Podcasts about Chief information security officer

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

Public sector organizations are under siege—ransomware attacks are now more frequent and sophisticated than ever before. In this episode, our Cybersecurity Working Group dives into two recent cyberattacks that struck at the heart of our nation's courts, targeting justice systems that millions rely on each day.Returning to the host's chair is Larry Zorio, Chair of the Cybersecurity Working Group and Chief Information Security Officer at Mark43. Larry leads an insightful discussion with David Slayton, Court Executive Officer and Clerk of the Court for the Superior Court of Los Angeles County, and Robert Adelardi, Chief Information Officer for the 11th Judicial Circuit Court of Florida in Miami-Dade County. Both guests bring invaluable frontline perspectives from courts that have faced ransomware threats head-on and persevered.David and Robert offer a behind-the-scenes account of what it was like when ransomware disrupted core court operations. They'll recount how their teams mobilized in real time, the critical decisions made under pressure, and the practical steps every court and public sector agency can take to strengthen defenses and recovery plans.

In this episode of Between Product and Partnerships, Cristina Flaschen, CEO of Pandium, speaks with Nate Lee, Founder of Cloudsec.ai, about the evolving challenges of security in SaaS ecosystems, AI, and integrations. Their conversation explores lessons from real-world incidents, risk management in fast-moving environments, and the emerging landscape of AI agents.Nate's Background and Security PerspectiveWith over a decade of experience as a Chief Information Security Officer, Nate has helped scale-ups build security programs focused on AI-native startups and cloud environments. His approach is grounded in pragmatism, meaning prevention is important, but effective detection, response, and transparency are what define resilience when incidents occur.Lessons from Real-World IncidentsReflecting on recent industry breaches such as the SalesLoft incident, Nate illustrates how small misconfigurations across systems like GitHub or AWS can trigger cascading risks. Even organizations with robust security teams remain vulnerable. He emphasizes the importance of continuous monitoring, anomaly detection, and disciplined response planning as part of a company's operating DNA.Mitigation, Communication, and RunbooksFor smaller teams, Nate and Cristina highlight the value of preparation and clarity when managing incidents. Segregating responsibilities allows engineers to focus on resolving issues while communications are handled transparently and calmly by others. Tabletop exercises (simulations of potential breaches) help teams respond confidently when real situations arise. Above all, Nate underscores the need for transparent communication with customers and stakeholders. Clear, factual updates that explain what happened, its impact, and next steps build far more trust than spin or silence. Having ready-made messaging frameworks also helps reduce the stress of decision-making during high-pressure moments.AI Agents and Emerging RisksThe conversation then turns to the rapidly expanding role of AI agents in modern workflows. Nate explains that while these systems deliver tremendous efficiency gains, they also introduce new and unpredictable risks. Unlike traditional deterministic workflows, AI agents can act in unexpected ways, sometimes interpreting instructions beyond what developers intend. Threats such as prompt injection and the rise of unmonitored AI tools (or “shadow IT”) add layers of complexity. As adoption accelerates, maintaining visibility and control becomes critical.Despite these challenges, Nate remains optimistic about AI's potential. He advocates for mindful adoption (understanding the risks, their likelihood, and the potential business impact) while ensuring that innovation and productivity continue to advance responsibly.Building Trust and Future-Proofing SecurityFor Nate, trust is the foundation of security. Whether developing integrations, deploying AI tools, or managing internal systems, organizations must design processes that foster transparency, encourage safe experimentation, and promote continuous learning. Building a culture of accountability and openness not only reduces risk but also strengthens long-term relationships with customers and partners.Looking AheadNate is currently launching Trustmind, a platform that automates security due diligence and streamlines third-party risk management for organizations working with multiple vendors and integrations.For more insights on partnerships, ecosystems and integrations, visit www.pandium.comTo learn more about Cloudsec., go to https://cloudsec.ai/

In a world where employees can now include autonomous identities with operational access and decision-making power, traditional security models are being pushed to the limit. AI agents have become embedded across enterprise operations and they’re unlocking new frontiers of productivity which is exposing unseen vulnerabilities. On Industry Insight, Lynlee Foo speaks to Kevin Kirkwood, Chief Information Security Officer at Exabeam to find out why conventional defences are falling short, and what best practices global companies are adopting to safeguard enterprise environments against a new class of AI-powered insider threats.See omnystudio.com/listener for privacy information.

The concept of DevSecOps has been around long enough that it's now firmly established in most federal agencies, but using it to produce secure software on a regular basis takes careful planning. Darren Death is the Chief Information Security Officer at the Export Import Bank, and Madhuri Sammid is the Deputy Associate Chief Information Officer at the Bureau of Safety and Environmental Enforcement. They talked with Federal News Network's Jared serbu As part of our 2025 Cyber Leaders Exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Michael chats with Russell Teague, Chief Information Security Officer (CISO) at Fortified Health Security. Together, they discuss how the role of CISO is evolving amid today's cyber threat landscape and regulatory environment, areas in which healthcare needs to improve cyber resilience, why experience is so important in the clinical environment when selecting a vendor or SOC service partner, how CISOs can mitigate massive cyber disruptions and risks, and much more. To learn more about Fortified Health Security, visit FortifiedHealthSecurity.com.

Today's episode is hosted by Chris Hackett and they are joined on the podcast by Sadetta Postareff, Principal Information Security Manager at atNorth, Heidi Holm, Chief Information Security Officer at Lindab Group, Gabriel Winnberg, Critical Flow Resilience Manager at IKEA, and Peter Saverman, Cyber Security Officer at Emulate Energy AB. The conversation explores the evolving role of security in modern organisations, examining how information security leadership contributes to business resilience, trust, and operational excellence. Together, the guests discuss the intersection of security strategy, technological transformation, and cultural awareness within digital ecosystems. The exchange highlights the importance of embedding security into decision-making, empowering teams, and managing risk proactively. Listeners will gain insights into building a strong security culture, aligning protection goals with business growth, and ensuring that security becomes a shared responsibility across all levels of the organisation.

Nassim Eddequiouaq is co-founder and CEO of Bastion, a pioneer in regulated stablecoin infrastructure and NYDFS-certified provider. Bastion is the stablecoin issuance platform for financial institutions and enterprises. Prior to founding Bastion, Nass was the Chief Information Security Officer at a16z Crypto, and held senior management roles across Security and Infrastructure at Facebook, Anchorage, Docker, and Apple. He received a M.S. in Computer Science from Ecole d'Ingénieurs en Informatique. In this conversation, we discuss:- What happened on the 10/10 crypto crash? - Winners and losers after the crypto crash  - Bridging traditional finance and digital assets through enterprise-ready solutions  - The diverse use cases of stablecoins  - Why stablecoins (especially USD-pegged) are poised for mass enterprise adoption  - The growing interest in branded stablecoins  - Bastion's NYDFS trust charter  - GENIUS Act and STABLE Act  - Why regulatory clarity is critical  - Privacy for stablecoin users  BastionX: @BastionPlatformWebsite: bastion.comLinkedIn: BastionNassim EddequiouaqX: @nassyweazyLinkedIn: Nassim Eddequiouaq---------------------------------------------------------------------------------This episode is brought to you by PrimeXBT.PrimeXBT offers a robust trading system for both beginners and professional traders that demand highly reliable market data and performance. Traders of all experience levels can easily design and customize layouts and widgets to best fit their trading style. PrimeXBT is always offering innovative products and professional trading conditions to all customers.  PrimeXBT is running an exclusive promotion for listeners of the podcast. After making your first deposit, 50% of that first deposit will be credited to your account as a bonus that can be used as additional collateral to open positions. Code: CRYPTONEWS50 This promotion is available for a month after activation. Click the link below: PrimeXBT x CRYPTONEWS50

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Katherine Henry of Bradley, Arant, Boult, Cummings, and Harold (Hal) Weston of Georgia State University, Greenberg School of Risk Science, who are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview.” Katherine and Hal take the discussion beyond the pages and delve into best cybersecurity practices, cyber insurance, and Safe Harbor laws offered by some states and possibly to be offered soon by others. They discuss frameworks and standards, and what compliance means for your organization, partly based on your state law.   Listen for advice to help you be prepared against cybercrime.   Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. We will be joined by the authors of the legislative review, “A 2025 Cybersecurity Legal Safe Harbor Overview”, Katherine Henry and Harold Weston. Katherine and Harold are also prominent members of the RIMS Public Policy Committee. [:48] Katherine and Harold are also here to talk about Cybersecurity Awareness Month and safe practices. But first…  [:53] RIMS-CRMP Prep Workshops! The next RIMS-CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:05] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:23] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [1:37] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on the virtual workshops! [1:56] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:08] Several RIMS Webinars are being hosted this Fall. On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [2:28] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [2:40] Before we get on with the show, I wanted to let you know that this episode was recorded in the first week of October. That means we are amid a Federal Government shutdown. RIMS has produced a special report on “Key Considerations Regarding U.S. Government Shutdown.” [2:58] This is an apolitical problem. It is available in the Risk Knowledge section of RIMS.org, and a link is in this episode's show notes. Visit RIMS.org/Advocacy for more updates. [3:12] Remember to save March 18th and 19th on your calendars for the RIMS Legislative Summit 2026, which will be held in Washington, D.C. I will continue to keep you informed about that critical event. [3:24] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:40] That is why I'm delighted that Katherine Henry and Harold (Hal) Weston are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [3:52] This report provides a general overview of expected cybersecurity measures that organizations must take to satisfy legal Safe Harbor requirements. [4:01] It summarizes state Safe Harbor laws that have been developed to ensure organizations are proactive about cybersecurity and that digital, financial, and intellectual assets are legally protected when that inevitable cyber attack occurs. [4:15] We are here to extend the dialogue. Let's get started! [4:21] Interview! Katherine Henry and Hal Weston, welcome to RIMScast! [4:41] Katherine was one of he first guests on RIMScast. Katherine is Chair of the Policyholder Insurance Coverage Practice at Bradley, Arant, Boult, Cummings. Her office is based in Washington, D.C. She works with risk managers all day on insurance issues. [5:05] Katherine has been a member of the RIMS Public Policy Committee for several years. She serves as an advisor to the Committee. [5:12] Justin thanks Katherine for her contributions to RIMS. [5:25] Hal is with Georgia State University. He has been with RIMS for a couple of decades. Hal says he and Katherine have served together on the RIMS Public Policy Committee for maybe 10 years. [5:48] Hal is a professor at Georgia State University, a Clinical Associate in the Robinson College of Business, Greenberg School of Risk Science, where he teaches risk management and insurance. Before his current role, Hal was an insurance lawyer, both regulatory and coverage. [6:05] Hal has a lot of students. He is grading exams this week. He has standards for his class. In the real world, so does a business. [6:46] Katherine and Hal met through the RIMS Public Policy Committee. They started together on some subcommittees. Now they see each other at the annual meeting and on monthly calls. [7:05] Katherine and Hal just released a legislative review during RIMS's 75th anniversary, “A 2025 Cybersecurity Legal Safe Harbor Overview”. It is available on the Risk Knowledge page of RIMS.org. [7:20] We're going to get a little bit of dialogue that extends beyond the pages. [7:31] Katherine explains Safe Harbor: When parties are potentially liable to third parties for claims, certain states have instilled Safe Harbor Laws that say, If you comply with these requirements, we'll provide you some liability protection. [7:45] Katherine recommends that you read the paper to see what the laws are in your state. The purpose of the paper is to describe some of those Safe Harbor laws, as well as all the risks. [8:04] October 14th, the date this episode is released, is World Standards Day. Hal calls that good news. Justin says the report has a correlation with the standards in the risk field. [8:43] Justin states that many states tie Safe Harbor eligibility to frameworks like NIST, the ISO/IEC 27000, and CIS Controls. [9:27] Hal says, There are several standards, and it would be up to the Chief Information Security Officer to guide a company on which framework might be most appropriate for them. There are the NIST, UL, and ISO, and they overlap quite a bit. [9:56] These are recognized standards. In some states, if a company has met this standard of cybersecurity, a lawsuit against the company for breach of its standard of care for maintaining its information systems would probably be defensible for having met a recognized standard. [10:23] Katherine adds that as risk managers, we can't make the decision about which of these external standards is the best. Many organizations have a Cybersecurity Officer responsible for this. [10:44] For smaller organizations, there are other options, including outsourcing to a vendor. Their insurance companies may have recommendations. So you're not on your own in making this decision. [11:14] Katherine says firms should definitely aim for one recognized standard. Katherine recommends you try to adhere to the highest standard. If you are global, you need to be conscious of standards in other countries. [11:46] Hal says California tends to have the highest standards for privacy and data protection. If you're a financial services company, you're subject to New York State's Department of Financial Services Cyber Regulation. [12:02] If you're operating in Europe, GDPR is going to be the guiding standard for what you should do. Hal agrees with Katherine: Any company that spans multiple states should pick the highest standard and stick to that, rather than try to implement five or 52 standards. [12:23] When you're overseas, you may not be able to just pick the highest standard; there are challenges in going from one country or region of Europe back to the U.S. If one is higher, it will probably be easier. [12:38] There are major differences between the U.S., which has little Federal protection, vs. state protection. [13:10] Katherine says if you don't have the internal infrastructure, and you can't afford that infrastructure, the best thing is to pivot to an outside vendor. There are many available, with a broad price range. Your cyber insurer may also have some vendors they already work with. [13:40] Hal would add, Don't just think about Safe Harbors. That's just a legal defense. Think about how you reduce the risk by adopting standards or hiring outside firms that will provide that kind of risk protection and IT management. [13:59] If they're doing it right, they may tell you the standards they use, and they may have additional protocols, whether or not they fall within those standards, that would also be desirable. A mid-sized firm is probably outsourcing it to begin with. [14:21] They have to be thinking about it as risk, rather than just Safe Harbor. You have to navigate to the Safe Harbor. You don't just get there. [14:31] Quick Break! RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through the 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [14:50] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [15:03] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [15:16] The RIMS Legislative Summit 2026 is mentioned during today's episode. Be sure to mark your calendar for March 18th and 19th in Washington, D.C. Keep those dates open. [15:28] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates.  [15:41] Let's return to our interview with Katherine Henry and Hal Weston! [15:54] We're talking about their new paper, “A 2025 Cybersecurity Legal Safe Harbor Overview”. Katherine mentions that some businesses are regulated. They have to comply with external regulatory standards. [16:38] Other small brick-and-mortar businesses may not have any standards they have to comply with. They look for what to do to protect themselves from cyber risk, and how to tell others they are doing that. [16:54] If you can meet the standards of Safe Harbor laws, a lot of which are preventative, before a breach, you can inform your customers, “These are the protections we have for your data.” You can tell your board, “These are the steps we're taking in place.” [17:13] You can look down the requirements of the Safe Harbor law in your state or a comparable state, and see steps you can take in advance so you can say, “We are doing these things and that makes our system safer for you and protects your data.” [17:34] Hal says you don't want to have a breach, and if you do, it would be embarrassing to admit you were late applying a patch, implementing multi-factor authentication, or another security measure. By following standards of better cyber protection, you avoid those exposures. [18:07] Hal says every company has either been hacked and knows it, or has been hacked and doesn't know it. If you're attacked by a nation-state that is non-preventable, you're in good shape. [18:26] If you're attacked because you've left some ports open on your system, or other things that are usually caught in cybersecurity analyses or assessments, that's the embarrassing part. You don't want to be in that position. [18:43] Katherine says it's not just your own systems, but if you rely on vendors, you want to ensure that the vendors have the proper security systems in place so that your data, to the extent that it's transmitted to them, is not at risk. [19:07] Also, make sure that your vendors have cyber insurance and that you're an additional insured on that vendor's policy if there's any potential exposure. [19:22] Hal says If you're using a cloud provider, do you understand what the cloud provider is doing? In most cases, they will provide better security than what you could do on your own, but there have been news stories that even some of those have not been perfect. [20:22] Hal talks about the importance of encryption. It's in the state statutes and regulations. There have been news stories of companies that didn't encrypt their data on their servers or in the cloud, and didn't understand encryption, when a data breach was revealed. [20:52] Hal places multi-factor authentication up with encryption in importance. There was a case brought against a company that did not have MFA, even though it said on its application on the cyber policy that the company used it. [21:13] Hal says these are standard, basic things that no company should be missing. If you don't know that your data is encrypted, get help fast to figure that out. [21:51] Hal has also seen news stories of major companies where the Chief Technology Officer has been sued individually, either by the SEC or others, for not doing it right. [22:07] Katherine mentions there are insurance implications. If you mistakenly state you're providing some sort of protection on your insurance application that you're not providing, the insurer can rescind your coverage, so you have no coverage in place at all. [22:23] Katherine says, These are technical safeguards, but we know the human factor is one of the greatest risks in cybersecurity. Having training for everyone who has access to your computer system, virtually everyone in your organization, is very important. [22:49] Have a test with questions like, Is this a spam email or a real email? There are some vendors who can do all this for you. Statistics show that the human element is one of the most significant problems in cybersecurity protection. [23:05] Justin says it's October, Cybersecurity Awareness Month in the U.S. Last week's guest, Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL, said the number one cyber risk is human error, like clicking the phishing link.  [23:45] Justin brings up that when he was recently on vacation, he got an email on his personal email account, “from his CEO,” asking him to handle something for them. Justin texted somebody else at RIMS, asking if they got the same email, and they hadn't. [24:14] Justin sent the suspect email to the IT director to handle. You have to be vigilant. Don't let your guard down for a second. [24:48] Katherine has received fake emails, as well. [24:51] Hal says it has happened to so many people. Messages about gift cards or the vendor having a new bank account. Call the vendor that you know and ask what this is. [25:12] Hall continues. It's important to train employees in cybersecurity, making sure that they are using a VPN when they are outside of the office, or even a VPN that's specific to your company. [25:32] Hal saw in the news recently that innocent-looking PDF files can harbor lots of malware. If you're not expecting a PDF file from somebody, don't click on that, even if you know them. Get verification. Start a new thread with the person who sent it and ask if it is a legitimate PDF. [26:08] Justin says of cybercriminals that they are smart and their tactics evolve faster than legislation. How can organizations anticipate the next generation of threats? [26:34] Katherine says, You need to have an infrastructure in your organization that does that, or you need to go to an outside vendor. You need some sort of protection, internally or externally. [27:11] Katherine says she works with CFOs all the time. If an organization isn't large enough to have a risk manager, it's a natural fit for the CFO, who handles finances, to handle insurance. When it comes to cybersecurity, a CFO needs help. [27:46] The CFO should check the cyber policy to see what support services are already there and see if there are any that are preventative, vs. after a breach. If there are not, Katherine suggests pivoting to an outside vendor. [28:07] Hal continues, This interview is for RIMS members who are risk managers and the global risk community. Risk managers don't claim to know all the risk control measures throughout a company. They rely upon the experts in the company and outside. [28:29] If the CFO is the risk manager, he or she has big gaps in expertise needed for risk management. It's the same for the General Counsel running risk management. Risk managers are known for having small staffs and working with everybody else to get the right answers. [28:55] If you're dealing with the CFO or General Counsel in those roles, they need to be even more mindful to work with the right experts for guidance. [29:09] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [29:26] He is back, just to deliver a quick message about what you can expect from his keynote on “AI and the Future of Risk.” Dan, welcome back to RIMScast! [29:37] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th at the RIMS ERM Conference 2025 in Seattle, Washington. [29:52] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [30:10] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, “AI and the Future of Risk Management,”  and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [30:29] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [30:40] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [30:48] Let's Conclude Our Interview about Navigating Cyber and IT Practices to Legal Safe Harbors with Katherine Henry and Hal Weston! [31:17] Katherine tells about how Safe Harbor compliance influences cyber insurance. If your organization applies for cyber insurance and you can't meet some minimum threshold that will be identified on the application, the insurer will not even offer you cyber insurance. [31:34] You need to have some cyber protections in place. That's just to procure insurance. Cyber insurance availability is growing. Your broker can bring you more insurers to quote if you can show robust safeguards. [32:05] After the breach, your insurer is supposed to step in to help you. Your insurer will be mindful of whether or not your policy application is correct and that you have all these protections in place. [32:21] The more protections you have, the quicker you might be able to shut down the breach, and the resulting damage from the breach, and that will lower the resulting cost of the claim and have less of an impact on future premiums. [32:36] If the cyber insurer just had to pay out the limits because something wasn't in place, that quote next year is not going to look so pretty. Your protections have a direct impact on both the availability and cost of coverage. [32:50] Justin mentions that the paper highlights Connecticut, Tennessee, Iowa, Ohio, Utah, and Oregon as the states with Safe Harbor laws. The Federal requirements are also listed. Katherine expects that more states will offer Safe Harbor laws as cybercrime lawsuits increase. [33:42] Hal says Oregon, Ohio, and Utah were the leaders in creating Safe Harbors. Some of the other states have followed. Safe Harbor is a statutory protection against liability claims brought by the public. [34:06] In other states, you can't point to a statute that gives protection, but you can say you complied with the highest standards in the nation, and you probably have a pretty defensible case against a claim for not having kept up with your duty to protect against a cyber attack. [34:55] Hal adds that every company is going to be sued, and the claim is that you failed to do something. If you have protected yourself with all the known best practices, as they evolve, what more is a company supposed to do? [35:18] The adversaries are nation-states; they are professional criminals, sometimes operating under the protection of nation-states, and they're using artificial intelligence to craft even more devious ways to get in. [36:19] Katherine speaks from a historical perspective. A decade ago, cyber insurance was available, but there was no appetite for it. There wasn't an understanding of the risk. [36:32] As breaches began to happen and to multiply, in large amounts of exposure, with companies looking at millions of dollars in claims, interest grew. Katherine would be surprised today if any responsible board didn't take cyber risk extremely seriously. [36:55] The board's decision now is what limits to purchase and from whom, and not, “Should we have cyber insurance at all?” Katherine doesn't think it's an issue anymore in any medium-sized company. [37:17] The risk manager should present to the board, “We benchmark. Our broker benchmarks. Companies of our size have had this type of claim, with this type of exposure, and they've purchased this amount of limits. We need to be at least in that place.” Boards will be receptive. [37:43] If they are not receptive, put on a PowerPoint with all the data that's out there about how bad the situation is. The average cost of a breach is well over $2 million. The statistics are quite alarming. A wise decision-maker will understand that you need to procure this coverage. [38:10] Katherine says, from the cybersecurity side, you procure the coverage, you protect the company, and take advantage of the Safe Harbors. All of those things come together with the preventative measures we've been talking about. [38:24] You can show your decision-makers and stakeholders that if you do all those things, comply with these Safe Harbor provisions, you're going to minimize your exposure, increase the availability of insurance, and keep your premiums down. It's a win-win package. [38:41] Justin says, It has been such a pleasure to meet you, Hal, and thank you for joining us. Katherine, it is an annual pleasure to see you. We're going to see you, most likely, at the RIM Legislative Summit, March 18th and 19th, 2026, in Washington, D.C. [39:01] Details to come, at RIMS.org/Advocacy. Katherine, you'll be there to answer questions. Katherine looks forward to the Summit. She has gone there for years. It's a great opportunity for risk managers to speak directly to decision-makers about things that are important to them. [39:42] Special thanks again to Katherine Henry and Hal Weston for joining us here today on RIMScast! Remember to download the new RIMS Legislative Review, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [39:58] We are past the 30-day mark now, so the review is publicly available through the Risk Knowledge Page of RIMS.org. You can also visit RIMS.org/Advocacy for more information. In this episode's notes, I've got links to Katherine's prior RIMScast appearances. [40:18] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [40:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [41:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [41:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [41:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [41:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [42:05] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS Professional Report: “A 2025 Cybersecurity Legal Safe Harbor Overview” RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS ERM Conference 2025 — Nov. 17‒18 RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now Cybersecurity Awareness Month World Standards Day — Oct 14, 2025 Upcoming RIMS Webinars: RIMS.org/Webinars “Jury Dynamics: How Juries Shape Today's Legal Landscape” | Oct. 16, 2025 | Sponsored by Zurich “Parametric Insurance: Providing Financial Certainty in Uncertain Times” | Oct. 30, 2025 | Sponsored by Swiss Re “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World” | Nov. 6 | Sponsored by Hub   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about Cyber and with Katherine Henry: “National Cybersecurity Awareness Month 2025 with Gwenn Cujdik” “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” “Legal and Risk Trends with Kathrine Henry (2023)”   Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company Demystifying Multinational Fronting Insurance Programs | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Katherine Henry, Partner and Chair of the Policyholder Coverage Practice, Bradley, Arant, Boult, and Cummings   Harold Weston, Clinical Associate Professor and WSIA Distinguished Chair in Risk Management and Insurance, Georgia State University College of Law Production and engineering provided by Podfly.  

Healthcare cybersecurity stands at an inflection point. Traditional compliance frameworks are proving inadequate in the face of sophisticated threats targeting patient data, clinical operations, and connected medical devices. Robert Eikel, CISO at P-n-T Data Corp., brings unique expertise from government service, financial services, and pediatric healthcare to discuss how leading organizations are evolving beyond checklist security. We'll explore the new frontlines of healthcare cyber defense—identity, integrity, and interoperability—while examining how emerging technologies like AI and quantum computing are reshaping the threat landscape.Moving from periodic compliance to continuous confidence through identity-centric, integrity-focused defense strategiesProtecting clinical workflows and patient safety while maintaining secure interoperability across healthcare ecosystemsPreparing cybersecurity programs for AI-powered threats, quantum risks, and next-generation healthcare technologiesTransforming cybersecurity governance from IT overhead to strategic business enablerRobert Eikel, Chief Information Security Officer, P-n-T Data Corp.Megan Antonelli, Founder & CEO, HealthIMPACT Live

A critical zero-day in Oracle E-Business Suite is under active exploitation.  ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. There's been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals.  A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On our Afternoon Cyber Tea segment with Microsoft's Ann Johnson, Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. Don't spend that ParkMobile settlement all in one place.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Segment Today we are highlighting Afternoon Cyber Tea with Ann Johnson. Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. You can listen to Ann and Volker's full conversation⁠ here⁠ and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability (Cyber Security News) ICE Wants to Build Out a 24/7 Social Media Surveillance Team (WIRED) Discord blames third-party support outfit for data breach (The Register) Android and Windows gamers worldwide potentially affected by bug in Unity game engine (The Record) XWorm malware resurfaces with ransomware module, over 35 plugins (Bleeping Computer) Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login (HackRead) Scanning of Palo Alto Portals Surges 500% (Infosecurity Magazine) $4.5 Million Offered in New Cloud Hacking Competition (SecurityWeek) Accenture acquires Japanese AI and DX provider, Aidemy Inc. (N2K Pro Business Briefing) ParkMobile pays... $1 each for 2021 data breach that hit 22 million (Bleeping Computer) Vote for Dave! Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our ⁠media kit⁠. Contact us at ⁠cyberwire@n2k.com⁠ to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join Amanda Garcia and Dan Wilkins, CISO for the Arizona Department of Economic Security, as they explore the intersection of AI, automation, and collaboration in public sector cybersecurity. Dan shares practical strategies for building a proactive defense, leveraging emerging tech, and fostering the partnerships essential for resilience in an evolving threat landscape.   Dan Wilkens, Chief Information Security Officer, Arizona Department of Economic Security For more great insights head to www.PublicSectorNetwork.co  

Volker Wagner, Chief Information Security Officer at BASF, joins Ann on this week's episode of Afternoon Cyber Tea to  talk shop on what it really takes to defend one of the world's largest chemical companies. From his early days in auditing to leading global cyber for high-stakes industrial and research environments, Volker shares battle-tested insights on resilience, Zero Trust, and the fundamentals that never go out of style. He dives into the hard lessons learned from ransomware, the realities of third-party risk, and how AI is reshaping everything from incident response to supply chain security. Most importantly, he makes the case for why trust, communication, and culture aren't soft skills—they're survival skills for modern CISOs.  Resources:   View Volker Wagner on LinkedIn           View Ann Johnson on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.

Higher education institutions are increasingly at risk from cyberattacks that threaten enrollment, accreditation, financial aid compliance, and reputation. In this episode of the Changing Higher Ed® podcast, Dr. Drumm McNaughton speaks with Brian Kelly, Chief Information Security Officer at Community Health Networks of Connecticut and former higher education CISO, about why cybersecurity must be treated as an enterprise risk—not just an IT issue. This conversation is especially relevant for presidents, trustees, and senior leaders who need to understand how cyber risk intersects with governance, strategic planning, crisis management, and accreditation readiness. Topics Covered: Why higher education is a prime target for cyberattacks How ransomware and data breaches disrupt core institutional functions The governance responsibilities of boards in overseeing cybersecurity Cyber implications for strategic planning and reputation management Why accreditation and compliance can be undermined by cyber breaches Protecting research and intellectual property from cyber threats Building a campus culture of shared cybersecurity responsibility The leadership succession gap in higher ed cybersecurity Core practices every institution should adopt during Cybersecurity Awareness Month Real-World Examples Discussed: United Healthcare and Social Security data compromises PowerSchool breach exposing minors to identity theft Target and Home Depot breaches as case studies in reputational damage F-35 design theft highlighting the value of intellectual property Scam examples including PayPal fraud, fake purchase confirmations, and LinkedIn phishing Leadership succession in action: Cathy Hubbs' retirement and Harry Hoffman's appointment Three Key Takeaways for Higher Ed Leadership: Plan for resilience, not just prevention—institutions must continue to operate during and after cyber incidents. Make cybersecurity a shared responsibility—leaders must ensure accountability across the campus community. Include cyber in board oversight—cyber risk is part of governance, enterprise risk management, and accreditation readiness. Read the transcript or extended show summary: https://changinghighered.com/cybersecurity-risk-management-in-higher-education/ #HigherEdCybersecurity #BoardGovernance #HigherEducationPodcast

70% of critical security debt stems from third-party code - what can be done upstream?How real-time threat intelligence and policy enforcement are closing the gapWhy DORA and modern CI/CD pipelines demand pre-emptive visibility and automation Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Paul Holland, Cyber Capability Manager, Royal Mailhttps://www.linkedin.com/in/paulinfosec/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Jean Carlos, Information Security Lead, Trade Republichttps://www.linkedin.com/in/jeanpcarlos/John Smith, CTO of EMEA, Veracodehttps://www.linkedin.com/in/jtsmith123

In this episode, Stephen Woods from the WA Department of Justice explores why cyber resilience is essential for protecting sensitive public data and services. He breaks resilience into four stages—anticipate, withstand, recover, and adapt—emphasising that cyberattacks are inevitable, but preparation and testing make the difference. From regional connectivity challenges to incident simulations like the Corporate Compromise Game, Stephen shows how planning, collaboration, and transparency strengthen response. He also highlights diversity as a superpower—with varied perspectives, cultural insights, and neurodiverse talent improving detection, decision-making, and innovation. His core message: resilience isn't just about technology, it's about people, culture, and trust. Stephen Woods, Chief Information Security Officer, Department of Justice WA   For more great insights head to www.PublicSectorNetwork.co 

The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.Learn more about Asimily: itspm.ag/asimily-104921Note: This story contains promotional content. Learn more.Guest: Shankar Somasundaram, CEO & Founder, Asimily  | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/Company Directory: https://www.itspmagazine.com/directory/asimilyResourcesLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We discuss Charlie Kirk, NATO article 4 and psyops. Tom Luongo is a former research chemist, amateur dairy goat farmer, libertarian, and economist whose work can be found on Zero Hedge and Newsmax Media. He hosts the Gold Goats ‘n Guns Podcast.LTC Steven Murray is a retired U.S. Army Lieutenant Colonel who served as an Information Warfare Officer and Cyber Defense Battalion Commander. With extensive experience in cyber operations and intelligence, he commanded units supporting the United States Pacific Command, U.S. Army Pacific Forces, and the National Security Agency. He was deployed to Iraq during Operation Enduring Freedom, earning a Bronze Star, and has held roles such as Chief Information Security Officer for a large medical company. To watch the Full Cornerstone Forum: https://open.substack.com/pub/shaunnewmanpodcastGet your voice heard: Text Shaun 587-217-8500Silver Gold Bull Links:Website: https://silvergoldbull.ca/Email: SNP@silvergoldbull.comText Grahame: (587) 441-9100Bow Valley Credit UnionBitcoin: www.bowvalleycu.com/en/personal/investing-wealth/bitcoin-gatewayEmail: welcome@BowValleycu.com Use the code “SNP” on all ordersProphet River Links:Website: store.prophetriver.com/Email: SNP@prophetriver.comExpat Money SummitWebsite: ExpatMoneySummit.com

Join us for a fascinating conversation with Zach Lewis, Chief Information Officer and Chief Information Security Officer at the University of Health Sciences and Pharmacy in St. Louis, as he reveals the surprising parallels between homesteading and cybersecurity. Discover how his experience with chickens and fences led to a philosophy of "defense in depth" that protects critical data. Zach shares his journey from individual contributor to award-winning leader, emphasizing the importance of raising your hand for new challenges and empowering your team to succeed. This episode is packed with wisdom on building trust before a crisis, navigating change, and leveraging AI for personal and professional growth. You won't want to miss his insights on what it takes to protect an organization and how he's normalizing the conversation around cybersecurity breaches in his new book, Locked Up.Guest Links:Zach's LinkedInUniversity of Health Sciences & Pharmacy St. LouisThe Homesteading CISOBook: Locked Up: Cybersecurity Threat Mitigation Lessons From a Real-World LockBit Ransomware ResponseCredits: Host: Lisa Nichols, Executive Producer: Jenny Heal, Marketing Support: Landon Burke and Joe Szynkowski, Podcast Engineer: Portside Media

In this episode of Life of a CISO, Dr. Eric Cole dives deep into simplicity, time management, and the foundations of being a world-class Chief Information Security Officer. He explains how rebooting your life and career—just like you reboot a slow computer—can help clear distractions and focus on what truly matters. Dr. Cole also shares strategies for creating a strategic cybersecurity playbook, aligning with executives, setting risk tolerance, and reclaiming wasted time. Whether you're a seasoned CISO or aspiring to lead in cybersecurity, this episode is packed with actionable advice to improve your efficiency, influence, and impact. Learn how to: Reset your priorities and eliminate inefficiencies Track your time and focus on high-value activities Develop a strategic cybersecurity playbook Communicate your vision to executives Set risk tolerance that aligns with your organization Tune in and start transforming your approach to cybersecurity and leadership today.  

In this episode, host Olivier Lafontaine speaks with Amanda Turcotte, SVP and Chief Actuary at Amalgamated Life Insurance Company, and Darwin Larrison, VP and Chief Information Security Officer at Modern Woodmen of America, about how their teams are navigating the changing landscape of artificial intelligence in life insurance. Amanda shares how her company is applying tools like Amazon Q and Intelligent Document Processing to streamline customer support and data handling. Darwin explains how governance frameworks, vendor partnerships, and licensing decisions are shaping how AI tools like Copilot are being deployed securely and responsibly. Throughout the session, Amanda and Darwin bring their unique perspectives from actuarial and security leadership to highlight what AI can realistically deliver today, and how insurers can prepare for what's ahead.   Key Takeaways: Adopting AI in insurance requires more than tools. It demands structure, governance, and cultural buy-in. Licensing strategies and vendor partnerships can quietly shape how innovation spreads inside an organization. AI can help small carriers scale smarter by turning everyday data into operational advantage.   Jump Into the Conversation: (00:00) Meet Amanda Turcotte and Darwin Larrison (02:18) Why insurance leaders are cautious with AI (06:44) Using Amazon Q to speed up service (08:11) Building a centralized CRM with AI features (11:27) Who gets access to Copilot and why (14:50) AI's role in institutional memory and training (19:00) Building a governance group for responsible AI (23:29) How to upskill non-tech employees on AI (29:17) Why transcription still faces internal resistance (38:15) What startups do differently with AI adoption (40:31) Predictions on how AI will transform insurance jobs Resources: Connect with Amanda Turcotte: https://www.linkedin.com/in/amanda-turcotte-7a436413/ Connect with Darwin Larrison: https://www.linkedin.com/in/darwinlarrison/ Check out Amalgamated Life Insurance Company: https://www.amalgamatedbenefits.com/amalgamated-life/ Check out Modern Woodmen of America: https://www.modernwoodmen.org/ Connect with Olivier: https://www.linkedin.com/in/olivierlafontaine/

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna's Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

In this solo episode of Life of a CISO, Dr. Eric Cole returns to the mic after a series of interviews to dive deep into the #1 foundational skill every Chief Information Security Officer must master—securing internet-facing servers. With the rising wave of breaches hitting not just Fortune 50 giants but small and mid-size companies, Dr. Cole walks through the exact steps you must take to go back to basics and become a world-class CISO. From identifying forgotten assets to hardening authentication and revamping your patching strategy, this episode is your blueprint to stop attacks before they start. Dr. Cole also shares real-world breach examples, discusses the risks of relying solely on IT, and explains why a functioning change control board and MFA implementation for admins are non-negotiable. 

In this inspiring episode of Life of a CISO, Dr. Eric Cole sits down with Zachary Lewis, Chief Information Security Officer at the University of Health Sciences and Pharmacy in St. Louis. With over five years in the CISO seat and a career that spans startups, coal plants, and higher education, Zach shares his unique journey from sysadmin to security leader. This episode offers a front-row seat into what it really takes to pivot into cybersecurity leadership—especially when you're coming from the IT side. Zach breaks down how to make the transition, why leadership trumps deep technical skills at the CISO level, and how to build credibility even when you don't have decades of cyber experience under your belt. But this conversation goes beyond resumes and frameworks. Zach and Dr. Cole dig deep into the realities of leading during a global crisis—Zach took his role just weeks before COVID—and how a ransomware incident became a turning point in proving the strength of his security program. For aspiring CISOs and current security leaders alike, this episode is full of wisdom on how to lead with calm, build board-level trust, and turn unexpected challenges into defining moments. Whether you're just starting out or looking to sharpen your executive edge, Zach's story is a blueprint worth studying.

This episode recorded live at the Becker's Hospital Review 15th Annual Meeting features Matt Morton, Executive Director and Chief Information Security Officer, University of Chicago. He shares how his team is securing AI tools like Phoenix AI to support clinical research, discusses the cybersecurity staffing and resource challenges faced by academic medical centers, and emphasizes the importance of adaptability in leading through rapid technological change.

This episode recorded live at the Becker's Hospital Review 15th Annual Meeting features Trevor Martin, Chief Information Security Officer, UW Health. He shares how his team is navigating AI implementation through staff literacy initiatives, advancing virtual care to improve access, and fostering a culture of flexibility and human-centered leadership.

Today's guest is Bryan Willett, Chief Information Security Officer at Lexmark, joining Emerj Senior Editor Matthew DeMello to explore how organizations can navigate the trade-offs between cloud and on-prem AI deployments—balancing speed to market, cost efficiency, and the protection of sensitive data. Bryan also emphasizes the importance of a strong governance triad—security, privacy, and AI teams working together—to ensure ethical, compliant, and effective AI adoption. From managing data surges in IoT and biometrics to creating hybrid storage strategies, he shares actionable insights for leaders in security, IT, and AI strategy. This episode is sponsored by Pure Storage. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1. Want to share your AI adoption story with executive peers? Click emerj.com/expert2 for more information and to be a potential future guest on the ‘AI in Business' podcast!

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Scott Alldridge, a nationally recognized cybersecurity leader with over 30 years of experience transforming how organizations approach digital risk and operational excellence. As CEO of IP Services, one of the industry's most trusted cybersecurity firms, Scott has guided 150+ clients across healthcare, finance, and manufacturing toward regulatory compliance and cyber resilience.Scott is the co-founder of the IT Process Institute and visionary behind the VisibleOps methodology – a revolutionary framework that has shaped global IT standards and sold over 400,000 copies worldwide. His latest work, "VisibleOps Cybersecurity," reached Amazon bestseller status and provides the definitive roadmap for integrating Zero Trust principles with business operations.Certified as Chief Information Security Officer with an MBA in Cybersecurity and Harvard certification in Technology and Privacy, Scott bridges the gap between technical complexity and executive decision-making. His proprietary Total Control System delivers measurable business outcomes for organizations seeking operational excellence.Support the show

In this episode of The New CISO, host Steve Moore speaks with Marius Poskus, Chief Information Security Officer at Glow Financial Services and creator of the Cyber Diaries podcast. Marius shares his journey from physical security into cybersecurity leadership—and how he did it without relying on traditional certifications.Marius reflects on how self-directed learning, mentorship, and a strong personal brand helped him pivot careers and thrive in the FinTech space. He explains why the security industry needs to stop glorifying certifications, how to break in through SOC roles, and what truly makes a candidate stand out in interviews. From coaching new talent to advising startups on go-to-market strategies, Marius emphasizes that attitude and aptitude matter far more than credentials.Key Topics Covered:Why Marius walked away from a career in physical security—and how that experience shaped his cyber pathThe critical difference between certification collecting and real-world skill developmentWhy most entry-level cybersecurity roles are in SOCs—and how to leverage thatHow sharing your learning journey online builds credibility and unlocks job opportunitiesThe two A's that matter most when hiring: attitude and aptitudeCommon mistakes startups make when targeting CISOs and building security toolsThe growing risks of “AI-washing” and what real AI innovation should look likeWhy mentorship only works when mentees are willing to put in the workHow to shift from security awareness “stick” tactics to culture-based collaborationWhat it means to build a personal brand that outlasts your job titleMarius' story proves that cybersecurity success doesn't come from certificates—it comes from curiosity, consistency, and community. Whether you're just starting your career or leading a security team, this episode will inspire you to focus on what really moves the needle.Marius Poskus Podcast - Cyber Diaries Podcast

Protecting against sophisticated AI-powered attacks on APIs - identifying anomalies and threatsMeeting API compliance and data protection challenges with emerging technologiesMoving towards a mature posture for API securityThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Anne Coulombe, CISO, Bleuet LLChttps://www.linkedin.com/in/annecoulombe/Menachem Perlman,  Director, Global Solutions Engineering at Akamai Technologies - API Security,  Akamaihttps://www.linkedin.com/in/menachemperlman/

Today's guest is Bryan Willett, Chief Information Security Officer. Bryan discusses how organizations can shift security from a reactive compliance task to a strategic advantage by leveraging AI partnerships and transparent communication. He explains how proactive security packages and AI-driven tools streamline vendor due diligence and RFP responses, reducing bottlenecks and improving cross-team collaboration. Bryan also emphasizes the importance of evaluating vendor development hygiene and maintaining developer awareness as key components to managing evolving AI-enabled cyber threats. This episode is sponsored by Aquant. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1. Want to share your AI adoption story with executive peers? Click emerj.com/expert2 for more information and to be a potential future guest on the ‘AI in Business' podcast!

RKON Chief Revenue Officer, Brian Jeffords, sits down with Chief Information Security Officer, Gerard Onorato, and Director of IAM & Zero Trust, Duane Clouse, to unpack how organizations are navigating the growing complexity of Identity and Access Management. Together, they explore the challenges of managing identities across hybrid environments, diverse tools, and expanding user types—while addressing mounting regulatory pressure, evolving cyber threats, and the accelerating pace of technology.

In this powerful episode, we sit down with cybersecurity executive and thought leader Tammy Klotz to explore the profound impact of compassionate leadership in high-stakes environments. Tammy shares a deeply personal story of receiving crucial support from a leader during a professional and personal crisis—a moment that shaped her own leadership philosophy and redefined how she views strength in the workplace.We discuss what it means to show vulnerability in a world that often demands perfection, and why soft skills like emotional intelligence, grace, and empathy aren't optional—they're essential. Tammy opens up about how leaders can create psychological safety, establish rituals that foster connection and trust, and give explicit permission for authenticity, rest, boundaries, and even failure.This conversation is a masterclass in human-centered leadership and a reminder that some of the most powerful things leaders can offer don't come from a playbook—they come from the heart.Topics Covered:The moment a leader's support changed everythingCreating space for vulnerability in high-performing teamsWhy emotional intelligence and empathy are critical leadership skillsBuilding team rituals that support culture and connectionThe impact of leaders giving “permission” to be humanGuest Bio:Tammy Klotz is the Chief Information Security Officer at Trinseo, a Top 100 CISO, and the author of Leading with Empathy & Grace. With over 30 years in cybersecurity leadership, she is redefining what it means to lead with both strength and soul. She holds esteemed certifications including CISM, CISSP, and CRISC, and has earned notable accolades such as the 2022 Covanta Leadership Award and recognition as a Top 100 CISO by Cyber Defense Magazine in 2023. Tammy is also the author of "Leading with Empathy & Grace: Secrets to Developing High-Performing Teams", where she shares insights on leadership, resilience, and emotional intelligence.Resources: Leading with Empathy and Grace - Tammy KlotzLeading with Empathy and Grace: Secrets to Developing High- Performing TeamsRituals Roadmap - Erica KeswinRituals Roadmap: The Human Way to Transform Everyday Routines into Workplace MagicThe Anxious Generation - Jonathan Haidt The Anxious Generation: How the Great Rewiring of Childhood Is Causing an Epidemic of Mental Illness

How are today's IT leaders adapting to the breakneck pace of AI and cybersecurity evolution? In this episode of The Professional Services Pursuit, host Banoo welcomes Taison Kearney, Chief Information Security Officer and Data Protection Officer at Kantata. With over two decades of experience, Taison shares how IT teams are shifting from traditional support roles to become strategic drivers in AI governance and cybersecurity leadership.This conversation offers a front-line view into the challenges and opportunities that come with AI adoption, from managing risk and “shadow AI” to building future-ready security teams and becoming a trusted advisor to clients.Key Topics Covered:The benefits and risks of enterprise AI adoptionHow the CISO role is expanding in the era of AIBuilding a proactive, secure, and AI-savvy IT cultureEarning client trust through strategic security partnershipThe specific risks facing professional services firms, and how data centralization helps mitigate them Hosted on Acast. See acast.com/privacy for more information.

What does it take to build a resilient cybersecurity strategy in higher education - especially with limited resources and rising threats?Tobey Coffman, Chief Information Security Officer at Ball State University, and Ron Pelletier, founder of Pondurance, share how their partnership grew from a single pen test into a fully managed, 24/7 detection and response program. Together, they break down the real-world challenges campuses face, the tipping point that led Ball State to invest in around-the-clock protection, and what makes a vendor-university relationship truly work.Whether you're just getting started or looking to deepen your institution's cybersecurity posture, this conversation delivers insight, strategy, and lessons learned from the front lines.Guests: Tobey Coffman, Executive Director of Information Security and Chief Information Security Officer, Ball State University & Ron Pelletier, Founder & Chief Customer Officer, Pondurance Host: Matt Levine, Category Marketing Manager, E&I Cooperative Services Relevant Links:E&I's Pondurance ContractCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In today's digital world, trust is everything. But what does digital trust really mean? And how do security leaders like CISOs help build it while working with privacy teams?In this insightful trailer episode of the FIT4PRIVACY Podcast, cybersecurity expert Aman Tara joins host Punit Bhatia to break down the evolving role of the Chief Information Security Officer. You'll learn how CISOs protect company data, follow privacy laws, and work closely with privacy teams to keep personal information safe and hear how regular meetings and teamwork between security and privacy experts help stop threats before they happen—especially with new technologies like artificial intelligence changing the game. If you want to understand how companies keep your data safe and build trust in a digital world, this episode is for you! This is an extract from the full episode of The FIT4PRIVACY Podcast. If you like this, you will enjoy the full episode. If this is your first time, the FIT4PRIVACY Podcast is a privacy podcast for those who care about privacy. In this podcast, you listen to and learn from the industry influencers who share their ideas. The episodes are released as audio every Wednesday and video every Thursday.  If you subscribe to our podcast, you will be notified about new episodes. If you have not done so, write a review and share it with someone who will benefit.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/aman-tara-cisa-cdpse-cfe-b6095483/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

In this episode of Life of a CISO, Dr. Eric Cole sits down with cybersecurity expert and fellow podcaster Christophe Foulon to dive deep into the evolving role of the Chief Information Security Officer. From breaking into cybersecurity to leading organizations through strategic risk decisions, Christophe shares real-world insights on how to transition from technical roles to executive leadership. They explore the challenges of balancing hands-on work with high-level strategy, how to communicate with business leaders without getting lost in technical jargon, and how to manage burnout while building organizational resilience. Christophe also tackles major topics like AI, zero trust, cyberwarfare, and BYOD policies, offering practical advice for today's and tomorrow's CISOs. If you're aiming to elevate your cybersecurity career or want to understand how top leaders think, this episode is packed with guidance, clarity, and perspective.  

This week, Steph & Ash keep the Tampa Bay Tech PoweredUp series rolling with a fun and insightful chat with Doug Fee, Chief Information Security Officer at Moffitt Cancer Center. We explore the complex tech challenges facing the healthcare world, including the vital role cybersecurity plays in protecting patients and their data. Doug also breaks […] The post Bold Moves in Healthcare Tech with Moffitt’s CISO appeared first on Radio Influence.

This week, Steph & Ash keep the Tampa Bay Tech PoweredUp series rolling with a fun and insightful chat with Doug Fee, Chief Information Security Officer at Moffitt Cancer Center. We explore the complex tech challenges facing the healthcare world, including the vital role cybersecurity plays in protecting patients and their data. Doug also breaks […] The post Bold Moves in Healthcare Tech with Moffitt's CISO appeared first on Radio Influence.

In this episode, Richard speaks to Gerald Beuchelt. He's the Chief Information Security Officer at Acronis, a company protecting millions of endpoints across 54 data centres, many of them managed by MSPs just like you. He's led security through IPOs, a $5 billion merger, and now heads up the Acronis Threat Research Unit, or TRU. And that's a team uncovering wild cyber threats that potentially pose a risk to all MSPs and their clients.Richard asks Gerald to explain the role of a CISO in his own words, how he got into cybersecurity and how his background in mathematics helps him in his work today.They explore the Acronis Threat Research Unit (TRU) and what Acronis looks like in 2025, with Gerald talking through the changes they've made. He also offers suggestions on how MSPs can deal with vendor fatigue and how bringing everything into one place makes it easier.Richard asks Gerald to explain what a cyber snake and chaosRAT are and how MSPs can support clients using older systems, as well as cyber threats to be aware of and how to educate clients on them.Gerald shares his thoughts on what a security-first MSP is, why EDR and RMM are merging and how MSPs can prepare for that and how AI use by cyber criminals is getting ever more sophisticated.He gives one practical habit MSPs can use to improve their security posture, how to get started with Acronis and make the most of its features and what's coming next for the organisation. Mentioned in This EpisodeAcronisWindows domain networks directory: Active DirectoryComputer programme: KerberosThreat knowledge base: MITRE ATT&CK Verizon breach reportCRM software: SalesforceCyber threat: Sidewinder ATPSpeaker and author: Karl PalachukDark web: Digital UndergroundMSP event: MSP GlobalCyber event: Infosec LondonCloned Richard podcast

Bob Burke is the Chief Information Security Officer at Beyond Identity, where he plays a key role in building and securing the company's identity-first access management platform. He has over 20 years of experience in cybersecurity and engineering leadership and brings deep expertise in identity, cloud infrastructure, compliance, and protecting mission-critical SaaS systems.00:00 Intro10:07 What the main threat back then?13:30 Finding a Security Architect15:24 What gaps cause MFA to go down?18:00 You don't know you've been breached22:36 Should CISOs be part of IT?30:31 Phishing Resistant Attacks33:42 Beyond Identity37:42 If your identity is compromised…41:19 Hardware supply chain47:45 More about Bob------------------------------------------------------------To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​

Bob Burke is the Chief Information Security Officer at Beyond Identity, where he plays a key role in building and securing the company's identity-first access management platform. He has over 20 years of experience in cybersecurity and engineering leadership and brings deep expertise in identity, cloud infrastructure, compliance, and protecting mission-critical SaaS systems.00:00 Intro10:07 What the main threat back then?13:30 Finding a Security Architect15:24 What gaps cause MFA to go down?18:00 You don't know you've been breached22:36 Should CISOs be part of IT?30:31 Phishing Resistant Attacks33:42 Beyond Identity37:42 If your identity is compromised…41:19 Hardware supply chain47:45 More about Bob------------------------------------------------------------To learn more about Bob visit https://www.linkedin.com/in/bob-burke-4293712/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​

Risk-based prioritising using severity scoring and patch analysisEscaping the silo trap - bridging the gap between IT and security teamsAutomate rules to handle high-severity vulnerabilities and zero-daysJonathan Craven, Host, teissTalkhttps://www.linkedin.com/in/jonathanbcraven/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Cameron Brown, Head of Cyber Threat and Risk Analytics, Ariel Rehttps://www.linkedin.com/in/analyticalcyber/York von Eichel-Streiber, Product Marketing Manager, NinjaOnehttps://www.linkedin.com/in/york-von-eichel-streiber-50552b9b

Kory Daniels, Chief Information Security Officer at Trustwave,  highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Download the transcript here

Kory Daniels, Chief Information Security Officer at Trustwave,  highlights the unique cybersecurity challenges facing the healthcare industry, particularly in this environment of funding constraints and the increasing sophistication of cyberattacks. Healthcare data is highly valuable to cybercriminals, who can use it for ransomware attacks, identity and insurance fraud, and other nefarious purposes. AI can be part of both the attack and the solution, helping to build in more cyber resilience and awareness about vulnerabilities. Kory explains, "Healthcare is a prime target for cyberattacks for a very fundamental reason. When human lives are at risk due to a criminal objective—which is to make money—they view organizations where human lives are at risk as a greater potential and opportunity. Facilitation of ransomware payments: Ransomware is one of the largest tactics that criminals use to achieve financial gain, but it's not the only tactic they use to achieve financial gain. So, they're looking to exploit the fear and uncertainty, putting patient lives at risk and adding complexity to patient care through their nefarious actions. But also, healthcare data is very attractive for cybercriminals, and just criminal activity in general. And why that is, is that criminals are looking at healthcare data even more so—it's more valuable than driver's license data." "Look at the opportunity of what you can do with healthcare records, and what can you do with PII, Personally Identifiable Information. Threat actors are tapping into this data in several different ways to achieve the additional financial gain above and beyond targeting a healthcare organization with a ransomware attack." "But they're also committing fraud, and fraud toward healthcare insurers, and looking at submitting false claims, fraud against the prescription drug industry in terms of soliciting and looking to obtain prescription drugs through nefarious means, but utilizing data and identity data that comes from hospital and healthcare records. There are a variety of different ways that we've just scratched the surface on, which make the healthcare industry such a desirable target for those seeking to achieve financial gain in the criminal industry." #Trustwave #Cybersecurity #CyberAttacks #HealthcareSecurity #HealthcareIT #CISOInsights trustwave.com Listen to the podcast here

Dr. Aleise McGowan, Chief Information Security Officer of BlackGirlsHack and a 20-year cybersecurity veteran, joins Ann on this week's episode of Afternoon Cyber Tea. Aleise shares how a career-defining hack early on shifted her trajectory from developer to defender, and why she believes the future of security lies in resilience, diversity, and human-centered leadership. She talks about what separates good and great leaders during the first hours of an incident response and why delayed action equals exponential damage. She also spotlights her work with BlackGirlsHack, a rapidly growing nonprofit that opens doors for underrepresented talent in cyber, and makes the case that building an inclusive security workforce isn't just the right thing to do, it's the smart thing to do.    Resources:   View Aleise McGowan on LinkedIn   View Ann Johnson on LinkedIn       Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.    

Are cyber threats the biggest risk to healthcare delivery? In this podcast hosted by Mark Bailes, Sentara Health Chief Information Security Officer Zishan Siddiqui will be speaking on the critical intersection of cybersecurity, product innovation, and patient safety. He shares insights on transforming cybersecurity from a cost center to a strategic business enabler, exploring how regulations and a product mindset can drive meaningful change in the healthcare industry.

In this special episode of All Quiet on the Second Front, we're bringing you a live recording from Offset 2025. Moderated by Danielle Metz, 2F Chief Policy Officer, this panel tackles a question that's easy to say but hard to operationalize: how do we actually build trust between government and industry to deliver secure, mission-ready technology? Danielle is joined by Rob Nolen, Chief Technologist for DoD at AWS, Dan Garcia, Chief Information Security Officer at EnterpriseDB, and Eric Sanders, Chief Information Security Officer at DHS (I&A) and, together, they unpack the cultural and structural baggage that slows innovation—and explore what it'll take to shift hearts, minds, and bureaucracies toward impact.What's Happening on the Second Front: Building security into systems from the start (not bolting it on later)Measuring impact through velocity, not vanity metricsRisk tolerance vs. risk avoidance in government techThe role of policy and regulation in accelerating trustWhy a shared language between builders, buyers, and approvers is mission-critical

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here. Selected Reading Google fixes high severity Chrome flaw with public exploit (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News) The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED)  German operation shuts down crypto mixer eXch, seizes millions in assets (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers (We Live Security) Google says hackers that hit UK retailers now targeting American stores (Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record) Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices