POPULARITY
Categories
Brian Haugli, CEO of SideChannel, discusses the critical distinction between security debt and technical debt, emphasizing that while technical debt is a common challenge for CIOs, security debt is a more specific issue that often arises in startups. He explains that startups frequently prioritize speed to market over security, leading to vulnerabilities that accumulate as they defer compliance and security measures. This accumulation of security debt can hinder their growth and create significant risks, as they may lack the necessary security practices and awareness when they eventually need to address these issues.Haugli highlights the role of managed service providers (MSPs) in helping their clients navigate these challenges. He argues that MSPs should not only provide technical support but also act as trusted advisors, guiding clients to understand the business implications of cybersecurity. By framing security as a means to unlock revenue and reduce friction in sales cycles, MSPs can help clients see the value in investing in cybersecurity measures. This approach positions MSPs as heroes in the eyes of their clients, as they provide essential business advice that can lead to increased revenue.The conversation also touches on the evolving role of virtual Chief Information Security Officers (vCISOs) in the cybersecurity landscape. Haugli asserts that the demand for vCISOs is growing, particularly as regulations increasingly require organizations to have dedicated cybersecurity leadership. He emphasizes that vCISOs offer a cost-effective solution for smaller businesses that cannot afford a full-time CISO, providing them with strategic guidance and expertise to build robust security programs.Finally, Haugli discusses the need for a national cybersecurity standard in the U.S. to address the patchwork of existing regulations. He argues that without enforceable standards, organizations will continue to struggle with compliance and security, leading to increased costs and confusion. By drawing parallels to other regulated industries, he advocates for greater accountability among software vendors and emphasizes the importance of compartmentalization in cybersecurity practices, which can help organizations mitigate risks and protect sensitive information. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn't just about checking a box, it's an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you're a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In the AI era, trust is everything and it's under attack. How do you build digital trust when AI is changing the rules and attackers are getting smarter? Discover how today's CISOs are stepping up, adapting to AI risks, and learning from history to protect our digital future. In this episode of the Fit4Privacy Podcast, host Punit Bhatia is joined by Nick Shevelyov, a cybersecurity expert with extensive experience as a CISO and Chief Privacy Officer, and author of Cyber War and Peace. The discussion focuses on the evolving challenges for Chief Information Security Officers (CISOs) in the age of AI, highlighting risks such as deep fakes and hyper-targeted attacks. Nick emphasizes the importance of translating technical risks into business risks for board members and discusses the implications of new AI legislation, particularly California's SB 468. Tune in to gain insights into managing digital trust, safeguarding personal data, and the strategic initiatives needed to combat emerging cybersecurity threats. KEY CONVERSION POINT 00:01:50 How would you define the concept of trust 00:05:26 How do you place trust? How are they shifting? What kind of swans? 00:09:06 How are CISO coping with the change of AI era? 00:20:01 Insights in CISO Perspective for US/California direction in law of terms 00:23:06 About “Cyber War…and Peace: Building Digital Trust Today, with History as our Guide” book 00:27:50 How to get in touch with Nick ABOUT GUEST Nick Shevelyov helps build next-gen tech companies from the ideation stage. His work includes StackRox (Kubernetes security, acquired by Red Hat for $400M), Kodem (software composition analysis, Greylock Series A), Bedrock Security (data-loss prevention, Greylock Series A), and Laminar (shadow data discovery, Insight Ventures Series A).He advises founders and CEOs on product and go-to-market strategy, boosting time-to-value for companies like Pixee.ai, Quokka.io, Boostsecurity.io, and ETZ. He works across all stages, from seed to IPO.Nick consults with Insight Partners (also an LP) and FTV Capital, and serves on advisory boards for ForgePoint Capital, Mayfield Fund, Evolution Equity Partners, NightDragon, YL Ventures, and Glynn Capital.He is on the boards of Cofense | Phishme and the Bay Area CSO Council (BACC), an invite-only group of CISOs from leading Bay Area companies. A former CIO, he is also an honorary member of the Blumberg Technology Council.Nick authored Cyber War…and Peace and brings historical and behavioral insights to tech and risk management. He holds an Executive MBA from USF and certifications from Stanford, Harvard, plus CISSP, CISM, and CIPPE.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Websites: www.fit4privacy.com,www.punitbhatia.com,https://www.linkedin.com/in/nicholasshevelyov/, https://vcso.ai/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy
In this episode, Amir sits down with Aaron Painter, CEO of Nametag, to explore how deepfakes and generative AI are reshaping identity security in the workplace. They discuss real-world attacks, such as the MGM breach, and how enterprises are responding with new technologies—from cryptographic identity verification to re-verification protocols. Aaron shares what companies are doing right, where they're vulnerable, and the role of identity in the future of enterprise security.
In this episode of Life of a CISO, Dr. Eric Cole welcomes a true cybersecurity trailblazer: Dan Lohrmann. With a career that spans the NSA, Lockheed Martin, the State of Michigan, and now Presidio, Dan brings a rare depth of experience in both government and the private sector. As the first Chief Security Officer for an entire U.S. state and now a Field CISO advising public sector clients across the country, Dan shares practical wisdom and compelling stories about navigating the evolving CISO landscape. Together, Dr. Cole and Dan explore what it takes to build lasting trust as a security leader, the importance of strengthening your personal brand, and how to overcome barriers when leadership resists public visibility. Dan emphasizes the power of public speaking, blogging, and storytelling—not just to elevate your own profile, but to position cybersecurity as a strategic business enabler. They also dive into the value of setting clear non-negotiables when evaluating job opportunities, the role of culture and leadership alignment in long-term success, and tactical advice for those trying to land their first CISO role. Whether you're in government, the private sector, or somewhere in between, this episode is a masterclass in influence, resilience, and leadership at the highest level.
What if everything we've been doing in cybersecurity awareness training is not just outdated — but harmful?In this episode of Reimagining Cyber, Rob Aragao, Chief Security Strategist at OpenText, talks with Craig Taylor, co-founder and CISO at CyberHoot, who makes a bold claim: punishment-based training is not only ineffective — it's counterproductive. Drawing from his background in psychology and years of cybersecurity leadership, Craig explains why we need to ditch outdated tactics and embrace positive reinforcement to reduce human risk.From the failure of fake phishing tests to real-world results from forward-thinking organizations, Craig reveals a smarter, more human-centered way to train. If you're tired of scare tactics and want a strategy that actually builds cyber resilience, this episode is your wake-up call.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.
Segment description coming soon! This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: https://www.beyondtrust.com/products/identity-security-insights/assessment For a copy of the Microsoft Vulnerabilities Threat Report: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report Blog re: Report: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization's attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. https://www.opentext.com/products/core-threat-detection-and-response https://www.prnewswire.com/news-releases/opentext-launches-next-generation-opentext-cybersecurity-cloud-with-ai-powered-threat-detection-and-response-capabilities-302381481.html This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! This segment is sponsored by BeyondTrust. Visit https://securityweekly.com/beyondtrustrsac to for a copy of the Microsoft Vulnerabilities Threat Report! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-400
IT teams deal with technology lifecycle issues all the time–including Y2K, which enterprises across the world grappled with for years. The Epochalypse, or Year 2038 Problem, is similar. Specifically, some Linux systems' date-time counters will go from positive to negative at a specific date in 2038, potentially wreaking havoc on embedded systems and any other... Read more »
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alex Hall, CISO, Gensler. In this episode: Evaluating secure messaging beyond the app Reframing compliance as a business enabler Incremental security investment vs. crisis response Why culture, not punishment, drives secure behavior Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Can you land a CISO role without the title, the connections, or the years of "required" experience? Yes and I did it in 90 days. This isn't luck. It's strategy. In today's episode, I walk you through the exact roadmap I used to go from rejected applications and zero C-level experience to signing my first CISO contract. In this episode, you'll learn why applying to 100 jobs won't get you the one you want, the mindset shift that separates leaders from job seekers, how to position your existing experience for the role you want, the resume tweak that landed me interviews (and eventually, the role), how to tell your story so hiring managers see you as leadership material, and the real reason who knows you matters more than what you know. If you're in cybersecurity, mid-career, and wondering how to make the leap to leadership, this video is your blueprint.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.
Welcome back to Forcepoint's To the Point Cybersecurity podcast! In this episode, co-host Jonathan Knepher sits down with Petko Stoyanov—cybersecurity expert and former Forcepoint host—for a thought-provoking discussion about the evolving landscape of AI in cybersecurity. Together, they unpack the shifting trends seen at this year's RSA conference, exploring how artificial intelligence is moving from marketing buzzword to mission-critical security feature. Petko dives deep into the real-world impact of generative AI models, the increasing sophistication of both attackers and defenders, and the pressing need for “security by design” in today's fast-moving digital world. They discuss the new questions CISOs and CIOs should be asking about AI—like where models are hosted, what data they process, and how to manage risks in regulated industries. Petko shares eye-opening anecdotes about the potential for AI to accidentally leak sensitive data, the rise of targeted phishing in new languages powered by generative models, and why the CISO role is broader and more challenging than ever. The conversation also touches on the future of automation, the risk of deepfakes and disinformation, and how organizations can stay resilient in an era where the line between attacker and defender is increasingly blurred. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e337
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the implications of JP Morgan's open letter to SaaS vendors, emphasizing the need for improved security practices in the software industry. They explore the challenges posed by the SaaS model, the importance of collaboration among security practitioners, and Microsoft's initiatives to enhance security. The conversation also highlights a new partnership between Microsoft and CrowdStrike aimed at standardizing threat intelligence naming conventions, showcasing the importance of teamwork in cybersecurity.----------------------------------------------------YouTube Video Link: https://youtu.be/EL0OfDiyQg0----------------------------------------------------Documentation:https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliershttps://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss data encryption and how the process can help organizations across the globe. • For more on cybersecurity, visit us at https://cybersecurityventures.com
The second edition of "Fire Doesn't Innovate" has dropped. What's new? Why it was updated? How can different types of readers get the most value from it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. You can pick up a copy of "Fire Doesn't Innovate" second edition (paperback or Kindle versions) -- https://a.co/d/64hzmxN See Episode 124 for full details on the “United Structures of America” case -- https://cr-map.com/podcast/124/ See Episode 136 for full details on the “iRobot lawsuit against Expeditors International” -- https://cr-map.com/podcast/136/ See Episode 141 for full details on the “NIST Cybersecurity Framework version 2” update -- https://cr-map.com/podcast/141/
In 2025, Chief Information Security Officers (CISOs) and CIOs across Asia are grappling with an increasingly sophisticated ransomware threat landscape. The 2025 Veeam Ransomware Trends report reveals a concerning shift towards smaller, opportunistic groups that exploit vulnerabilities in larger enterprises, making rapid detection and response essential. FutureCISO spoke to Ben Young, Veeam's CTO for APAC to discuss how AI is impacting the cyber threat landscape, most notably in the areas of ransomware and phishing, and what CISO's must revisit as part of their resilience strategy.Questions covered:1. Give us your summary of the 2025 Ransomware Trends & Proactive Strategies report. 2. How are ransomware groups adapting to law enforcement pressure, and what does this mean for mid to large enterprises in Asia? 3. How is the shift toward data exfiltration (vs. encryption-only attacks) impacting our incident response plans? 4. Are we prepared for the legal and compliance risks if we pay a ransom, given new regional/international regulations? 5. Do our backup and recovery strategies meet the "3-2-1-1-0" rule? Is this strategy still relevant in the era of hybrid data, AI everywhere, and digital-native workforces? 6. Are cloud-based backups and managed services a viable strategy for improving resilience? 7. How can organisations reduce dwell time for attackers between infiltration and detection? 8. Are current employee training program robust enough to prevent phishing/social engineering breaches? 9. Are IT and security teams aligned to ensure rapid response during an attack? 10. Should CISOs consider third-party incident response partnerships to reduce ransom payments? 11. How will rising cybersecurity budgets be allocated between prevention, detection, and recovery? Any tips on how CISOs can get the budget they need for the organisation?
In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions
Send us a textOn this week of Serious Privacy, Paul Breitbarth is away so Ralph O'Brien of Reinbo Consulting, and Dr. K Royal bring you a full docket of privacy news. And it is a doozy of a week! Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
In this special episode of Life of a CISO, I sit down with the brilliant Jane Frankland, MBE—an internationally recognized thought leader in cybersecurity with over 28 years of experience. Jane shares her unexpected journey into the field, starting not from a tech background but from art and design. Her curiosity and drive led her to co-found one of the earliest penetration testing consultancies, long before the term "cybersecurity" became mainstream. Together, we dive into how the industry has evolved, why penetration testing has become commoditized, and why it's no longer enough to offer just technical solutions—true value now comes from insight, strategy, and resilience. Jane also offers powerful reflections on the burnout many CISOs face today and why so many are leaving traditional roles to launch their own consultancies or step into virtual CISO models. We discuss what it really means to build a business in today's climate, the importance of defining your unique value, and why small businesses are an underrated opportunity in the cyber space. From vendor strategy to shifting away from limiting beliefs, Jane brings a fresh, honest, and empowering perspective that challenges the status quo. Whether you're building your career or launching your own venture, this episode is full of clarity and inspiration for the next step in your cyber journey.
In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.
In this episode of Reimagining Cyber, we break down the key findings from the 2025 Cybersecurity Staff Compensation Benchmark Report from the Institute for Applied Network Security (IANS).Host Ben sits down with Rob Aragao (Chief Security Strategist, OpenText) to explore why over 50% of cybersecurity professionals just below the CISO level are considering a job change—and it's not just about burnout or pay.From leadership bottlenecks and role creep to uncertainty around organizational change, we dive into what's really driving attrition in cyber teams and what CISOs can do to keep their top talent engaged and growing.
In this episode, the hosts discuss the challenges faced by chief information security officers (CISOs) in the cybersecurity landscape. They explore the mental and physical toll of the role, the scapegoating of CISOs during crises, and the need for better support from the C-suite. The conversation also touches on regulatory pressures, the importance of business acumen for CISOs, and the potential career pathways from CISO to other executive roles. Article: Docuseries Explores Mental, Physical Hardships of CISOs https://www.darkreading.com/cybersecurity-careers/docuseries-explores-mental-physical-hardships-ciso?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExOHdCNG8xZWNGMkpHQzZUMQEeCEznOCmmiT2x8dhSrBQ3x7D4g3QjfDjIZN9QUPT1og6jKcHywXrnGWJOZS0_aem_5LYBqQ4Cn4k3q3r1KY7_Cg Please LISTEN
In this week's episode, we look at recent Microsoft Tech updates. By popular request, we're expanding the scope beyond just Azure to include Microsoft 365, Power Platform, and similar Microsoft platforms and capabilities. What's new? What's interesting? What's retiring?(00:00) - Intro and catching up.(05:20) - Show content starts.Show links- Design, troubleshoot, and secure networks using Microsoft Copilot in Azure | Microsoft Learn- GA: Private subnet- Public preview: VM network troubleshooter- Exchange Online Tenant Outbound Email Limits- Virtual Network TAPFeedback - Give us feedback!
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler's scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.
Do you know the first cyberattack in history happened in 1834? And what if the scariest part of AI isn't what it does - but what it makes us ignore? This isn't science fiction. It's real. And it's already happening. In this keynote, I take you through the 200-year evolution of fraud - from wooden blocks to synthetic identities, how AI is making scams faster, deeper, and more human than ever, why data, emotion, and deepfakes are the new weapons of cybercriminals, the truth behind AI's "intelligence" and the dangerous biases buried in its code, real-world examples, from cloned voices stealing millions to chatbots conning scammers back and how you can (and must) use AI to fight AI and where to begin. Whether you're in fraud prevention, cybersecurity, finance, or leadership, this is your wake-up call, with 5 actions you can take to defend trust in the age of AI-powered fraud.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.
Send us a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.
While everyone's obsessing over digital lead gen and automation, veteran marketer David Mundy argues the best companies are going back to basics - building actual relationships and cutting through the noise.George K and George A talk to David about: Not hiring marketers with playbooks, and hiring hunters who understand the market is dynamic AF Why SDRs should work under marketing (yes, really) for that crucial feedback loop Why early stage marketing teams need to know how to explain your product's implementation How storytelling isn't optional, it's the skill that separates good marketers from great onesPlus: Why the most technical sellers are winning, how to manage up when founders think it's still 2016, and David's exact hiring playbook for early-stage companies.This one's packed with tactical gold for anyone in go-to-market. Worth a listen if you're a marketer trying to break through the saturation or a CISO tired of getting bombarded with irrelevant pitches.------
Sherweb has launched a white-label self-service portal aimed at empowering managed service providers (MSPs) and their clients by streamlining operational tasks. This innovative platform enables clients to manage their technology licenses, subscriptions, and payments independently, reducing the need for service providers to handle routine inquiries. According to Rick Stern, Senior Director of Platform at Sherweb, this autonomy not only expedites the resolution of simple requests but also allows MSPs to concentrate on strategic initiatives. The portal features automated invoicing, curated service catalogs, and integrated chat support, and is already in use by over 450 MSPs following a successful pilot program.The podcast also discusses the evolving landscape of artificial intelligence (AI) pricing models, with companies like Globant and Salesforce adopting usage-based approaches. Globant has introduced subscription-based AI pods that allow clients to access AI-powered services through a token-based system, moving away from traditional effort-based billing. Salesforce is experimenting with flexible pricing structures, including conversation and action-based models, to better align with the value delivered by AI services. These shifts indicate a critical inflection point in how AI services are monetized, emphasizing the need for IT service providers to rethink their offerings in light of usage-based economics.Concerns regarding the unauthorized use of generative AI tools in organizations are highlighted by a report from Compromise, which reveals that nearly 80% of IT leaders have observed negative consequences from such practices. The survey indicates significant worries about privacy and security, with many IT leaders planning to adopt data management platforms and AI monitoring tools to oversee generative AI usage. Additionally, advancements in AI are showcased through a Stanford professor's AI fund manager that outperformed human stock pickers, while a study reveals limitations in AI's ability to make clinical diagnoses from radiological scans.The podcast concludes with a discussion on the role of the Chief Information Security Officer (CISO), which is facing an identity crisis due to its increasing complexity and the misalignment of its responsibilities. Experts suggest reevaluating the CISO role to better address modern cybersecurity threats. The episode also touches on the implications of generative AI in education, highlighting concerns about its impact on critical thinking and learning processes. Overall, the podcast emphasizes the need for IT service providers to navigate the evolving landscape of AI and cybersecurity with a focus on governance, accountability, and sustainable practices. Four things to know today 00:00 Sherweb's White-Labeled Portal Signals MSP Shift Toward Scalable, Client-Centric Service Models03:31 AI Forces Billing Revolution: Globant and Salesforce Redefine How Tech Services Are Priced06:49 From Shadow AI to Specialized Tools: Why Governance, Not Hype, Defines AI's Next Phase12:46 From CISOs to Classrooms to Code: Why AI Forces a Strategic Rethink Across the Enterprise This is the Business of Tech. Supported by: https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
S2E8: Cyber Insurance for Healthcare Provider Organizations Guest host Lisa Gallagher, National Cybersecurity Advisor, CHIME Guest: Dan Bowden, CISO, McLennan Global Business To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen
Podcast: Industrial Cybersecurity InsiderEpisode: What Every CISO Gets Wrong About OT SecurityPub date: 2025-06-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig tackle one of the most misunderstood topics in industrial cybersecurity: IT/OT convergence. But is it truly convergence or more of a collision? Drawing from real-world experiences, they challenge the idea that OT is a “shadow IT group” and argue that operational technology deserves distinct governance, funding, and strategic influence. From secure-by-design to system integrators' evolving role, this conversation is a call to action for CISOs, CIOs, and engineering leaders to rethink how they build cybersecurity partnerships across the plant floor.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
From WEDI's 2025 Spring Conference, a panel featuring health care cybersecurity subject matter experts Erik Decker, VP, CISO, Intermountain Health, and Scott Ruthe, VP, Waystar. Moderated by WEDI's Privacy & Security Workgroup Co-Chair Lesley Berkeyheiser (DirectTrust), the panel discusses cyber resilience business processes, strategies, collaboration, and resources for both public and private health care entities
“Reinvent or die” is an apt adage for the ever-churning technology industry. Brad Maltz joins us to share his insights on what he calls “continuous reinvention” and how that relates to his own career and why others might want to adopt this mindset. Brad is a Senior Director of AI Solutions at Dell and has... Read more »
“Reinvent or die” is an apt adage for the ever-churning technology industry. Brad Maltz joins us to share his insights on what he calls “continuous reinvention” and how that relates to his own career and why others might want to adopt this mindset. Brad is a Senior Director of AI Solutions at Dell and has... Read more »
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jason Steer, CISO, Recorded Future. In this episode We don't need more indicators Creating more work Generating actionable intelligence Design for what you can do Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.
What if Zero Trust isn't a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and author of Project Zero Trust, reveals the human-first truth behind the Zero Trust movement, and why it's not something you buy but something you build. George shares stories from hacking a college database to launching a deepfake of himself trained on his own books, all while breaking down how AI and creativity are reshaping security leadership. Impactful Moments: 00:00 - Introduction 01:16 - Cyber Hall of Fame recognition 07:00 - Hacked his college to solve mail 09:00 - Took startup job without paycheck 14:14 - Zero Trust is a strategy, not tool 17:00 - Tailoring security like a custom suit 23:29 - AI strategy through Zero Trust lens 29:30 - Built a Zero Trust voice clone hotline 36:00 - You don't need to be a CISO 38:30 - Why weirdos make cybersecurity stronger Links: Connect with our guest, George Finney: https://www.linkedin.com/in/georgefinney/ Check out George's books on Amazon: https://www.amazon.com/stores/author/B01MT0C6X3 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Send us a textOn this week of #SeriousPrivacy, Paul Breitbarth, Dr. K Royal, and Ralph O'Brien catch up on recent activity in the world of purveyors, data protection, and cyber law. Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
In this episode of Life of a CISO, Dr. Eric Cole reconnects with longtime friend and cybersecurity legend Dr. Anton Chuvakin, whom he has known for over 25 years. The conversation opens with reflections on their decades-long professional journey and transitions into a deep dive into Anton's current work at Google Cloud's Office of the CISO. Anton shares how his team supports secure cloud and AI adoption—not as traditional field CISOs focused on sales—but as strategic advisors and researchers helping clients understand and implement Google's advanced security models. The discussion spotlights Google's internal use of Zero Trust architecture, highlighting how Google eliminated the need for VPNs over a decade ago. Anton explains how this approach—initially pioneered through Google's BeyondCorp—combines stronger security with greater usability, a rare balance in cybersecurity. Dr. Cole presses into why more companies haven't adopted Zero Trust, prompting Anton to emphasize the power of organizational inertia. Drawing from his years at Gartner, Anton notes that despite the proven benefits, many enterprises resist change due to legacy systems and mindset barriers. This episode offers a compelling look at the evolving landscape of enterprise security and the importance of embracing innovation over outdated habits.
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Cyber firms agree to deconflict and cross-reference hacker group names Russian nuclear facility blueprints gathered from public procurement websites Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons Germany identifies the Trickbot kingpin Google spots China's MSS using Calendar events for malware C2 Meta apps abuse localhost listeners to track web sessions. This week's episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase's CISO that pleads with Software as a Service suppliers to try to suck less at security. This episode is also available on Youtube. Show notes 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters Ukraine's Massive Drone Attack Was Powered by Open Source Software Massive security breach: Russian nuclear facilities exposed online How a Spyware App Compromised Assad's Army - New Lines Magazine Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ Malaysian home minister's WhatsApp hacked, used to scam contacts | The Record from Recorded Future News U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams – Krebs on Security Top counter antivirus service disrupted in global takedown | CyberScoop Cops in Germany Claim They've ID'd the Mysterious Trickbot Ransomware Kingpin | WIRED Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive Coinbase breach linked to customer data leak in India, sources say | Reuters US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News NSO appeals WhatsApp decision, says it can't pay $168 million in ‘unlawful' damages | The Record from Recorded Future News ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store Meta and Yandex are de-anonymizing Android users' web browsing identifiers - Ars Technica An Open Letter to Third-Party Suppliers
In this episode of Data Security Decoded, join Caleb Tolin as he sits down with Grant Oviatt, Head of Security Operations at Prophet Security, to explore the transformative impact of AI agents in SOC environments. From reducing false positives by 95% to dramatically improving incident response times, discover how AI is augmenting human analysts rather than replacing them. Whether you're a CISO looking to optimize your security operations or a SOC analyst concerned about AI's impact on your role, this episode offers practical insights into successfully implementing AI-driven security solutions while building trust in automated systems. • Learn how AI agents handle tedious security tasks, freeing analysts for strategic work • Explore real-world success stories of AI-powered threat detection and response • Understand the critical balance between AI automation and human expertise • Get practical steps for deploying AI agents in your SOC
You need someone to design your operations processes–or perhaps redesign them. That's an Ops Architect. Should you take an ops person and train them up in architecture? Or an architect and train them up in operations? Do you even have that ops/engineer/architect organizational structure – and should you? Johna and John dive into this discussion... Read more »
Random but Memorable turns 150! 1️⃣5️⃣0️⃣ (It's official, we're old.)
This episode was recorded live at the Dreamit Cyber Founders Summit during RSA. Huge thanks to the Dreamit team for including me during their inaugural event!David Cass is the CISO at GSR, which is a cryptocurrency market maker. For the finance uninitiated, that basically means they buy and sell cryptocurrencies in large volumes to then buy and sell to other parties. As a result, David's role entails a lot more than the average CISO. As he will mention, it is his job to secure GSR's corporate IT like any CISO, but he also has to sign off that the cryptocurrencies they are trading are secure enough to hold a financial position without undue risk to the company. David therefore has one of the most advanced perspectives on the cybersecurity controls for cryptocurrencies. In the conversation we discussed his views on the productization of web3 security, cryptocurrency regulation, and the successes behind his CISO community CISOs connect.GSRDreamit
Dive deep into the world of cloud security with Rocky Giglio and special guest Sean Atkinson, CISO at the Center for Internet Security (CIS), on this episode of Cloud and Clear! We examine the crucial role of CIS benchmarks and hardened images in establishing a robust and secure cloud infrastructure. In this insightful discussion, Sean breaks down: ✅ What CIS is and its mission to create a safer connected world. ✅ The evolution of CIS Controls from 20 to 18 for greater efficiency. ✅ Understanding CIS Benchmarks and how they standardize security configurations. ✅ The power of Hardened Images: Start secure from day zero in your cloud environment. ✅ Shifting security left and proactively integrating security into design. ✅ How CIS simplifies compliance with NIST, PCI, HIPAA, and other frameworks. ✅ The importance of community and partnership in cybersecurity. Whether you're a security professional, cloud engineer, or anyone concerned about keeping data safe in the cloud, this episode is packed with valuable knowledge. Learn how to leverage CIS resources to strengthen your security posture and simplify compliance. Tune in to discover how CIS is making cloud security more accessible and effective! Don't forget to subscribe to Cloud and Clear for more expert insights on cloud transformation. #CloudSecurity #CIS #Cybersecurity #CloudComputing #HardenedImages #SecurityBenchmarks #CloudAndClear #GoogleCloud #Compliance #NIST #PCI #HIPAA #CISO #TechPodcast Join us for more content by liking, sharing, and subscribing!
Are you a cybersecurity sales or marketing leader seeking new ways to stand out in a crowded market? Do you struggle with demonstrating real value to CISOs who have “seen it all” and are wary of generic pitches? Wondering how to engage technical buyers who know the ins and outs of your product's shortcomings? This episode with Joe Silva, co-founder and CEO of Spektion, is packed with fresh perspectives on tackling these challenges head-on.In this conversation we discuss:
You need someone to design your operations processes–or perhaps redesign them. That's an Ops Architect. Should you take an ops person and train them up in architecture? Or an architect and train them up in operations? Do you even have that ops/engineer/architect organizational structure – and should you? Johna and John dive into this discussion... Read more »
A world renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole – founder and CEO of Secure Anchor – helps organizations curtail the risk of cyber threats. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. In this episode, Dr. Cole and host Scott Schober discuss why being a CISO is a business role, including what skills someone needs to succeed in the position, and more. To learn more about our sponsor, visit https://drericcole.org
From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss protective DNS and how it can aid businesses in the fight against ransomware. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Is evidence from Artificial Intelligence and Quantum Computing devices legally admissible in court? And how are courts actually handling this influx? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Artificial intelligence powers many cybersecurity applications, and government agencies are increasingly using AI to augment systems in national security and intelligence capacities. The complexities of AI implementation require careful architectural considerations and robust governance frameworks to ensure safe execution. William MacMillan, former CISO at CISA and current chief product officer at Andesite AI, noted how AI holds tremendous potential to enhance efficiency and accuracy, particularly through "human in the loop" systems that manage vast amounts of data. MacMillan also talks about the critical role of leadership in establishing international AI standards and the necessity of user training and human-AI collaboration for effective implementation.