of security protocols, and a proactive approach to threat detection has never been more critical.The discussions at Black Hat reinforced the idea that we are in a perpetual arms race with cybercriminals. They adapt quickly, leveraging emerging technologies to refine their tactics and launch increasingly sophisticated attacks. As defenders, we must be equally agile, continuously learning and evolving our strategies to stay one step ahead. Integration and Collaboration: Breaking Down SilosAnother key theme at Black Hat 2024 was the importance of breaking down silos within organizations. In an increasingly interconnected world, isolated security measures are no longer sufficient. The traditional boundaries between different teams—whether they be development, operations, or security—are blurring. To effectively combat modern threats, there needs to be seamless integration and collaboration across all departments.This holistic approach to cybersecurity is not just about technology; it's about fostering a culture of communication and cooperation. By aligning the goals and efforts of various teams, organizations can create a unified front against cyber threats. This not only enhances security but also improves efficiency and resilience, allowing for quicker responses to incidents and a more robust defense posture. The Dual Role of AI in CybersecurityArtificial Intelligence (AI) was a major focus at this year's event, and for good reason. AI has the potential to revolutionize cybersecurity, offering new tools and capabilities for threat detection, response, and prevention. However, it also introduces new challenges and risks. As AI systems become more prevalent, they themselves become targets for exploitation. This dual role of AI—both as a tool and a target—was a hot topic of discussion.The consensus at Black Hat was clear: while AI can significantly enhance our ability to protect against threats, we must also be vigilant in securing AI systems themselves. This requires a deep understanding of how these systems operate and where they may be vulnerable. It's a reminder that every technological advancement comes with its own set of risks, and it's our responsibility to anticipate and mitigate those risks as best we can. Empowering Users and Enhancing Digital LiteracyA recurring theme throughout Black Hat 2024 was the need to empower users—not just those in IT or security roles, but everyone who interacts with digital systems. In today's world, cybersecurity is everyone's responsibility. However, many users still lack the knowledge or tools to protect themselves effectively.One of the key takeaways from the event is the importance of enhancing digital literacy. Users must be equipped with the skills and understanding necessary to navigate the digital landscape safely. This goes beyond just knowing how to avoid phishing scams or create strong passwords; it's about fostering a deeper awareness of the risks inherent in our digital lives and how to manage them.Education and awareness campaigns are crucial, but they must be supported by user-friendly security tools that make it easier for people to protect themselves. The goal is to create a security environment where the average user is both informed and empowered, reducing the likelihood of human error and strengthening the overall security posture. A Call for Continuous ImprovementIf there's one thing that Black Hat 2024 made abundantly clear, it's that cybersecurity is a journey, not a destination. The landscape is constantly shifting, and what works today may not be sufficient tomorrow. This requires a commitment to continuous improvement—both in terms of technology and strategy.Organizations must foster a culture of learning, where staying informed about the latest threats and security practices is a priority. This means not only investing in the latest tools and technologies but also in the people who use them. Training, upskilling, and encouraging a mindset of curiosity and adaptability are all essential components of a successful cybersecurity strategy. Looking Ahead: The Future of CybersecurityAs I reflect on the insights and discussions from Black Hat 2024, I'm reminded of the critical role cybersecurity plays in our society. It's not just about protecting data or systems; it's about safeguarding the trust that underpins our digital world. As we look to the future, it's clear that cybersecurity will continue to be a central concern—not just for businesses and governments, but for individuals and communities as well.The challenges we face are significant, but so are the opportunities. By embracing innovation, fostering collaboration, and empowering users, we can build a more secure digital future. It's a future where technology serves humanity, where security is an enabler rather than a barrier, and where we can navigate the complexities of the digital age with confidence.Black Hat 2024 was a powerful reminder of the importance of this work. It's a challenge that requires all of us—security professionals, technologists, and everyday users—to play our part. Together, we can meet the challenges of today and prepare for the threats of tomorrow, ensuring that our digital future is one we can all trust and thrive in.The End ...of this story. This piece of writing represents the peculiar results of an interactive collaboration between Human Cognition and Artificial Intelligence._____________________________________Marco Ciappelli is the host of the Redefining Society Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Sean Martin—where you may just find some of these topics being discussed. You can also learn more about Marco on his personal website: marcociappelli.comTAPE3, which is me, is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society.