Podcasts about Chief information security officer

Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here. Afternoon Cyber Tea On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek) Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security) Pakistan's Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread) Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer) Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times) OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security) Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security) Double whammy: Steaelite RAT bundles data theft, ransomware (The Register) CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer) North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek) Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing) Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

We discuss Iran, Mexico and Alberta Independence. Tom Luongo is a former research chemist, amateur dairy goat farmer, libertarian, and economist whose work can be found on Zero Hedge and Newsmax Media. He hosts the Gold Goats ‘n Guns Podcast.LTC Steven Murray is a retired U.S. Army Lieutenant Colonel who served as an Information Warfare Officer and Cyber Defense Battalion Commander. With extensive experience in cyber operations and intelligence, he commanded units supporting the United States Pacific Command, U.S. Army Pacific Forces, and the National Security Agency. He was deployed to Iraq during Operation Enduring Freedom, earning a Bronze Star, and has held roles such as Chief Information Security Officer for a large medical company. Tickets to Cornerstone Forum 26': https://www.showpass.com/cornerstone26/Silver Gold Bull Links:Website: https://silvergoldbull.ca/Email: SNP@silvergoldbull.comText Grahame: (587) 441-9100Bow Valley Credit UnionBitcoin: www.bowvalleycu.com/en/personal/investing-wealth/bitcoin-gatewayEmail: welcome@BowValleycu.com Get your voice heard: Text Shaun 587-217-8500

Have you ever wondered why "compliance" still gets treated like a slow, spreadsheet-heavy chore, even though the rest of the business is moving at machine speed? In this episode of Tech Talks Daily, I sit down with Matt Hillary, Chief Information Security Officer at Drata, to talk about what actually changes when AI and automation land in the middle of governance, risk, and compliance. Matt brings a rare viewpoint because he lives this day-to-day as "customer zero," running Drata internally while also leading IT, security, GRC, and enterprise apps. We get practical fast. Matt shares how AI-assisted questionnaire workflows can turn a 120-question security assessment from a late-afternoon time sink into something you can complete with confidence in minutes, then still make it upstairs in time for dinner. He also explains how automation flips the audit dynamic by moving from random sampling to continuous, full-population checks, using APIs to validate evidence at scale, without hounding control owners unless something is actually wrong. We also talk about what security leadership really looks like when the stakes rise. Matt reflects on lessons from his time at AWS, why curiosity and adaptability matter when the "canvas" keeps changing, and how customer focus becomes the foundation of trust. That theme runs through the whole conversation, including the idea that the CISO role is steadily turning into a chief trust officer role, where integrity, transparency, and credibility under pressure matter as much as tooling. And because burnout is never far away in security, we dig into the human side too. Matt unpacks how automation can reduce cognitive load, but also warns about swapping one kind of pressure for another, especially when teams get trapped producing endless dashboards and vanity metrics instead of focusing on the few measures that actually reduce risk. To wrap things up, Matt leaves a song for the playlist, Illenium's "You're Alive," plus a book recommendation, "Lessons from the Front Lines, Insights from a Cybersecurity Career" by Asaf Karen, which he says stands out for how it treats the human side of security leadership. If you're thinking about modernizing compliance in 2026 without losing the human element, his parting principle is simple and powerful: be intentional, keep asking why, and spend your limited time on what truly matters. So where do you land on this shift toward continuous trust, do you see it becoming the default expectation for buyers and auditors, and what should leaders do now to make sure automation reduces pressure instead of quietly adding more? Share your thoughts with me, I'd love to hear how you're approaching it.

Ob Stromnetze, Krankenhäuser, Logistikzentren oder Rechenzentren – nahezu alle kritischen Infrastrukturen sind heute digital vernetzt und damit unmittelbar vom Internet abhängig. Cyberangriffe, Ransomware, Desinformationskampagnen oder gezielte Angriffe auf Lieferketten zeigen, dass Verwundbarkeit längst nicht mehr nur physisch, sondern vor allem digital entsteht. Mit dem KRITIS-Dachgesetz und der Umsetzung der NIS2-Richtlinie reagiert Deutschland auf diese veränderte Bedrohungslage. Ziel ist es, kritische Einrichtungen systematisch gegen Cyberangriffe, hybride Bedrohungen und systemische IT-Ausfälle abzusichern. Doch stärkt der neue Rechtsrahmen tatsächlich die Resilienz im digitalen Raum oder erhöht er vor allem die regulatorische Komplexität für Unternehmen und Behörden? In dieser Folge von „Das Ohr am Netz“ diskutieren Sidonie Krug und Sven Oswald die sicherheitspolitischen, regulatorischen und operativen Dimensionen des neuen Gesetzes. Klaus Landefeld, Vorstand bei eco – Verband der Internetwirtschaft e.V., ordnet das Gesetz ordnungspolitisch ein: Handelt es sich um einen Paradigmenwechsel oder primär um einen Ordnungsrahmen? Welche Risiken entstehen durch parallele Compliance-Strukturen mit NIS2? Und droht eine formale Pflichterfüllung statt echter Resilienz? Die operative Perspektive bringt Lisa Fröhlich, Corporate Communications bei Link11, ein. Sie analysiert die aktuelle DDoS-Bedrohungslage und erläutert, warum Webseiten längst geschäfts- und versorgungskritische Infrastruktur sind. Im Fokus stehen Prävention, Reaktionsfähigkeit und die organisatorische Verantwortung für IT-Resilienz. Die sicherheitspolitische Einordnung übernimmt Oberst Guido Schulte, Chief Information Security Officer bei der Bundeswehr. Er erklärt, welche Rolle KRITIS im Kontext gesamtstaatlicher Verteidigungsfähigkeit spielt, wie hybride Bedrohungen „unterhalb der Schwelle“ wirken und wie Bundeswehr, Wirtschaft und Behörden im Ernstfall zusammenarbeiten. Die Folge beleuchtet das Spannungsfeld zwischen Regulierung und strategischer Resilienz – und fragt, wie belastbar Deutschlands Schutzschild tatsächlich ist. --- Redaktion: Erik Jödicke, Christin Müller, Irmeline Uhlmann, Anja Wittenburg Schnitt: David Grassinger Moderation: Sidonie Krug, Sven Oswald Produktion: eco – Verband der Internetwirtschaft e.V.

What does cybersecurity really mean for today's CPA firms? In this episode, we sit down with Luke Kiely, Chief Information Security Officer at SmartVault and Chief Security Officer at ComplyWise, to explore why cybersecurity is no longer just an IT issue, but a firm-wide responsibility.Luke breaks down how most breaches still begin with a simple email and a distracted click, why busy season increases vulnerability, and the practical safeguards firms can put in place without a massive IT budget.This episode offers clear, actionable insight into protecting client data and securing the future of your firm.Resources:Luke Kiely LinkedIn ProfileSmartVaultComplyWiseFTC Safeguards Rule OverviewIRS Publication 4557 – Safeguarding Taxpayer Data

Christopher Russell, Head of Tokenization and Chief Information Security Officer at tZERO Group, sat down with me for an interview at the Halborn Access 2026 Summit at the NYSE. We discussed how tZERO is helping TradFi institutions tokenize assets on-chain.Brought to you by

Podcast: Energy TalksEpisode: #120: Use of Deception Solutions in Energy Sector CybersecurityPub date: 2026-02-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDiscover how digital twins of online infrastructure can be used to fool attackers In this episode of Energy Talks, host Simon Rommer, OT Security Consultant at OMICRON, and his guest. Christoph Kukovic, Chief Information Security Officer at Verbund AG, Austria's leading energy company and one of the largest producers of hydroelectricity in Europe, discuss the critical roles of IT and OT in power systems cybersecurity, focusing on the use of deception solutions. Deception solutions aim to create realistic online environments for attackers. The idea is to challenge them with a digital twin of the online infrastructure so that they attack the deception solution instead of the real infrastructure. Christoph shares his insights with Simon into his personal cybersecurity journey, the challenges faced in implementing innovative cybersecurity measures, and the development of his company's own deception solutions. The conversation delves into the importance of collaboration, the need for realistic simulations, the difference between honeypot and deception solutions, and testing deception solutions in real-world scenarios. Get more information about OT cybersecurity for power grids . We welcome your questions and feedback. Simply send us an email to podcast@omicronenergy.com. Please join us to listen to the next episode of Energy Talks.The podcast and artwork embedded on this page are from OMICRON electronics GmbH, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of Energy Talks, host Simon Rommer, OT Security Consultant at OMICRON, and his guest, Christoph Kukovic, Chief Information Security Officer at Verbund AG , Austria's leading energy company and one of the largest producers of hydroelectricity in Europe, discuss the critical roles of IT and OT in power systems cybersecurity, focusing on the use of deception solutions to fool attackers and protect online infrastructure.

In this episode, Greg Sieg, Chief Information Security Officer at the University of Michigan Health Regional Network, shares how his team is standardizing cybersecurity frameworks across acquisitions while balancing people, process, and technology. He discusses identity governance, machine security, M&A integration, and why culture, communication, and partnership are essential to protecting healthcare organizations as care expands beyond hospital walls.

In this episode, Greg Sieg, Chief Information Security Officer at the University of Michigan Health Regional Network, shares how his team is standardizing cybersecurity frameworks across acquisitions while balancing people, process, and technology. He discusses identity governance, machine security, M&A integration, and why culture, communication, and partnership are essential to protecting healthcare organizations as care expands beyond hospital walls.

Cybersecurity isn't an IT problem—it's a leadership problem.In this episode, Sherry Winn talks with Dean Sapp, Chief Information Security Officer at Filevine, about how small leadership oversights can lead to massive financial losses.Here are some key takeaways from this episode:The simplest protection most leaders still don't useHow AI-powered scams are fooling even smart executivesWhy processes—not panic—are the best defense against fraudThis is a real-world conversation every leader needs to hear before something goes wrong.Don't miss this episode. Tune in nowGuest: Dean SappHost: Sherry WinnSound: Mahesh R.Producer: Archita Puranik

“Cybersecurity really is just another risk. I think where we complicate it sometimes is in the language we use to talk about it.” - Steve TorinoThank you for tuning in to The CUInsight Network, with your host, Robbie Young, Vice President of Strategic Growth at CUInsight. In The CUInsight Network, we take a deeper dive with the thought leaders who support the credit union community. We discuss issues and challenges facing credit unions and identify best practices to learn and grow together.My guest on today's show is Steve Torino, Chief Information Security Officer at Synergent. Steve's path to cybersecurity was not a straight line, and he didn't grow up dreaming about credit unions or information security. What stayed constant, though, was a deep curiosity about technology and how systems work, which eventually carried him from community banking to national payment processing and ultimately to Synergent.In our conversation, we spend a lot of time talking about what effective cybersecurity governance actually looks like for credit unions and why it is so important. Steve breaks down how governance starts at the board level, how expectations flow through management, and why cybersecurity should be treated like any other form of enterprise risk. We also dig into collaboration and information sharing—one of the credit union movement's biggest strengths, and Steve points to leagues and professional groups as ways that credit unions can learn from one another.As we wrap up the episode, Steve talks about the mentor that influenced his life, how he loves traveling to Dallas, recommends a cybersecurity book that every can use, and more! Enjoy my conversation with Steve Torino!Find the full show notes on cuinsight.com.Connect with Steve:Steve Torino, Chief Information Security Officer of Synergentsynergentcorp.comSteve: LinkedInSynergent: LinkedIn | Facebook | YouTubeBook mentioned: Cybersecurity for Everyone by Cathy Olieslaeger

Manish Mehta sits down with Wayman Cummings, Chief Information Security Officer at Ochsner Health, to explore what cyber-physical security convergence really looks like in practice. Wayman shares how his unconventional path into cybersecurity shaped his leadership style and his perspective on risk in high-stakes environments like healthcare. The conversation dives into insider risk, the role of AI as augmented intelligence, and why most physical threats today begin with digital reconnaissance. Wayman also challenges the idea that convergence is a myth, offering real-world examples of how teams, technology, and trust must come together to make it work. You'll learn: Why convergence fails without people and process alignment Why AI should augment human judgment, not replace it, in security operations How leaders can build credibility, break down silos, and scale security impact in high-risk environments If you're enjoying this episode, please take a moment to rate and review the show.

Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield joins Ann on this week's episode of Afternoon Cyber Tea. In the conversation, Rob shares how his career path and personal philosophy have shaped a mission-driven approach to cybersecurity that places patient trust, safety, and privacy at the center of every decision. He discusses the unique challenges of securing a deeply interconnected healthcare ecosystem, the critical role of culture and cyber literacy across organizations, and why transparency and resilience are essential during incidents. The episode also explores secure-by-design principles, the ethical use of AI in healthcare, and how the CISO role is evolving toward a broader focus on trust, collaboration, and human impact.     Resources:  View Rob Suárez on LinkedIn    View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks            Discover and follow other Microsoft podcasts at microsoft.com/podcasts       Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  

On today's episode of Caveat, we are joined by Matt Hillary, Chief Information Security Officer at Drata, discussing how AI is reshaping the compliance landscape and what it takes to build trust at AI speed. Ben has the story of Immigration and Customs Enforcement and their extensive use of modern surveillance tools. Dave discusses the Supreme Court's taking of a case involving Facebook tracking pixels and video store rentals. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ICE Is Going on a Surveillance Shopping Spree Supreme Court to hear Facebook pixel tracking case Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the EU launching an investigation of its own into X after the platform's AI chatbot, Grok, was able to be manipulated into generating non-consensual sexualized images. Alongside the EU's investigation, X is also facing pressures from the UK, France, Indonesia, and Malaysia over this incident. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Questions to Ministers Hon CARMEL SEPULONI to the Minister for Auckland: Does he stand by his statement, "A safe, thriving central city means more foot traffic, stronger business confidence, more jobs, and more opportunities for everyone, including those currently experiencing hardship"; if not, why not? RIMA NAKHLE to the Minister of Health: What recent announcements has he made about improving access to urgent care for South and East Aucklanders? RICARDO MENÉNDEZ MARCH to the Minister for Social Development and Employment: Is the Civil Defence Payment available for people impacted by the severe weather events recognised by local states of emergency declared on 20 and 21 January 2026; if not, why not? Hon Dr AYESHA VERRALL to the Minister of Health: Does he stand by his statement that the Ministry of Health's review into the ManageMyHealth data breach will "identify lessons to strengthen protections for patient data held by the private sector"; if so, does Health New Zealand currently have a Chief Information Security Officer role dedicated to primary care? RYAN HAMILTON to the Minister for Tourism and Hospitality: What recent announcements has she made about supporting major events in New Zealand? Hon WILLOW-JEAN PRIME to the Minister of Education: Does she stand by her statement that "the numbers for the future are looking really good" in response to reports of a teacher shortage, with 445 vacancies listed in the Education Gazette at the start of the school year; if so, why? TAMATHA PAUL to the Minister of Housing: Does he support increasing housing supply to make housing more affordable; if so, why is the coalition considering weakening housing intensification laws? TIM VAN DE MOLEN to the Minister for Trade and Investment: What recent announcements has he made about strengthening New Zealand's relationship with India? Hon GINNY ANDERSEN to the Minister for Economic Growth: Does she agree with the Minister of Finance's July 2024 statement that "cost of living relief is on its way"; if so, why? Dr VANESSA WEENINK to the Minister for Mental Health: What recent announcements has he made about mental health co-response teams? MARIAMENO KAPA-KINGI to the Minister for Emergency Management and Recovery: Does he intend for the Emergency Management Bill (No 2) to establish funding to support community and marae preparedness to respond to extreme weather emergencies? SHANAN HALBERT to the Minister for Vocational Education: How many young people in New Zealand were not engaged in education, employment, or training for the September 2025 year compared to the September 2023 year?

EM Burlingame is an author, green beret, and currently is a Senior Research Fellow at the National Foundation for Integrative Medicine where he founded and leads the Jason Dawson and Stewart McGurk Brain Health Research Fellowship.LTC Steven Murray is a retired U.S. Army Lieutenant Colonel who served as an Information Warfare Officer and Cyber Defense Battalion Commander. With extensive experience in cyber operations and intelligence, he commanded units supporting the United States Pacific Command, U.S. Army Pacific Forces, and the National Security Agency. He was deployed to Iraq during Operation Enduring Freedom, earning a Bronze Star, and has held roles such as Chief Information Security Officer for a large medical company. Tickets to Cornerstone Forum 26': https://www.showpass.com/cornerstone26/Tickets to the Mashspiel:https://www.showpass.com/mashspiel/Silver Gold Bull Links:Website: https://silvergoldbull.ca/Email: SNP@silvergoldbull.comText Grahame: (587) 441-9100Bow Valley Credit UnionBitcoin: www.bowvalleycu.com/en/personal/investing-wealth/bitcoin-gatewayEmail: welcome@BowValleycu.com Prophet River Links:Website: store.prophetriver.com/Email: SNP@prophetriver.comUse the code “SNP” on all ordersGet your voice heard: Text Shaun 587-217-8500EM Burlingame is an author, green beret, and currently is a Senior Research Fellow at the National Foundation for Integrative Medicine where he founded and leads the Jason Dawson and Stewart McGurk Brain Health Research Fellowship.

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, I interview Joshua Scott, the Chief Information Security Officer at Hydrolix. We discuss the evolving role of the CISO, the importance of relationships in security, and the opportunities and risks presented by AI in the cybersecurity landscape. Joshua shared insights on prompt engineering, the future of AI in the workforce, and the need for continuous learning in the security field. Our conversation also touches on the complexities of modern security protocols and the importance of user-centric solutions. I hope you enjoy it!    

This podcast is brought to you by Outcomes Rocket, your exclusive healthcare marketing agency. Learn how to accelerate your growth by going to⁠ outcomesrocket.com AI is advancing rapidly in healthcare, but what happens behind the scenes when a system attempts to adopt it responsibly? In this episode, Anahi Santiago, Chief Information Security Officer at ChristianaCare, shares how a tech-forward health system is embracing AI across clinical workflows, operations, and cybersecurity. She explains the governance rubric they've created to assess every new use case and the challenge of keeping pace with teams eager to deploy AI without fully grasping the clinical, ethical, and operational risks. Anahi emphasizes the importance of shared risk ownership and equal voices across departments as the organization navigates the unknowns in a rapidly evolving landscape. She also reflects on how tools like Copilot boost productivity and how new guidance from the Healthcare Sector Coordinating Council will shape her next steps. If you want to hear how one of the nation's most forward-leaning CISOs is steering AI innovation with clarity and candor, tune in! Resources Connect with and follow Anahi Santiago on LinkedIn. Follow ChristianaCare on LinkedIn and visit their website!

In this episode of the Software People Stories, my guest Ben Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch. Ben shares his fascinating journey from building a web hosting business as a teenager to his current role as CTO and CISO at ProArch. Ben discusses the evolution of his career, his involvement in various projects, and the ever-changing landscape of security, especially with the advent of AI. He also provides valuable insights into how enterprises should approach security, the complexities of data localization, and the importance of a continuous security model. The conversation also delves into career advice for aspiring IT and security professionals.00:00 Introduction and Guest Welcome00:42 Early Career and Web Hosting Business02:49 Transition to Software Development03:51 Joining Advisor Group and Pro05:06 Challenges of Running a Business as a Teenager07:55 Learning and Growth in a Larger Company09:14 Becoming a CISO and Security Focus12:21 Evolving Security Landscape and AI15:01 Data Security and Insider Risk Management20:51 Zero Trust Environments and Legacy Systems23:58 Sleepless Nights and Security Concerns25:50 Balancing Innovation and Security26:11 Finding Joy in Leadership26:54 Navigating the CTO and CISO Roles28:55 Keeping Up with Technology Trends31:27 Hyper-Personalization and Security Risks36:02 The Role of Open Source in Security41:03 Career Advice for Aspiring Security Professionals45:35 The Impact of AI on Security Jobs49:11 Conclusion and Contact InformationThe timestamps are approximate, and after the intro that is about 90 seconds.For more closer timestamps, add 90 seconds to the labels aboveBen Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch, where he leads the company's cloud, security, and AI enablement strategy. With more than 20 years of experience spanning software engineering, cybersecurity, and enterprise architecture, Ben helps organizations modernize their technology foundations while navigating the evolving threat landscape.Ben's career began in hands-on development and infrastructure work, giving him a deep technical grounding that informs his leadership today. He has built and led high-performing engineering teams, guided complex cloud migrations, and designed modern security programs that balance innovation with risk management. At ProArch, he works closely with clients to architect AI-ready, scalable systems that drive business transformation.Connect with Ben: https://www.linkedin.com/in/ben-wilcox

AI agents are moving from experimental tools to everyday enterprise workflows. Reporting live from AWS re:Invent 2025 in Las Vegas for Irish Tech News, I attended a press-only briefing titled Security and the Rise of AI Agents, where senior AWS leaders Amy Herzog, Chief Information Security Officer, Hart Rossman, Vice President in the Office of the CISO, Gea Rinehouse, Vice President of Security Services and Neha Rungta, Director of Applied Science outlined how the company intends to manage this transition. AWS is pushing ahead with autonomous agents, but only within a security model built on long-standing principles: identity, governance, compliance and clear oversight. What is an AI Agent? An AI agent is a software system that uses artificial intelligence to carry out tasks autonomously in pursuit of a specific goal. Unlike chatbots that only respond to prompts, an agent can reason, plan and take action across different steps of a workflow. It can use tools such as web services or APIs, monitor its progress and adjust its approach as conditions change. Over time, it can improve its performance based on the data and experience it gathers. This distinction matters, because the rise of agents raises new questions about accountability, access, oversight and safety. Security First AWS chief executive Matt Garman shaped much of the week's discussion. Speaking about the reality facing engineering teams, he noted: "Every customer wants their products to be secure, but you have trade-offs. Where do you spend your time? Do you improve the security of existing features, or do you ship new ones?" The briefing returned to this point several times. AWS's position is that strong design-stage security reduces the tension between improvement and innovation. Agents are seen as an opportunity to reinforce security, not dilute it. AWS Security Agent One of the major announcements at re:Invent was the preview of AWS Security Agent. The tool brings several security checks forward in the development process. It reviews designs, analyses code, gathers richer signals for incident response and performs penetration testing that reflects real system behaviour rather than generic patterns. AWS Security Agent is one of the new Frontier Agents introduced at re:Invent, a family of autonomous tools designed to handle multi-step tasks across development, security and operations. Neha Rungta described the significance of this shift. She called the Security Agent "one of these frontier AI agents, a sophisticated class of AI agents that are autonomous and scalable and can work for long periods without human intervention. Security doesn't have to be an afterthought." She added that AWS is expanding its proof-based assurance tools so teams can understand correctness without being specialists in system logic. The broader point is that verification needs to be continuous, not episodic. Guardrails for Autonomy The panel stressed that agents must operate within strict boundaries. Updated policy controls in Amazon Bedrock AgentCore allow organisations to specify what an agent can do, which systems it can reach and how its actions are logged and reviewed. Hart Rossman remarked that each major technology shift has increased the demands placed on security teams. With agents running for extended periods and across more systems, the real pressure points now are scale and speed. Guardrails are essential. The Sandbox Approach A theme repeated throughout the session was the use of sandbox environments. AWS encouraged organisations to test new agents in isolation before considering production use. This allows teams to observe long-running behaviour, confirm access paths, check escalation rules and understand how an agent reacts under different conditions. The sandbox was presented as a practical way to build confidence gradually rather than relying on assumptions. Inside the Press Briefing Questions focused on monitoring autonomy, preventing agents from widening their scope...

AI agents are moving fast, and security teams are scrambling to keep up.Join us as Heather Ceylan, SVP & Chief Information Security Officer at Box, who has spent the last several years leading security teams through rapid change from the explosive growth years at Zoom to her current work shaping Box's AI posture.Heather shares what it actually feels like to run security at a time when agents can be created in minutes, permissions matter more than ever, and governance committees are struggling to keep pace. She explains why treating agents as identities fundamentally changes the model, how MCP servers introduce new exposure points, and why her team is embedding AI directly into SOC work, design reviews, and vulnerability remediation.It's a grounded look at how a CISO makes sense of AI while everything around the role continues to shift.In this episode, you'll learn:Why agents need their own identities and permissions rather than inheriting access from the people who create themHow SOC teams can shift from constant alert triage to real threat hunting with the help of AI agentsHow AI can speed up vulnerability remediation by creating pull requests that engineers only need to review and mergeThings to listen for: (00:00) Meet Heather Ceylan(00:58) Career path from healthcare to Zoom to Box(03:58) Risks of AI agents accessing unstructured content(05:18) Why agent identity and permissions are the new priority(06:50) The challenge of discovering and governing ephemeral agents(08:16) How sandboxes and policies support safe experimentation(09:20) AI governance gaps and the need for dedicated ownership(13:10) Defining AI governance across technical and legal domains(16:17) The rise of MCP servers and new exposure points(18:05) Four AI bets transforming Box's SOC and security workflows(23:31) KPIs and measuring AI's impact on security teams(25:27) Resource trade-offs when adopting AI in security(27:58) Managing the complexity of model selection and trust(29:58) Should companies form dedicated AI security teams?

Scammers don't take the holidays off — and neither should your online security. In this eye-opening interview, host Mark Alyn speaks with Jeff Lunglhofer, Chief Information Security Officer at Coinbase, about the rising wave of online scams targeting consumers right now. From fake investments and crypto fraud to social media and dating app scams, Jeff reveals the biggest red flags to watch for, how scammers manipulate urgency and secrecy, and what powerful new tools are being used to stop fraud in real time. He also discusses the Tech Against Scams Coalition — a major cross-industry effort featuring Coinbase, Meta, and Match Group — and their innovative Scamberry Pie Pop-Up campaign designed to educate consumers in a fun, unforgettable way. If you've ever received a suspicious message, investment pitch, or “too good to be true” offer — this interview could save you from becoming the next victim.#ScamAwareness #CyberSecurity #OnlineSafety #CryptoScams #HolidayScams #Coinbase #TechAgainstScams #DigitalFraud #ConsumerAlert #MarkAlynBecome a supporter of this podcast: https://www.spreaker.com/podcast/late-night-health-radio--2804369/support.

Scammers don't take the holidays off — and neither should your online security. In this eye-opening interview, host Mark Alyn speaks with Jeff Lunglhofer, Chief Information Security Officer at Coinbase, about the rising wave of online scams targeting consumers right now. From fake investments and crypto fraud to social media and dating app scams, Jeff reveals the biggest red flags to watch for, how scammers manipulate urgency and secrecy, and what powerful new tools are being used to stop fraud in real time. He also discusses the Tech Against Scams Coalition — a major cross-industry effort featuring Coinbase, Meta, and Match Group — and their innovative Scamberry Pie Pop-Up campaign designed to educate consumers in a fun, unforgettable way. If you've ever received a suspicious message, investment pitch, or “too good to be true” offer — this interview could save you from becoming the next victim.#ScamAwareness #CyberSecurity #OnlineSafety #CryptoScams #HolidayScams #Coinbase #TechAgainstScams #DigitalFraud #ConsumerAlert #MarkAlynBecome a supporter of this podcast: https://www.spreaker.com/podcast/late-night-health-radio--2804369/support.

In this episode of The New CISO, host Steve Moore speaks with Iain Paterson, Chief Information Security Officer at Well Health Technologies, about his unconventional path into cybersecurity and the lessons learned from building programs across industries—from banking and healthcare to breach response and beyond.From skipping college to take an eight-month technical boot camp to leading enterprise security programs, Iain shares how curiosity, hands-on experience, and communication skills shaped his journey. He opens up about the realities of hiring in cybersecurity, why foundational IT work still matters, and how soft skills like empathy and composure are essential for effective leadership. Iain also reflects on leading through high-stress incidents, including the Ashley Madison breach, and explains why staying calm, communicating clearly, and maintaining emotional intelligence define the “new CISO.”Key Topics Covered:A nontraditional start: skipping college for certifications and hands-on learningWhy technical foundations—servers, networks, and support—still matterThe problem with “boilerplate” resumes and lack of real-world experienceWhy soft skills are a security superpower: communication, patience, and empathyTransitioning from technician to business enabler in cybersecurityHow early help desk experience builds composure and problem-solving abilityLessons from running vulnerability management in large-scale bankingLearning resilience and resourcefulness as a one-person security team in healthcareBehind the scenes of the Ashley Madison breach: stress, responsibility, and empathyWhy composure, calm communication, and credibility matter in crisis responseThe leadership evolution from technical expert to executive decision-makerBuilding peer networks and finding mentorship to combat isolation as a CISOIain's story highlights how real experience, emotional intelligence, and community support transform good technologists into exceptional leaders. His insights remind us that cybersecurity isn't just about defense—it's about communication, composure, and connection.

In this episode of What The Tech, Becky Cross, Vice President of Client Partnerships at FIT, talks through top IT resolutions for 2026 with Jason Collins, Chief Information Security Officer, and Fred Franks, Chief Strategy Officer. They discuss the importance of adopting new technologies like AI to improve efficiency and cybersecurity, the need for thorough planning before implementation, and strategies to manage the balance between innovation and risk. The conversation also covers how businesses can leverage crowd-sourcing from employees for better AI integration and the significance of enhancing existing tools to avoid the 'bright shiny object syndrome.' Tune in to learn practical insights and tips to set strong IT resolutions for the new year.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

Host Emily Wearmouth is joined by Netskope's Chief Digital and Information Officer, Mike Anderson, and Chief Information Security Officer, James Robinson, to discuss the evolving, and often conflicting, mandates of CIOs and CISOs concerning AI adoption. They dive into how to identify high-impact AI projects, the security challenge of shadow AI, and the need for new security models, like Model Context Protocol (MCP), to manage agent-to-agent communication. Additionally, learn about the internal initiatives Mike and James help to drive, such as the "Promptathon" and "AI Ambassador" program, designed to bridge the gap between innovation and security, and get their top tips for both disrupting and defending your organization in the age of generative AI.

Steven Ramirez, Chief Information Security Officer at Renown Health, shares insights on improving the end-user experience through continuous adjustments and support. He emphasizes the importance of clearly articulating risk to drive strategic investments and ensuring those investments deliver value. Ramirez also discusses his proactive approach to setting himself up for long-term success in the evolving healthcare landscape.

Campbell's soup is in hot water over what Campbell's Vice President and Chief Information Security Officer, Martin Bally, was recorded saying: “We have s**t for f***king poor people. Who buys our s**t? I don't buy f**king Campbell's products barely anymore. It's not healthy now that I know what the f**k's in it. Even in a can of soup, I look at it…'bioengineered meat.'”... “I don't wanna eat a f**king, a piece of chicken that came from a 3D printer. Do you?”Campbell's responded by saying: "We are proud of the food we make, the people who make it and the high-quality ingredients we use. The comments on the recording are not only inaccurate – they are patently absurd. Keep in mind, the alleged comments are made by an IT person, who has nothing to do with how we make our food. If the recording is legitimate, the comments are unacceptable. They do not reflect our values and the culture of our company... The chicken meat used in our soups comes from long-trusted, USDA-approved US suppliers and meets our high quality standards. All of our soups are made with No Antibiotics Ever chicken meat, meaning we don't allow antibiotics to be added to the feed, water, or any commercial vaccines used by our chicken suppliers."But there are some problems here. Campbell's admits on their website that most of their base ingredients are GMO, which are not "high quality" and only imply that more expensive ingredients like meat are very likely to be "bioengineered." Their misleading comments and lies are just reason alone to boycott the company entirely, especially for thanksgiving. *The is the FREE archive, which includes advertisements. If you want an ad-free experience, you can subscribe below underneath the show description.WEBSITEFREE ARCHIVE (w. ads)SUBSCRIPTION ARCHIVE-X / TWITTERFACEBOOKINSTAGRAMYOUTUBERUMBLE-BUY ME A COFFEECashApp: $rdgable PAYPAL: rdgable1991@gmail.comRyan's Books: https://thesecretteachings.info - EMAIL: rdgable@yahoo.com / rdgable1991@gmail.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-secret-teachings--5328407/support.

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

Garrett Schumacher is Business Unit Director of Product Security at Velentium Medical and the co-founder and CTO of GeneInfoSec. Garrett discusses his journey from medical student to cybersecurity expert and educator, dedicating his career to securing medical devices. He shares insights on the intersection of cybersecurity and healthcare, highlighting the challenges of protecting genetic data. Garrett gives honest advice about navigating cybersecurity and data privacy concerns, how to be a good leader, and what medtech startups should consider as they design and develop their devices.    Guest links: https://velentiummedical.com/ | https://www.geneinfosec.com/  Charity supported: Save the Children Interested in being a guest on the show or have feedback to share? Email us at theleadingdifference@velentium.com.  PRODUCTION CREDITS Host & Editor: Lindsey Dinneen Producer: Velentium Medical   EPISODE TRANSCRIPT Episode 068 - Garrett Schumacher [00:00:00] Lindsey Dinneen: Hi, I'm Lindsey and I'm talking with MedTech industry leaders on how they change lives for a better world. [00:00:09] Diane Bouis: The inventions and technologies are fascinating and so are the people who work with them. [00:00:15] Frank Jaskulke: There was a period of time where I realized, fundamentally, my job was to go hang out with really smart people that are saving lives and then do work that would help them save more lives. [00:00:28] Diane Bouis: I got into the business to save lives and it is incredibly motivating to work with people who are in that same business, saving or improving lives. [00:00:38] Duane Mancini: What better industry than where I get to wake up every day and just save people's lives. [00:00:42] Lindsey Dinneen: These are extraordinary people doing extraordinary work, and this is The Leading Difference. Hello and welcome back to another episode of the Leading Difference Podcast. I'm your host, Lindsey, and today I am excited to introduce you to my guest, Garrett Schumacher. Garrett is the Business Unit Director of Product Security at Velentium Medical, where he has led the cybersecurity efforts on 200 plus medical device products and systems. He is the co-founder and CTO of GeneInfoSec, a startup focused on securing the world's most valuable and private data, our genetic information. In his work, Garrett has trained engineers, developers, manufacturers, healthcare delivery organizations, and laboratories across the globe in cybersecurity, and is an active member of several related industry working groups. He also teaches secure product development and medical device cybersecurity at the graduate level for the University of Colorado Boulder's Department of Computer Science as an adjunct professor in the little bit of time left in his days, Garrett is either rock climbing or spending time with family. Thank you so much for being here, Garrett. I'm so excited to speak with you today. [00:01:48] Garrett Schumacher: Yeah. Thank you for having me. [00:01:49] Lindsey Dinneen: Of course. Well, I'd love, if you wouldn't mind, by starting out and sharing a little bit about yourself and your background and what led you to medtech. [00:01:59] Garrett Schumacher: Yeah. So I guess my background, I mean, it started as I always thought I was gonna be a doctor. I did my undergrad in physiology, thought I was gonna do med school, the whole nine yards. And towards the end of my, let's say junior year, just started being like, "I don't think this is what I want to do." I always had a fascination with tech. I was really involved with a lot of the tech groups on campus at the University of Colorado Boulder, early days of Hack CU, one of the largest collegiate hackathons. And I really regretted not doing a computer science degree, but I was three quarters of the way done. So sometimes you just gotta finish it up, right? Get the degree, find out what's next. After that I went and did a master's in genetics. I wasn't sure exactly what I wanted to do either yet, but hey, a master's degree is not a bad thing to do if you're unsure. And actually I was in a PhD program and dropped out early with a master's. Different story. But yeah. And then I started I helped the University of Colorado Boulder start their cybersecurity programs. So it was getting into the cyber world. I did a, I guess it was a bootcamp, at the University of Denver in cybersecurity. And so that all culminated in me always focusing on healthcare and cybersecurity together. And then COVID happened and that made the world change for a lot of people. And basically I was looking for a new job and I found Velentium, and I think that's where it really spoke to me, where I could do my love of medical and human health with cybersecurity and technology development. And so yeah, I think that's really how I got into it. I had been doing projects related to that before, but Velentium's where it really culminated and I found a place that let me do all the things I love, not just one or the other. [00:03:39] Lindsey Dinneen: That's awesome and such a wonderful gift. So can you share a little bit about what you do now and sort of your growth trajectory even throughout Velentium 'cause I know you've had quite an interesting and exciting career through the company as well. [00:03:56] Garrett Schumacher: Yeah. Yeah. So I started out as a cybersecurity engineer, and just started helping internal projects, external projects with groups that were seeking FDA approval on a medical device and trying to navigate these kind of new cybersecurity requirements. That's where it started. And even since then I've been, so I teach a class at the University of Colorado Boulder on Medical Device Cybersecurity. We're going into our sixth year of that, seventh semester, starting here in the fall. And I also co-founded a startup in the genetic information security space. So, and we can talk about that later. And so I, yeah, talk about what I do. It's all of those things and, it's not, doesn't happen in 40 hours, I promise you that. But after working as a cyber engineer for about a year, I think I got promoted to like Senior Staff Cybersecurity Engineer. Then probably three years ago, I took over more of an operational leadership role within the unit, the team, where I was doing project management and overseeing the other engineers and still doing engineering work. Definitely decided project management is not for the faint of heart and apparently my heart's very faint. It's not for me. So anyways, and then fast forward to just here in like January, February, Velentium made some really awesome changes. They rebranded as Velentium Medical to make sure everyone knew we do medical. And then they created four business units so that they could really say, "Look, we have different core areas of our business. Each of them have their own different operational needs and what have you." So, I was promoted into Business Unit Director of Product Security. And so now we're a business unit. We're a business within a business trying to better serve our clients and implement the processes we need for our small scope of work compared to a large contract development and manufacturing organization. So just that's been my growth goal so far is, come in as an engineer, work my way up to the leadership roles while also still loving to be an educator and and still having my own startup space in the biotech side of the house. [00:05:58] Lindsey Dinneen: Yeah. Excellent. Well, first of all, congratulations on all of that. That is very exciting and it's really fun to see that growth and that development. And I'm also so curious now, can we talk a little bit about your startup? So first of all, let's talk about that and then I wanna talk about the crossover between the two, if that's okay. So. [00:06:16] Garrett Schumacher: Absolutely. Yeah. So, well the name is GeneInfoSec, so it's just short for genetic information security. We're not trying to hide anything there. We focus on protecting the world's most sensitive data. At least that's our opinion is genetic information affects you. And the data you have today is not gonna be any different, for the most part, from the data that you have in, 10, 20, 40 years. But then even beyond that it's partially your children's data, your grandchildren, great-grandchildren, and then even on the, in the inverse, all the way up to your great-great-grandparents, right? You share some, to an extent, some genetic makeup with them. And so it's this really interesting space where networked privacy is-- it's a very different form of networked privacy. It's not just that I upload a photo to LinkedIn and now I could be implicating someone else that's in the photo. It's, I share my info, and I'm also sharing info that belongs to my cousins in, in, in a sense. And so if you think of the Golden State Killer case in California, that was a really interesting one where the federal authorities had genetic information or samples from a cold case in the eighties. And they sequenced that. They uploaded it to a third party, an open public genetic database, and said, "Hey, here's my data. Who am I related to?" And through that they were able to triangulate like, "Okay here it is. This is the guy that did it" many years later. So, there's a case where it's, there could be positives. We want to use it to find that kind of information and protect people. But at the same time, that brings up a lot of privacy implications. And then you can go all the way to the extreme, the sci-fi of designer bio weapons, maybe tailored to certain persons or ethnicities or groups of people. So during grad school, a couple guys and I, we founded this startup, and that's what we focus on through a technology that really our founder, Dr. Sterling Sawaya, he invented, called molecular encryption. It's a way of encrypting molecules before we generate data from them so that the generated genetic data is already, quote unquote encrypted, or at least protected in some manner. So, so that's what we do. And yeah, I guess why we do it a bit. [00:08:27] Lindsey Dinneen: Yeah. Wow. So, okay, so that brings up a really interesting question. I can guess the answer to this, but is there any safe way to-- this is a funny way to put it-- but recreationally to test your genetic data in the sense of the way that a lot of us would think about it in terms of, "Oh, I'd really love to learn more about my ancestors and things like that." But there are so many security concerns, like you've pointed out. So is there any quote unquote, safe way to do so at this time? [00:08:58] Garrett Schumacher: You know that-- it's a great question. There's been a lot of things going on in the news recently, like with, I'm sure people have heard of 23 & Me, and how they went bankrupt and now a company called Regeneron is buying them and all their assets for a lot of money, but not that much compared to what 23 & Me was worth a few years ago. So that brings up a lot of issues, right? 23 & Me still owns a lot of samples, like maybe around 10 million samples. And the sequencing they've been doing is very small. So if your genome's a whole book, they've been kind of flipping through the pages and picking specific letters, and that's the data they have. So that's not the most sensitive, it's not the full story. But if you have the samples, you can always generate the full book someday. And as that cost of full human genome sequencing decreases rapidly, someone's probably gonna want to do that someday. So, okay, so back to your question though, is there a safe way? What I would say is that I, I don't tell people not to do it. I would say if you have health reasons, concerns, and your doctor suggests a genetic test, a lot of those tests are also that similar, picking a few letters, a few known letters and trying to just read that for a very specific purpose. If your doctor and you come to the agreement that you should do that, you should just do that. However, I do not promote, and even to my family members, I highly don't recommend, using these services. I used to really love who's that group out of Utah? Ancestry.com. They used to be a great group. They were trying to sequence the world's DNA for understanding basically the family tree of everyone. Because anyways, they have interest in understanding who's related to who and how that relates to their religion. So they used to do it for internal purposes, keep it on pretty tight, secure. Well then, they sold to a venture capital group. So, it's really tough to say that there's these groups that there's a good place out there to do it. There are some companies that have security or privacy focused DNA sequencing services. But it's really odd, like you have to set up a cryptocurrency account, pay with cryptocurrency, set up a PO box so that you're not like actually shipping to and from your home. And then ultimately the price of it and how they're getting it to be cost effective is China's doing the sequencing. So you do all those privacy measures and your sample gets sent off to another country. And the FBI has disclosed that they know that when certain countries like that are doing the sequencing, whether you want them to do a little tiny test, like a COVID test or whatever it is, they're sequencing the whole thing. They're keeping the data. This is known, disclosed, not conjecture. So, yeah, so sorry-- long-winded answer of saying, I'm interested too, I wanna learn about this. I've got family members that have done it. But right now I recommend just thinking very carefully and critically about whether the immediate fun of it is worth the potential long-term impacts, and maybe if you're someone that's security or privacy conscious, maybe wait a few years because there are some things on the horizon that will make this a lot better. [00:12:02] Lindsey Dinneen: All right! Thank you for the honest answer. I really appreciate it. So, okay, I wanna go back to your work with Velentium specifically and talk about-- you've gotten to work with so many different clients over the years and you've seen so many different variations on a theme. And I'm curious, what are some of the common mistakes or pitfalls you might see a younger startup make when they are perhaps first designing their device, and cybersecurity is maybe not quite top of mind. So what are some of the things that you see that are challenges we can overcome? [00:12:41] Garrett Schumacher: Yeah I think one of the biggest challenges is that a lot of people aren't maybe aware yet of the scrutiny and the requirements that the FDA-- and not just FDA, but the European union's medical device regulations and the bodies over there that review submissions. And any, if you look across the board, pretty much almost every regulatory market has, very much in the last couple years, placed a lot of scrutiny on cybersecurity. So a lot of companies, especially smaller ones starting out in the space, may not be aware of this. And so then oftentimes they'll find out too late, they'll submit. They'll get feedback back, "Oh no, we have 90 days to respond and we didn't do cyber. We gotta do cyber now." And they don't know how to spell it yet, which is a joke. But there's that. And then there's also, or they'll get in just late at the game, "Hey, we're submitting in a month or three" and "Oh, we gotta do this thing retroactively." And so then therefore, we haven't been able to support someone through the full process, at the proper time, doing the right design things to inform the design during the design, not after. So I think that's probably the biggest mistake is not seeking that external support early and often. And if you're getting that, it shouldn't just be someone that can help you navigate the regulatory space. It shouldn't be someone that can just do the pen testing for you at the end. Really I think in that context, you need a partner that can do everything end to end. So that's what we've really tried to make our processes and our services geared towards is being that partner. And whether you have the bandwidth and you will do a lot of the documentation and work, but you just need someone to guide you, consult you, give you the materials to do so, or if you are truly looking for, no, we need to augment our own team and have you do a lot more of the work for us. That's great. We can do that. So, so that's, I think, the biggest challenge. And I think that the answer is just getting the right partner early and working with them often throughout that entire development, not at the end. [00:14:37] Lindsey Dinneen: Yeah, absolutely. And I really appreciate that perspective. I think that there's a lot more awareness, it seems like even in the industry that, "Oh, cybersecurity is a thing now." But as you said, getting to partner with somebody who does know the ins and outs from the start and can really help guide you through is really critical. Now you do quite a bit of speaking and presenting. You're obviously still teaching a college class and all of those wonderful things. I'm curious how that has played into your career as well, and is that something that you will always want to do? You've got this educator side of you as well. [00:15:13] Garrett Schumacher: Yeah, I mean, I love it. I actually taught at a high school for one year between my master's program and my undergraduate, decided that that's not for me, but that teaching at those higher levels where people are really wanting to be in the room. So now I teach at the graduate level, half of the students will be older than me. And now everybody wants to be there and we can have very mature conversations and they even can challenge me with some really great questions that I'm not ready for, right? And I think the best way to learn is to teach. Absolutely. That's, yeah. I think a lot of people have said that. I completely agree. So I plan to always do that. I mean, I love, even with our internal engineers and external clients, like the idea of helping people understand something and humanizing it for 'em. That's really my big flag I'm waving right now is humanizing it. We don't have to use alphabet soups and crazy language. We can make it easy to understand and we can humanize it for the masses. So that's really what I'm trying to do, one of my big pushes. And so I don't foresee myself ever going away from that, I even do a lot of international training on the cyber biosecurity space where I go to all these countries and these biosafety laboratories and help biologists understand cybersecurity as a fundamental practice and how they can improve their personal security, their professional security. And to me that's the most rewarding thing. [00:16:36] Lindsey Dinneen: Yeah. Oh my goodness. That's so cool. Thank you for sharing about that. So, as you are looking towards the future in the industry itself, but also I suppose your own career, what are some things that you're excited about? What are some trends that you see as being positive? I know that, recently, it's been a little bit challenging-- as a nice word-- for a lot of medical device companies and they're a little worried about funding and those kinds of things, and so, that's maybe a trend that's a little not as fun, but what are the things that are empowering and exciting to you as we move forward? [00:17:13] Garrett Schumacher: So not to make it about artificial intelligence or machine learning, 'cause everybody does. It's definitely, its hype curve. But that is actually one of the things that I think I'm most excited about, but also most scared about. We've seen a lot of companies with layoffs because they believe this artificial intelligence enables them to be more efficient and therefore they can do more with fewer people. And that saves money. And I understand that. I think that one of my big pushes right now is trying to help people understand that AI, at least right now, it's not taking over human jobs-- that it can instead augment, improve how we do those jobs. But people have to be ready for it. So even in, in my own space, like, making sure that our team and our people are ready for that. Because if you aren't getting into that space, if you aren't with the curve, then you're gonna fall behind. And yes, you could be replaced in that sense that someone has done it and so now they're doing it better than you. And so if you're not using these tools, these resources to, to improve your efficiency and to just maximize your capability-- like for example, my team, maybe I don't need to hire a person. Maybe we can build out things that enable us to, with the same amount of people, to better serve more clientele. So that's what I'm really trying to navigate. But it is scary thinking about that future and am I even gonna be ready and technically savvy enough to navigate that new future in the next year, in the next five, 10 years. And especially as someone who I've always had this, this goal of maybe someday, and I'm getting talked out of it very quickly, but maybe like being a Chief Information Security Officer at a large company or a Chief Product Security Officer, something like that. And yeah, quickly, I'm-- "Eh, we'll see." But it's those kind of things that, if we can navigate them correctly, may maybe that is something in my future. So that's, I think, one of my big fears and also passion projects right now. And then also, same on that funding vein-- with my startup, we're experiencing that as well. And we actually, we had a lot of funding potential pre COVID. And then even though our technology-- like in some ways COVID brought the need for our technology to the forefront of people's minds-- it also killed a lot of funding opportunity. And so yeah, I mean, navigating that space of how do you get funding and then does it come from venture capital backed or equity, private equity, and I've seen those worlds. I even advise startups. So I mean, that is also probably one of the biggest challenges I'm facing currently as well. [00:19:41] Lindsey Dinneen: Yeah. Yeah. It's gonna be really interesting to see how things evolve, and it's been fascinating to read the news and see even the headlines where it's like, the FDA is using AI to review submissions and all sorts of things, and you really do wonder how we'll move forward and time will tell, I suppose. [00:20:01] Garrett Schumacher: Yeah. [00:20:02] Lindsey Dinneen: So you have stepped into quite a number of leadership roles fairly young in your career, if you don't mind me just saying so, and so I'm curious how you have navigated that growth for yourself. First of all, do you feel like you were a natural leader or were those skills things you developed along the way? And secondly, what advice might you have for younger leaders? [00:20:27] Garrett Schumacher: Great questions. Yeah, definitely nothing is natural about it. I think for anyone, I mean, it's nothing that you just do and you're just like, "Yep, I'm a leader. That's easy." So it definitely something, just like all aspects of work and maturity, is you have to work on it. But I think how I got there was-- and someone told me a couple tips early in my career, I suppose-- and it was a couple are: find a mentor, and as the mentee you have to put in the effort. If you set up meetings and they're not there, whatever, like they're busy, and you are asking them to give their time for you. So, find mentors and then be a good mentee, meet up with them. I had several people that were critical in my early career. One was Bunky Davis and she was amazing. She was no longer with us, but her and I grabbed coffee every single month. She had navigated biotech startups for like 50 years, was also just a phenomenal cyclist, Olympian, like just amazing. And we'd meet up every month for coffee without missing. And we did that for several years. And, and I had another mentor from the University of Colorado Boulder, Lloyd Thrall, who came from the Department of Defense, and just a spectacular, stellar guy, and we would go meet up all the time. And so learning from these people I think I saw-- well, there's that. And then everybody has their bosses and their horror stories from work, whether that's a high school job or professional later on. And so you see the ways that people can be, you don't want to be. And so that, that makes it easy. But without having those mentors, yeah, I don't know if I would've exposed myself to the good ways, right, and the better ways, and be challenged. So that was really critical was finding a good mentor and then being a good mentee. And then I think the other thing is interacting with people and just listening, active listening. So going to the professional shows and meeting people, listening to them, reading a lot of great books out there on how to be a leader, and you don't take all that exactly word for word, but there are golden little nuggets that you can just pick up out of all those things. So, no, definitely something that I have actively worked on and still am trying to work on. And then I'm constantly trying to listen and being that, have that open door policy for my people too. Because if I hire really smart people, I want them to do the thinking and therefore I need to listen. [00:22:44] Lindsey Dinneen: There you go. I love it. All right, so. You've had a really interesting and exciting career so far, and you're obviously very passionate about medtech and cybersecurity and biotech and all those things, and I'm wondering if along the way there are any moments that really stand out to you as affirming, "Wow, I am in the right place at the right time." [00:23:09] Garrett Schumacher: Yeah. Yeah. One was we had a really special project where and I won't give any names away, but basically my stepmother has an implant inside of her and it's it's not life sustaining, but it's one that you want working just so that your body's working normally, and so that you're not, not embarrassed. You can go into public spaces and be a normal person, right? And whether it's pain management, incontinence, those kind of things. So she had this implant and it was, she had one that came from the leading provider of that at the time. And it, the battery life, right, is supposed to last like 10 or 15 years, and it seemed like pretty much seven or eight was all she was getting out of it. And after decades of having far more surgeries than she needed, all the way up to the very last device she got in her-- it failed within the first year, I think-- so it was like, okay, time to pivot. And we found this new company and they've become a huge leader in the space, recently acquired by another one of the big leaders in medtech in general. And we were hired to do the security work for that project. And the only reason that I actually found out-- because my stepmother was literally like in the process of getting this new device inside of her-- I was at that client's facility doing a pen testing and security testing engagement and some consulting and just visiting them. And I FaceTimed my family in the break room and there was a sign behind me and they're like, "Oh my gosh. We're literally, we just got that implanted in your stepmother like, a couple weeks ago. It's working great. She's so happy with it. It's smaller, it works better, all these things." And it's like, "Wow." So I got to lead the security effort and what they're actually doing is adding remote programming capabilities so a doctor can, over the phone, be improving that therapy for you. But that leads to a lot of cybersecurity implications, right? That kind of connectivity. And so I gotta lead the security work on that for something that is in a near and dear, your family member. And it's those kind of things where it's not, you're not just helping patients. It's, I'm helping someone that I care very deeply about. And it hits home differently when it's not just, "Oh, I want this device to be secure. I want them to get FDA clearance. I want whatever." It's, "No, I need now, I need for my own family member for it to be the best." And it's not that project got special scrutiny from us-- we bring that to every project-- but it helps to have the actual experience of one of those projects. [00:25:33] Lindsey Dinneen: Yeah. And to have that real-- well, you were mentioning it-- not just patients that I kept thinking, "Yeah. Not just patients, people," and the idea of it's sometimes probably necessary honestly, to have a little bit of separation from a clinical point of, "I'm helping all of these patients, and that's a really good thing." But then if you could take a step back and go, "And these patients are human beings that rely on what I'm doing for safety and for security and for this lifesaving, life enhancing device." That's-- what a gift to get to experience something like that. [00:26:04] Garrett Schumacher: It is, it's especially like, if you work in the diabetes-- we've had several projects with insulin pumps-- and insulin's a drug that is, highly toxic if given in the wrong dosage. 99% of the world population would die if it's in the wrong dosage if it's too high. And the only reason the other 1% exist is 'cause they're insulin intolerant. They just, they don't respond to insulin and that's why they have their own type of diabetic issues. And I've got several cousins, a brother-in-law, that also use that stuff every day, rely on those kind of technologies. So, yeah, just it's a little bit more special when it's when you get to do that. But we try to do that for everyone. We try to think of everyone's that person that we're trying to help. [00:26:42] Lindsey Dinneen: Yeah, absolutely. All right. Well, this has been so great, but pivoting the conversation a little bit, just for fun. Imagine that you were to be offered a million dollars to teach a masterclass on anything you want. What would you choose to teach and why? [00:26:59] Garrett Schumacher: Ooh. Well, yeah, first of all, a million dollars for-- I feel like I, I'd have to go with something like that I know deeply, very deeply on. But okay, if I wanna have some fun here, I would say rock climbing, because rock climbing is my other big passion. It's the one thing that takes me away from a computer screen typically. And so if you're paying me a million dollars to teach rock climbing, A, these people really wanna learn how to be good rock climbers, so they're gonna be very engaged. And B, that's going to mean that I can go now actually make money on something that has only ever been a passion for me. So, that would be fun. That would be awesome. [00:27:33] Lindsey Dinneen: Awesome. [00:27:33] Garrett Schumacher: If you're offering, Lindsey, I'll accept. [00:27:35] Lindsey Dinneen: Okay, deal, right? Yeah. I'm gonna have to earn my first million first, and then I'll let you know. [00:27:40] Garrett Schumacher: I'll wait. [00:27:41] Lindsey Dinneen: Okay, fair? Fair enough. What got you into rock climbing? [00:27:45] Garrett Schumacher: Oh man. Well, so my mother was, I grew up in like a small farming town in the northeast corner of Colorado. There's not a mountain for, until you get to Denver area, right? In the summers, she worked at the local college, and in the summers she ran the ropes course and they had a giant rock wall. So, I mean, as a 10-year-old, I'm just hanging out there. I didn't know that there was routes or certain ways or techniques. I just, who can get up the fastest, right? But that was always fun. That was my summers. I always, and I was, shoot, I was always told I was a monkey. I was always on stuff climbing something. I've had my share of injuries from it, trust me. And then in college, it just was natural. I went to CU Boulder, as I've probably already said, and a lot of outdoor climbing opportunities. A lot of, they, they built a new gym there inside the school. And so that then it became this thing where, oh, I can actually-- as you move away from high school sports, basketball and American football and those things, you miss that. You can miss some competitiveness and some team-based things. So now I had another active thing that I could-- and I, again, I wasn't so formal in technique or things like that-- so now I could work with people, socialize and work on that technique in something that I was able to do at that level, instead of, I'm not gonna go beat myself up playing football again. So, yeah, I think that's where it came from. And then it's just been my big hobby ever since. And I mean, now I have a bunch of friends down in Austin, Texas, and we go on a big climbing trip once a year, and I see them once a year. It's fun. So it's like expanded my friend group and it keeps me sane. [00:29:14] Lindsey Dinneen: Huh. Excellent. Yes. That's wonderful. All right. How do you wish to be remembered after you leave this world? [00:29:22] Garrett Schumacher: Oh, that's a good one. How do you humbly answer that? When part of the answer I would wanna say is humble, but that's something I always try to work on, is I just wanna be a good guy. I want people to remember that, he was kind, considerate-- would do something at the drop of a hat for you without expecting anything in return-- just kind, generous. And I think a family guy would be a big one. My, my friends and family first and foremost. And maybe second to that, hardworking. Yeah. [00:29:46] Lindsey Dinneen: Yeah. I love that. All right. And final question. What is one thing that makes you smile every time you see or think about it? [00:29:55] Garrett Schumacher: Oh, my wife. I wake up to her every day and that's she's the best part about everything. So yeah, she's my favorite person, and I'm lucky enough to, when I'm not traveling, wake up next to her and see her at night, and that's the best part. [00:30:08] Lindsey Dinneen: Yeah, absolutely. What a wonderful thing. Well, this has been a fantastic conversation, Garrett. I'm so thankful for your time today. Thank you for sharing some of your stories, some of your advice. And I just honestly wish you the most continued success as you work to change lives for a better world. [00:30:26] Garrett Schumacher: Thank you. Thank you, Lindsey, for having me. This was my first podcast ever. So it went great. Yeah, it was fine. [00:30:32] Lindsey Dinneen: Awesome. You rocked it. Good job. That's wonderful. All right, well, celebrating that and celebrating all your future successes to come. We are so honored to be making a donation on your behalf as a thank you for your time today to Save the Children, which works to end the cycle of poverty by ensuring communities have the resources to provide children with a healthy, educational, and safe environment. So thank you so much for choosing that charity to support, and thank you so much for being here and thank you for doing what you do. [00:31:05] Garrett Schumacher: Thank you. [00:31:07] Lindsey Dinneen: Excellent, and thank you also to our listeners for tuning in, and if you're feeling as inspired as I am, I'd love it if you'd share this episode with a colleague or two and we'll catch you next time. [00:31:19] Dan Purvis: The Leading Difference is brought to you by Velentium Medical. Velentium Medical is a full service CDMO, serving medtech clients worldwide to securely design, manufacture, and test class two and class three medical devices. Velentium Medical's four units include research and development-- pairing electronic and mechanical design, embedded firmware, mobile app development, and cloud systems with the human factor studies and systems engineering necessary to streamline medical device regulatory approval; contract manufacturing-- building medical products at the prototype, clinical, and commercial levels in the US, as well as in low cost regions in 1345 certified and FDA registered Class VII clean rooms; cybersecurity-- generating the 12 cybersecurity design artifacts required for FDA submission; and automated test systems, assuring that every device produced is exactly the same as the device that was approved. Visit VelentiumMedical.com to explore how we can work together to change lives for a better world.

Leveraging AI-powered solutions to anticipate, detect and contain asymmetric cyber threatsAugmenting security teams through AI efficiencies – reducing alert fatigue whilst improving detection speed and accuracyBest AI security practices on safeguarding critical systems and sensitive data against AI-driven cyber threatsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Michela Resta, Solicitor, CyXcelhttps://www.linkedin.com/in/michelarestacyxcel/Paolo Palumbo, Vice President, WithSecure Intelligencehttps://www.linkedin.com/in/paolopalumbo/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/

Chris Rock is a cyber mercenary who has worked in the Middle East, US and Asia for the last 30 years, working for both government and private organizations. He is the Chief Information Security Officer and co-founder of SIEMonster. In this episode, Rock joins host Heather Engel to discuss his book, "The Baby Harvest," which sheds light on how criminals are making and raising virtual babies to adulthood to be put on the shelf for money laundering, fraud and drug and firearm importation. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

Public sector organizations are under siege—ransomware attacks are now more frequent and sophisticated than ever before. In this episode, our Cybersecurity Working Group dives into two recent cyberattacks that struck at the heart of our nation's courts, targeting justice systems that millions rely on each day.Returning to the host's chair is Larry Zorio, Chair of the Cybersecurity Working Group and Chief Information Security Officer at Mark43. Larry leads an insightful discussion with David Slayton, Court Executive Officer and Clerk of the Court for the Superior Court of Los Angeles County, and Robert Adelardi, Chief Information Officer for the 11th Judicial Circuit Court of Florida in Miami-Dade County. Both guests bring invaluable frontline perspectives from courts that have faced ransomware threats head-on and persevered.David and Robert offer a behind-the-scenes account of what it was like when ransomware disrupted core court operations. They'll recount how their teams mobilized in real time, the critical decisions made under pressure, and the practical steps every court and public sector agency can take to strengthen defenses and recovery plans.

This week we sit down with Ben Wilcox, a tech leader who straddles two high-stakes worlds as both Chief Technology Officer and Chief Information Security Officer at ProArch. Ben shares how a teenage interest in “link lists” and web hosting turned into a 25-year career at the intersection of innovation and cybersecurity. We talk about what it really means to balance the drive to move fast with the need to stay secure, and whether those two priorities can truly coexist under one roof.From high-profile AI prompt injection attacks targeting Microsoft Copilot to the growing sophistication of indirect exploits that manipulate corporate systems through AI agents, Ben breaks down what's happening behind the headlines and how companies can protect themselves. He also opens up about his passion for car racing, a world that mirrors his approach to tech: fast, calculated, and always built with safety in mind. Ben then closes with some simple advice: say yes to new things, whether it's tackling the next wave of AI risks or trying something unexpected outside of work, curiosity and courage are what keep you ahead of the curve. Ben Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch, a global IT consulting firm helping enterprises secure their data and accelerate digital transformation through strategic Microsoft partnerships. With more than 25 years of experience in technology leadership, Ben brings a rare dual perspective—driving innovation while protecting the business from ever-evolving cyber threats. Known for making complex topics approachable, he's passionate about helping organizations move fast without breaking things, preparing their infrastructure for AI, and building security into the foundation of innovation. When he's not guiding enterprises through digital change, you might find him on a racetrack, channeling the same balance of speed and precision that defines his work in tech.

A critical zero-day in Oracle E-Business Suite is under active exploitation.  ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. There's been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals.  A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On our Afternoon Cyber Tea segment with Microsoft's Ann Johnson, Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. Don't spend that ParkMobile settlement all in one place.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Segment Today we are highlighting Afternoon Cyber Tea with Ann Johnson. Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. You can listen to Ann and Volker's full conversation⁠ here⁠ and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability (Cyber Security News) ICE Wants to Build Out a 24/7 Social Media Surveillance Team (WIRED) Discord blames third-party support outfit for data breach (The Register) Android and Windows gamers worldwide potentially affected by bug in Unity game engine (The Record) XWorm malware resurfaces with ransomware module, over 35 plugins (Bleeping Computer) Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login (HackRead) Scanning of Palo Alto Portals Surges 500% (Infosecurity Magazine) $4.5 Million Offered in New Cloud Hacking Competition (SecurityWeek) Accenture acquires Japanese AI and DX provider, Aidemy Inc. (N2K Pro Business Briefing) ParkMobile pays... $1 each for 2021 data breach that hit 22 million (Bleeping Computer) Vote for Dave! Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our ⁠media kit⁠. Contact us at ⁠cyberwire@n2k.com⁠ to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Volker Wagner, Chief Information Security Officer at BASF, joins Ann on this week's episode of Afternoon Cyber Tea to  talk shop on what it really takes to defend one of the world's largest chemical companies. From his early days in auditing to leading global cyber for high-stakes industrial and research environments, Volker shares battle-tested insights on resilience, Zero Trust, and the fundamentals that never go out of style. He dives into the hard lessons learned from ransomware, the realities of third-party risk, and how AI is reshaping everything from incident response to supply chain security. Most importantly, he makes the case for why trust, communication, and culture aren't soft skills—they're survival skills for modern CISOs.  Resources:   View Volker Wagner on LinkedIn           View Ann Johnson on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.