________________________________________________________________Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Guest: Rock Lambros, CEO and founder of RockCyber [@RockCyberLLC]On LinkedIn | https://www.linkedin.com/in/rocklambros/On Twitter | https://twitter.com/rocklambros____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn a recent On Location episode recorded at Black Hat USA 2024, Sean Martin and Rock Lambros explore the prevailing topics and critical insights from the event's AI Summit. Sitting in the media room, not on the bustling show floor, the paid dissect the impact of artificial intelligence (AI) on cybersecurity, shedding light on its multifaceted implications.Rock Lambros, Founder and CEO of RockCyber, shares his observations about the predominance of AI in every corner of the conference. He notes how AI's presence is ubiquitous, even saturating advertisements at the airport. Lambros provides an overview of the AI Summit, highlighting the diversity of sessions ranging from high-level talks to vendor pitches. While some were mere product promotions, others provided substantial insights and valuable statistics, which Lambros is keen to share on platforms like LinkedIn.The discussion progresses to the remark by Nvidia's CEO, Bartley Richardson, suggesting that cyber is fundamentally a data problem, and AI could be the solution. Lambros concurs with this in part but emphasizes the necessity of maintaining human oversight in the process. Martin and Lambros reflect on the potential of AI to augment cybersecurity tasks, particularly for tier one analysts. There is a focus on leveraging AI to expedite responses to threats, potentially reducing the reaction time, which currently lags significantly behind the speed of AI-driven attacks.Lambros presents a balanced perspective, warning against the risk of reducing entry-level jobs in cybersecurity due to AI advancements, advocating instead for upskilling these professionals to handle more complex roles. The conversation touches on governance and risk management, with Lambros stressing the importance of integrating AI governance into existing frameworks without rendering AI oversight an exclusive domain for data scientists alone. He highlights the EU AI Act and Colorado AI Act as critical regulatory frameworks that emphasize this need.Lambros also brings attention to DARPA's open-source resources aimed at securing AI, encouraging practitioners to utilize these tools. Towards the end, a poignant observation from Robert Flores, former CISO of the CIA, underscores the difficulty governments face in keeping up with AI's rapid evolution. Lambros reflects on the mixed audience at the summit, a blend of technical practitioners and policy leaders, all grasping the significant impact and challenges AI brings to the field.The episode underscores the crucial balance between embracing technological advancements and maintaining human oversight and governance within cybersecurity. The insights shared by Rock Lambros and Sean Martin offer a nuanced perspective on the current state of AI in the field, emphasizing a collaborative approach to integrating these innovations responsibly.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security.One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first.The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization's security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden.Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk.One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams.The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes.This insightful episode underscores the importance of comprehensive, AI-driven solutions in today's security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient.Learn more about ArmorCode: https://itspm.ag/armorcode-n9tNote: This story contains promotional content. Learn more.Guest: Mark Lambert, Chief Product Officer, ArmorCode [@code_armor]On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/ResourcesLearn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcodeView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization's security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture's evolution.A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai's rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai's tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23Note: This story contains promotional content. Learn more.Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3aiView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Join Sean Martin and TAPE3 as they dive into key insights from Black Hat 2024, highlighting the crucial need to embed cybersecurity into core business practices to drive growth and resilience. Discover how leveraging AI, modular frameworks, and human expertise can transform cybersecurity from a defensive function into a strategic enabler of business success.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

During Black Hat USA 2024 in Las Vegas, Sean Martin engages in a Brand Story conversation with TK Keanini from DNSFilter to explore the pivotal role DNSFilter plays in safeguarding networks around the world. DNSFilter operates by leveraging the Domain Name System (DNS), an essential component of the internet. As TK Keanini shares, the company's primary mission is to filter out malicious traffic and allow legitimate traffic to pass through, thereby providing an effective layer of security that is both accessible and user-friendly.The applicability of DNSFilter spans globally, reflecting the nature of cyber threats, which are not confined by geographic borders. One critical aspect discussed is DNSFilter's ability to manage approximately 130 billion DNS requests daily, blocking between three to four billion potentially harmful requests. This impressive scale underscores the importance of DNSFilter in preventing cyberattacks and protecting users from inadvertently accessing malicious sites.From coffee shops to large enterprises, the relevance and ease of deploying DNSFilter stand out. For businesses, the practical uses of DNSFilter are numerous.Keanini explains that the technology is effortless to set up and can be integrated directly into various levels of IT infrastructure, including Wi-Fi routers in coffee shops and public Wi-Fi in retail settings. This straightforward setup enables even those with minimal technical expertise to implement robust cybersecurity measures easily.The conversation also highlights DNSFilter's effectiveness in addressing global issues, such as Child Sexual Abuse Material (CSAM), reinforcing the company's commitment to making the internet safer for everyone. The firm's blocking capabilities are not limited to phishing and ransomware; they extend to other harmful content categories, ensuring comprehensive protection.Moreover, for Chief Information Security Officers (CISOs) and organizations with established cybersecurity programs, DNSFilter offers an invaluable addition to their security suite. With DNSFilter, policies can be set with a single click, streamlining the process for schools, businesses, and managed service providers alike. Keanini points out that this level of usability ensures that even those without extensive cybersecurity experience can effectively manage and implement necessary protections.Additionally, Keanini emphasizes the importance of DNSFilter's role in protecting everyday users on public Wi-Fi networks and its affordability for public-use scenarios. DNSFilter's technology integrates smoothly into existing security frameworks, providing peace of mind to users and IT administrators that their networks are secure. For individuals and organizations looking to enhance their online security, DNSFilter presents a compelling solution. With its easy setup, global reach, and comprehensive protection against a wide range of cyber threats, DNSFilter stands as a vital tool in the arsenal of modern cybersecurity solutions.Learn more about DNSFilter: https://itspm.ag/dnsfilter-1g0fNote: This story contains promotional content. Learn more.Guest: TK Keanini, CTO, DNSFilter [@DNSFilter]On LinkedIn | https://www.linkedin.com/in/tkkeaninipub/ResourcesLearn more and catch more stories from DNSFilter: https://www.itspmagazine.com/directory/dnsfilterView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Black Hat Hacker Summer Camp: A Meeting Ground for Security MindsAs Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes.Returning to Basics: The Unending Challenge of SecuritySean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged.Introducing AppSoc: The New Kid on the BlockSean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Praveen Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence.The Importance of Prioritization and Orchestrated RemediationWilly explains how AppSoc's "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly.Leveraging AI for Better Prioritization and Security PostureThe use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices.Real-world Applications: A Day in the Life with AppSocWilly shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc's efficacy in providing actionable insights promptly.The Shift-Left Strategy and DevSecOps CollaborationThe conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams.ConclusionSean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape.Learn more about AppSOC: https://itspm.ag/appsoc-z45xNote: This story contains promotional content. Learn more.Guest: Willy Leichter, Chief Marketing Officer, AppSOC [@appsoc_inc]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsocView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024. Selected Reading ‘Sinkclose' Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (WIRED) Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities (SecurityWeek) Series Of Solar Power System Vulnerabilities Impacts Millions Of Installations (Cyber Security News) Microsoft: Iran makes late play to meddle in U.S. elections (CyberScoop) UN cybercrime treaty passes in unanimous vote (The Record) ADT confirms data breach after customer info leaked on hacking forum (Bleeping Computer) It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 (The Register) Computer Crash Reports Are an Untapped Hacker Gold Mine (WIRED) USPS Text Scammers Duped His Wife, So He Hacked Their Operation (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guest: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv___________________________Episode NotesIn the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment.Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations.The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape.A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards.Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem.The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively.The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors.For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets.Learn more about Akamai: https://itspm.ag/akamaievkiNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai [@Akamai]On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Welcome to another insightful story from ITSPmagazine, where we bring you exclusive content directly from Hacker Summer Camp at Black Hat Las Vegas 2024. This year, Sean Martin had the pleasure of sitting down with Tom Tovar, CEO of Appdome, to explore the company's innovative approach to mobile app security.A Dynamic Presence at Black HatBlack Hat 2024 is buzzing with energy, and Appdome's vibrant booth has become a focal point for many attendees. Tom credits his marketing team for creating an engaging and visually striking presence that truly reflects Appdome's mission. A standout feature is a unique widescreen shot setup that, although not yet shared on social media, perfectly encapsulates Appdome's vision for mobile app security.The Origin of AppdomeDuring the conversation, Sean Martin asked Tom to share the origin story of Appdome. Tom, who began his career as a corporate and securities lawyer during the tech boom, later transitioned to roles in security and operations at NetScreen. His journey took a pivotal turn after teaching himself to code and recognizing the need for a more efficient way to secure mobile applications. Driven by frustration with existing solutions and encouraged by a venture capitalist friend, Tom set out to create Appdome, aiming to simplify and automate mobile app security.Revolutionizing Mobile App Security with AppdomeAppdome's approach integrates security into the mobile app development process through machine learning, making it easier to incorporate essential functions like encryption and anti-tampering. Over time, the platform has evolved to include advanced features such as malware detection and fraud prevention. By automating these processes, Appdome reduces friction for developers and users alike, offering a streamlined path to robust mobile app security.Embracing Generative AI for User EmpowermentA highlight of the interview was the discussion around Appdome's adoption of Generative AI (Gen AI). This cutting-edge technology offers automated support to users facing mobile app security threats, providing real-time guidance to resolve issues independently. This not only enhances cybersecurity but also raises awareness, helping users become more informed and vigilant.Appdome's Expanding Influence in CybersecurityWith over 144,000 applications utilizing its platform and more than 11,000 builds handled daily, Appdome has established itself as a leader in mobile app security. Its widespread adoption across diverse industries underscores the platform's scalability and versatility.Looking Ahead: The Future of Mobile App SecurityTom Tovar also shared Appdome's vision for the future, including the introduction of AI-driven recommendations to further streamline security integration. The ultimate goal is to achieve an auto-defend capability, making mobile app security more intuitive and effortless for users worldwide.ConclusionThis exclusive interview with Tom Tovar at Black Hat 2024 highlights how Appdome is at the forefront of mobile app security, driving innovation and automation in a rapidly evolving landscape. As mobile threats continue to grow, Appdome's solutions will be essential in ensuring secure, seamless experiences for users everywhere.For more insights and updates from the cybersecurity world, keep following ITSPmagazine.Learn more about  Appdome: https://itspm.ag/appdome-neuvNote: This story contains promotional content. Learn more.Guest: Tom Tovar, CEO, Appdome [@appdome]On LinkedIn | https://www.linkedin.com/in/tom-tovar-9b8552/ResourcesLearn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdomeView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Brand Story episode of On Location, hosts Sean Martin and Marco Ciappelli sit down with Chris Pierson, Founder and CEO of BlackCloak, a digital executive protection company. Throughout their conversation, they explore the intersection of personal privacy, digital security, and the unique challenges faced by high-profile individuals in protecting their digital lives. Chris Pierson discusses the importance of proactive measures in digital security, emphasizing the need for executives and public figures to safeguard their personal information just as rigorously as their corporate data.The dialogue covers various critical topics, including the rising threats of deep fakes and the implications for personal and professional security. Pierson explains how these convincing digital forgeries can be used maliciously and provides strategies to identify and combat them. Additionally, the conversation delves into common cyber threats like phishing and business email compromise, with Pierson detailing practical strategies for mitigating these risks.Pierson also highlights the evolving landscape of privacy threats and the role of education in empowering individuals to take control of their digital presence. He shares insights on balancing security with usability, pointing out the vulnerabilities that can be overlooked by even the most tech-savvy individuals. Reflecting on his experience building BlackCloak, Pierson discusses key lessons learned while developing solutions tailored to the needs of high-net-worth and high-profile clients.The episode underscores the criticality of a tailored approach to digital security, addressing both technical defenses and user behaviors. Listeners are encouraged to think about their own digital habits and consider how they can better protect their personal information in an increasingly interconnected world.Learn more about BlackCloak:https://itspm.ag/itspbcwebNote: This story contains promotional content. Learn more.Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue.Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We're here in Las Vegas for Black Hat USA 2024, and I'm thrilled to be joined by Theresa Lanowitz. Theresa, how are you?”Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs.Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.”The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on.Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience.Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience.Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they're not, achieving cyber resilience becomes very difficult.”The Pandemic's Impact on Cybersecurity Reflecting on the pandemic's effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach.Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance.Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you're going to be proactive rather than reactive.”The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures.Sean Martin: “By working with a trusted partner, you're not giving up your creative ideas but rather ensuring they play out effectively and securely.”The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity.Sean Martin: “It always comes back to the people, doesn't it?”Conclusion The episode wraps up with Sean expressing gratitude for Theresa's insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this On Location episode Brand Story, Sean Martin speaks with Artyom Poghosyan at the Black Hat conference in Las Vegas about Britive, a cloud privileged access management platform. They explore how Britive assists medium to large enterprises in tackling identity management and security issues across multi-cloud and hybrid environments.Sean and Artyom discuss the complexities that organizations face with cloud adoption, where traditional lift-and-shift approaches no longer suffice. Artyom outlines how the incorporation of new processes and tools, such as DevOps automation, complicates identity and access management in cloud environments. Britive's approach emphasizes the need for dynamic, scalable solutions that align with the speed and agility of cloud-based development while ensuring robust security controls.A key focus is the balance between granting necessary access for operational efficiency and minimizing security risks from overprivileged accounts. Artyom describes Britive's method of dynamically granting and revoking access based on justified needs, ensuring that temporary elevated access is appropriately controlled and removed post-use.Additionally, the conversation highlights the challenges of managing identities across multiple cloud platforms (AWS, GCP, Azure, etc.) and the diverse technologies used in modern enterprises. Artyom explains Britive's capability to provide a unified identity and access management approach that simplifies and secures these varied environments.The episode also emphasizes Britive's potential to significantly reduce the time required for onboarding DevOps engineers, streamlining the process from days to mere minutes through automation. This not only improves operational efficiency but also vastly reduces risk by limiting standing privileges, a key security vulnerability often exploited by cybercriminals.Finally, they touch upon how Britive fits within broader organizational security strategies, particularly Zero Trust initiatives. By eliminating standing access risks and offering integration with existing security processes, Britive supports the implementation of comprehensive identity security programs that align with modern security frameworks.Sean closes the episode by encouraging listeners to engage with Artyom and the Britive team to see how their solutions can enhance identity management and security within their organizations.Learn more about Britive: https://itspm.ag/britive-3fa6Note: This story contains promotional content. Learn more.Guest: Artyom Poghosyan, Co-Founder, Britive [@britive1]On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/ResourcesLearn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britiveView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX's innovative approach to browser security and its relevance in today's cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

At Black Hat 2024 in Las Vegas, Sean Martin from On Location interviews Dror Liwer of Coro, uncovering the impressive strides Coro has made in creating a truly cohesive cybersecurity platform. This conversation reveals how Coro distinguishes itself in an industry saturated with buzzwords and inadequate solutions, particularly for smaller and mid-sized businesses.Meeting in VegasSean Martin starts the conversation by appreciating the vibrant atmosphere at the Black Hat Business Hall. The colorful Coro booth, coupled with the energetic team, sets the perfect backdrop for a discussion centered on platform innovation.Sean Martin: "Here we are, Dror. Fantastic seeing you here in Vegas."Dror Liwer: "It's where we meet."The Platform BuzzThe term “platform” has become a buzzword in the cybersecurity industry. Dror explains that many companies claim to offer platforms, but these so-called platforms often result from the integration of various point solutions, which don't communicate effectively with each other.Dror Liwer: “We built Coro as a platform and have been a platform for 10 years. It's kind of funny to see everybody now catching up and trying to pretend to be a platform.”Dror criticizes how companies use “platform” to create market confusion, explaining that a true platform requires seamless integration, a single endpoint agent, and a unified data lake.Defining a True PlatformDror and Sean delve deep into what makes Coro's platform genuinely innovative. Dror emphasizes that a real platform collects and processes data across multiple modules, providing a single pane of glass for operators. He contrasts this with other solutions that merely integrate various tools, resulting in operational complexity and inefficiencies.Dror Liwer: "A real platform is an engine that has a set of tools on top of it that work seamlessly together using a single pane of glass, a single endpoint agent, and a single data lake that shares all of the information across all of the different modules."The Role of DataData integration is a cornerstone of Coro's platform. Dror explains that each module in Coro functions as both a sensor and protector, feeding data into the system and responding to anomalies in real-time.Dror Liwer: "The collection of data happens natively at the sensor. They feed all the data into one very large data lake."This unified approach allows Coro to eliminate the time-critical gap between event detection and response, a significant advantage over traditional systems that often rely on multiple disparate tools.Supporting MSPs and Mid-Market BusinessesOne of Coro's key missions is to support Managed Service Providers (MSPs) and mid-market businesses, sectors that have been largely overlooked by larger cybersecurity firms. By offering a more manageable and less costly platform, Coro empowers these providers to offer comprehensive cybersecurity services without the high operational costs traditionally associated with such tasks.Dror Liwer: “We are changing that economic equation, allowing MSPs to offer full cybersecurity solutions to their customers at an affordable price.”Fulfilling New RequirementsDror also sheds light on how Coro helps businesses comply with new regulatory requirements or cybersecurity mandates, often dictated by their position in the supply chain.Dror Liwer: "When this guy comes to you and says, ‘Hey, I need to now comply with this or do that,' this is an opportunity to tell them, ‘Don't worry. I got you covered. I have Coro for you.'”ConclusionDror Liwer's insights during Black Hat 2024 highlight how Coro is not only addressing but revolutionizing the cybersecurity needs of small to mid-sized businesses and their MSP partners. By creating a true platform that reduces complexity and operational costs, Coro sets a new standard in the cybersecurity industry.Learn more about CORO: https://itspm.ag/coronet-30deNote: This story contains promotional content. Learn more.Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]On LinkedIn | https://www.linkedin.com/in/drorliwer/ResourcesLearn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coroView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Crowdstrike releases a postmortem. LoanDepot puts a multimillion dollar price tag on their ransomware incident. RHADAMANTHYS info stealer targets Israelis. Zola ransomware is an advanced evolution of the Proton family. Firefox fixes several high-severity vulnerabilities. Researchers at Certitude uncover a vulnerability in Microsoft 365's anti-phishing measures. Threat actors exploit legitimate anti-virus software for malicious purposes. Samsung's new bug bounty program offers rewards up to a million dollars. Guest Adam Marré, CISO at Arctic Wolf, joining us to share his observations on the ground at Black Hat USA 2024. Ransomware gangs turn the screws and keep up with the times.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Marré, CISO at Arctic Wolf, joining us to share his observations as our man on the street from Black Hat USA 2024. Selected Reading CrowdStrike Publishes Technical Root Cause Analysis of Faulty Falcon Update (Cyber Security News) Ransomware Attack Cost LoanDepot $27 Million (SecurityWeek) RHADAMANTHYS Stealer Weaponizing RAR Archive To Steal Login Credentials (Cyber Security News) New Zola Ransomware Using Multiple Tools to Disable Windows Defender (GB Hackers) Firefox Patches Multiple High Severity Vulnerabilities (Cyber Security News) Exploring Anti-Phishing Measures in Microsoft 365 (Certitude Blog) Hackers Hijack Anti-Virus Software Using SbaProxy Hacking Tool (Cyber Security News) Samsung to pay $1,000,000 for RCEs on Galaxy's secure vault (Bleeping Computer) Turning the screws: The pressure tactics of ransomware gangs (Sophos News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices