POPULARITY
Categories
Velociraptor forensic tool used for C2 tunneling City of Baltimore gets socially engineered to the tune of $1.5 million Ransomware gang takedowns create more smaller groups Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Sverige har en stark konsensuskultur och en historia av decentraliserade beslut. Det är ju trevligt att alla får tycka och tänka kring olika beslut. Men! Påverkar denna kultur säkerhetsarbetet? Konsekvenserna kan man faktiskt se om man jämför med t.ex. Japan och Frankrike. Det här måste vi titta närmare på. Tillsammans med Sebastian Kemi som är CISO på Zscaler djupdyker han ner i ämnet tillsammans med IT-säkerhetspodden. Det blir ett snack om kulturen och hur man kan tänka istället. Sedan går vi vidare med tekniksnack kring Zero trust och hur man enkelt kan komma igång. För är inte just den första tanken som kommer upp kring zero trust att det är komplicerat och kanske dyrt? Detta avsnitt av IT-säkerhetspodden är gjort i samarbete med Westcon – en ledande distributör inom cybersäkerhet. Westcon hjälper företag att skydda sina digitala miljöer genom att tillhandahålla marknadsledande säkerhetslösningar och expertstöd via vårt breda nätverk av partners.
Send us a textOn this episode of seriousprivacy, Paul Breitbarth is away, so Ralph O' Brien and Dr. K Royal bring you a mish mash week in privacy. Topics include current news and a little bit about the differences in GDPR compliance vs what the US privacy laws require. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
AI Dependency Crisis + EV Infrastructure Failures: Tech Reality Check 2025When Two Infrastructure Promises Collide with RealityThe promise was simple: AI would augment human intelligence, and electric vehicles would transform transportation. The reality in 2025? Both are hitting infrastructure walls that expose uncomfortable truths about how technology actually scales.Sean Martin and Marco Ciappelli didn't plan to connect these dots in their latest Random and Unscripted weekly recap, but the conversation naturally evolved from AI dependency concerns to electric vehicle infrastructure challenges—revealing how both represent the same fundamental problem: mistaking technological capability for systemic readiness."The AI is telling us what success looks like and we're measuring against that, and who knows if it's right or wrong," Sean observed, describing what's become an AI dependency crisis in cybersecurity teams. Organizations aren't just using AI as a tool; they're letting it define their decision-making frameworks without maintaining the critical thinking skills to evaluate those frameworks.Marco connected this to their recent Black Cat analysis, describing the "paradox loop"—where teams lose both the ability to take independent action and think clearly because they're constantly feeding questions to AI, creating echo chambers of circular reasoning. "We're gonna be screwed," he said with characteristic directness. "We go back to something being magic again."This isn't academic hand-wringing. Both hosts developed their expertise when understanding fundamental technology was mandatory—when you had to grasp cables, connections, and core systems to make anything work. Their concern is for teams that might never develop that foundational knowledge, mistaking AI convenience for actual competence.The electric vehicle discussion, triggered by Marco's conversation with Swedish consultant Matt Larson, revealed parallel infrastructure failures. "Upgrading to electric vehicles isn't like updating software," Sean noted, recalling his own experience renting an EV and losing an hour to charging—"That's not how you're gonna sell it."Larson's suggestion of an "Apollo Program" for EV infrastructure acknowledges what the industry often ignores: some technological transitions require massive, coordinated investment beyond individual company capabilities. The cars work; the surrounding ecosystem barely exists. Sound familiar to anyone implementing AI without considering organizational infrastructure?From his Object First webinar on backup systems, Sean extracted a deceptively simple insight: immutability matters precisely because bad actors specifically target backups to enable ransomware success. "You might think you're safe and resilient until something happens and you realize you're not."Marco's philosophical take—comparing immutable backups to never stepping in the same river twice—highlights why both cybersecurity and infrastructure transitions demand unchanging foundations even as everything else evolves rapidly.The episode's most significant development was their expanded event coverage announcement. Moving beyond traditional cybersecurity conferences to cover IBC Amsterdam (broadcasting technology since 1967), automotive security events, gaming conferences, and virtual reality gatherings represents recognition that infrastructure challenges cross every industry."That's where things really get interesting," Sean noted about broader tech events. When cybersecurity professionals only discuss security in isolation, they miss how infrastructure problems manifest across music production, autonomous vehicles, live streaming, and emerging technologies.Both AI dependency and EV infrastructure failures share the same root cause: assuming technological capability automatically translates to systemic implementation. The gap between "this works in a lab" and "this works in reality" represents the most critical challenge facing technology leaders in 2025.Their call to action extends beyond cybersecurity: if you know about events that address infrastructure challenges at the intersection of technology and society, reach out. The "usual suspects" of security conferences aren't where these broader infrastructure conversations are happening.What infrastructure gaps are you seeing between technology promises and implementation reality? Join the conversation on LinkedIn or connect through ITSP Magazine.________________Hosts links:
Anton Chuvakin, Senior Security Staff at Office of the CISO at Google, joins host Kris Lovejoy, Global Security and Resilience Practice Leader at Kyndryl, to discuss the evolving threat landscape and what each of them are seeing from their positions in the industry. As the global leader in IT infrastructure services, Kyndryl advances the mission-critical technology systems the world depends on every day. Collaborating with a vast network of partners and thousands of customers worldwide, Kyndryl's team of highly skilled experts develops innovative solutions that empower enterprises to achieve their digital transformation goals. Learn more about our sponsor at https://kyndryl.com.
All links and images can be found on CISO Series. Check out this post by Geoff Belknap, co-host of Defense in Depth, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and John Overbaugh, CISO, Alpine Investors. Joining us is our sponsored guest, Pukar Hamal, founder and CEO at SecurityPal. In this episode: When business moves faster than security Turning obstacles into opportunities The art of saying "not like that" Know your regulatory landscape Huge thanks to our sponsor, SecurityPal AI SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.
Dan Bowden, Marsh McLennan Global Business CISO, and Erik Decker, Intermountain Health VP & CISO, join host Charlie Osborne in this episode to discuss their approach to establishing trust and preventing breaches across organizations. Marsh is the world's most trusted and innovative cyber risk advisor, simplifying complexity while delivering unmatched results. To learn more about our sponsor, visit https://marsh.com and click on “cyber risk.”
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-410
In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk's VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk's efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.Discover how machine identities now outnumber humans 80 to 1, why leaked secrets are a "hacker's buffet," and how workload identity is becoming a cornerstone of Zero Trust architecture. Whether you're a CISO, platform engineer, or just curious about the next frontier in cybersecurity, this episode offers actionable advice and a compelling vision for securing the age of AI agents.
Returning from this year's DEF CON, hear from our Offensive Team Managers, Dowd and Findlay, and Pinky, IR Manager and co-host of The Hackle Box. Hear about new highlights, CTF's, and villages, and reflection from Brad as a Blue Team member navigating past challenges. Have something to say? Contact us at unsecurity@frsecure.com and follow us for more!LinkedIn: frsecure Instagram: frsecureofficialFacebook: frsecureBlueSky: frsecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Show Notes: https://securityweekly.com/bsw-410
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-410
Today, we'll take a look at something that is of the essence for anyone working with identities and the shift to the cloud. What is Group SOA, and why should you care? We reflect on the dependencies of Active Directory, the five stages of transformation, and what this capability will help you achieve. (00:00) - Intro and catching up.(05:20) - Show content starts.Show links- Group SOAProvide feedback- Give us feedback!
Join us for the second part of our deep dive into incident response and recovery on the Tech for Business Podcast. In this episode, Todd, COO and CISO, and Nate, Director of Cybersecurity, unpack the challenging balance between acting swiftly and investigating thoroughly. Learn about the critical role of backup systems, the impact of regulatory rules, and the importance of continuous improvement for businesses. They also discuss containment strategies, maintaining business operations during an incident, and how to prepare your organization for future challenges. Don't miss out on their insightful tips and real-life examples!00:00 Introduction to Incident Response and Recovery00:34 Balancing Speed and Thoroughness in Incident Response01:33 Containment and Eradication Strategies05:25 The Importance of Pre-Planning and Backup Systems16:12 Challenges in Incident Removal and Insider Threats18:53 Recovery Time and Prioritization23:20 Lessons Learned and Continuous Improvement28:00 Conclusion and Contact InformationResources: Master Tabletop Exercises: https://www.cit-net.com/mastering-incident-response-tabletop-exercises/ Your Role in Incident response: https://www.cit-net.com/your-role-in-incident-response/ St Paul Cyber Incident: https://www.cit-net.com/city-of-st-paul-cyber-incident/ SonicWall Vulnerability: https://www.cit-net.com/sonicwall-vulnerability-breakdown/ Eliminate VPNS: https://www.cit-net.com/the-end-of-vpns/ NIST: https://csrc.nist.gov/projects/incident-response
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Show Notes: https://securityweekly.com/bsw-410
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
What happens when a cybersecurity incident requires legal precision, operational coordination, and business empathy—all at once? That's the core question addressed in this origin story with Bryan Marlatt, Chief Regional Officer for North America at CyXcel.Bryan brings over 30 years of experience in IT and cybersecurity, with a history as a CISO, consultant, and advisor. He now helps lead an organization that sits at the intersection of law, cyber, and geopolitics—an uncommon combination that reflects the complexity of modern risk. CyXcel was founded to address this reality head-on, integrating legal counsel, cybersecurity expertise, and operational insight into a single, business-first consulting model.Rather than treat cybersecurity as a checklist or a technical hurdle, Bryan frames it as a service that should start with the business itself: its goals, values, partnerships, and operating environment. That's why their engagements often begin with conversations with sales, finance, or operations—not just the CIO or CISO. It's about understanding what needs to be protected and why, before prescribing how.CyXcel supports clients before, during, and after incidents—ranging from tailored tabletop exercises to legal coordination during breach response and post-incident recovery planning. Their work spans critical sectors like healthcare, utilities, finance, manufacturing, and agriculture—where technology, law, and regulation often converge under pressure.Importantly, Bryan emphasizes the need for tailored guidance, not generic frameworks. He notes that many companies don't realize how incomplete their protections are until it's too late. In one example, he recounts a hospital system that chose to “pay the fine” rather than invest in cybersecurity—a decision that risks reputational and operational harm far beyond the regulatory penalty.From privacy laws and third-party contract reviews to incident forensics and geopolitical risk analysis, this episode reveals how cybersecurity consulting is evolving to meet a broader—and more human—set of business needs.Learn more about CyXcel: https://itspm.ag/cyxcel-922331Note: This story contains promotional content. Learn more.Guest: Bryan Marlatt, Chief Regional Officer (North America) at CyXcel | On LinkedIn: https://www.linkedin.com/in/marlattb/ResourcesLearn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcelLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Welcome back to "Forcepoint: To the Point Cybersecurity." In this episode, hosts Rachael Lyon and Jonathan Knepher are joined by Walter Haydock, founder and CEO of Stackaware. Walter brings a unique perspective from his time in the Marine Corps and Homeland Security, and now leads the charge in AI governance and risk management. Today's conversation dives deep into the maze of AI regulation, focusing on the newly emerging ISO 42001 standard and what compliance really means for organizations. Walter unpacks the complexities facing companies as they navigate a patchwork of state, national, and international laws—highlighting the challenges and opportunities presented by Colorado's groundbreaking AI legislation and Europe's evolving approach. Tune in as they discuss how to build a solid foundation for digital transformation, the three layers of AI risk, and the importance of transparency and clear policy in responsible AI adoption. If you're a CISO, security professional, or just curious about what the future holds for AI governance and cybersecurity, this episode is packed with practical insights and thought-provoking analysis. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e347
How would you add law enforcement as a valuable resource to your cybersecurity program? And why would you want to? Let's find out with our guest Supervisory Special Agent Douglas Domin of the Federal Bureau of Investigation. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. “Cyber Resilience in the Age of AI: Threats, Responses & Human Stories” at MIT April 2025 -- https://youtu.be/6Jlg4tZV3TU FBI field office directory -- https://www.fbi.gov/contact-us/field-offices CISA/FBI/NSA Joint Advisories -- https://www.cisa.gov/news-events/cybersecurity-advisories
It's not just a show, it's a lifeline for how to unscary a seemingly daunting career journey – no matter where you're at in your IT or security hustle.From super-talented IT cartoonist and influencer marketing service agency co-owner, Forrest Brazeal, and gifted Automox VP of Customer Experience, Charles Coaxum, to the sagely verbose CISO and VP of Product at Automox, Jason Kikta, and Gong's inspirational Director of IT, James Sennett – our handpicked line-up of industry trailblazers won't just talk about how to advance. Instead, they'll walk you through real-life strategies to help you climb the career ladder and stay on the top rung once you get there.This show was broadcast live Wednesday, October 30, 2024 at 12 PM Central Time.
In this episode of The Virtual CISO Moment, Dylan Owen shares his journey from webmaster in the 1990s to leading cybersecurity teams at Raytheon and serving as CISO at Nightwing. He reflects on the challenges of transitioning into executive leadership, the realities of the vCISO role, and how SMBs can best approach detection and response. Dylan also offers insights on making security frictionless, plus how he manages stress with fitness and his love for soccer.
⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Ever wonder why healthcare organizations are such prime targets for cyberattacks? In this eye-opening conversation with Kelly White, founder of Risk Recon, we uncover the startling reality that healthcare accounts for 37% of all breach events in the last decade.Kelly's journey from soldering Timex Sinclair computers in the late 70s to founding a pioneering third-party risk management platform offers a fascinating perspective on cybersecurity evolution. He shares how his side project—identifying indicators of vendor cyber health through internet-accessible information—grew from 30,000 lines of weekend code into a successful enterprise now providing crucial breach insights.The data tells a compelling story: organizations with good cybersecurity hygiene experience breach events at rates four to six times lower than those with poor practices. Yet many companies still chase sophisticated security solutions while neglecting fundamentals like secure remote access, proper network filtering, and effective identity management. As Kelly puts it, "If you don't have those foundations in place, you don't have much to build on."We explore AI's emerging role in third-party risk management, where it shows tremendous promise in automating questionnaire reviews and helping security professionals focus on meaningful risk treatment rather than administrative tasks. Kelly's advice for security leaders rings especially true: "Don't try to script your career so tightly that you're not open to opportunities," and remember that "growth begins where comfort ends."Whether you're a healthcare security professional, a CISO working with limited resources, or someone interested in the intersection of risk management and emerging technologies, this conversation offers invaluable insights from someone who's successfully navigated the cybersecurity landscape from practitioner to entrepreneur. Listen now to transform how you think about security fundamentals and third-party risk!
August 25, 2025: Chase Franzen, VP and CISO at Sharp Healthcare, discusses how they transformed their cybersecurity training into something so engaging that employees actually call it fun. But as AI capabilities advance at breakneck speed, what happens when traditional phishing indicators disappear and deepfakes become indistinguishable from reality? Chase discusses Sharp's AI ethics committee and their approach to balancing innovation with responsibility, while sharing candid thoughts about AI's true costs. The conversation also explores how failure and discomfort drive growth, touching on everything from real estate disasters to the joy of flying planes Key Points: 02:51 Diverse Career Paths: Real Estate, Teaching, and More 08:36 Innovative Cyber Ambassador Program 13:03 AI Cybersecurity Concerns 21:57 Lightning Round: Quotes, Failures, and Airplanes X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Cybersecurity risks have become more complex and unpredictable than ever, yet many companies struggle to quantify these threats in terms that truly matter. How can CFOs and CISOs effectively communicate about risk, make smart security investments, and navigate the emerging challenges posed by AI? In this episode, CJ interviews Andy Ellis, a renowned cybersecurity leader, former CISO of Akamai, investor, director, advisor, leadership coach, and author of the book 1% Leadership. Andy unpacks why most companies measure risk the wrong way and breaks down his "Pyramid of Pain” framework for categorizing it. He discusses the dynamics between CFOs and CISOs in purchasing security tools, demystifies security budgeting and vendor negotiations, dives into the evolving role of AI in security operations, and explains why the CISO and CIO roles are on a collision course. Andy also reveals insider stories from the frontlines of major breaches, shares a compelling risk analogy inspired by vampires and zombies, and clears up once and for all why the demise of the Death Star was not a failure of risk management.—LINKS:Andy Ellis on LinkedIn: https://www.linkedin.com/in/csoandyAndy Ellis on X: (@CSOAndy) https://x.com/csoandyWebsite: https://www.csoandy.com1% Leadership: https://www.amazon.com/1-Leadership-Master-Improvements-Leaders/dp/0306830817How to CISO: https://www.howtociso.comDuha One: CJ on X (@cjgustafson222): https://x.com/cjgustafson222Mostly metrics: —TIMESTAMPS:(00:00) Preview and Intro(02:49) Sponsor – Rillet | Pulley | Brex(07:23) Defining Risk: Technical & Human-Friendly Perspectives(09:20) Actuarial Risk Versus Human-Driven Risk(15:33) Why the Demise of the Death Star Wasn't a Failure of Risk Management(16:58) Sponsor – Aleph | RightRev | Navan(21:22) How the Death Star Metaphor Relates to Real-World Security Breaches(23:20) Why Risk Should Not Be Quantified in Dollar Terms(25:15) The Pyramid of Pain: Risk Severity and Surprise Levels(30:21) How CFOs and CISOs Should Partner on Security Purchases(34:03) Are Security Budgets Over or Under-Spent?(36:22) Balancing Budget for Security Tools and People(39:48) Tips for FP&As on Brokering the Security Budget With Your CISO(44:10) Factoring AI Uncertainty in a Three-Year Security Roadmap(46:38) AI Washing in Security Products and Realistic Impact(48:55) The Limitations of Security Operations(50:53) The Future of CIO and CISO Roles and Organizational Reporting(54:55) Why IT Shouldn't Report to the CFO(57:18) Israeli Unit 8200 and Cybersecurity Innovation(59:50) Startups Versus Public Companies: Differing Risk Models(1:02:52) Wrap—SPONSORS:Rillet is the AI-native ERP modern finance teams are switching to because it's faster, simpler, and 100% built for how teams operate today. See how fast your team can move. Book a demo at https://www.rillet.com/metrics.Pulley is the cap table management platform built for CFOs and finance leaders who need reliable, audit-ready data and intuitive workflows, without the hidden fees or unreliable support. Switch in as little as 5 days and get 25% off your first year: https://pulley.com/mostlymetrics.Brex offers the world's smartest corporate card on a full-stack global platform that is everything CFOs need to manage their finances on an elite level. Plus, they offer modern banking and treasury as well as intuitive expenses and accounting automation, bill pay, and travel. Find out more at https://www.brex.com/metricsAleph automates 90% of manual, error-prone busywork, so you can focus on the strategic work you were hired to do. Minimize busywork and maximize impact with the power of a web app, the flexibility of spreadsheets, and the magic of AI. Get a personalised demo at https://www.getaleph.com/runRightRev automates the revenue recognition process from end to end, gives you real-time insights, and ensures ASC 606 / IFRS 15 compliance—all while closing books faster. For RevRec that auditors actually trust, visit https://www.rightrev.com and schedule a demo.Navan is the all-in-one travel and expense solution that can give you access to exclusive, proprietary Nasdaq-validated data that reveals what's happening with corporate travel investments. See the Navan Business Travel Index at https://navan.com/bti.#Cybersecurity #RiskManagement #CISO #SecurityOperations #SecurityFinance This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.mostlymetrics.com
What happens when your next hire isn't who they claim to be? In this eye-opening episode of The Audit, we dive deep into the alarming world of AI-powered hiring fraud with Justin Marciano and Paul Vann from Validia. From North Korean operatives using deepfakes to infiltrate Fortune 500 companies to proxy interviews becoming the new normal, this conversation exposes the security crisis hiding in plain sight. Key Topics Covered: North Korean operatives stealing US salaries to fund nuclear programs How Figma had to re-verify their entire workforce after infiltration Live demonstrations of deepfake technology (Pickle AI, DeepLiveCam) Why 80-90% of engineers believe interview cheating is rampant Validia's "Truly" tool vs. Cluely's AI interview assistance The future of identity verification in remote work Why behavioral biometrics might be our last defense This isn't just about hiring fraud—it's about the fundamental breakdown of digital trust in an AI-first world. Whether you're a CISO, talent leader, or anyone involved in remote hiring, this episode reveals threats you didn't know existed and solutions you need to implement today. Don't let your next hire be your biggest security breach. Subscribe for more cutting-edge cybersecurity insights that you won't find anywhere else. #deepfakes #cybersecurity #hiring #AI #infosec #northkorea #fraud #identity #remote #validia
Send us a textDiving into the foundations of cybersecurity certification, Professor JRod delivers an insightful exploration of CompTIA Security+ Chapter 1, revealing why this certification might actually be more approachable than many believe. Unlike many entry-level IT courses, Security+ builds upon concepts from A+ and Network+, creating a natural progression for those following CompTIA's certification path. For career-changers considering jumping straight to Security+, this episode provides valuable perspective on the assumed knowledge and preparation needed.The heart of this episode focuses on security controls – the safeguards and countermeasures organizations implement to protect their information systems. Professor JRod methodically breaks down the five functional categories: preventive controls that stop incidents before they occur, detective controls that identify security breaches, corrective controls that remediate problems, deterrent controls that discourage inappropriate behavior, and compensating controls that provide alternatives when primary controls aren't feasible. He also highlights the often-overlooked sixth category: directive controls that guide and influence secure behavior through policies and procedures.Beyond technical concepts, Professor J-Rod emphasizes the organizational structures that support effective security implementation. From the strategic oversight of the CISO to the hands-on work of security engineers and analysts, each role contributes uniquely to the protection of organizational assets. Perhaps most importantly, he stresses that communication skills form the foundation of successful IT security work – a lesson learned early in his career that continues to shape his approach to teaching. The episode concludes with practical application through scenario-based questions that reinforce key concepts, preparing listeners for both certification exams and real-world security challenges.Looking to boost your cybersecurity knowledge and prepare for Security+ certification? Follow Professor J-Rod on TikTok for visual explanations of these concepts and join us next time as we continue our exploration of CompTIA Security+ with Chapter 2.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod
Travis Schack is the Principal Security Researcher at Microsoft, and lead investigator for their incident response team. Cybercrime Magazine caught up with Schack, who previously served as CISO for the State of Colorado, at Black Hat USA 2025 in Las Vegas, Nevada, where he told us about what Microsoft is doing to combat today's vast cyber threat landscape. • For more on cybersecurity, visit us at https://cybersecurityventures.com
This episode was first published on 13/10/23.The role of chief information security officer is among the most important in any firm. CISOs shoulder a heavy burden, with responsibility for protecting their company's data, infrastructure, and associated assets.As the tech stack has grown, so too has the pressure on those in the role. CISOs have to shepherd technologies including machine learning, artificial intelligence, and edge computing.Gartner predicts that nearly half of all IT leaders could leave their roles by 2025, and CISOs are subject to the same talent shortages as the rest of the sector amidst a constant need to maintain oversight of a growing IT estate.In this episode, Jane is joined by Andrew Rose, resident CISO for EMEA at Proofpoint, to expand on how to be an effective CISO, and how the role is changing.For more information:Work-related stress “keeps cyber security professionals awake at night”CISO job description: What does a CISO do?Gartner: Nearly half of cyber leaders to leave roles over mounting stressFighting the ‘always on' culture that's savaging mental health in cyber securityGartner urges CISOs to adopt new forms of trust and risk management for AIWhat is ransomware?What is business email compromise (BEC)?96% of CISOs without necessary support to maintain cyber securitySix generative AI cyber security threats and how to mitigate them
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Justin Berman, formerly vp of platform engineering and CISO at Thirty Madison Health. In this episode: Maps without transportation The untouchable employee problem Attestation theater The lightbulb moment Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.
In this episode of Life of a CISO, Dr. Eric Cole dives deep into simplicity, time management, and the foundations of being a world-class Chief Information Security Officer. He explains how rebooting your life and career—just like you reboot a slow computer—can help clear distractions and focus on what truly matters. Dr. Cole also shares strategies for creating a strategic cybersecurity playbook, aligning with executives, setting risk tolerance, and reclaiming wasted time. Whether you're a seasoned CISO or aspiring to lead in cybersecurity, this episode is packed with actionable advice to improve your efficiency, influence, and impact. Learn how to: Reset your priorities and eliminate inefficiencies Track your time and focus on high-value activities Develop a strategic cybersecurity playbook Communicate your vision to executives Set risk tolerance that aligns with your organization Tune in and start transforming your approach to cybersecurity and leadership today.
We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think Random and Unscripted Weekly Update Podcast with Sean Martin and Marco Ciappelli__________________SummarySean and Marco dissect Black Hat USA 2025, where every vendor claimed to have "agentic AI" solutions. They expose how marketing buzzwords create noise that frustrates CISOs seeking real value. Marco references the Greek myth of Talos - an ancient AI robot that seemed invincible until one fatal flaw destroyed it - as a metaphor for today's overinflated AI promises. The discussion spirals into deeper concerns: are we becoming too dependent on AI decision-making? They warn about echo chambers, lowest common denominators, and losing our ability to think critically. The solution? Stop selling perfection, embrace product limitations, and keep humans in control. __________________10 Notable QuotesSean:"It's hard for them to siphon the noise. Sift through the noise, I should say, and figure out what the heck is really going on.""If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make things better.""We'll stop thinking and we won't use it as a tool to make our minds better, to make our decisions better.""We are told then that this is the reality. This is what good looks like.""Maybe there's a different way to even look at things. So it's kind of become uniform... a very low common denominator that is just good enough for everybody."Marco:"Do you really wanna trust the weapon to just go and shoot everybody? At least you can tell it's a human factor and that's the people that ultimately decide.""If we don't make decision anymore, we're gonna turn out in a lot of those sci-fi stories, like the time machine where we become dumb.""We all perceive reality to be different from what it is, and then it creates a circular knowledge learning where we use AI to create the knowledge, then to ask the question, then to give the answers.""We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head.""You're selling the illusion of security and that could be something that then you replicate in other industries." Picture this: You walk into the world's largest cybersecurity conference, and every single vendor booth is screaming the same thing – "agentic AI." Different companies, different products, but somehow they all taste like the same marketing milkshake.That's exactly what Sean Martin and Marco Ciappelli witnessed at Black Hat USA 2025, and their latest Random and Unscripted with Sean and Marco episode pulls no punches in exposing what's really happening behind the buzzwords."Marketing just took all the cool technology that each vendor had, put it in a blender and made a shake that just tastes the same," Marco reveals on Random and Unscripted with Sean and Marco, describing how the conference floor felt like one giant echo chamber where innovation got lost in translation.But this isn't just another rant about marketing speak. The Random and Unscripted with Sean and Marco conversation takes a darker turn when Marco introduces the ancient Greek myth of Talos – a bronze giant powered by divine ichor who was tasked with autonomously defending Crete. Powerful, seemingly invincible, until one small vulnerability brought the entire system crashing down.Sound familiar?"Do you really wanna trust the weapon to just go and shoot everybody?" Marco asks, drawing parallels between ancient mythology and today's rush to hand over decision-making to AI systems we don't fully understand.Sean, meanwhile, talked to frustrated CISOs throughout the event who shared a common complaint: "It's hard for them to sift through the noise and figure out what the heck is really going on." When every vendor claims their AI is autonomous and perfect, how do you choose? How do you even know what you're buying?The real danger, they argue on Random and Unscripted with Sean and Marco, isn't just bad purchasing decisions. It's what happens when we stop thinking altogether."If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make our minds better," Sean warns. We risk settling for what he calls the "lowest common denominator" – a world where AI tells us what success looks like, and we never question whether we could do better.Marco goes even further, describing a "circular knowledge learning" trap where "we use AI to create the knowledge, then to ask the question, then to give the answers." The result? "We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."Their solution isn't to abandon AI – it's to get honest about what it can and can't do. "Stop looking for the easy button and stop selling the easy button," Marco urges vendors on Random and Unscripted with Sean and Marco. "Your product is probably as good as it is."Sean adds: "Don't be afraid to share your blemishes, share your weaknesses. Share your gaps."Because here's the thing CISOs know that vendors often forget: "CISOs are not stupid. They talk to each other. The truth will come out."In an industry built on protecting against deception, maybe it's time to stop deceiving ourselves about what AI can actually deliver. ________________ Keywordscybersecurity, artificialintelligence, blackhat2025, agentic, ai, marketing, ciso, cybersec, infosec, technology, leadership, vendor, innovation, automation, security, tech, AI, machinelearning, enterprise, business________________Hosts links:
In this week's episode, we look at recent Microsoft Tech updates. By popular request, we're expanding the scope beyond just Azure to include Microsoft 365, Power Platform, and similar Microsoft platforms and capabilities. What's new? What's interesting? What's retiring?(00:00) - Intro and catching up.(04:15) - Show content starts.Show links- Create Tenant Level Service Health Alerts (preview) - Azure Monitor | Microsoft Learn- AKS Updates- What is Azure App Testing?- Azure 128 & 192 vCPU sizes- Azure Cloud HSM- GA: Network Security Perimeter- Two-way forest trusts for Entra DSFeedback - Give us feedback!
Dive deep into the critical aspects of an effective incident response plan. Our guests, Todd, the COO and CISO, and Nate, the Director of Cybersecurity, discuss the importance of having a well-defined, well-tested plan to handle security incidents. Discover key elements, including escalation paths, communication strategies, and preparation steps, to ensure your business can respond swiftly and efficiently to threats. Follow along as we explore real-world examples and share valuable insights on maintaining business resilience. Don't miss part two of this essential discussion coming next week!00:00 Introduction to Incident Response00:34 Key Elements of an Incident Response Plan01:59 Importance of Communication in Incident Response03:20 Preparation and Real-World Examples07:28 Challenges and Adaptability in Incident Response13:55 Testing and Improving Your Plan20:24 Emotional and Practical Aspects of Incident Response24:27 Conclusion and Next StepsResources: Master Tabletop Exercises: https://www.cit-net.com/mastering-incident-response-tabletop-exercises/ Your Role in Incident Response: https://www.cit-net.com/your-role-in-incident-response/ St Paul Cyber Incident: https://www.cit-net.com/city-of-st-paul-cyber-incident/ SonicWall Vulnerability: https://www.cit-net.com/sonicwall-vulnerability-breakdown/ Eliminate VPNS: https://www.cit-net.com/the-end-of-vpns/ NIST: https://csrc.nist.gov/projects/incident-response
Google now estimates that the specs for a Cryptographically Relevant Quantum Computer (CRQC), which can break conventional public key encryption in a useful amount of time, are lower than they had previously estimated…by 95%. Given the breadth and pace of advancement in quantum computing, this makes the advent of the CRQC likely to happen years... Read more »
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
This episode is a family-friendly extravaganza as we unpack the secrets to secure digital parenting. We're joined by Alanna Powers, a research specialist from the renowned Family Online Safety Institute (FOSI).
Welcome back to To the Point Cybersecurity Podcast, brought to you by Forcepoint! In this week's episode, co-hosts Rachael Lyon and Jonathan Knepher continue their conversation with Russell Teague, CISO at Fortified Health Security and a contributor to the White House National Cybersecurity Healthcare Strategy. With over three decades of experience spanning healthcare, tech, pharma, and finance, Russell dives deep into the current state of cybersecurity in the healthcare sector. In this insightful Part 2, the trio unpacks hot topics like the HIPAA Security Rule update, how budget uncertainty is creating decision paralysis for healthcare organizations, and the real-world impact this has on cyber preparedness. Russell discusses the importance—and challenges—of moving toward a secure-by-design approach for medical devices, the complexities of third-party and even fourth- and fifth-party risk, and why building strong vendor relationships and risk management programs has never been more critical. Looking to the future, they also tackle the role of AI and workforce shortages in healthcare cybersecurity, highlighting how AI could help close the security gap and how new talent—whether from the military, clinics, or other backgrounds—can find a path into this essential field. If you're interested in where healthcare cybersecurity is heading and want practical advice straight from a top expert, this episode is packed with insights you won't want to miss. Be sure to hit that subscribe button so you never miss an episode of To the Point Cybersecurity! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e346
Google now estimates that the specs for a Cryptographically Relevant Quantum Computer (CRQC), which can break conventional public key encryption in a useful amount of time, are lower than they had previously estimated…by 95%. Given the breadth and pace of advancement in quantum computing, this makes the advent of the CRQC likely to happen years... Read more »
In this week's Security Squawk Podcast, hosts Bryan Hornung and Randy Bryan deliver an unfiltered breakdown of the week's most pressing cybersecurity headlines. We're talking about the Workday breach that exposed Salesforce customer data without a single file encrypted—just stolen credentials and surgical precision. Next up, we expose how Akira ransomware is turning cybercrime into marketing warfare, publicly naming and shaming victims in a bold bid to force ransom payouts. Finally, we tackle a brutal stat making waves across the industry: 25% of CISOs are replaced following a ransomware attack. If you're in cybersecurity leadership—or aiming to stay out of the headlines—this episode is your playbook for resilience. Packed with blunt analysis, leadership lessons, and real-world implications, this is one you'll want to share with your entire exec team. ☕ Like what you hear? Support the podcast: buymeacoffee.com/securitysquawk Workday breach, Salesforce breach, ransomware leak sites, Akira ransomware tactics, cybersecurity leadership, CISO turnover, cloud data security, Security Squawk Podcast ️ New to streaming or looking to level up? Check out StreamYard and get $10 discount! https://streamyard.com/pal/d/65161790...
In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders. Chapters 00:00 Introduction and Welcome 00:59 The SolarWinds Incident Unfolds 03:13 Understanding the Attack and Response 04:04 The Role of SVR and Supply Chain Security 10:43 Technical Details of the Attack 14:56 Compliance and Reporting Challenges 19:24 Rebuilding Trust and Personal Impact 22:06 CISO Concerns and Company Support 22:14 Legal Challenges and Company Expenses 23:40 SEC Charges and Legal Proceedings 29:35 Supply Chain Security and Vendor Assurance 35:47 CISO Accountability and Industry Standards 39:41 Final Thoughts and Advice for CISOs
Agentic AI is moving from hype to reality, reshaping how enterprises operate, and how cyber defenders must adapt. In this CyberTalks episode, Mark Gillett (Chief Product Officer, eSentire) is joined by Ben Wilde (Head of Innovation, Georgian) to break down the risks, reliability challenges, and opportunities presented by autonomous AI agents.In this episode, we explore:How AI agents expand the enterprise attack surfaceWhy “agent security” may soon be its own disciplineGuardrails security leaders need before adoptionThe balance between automation and human oversight in the SOCA practical crawl–walk–run model for implementing agentic AIIf you're a CISO, SOC architect, or IT leader, this episode will help you cut through the hype and prepare your team for the next frontier of AI-driven cybersecurity.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO
In an industry where technology often takes the spotlight, Deidre Diamond, Founder and CEO of CyberSN, and Carraig Stanwyck, CEO and former Fortune 200 CISO, are making the case for a shift in focus—one where people, not just tools, drive operational success.Deidre's journey began in cyber talent matching, where she saw firsthand the persistent workforce challenges organizations face—burnout, retention struggles, and a lack of career planning. These challenges inspired the creation of a workforce risk management practice designed to quantify and address the human side of cybersecurity. The approach goes beyond staffing—it maps skills, capabilities, and job alignment in real time, enabling leaders to strategically plan their workforce instead of reacting to turnover.Carraig's perspective as a leader building teams across government, startup, and enterprise environments reinforces the message: “If you get the people right, everything else comes together.” Even leaders already committed to employee engagement often lack the visibility to fully understand capability gaps, skill utilization, and role misalignment. Carraig describes how moving from static spreadsheets to a dynamic platform revealed hidden opportunities—such as repositioning talent into roles that better matched their strengths—while also giving executives a clear capability-to-staffing view.This real-time insight changes everything. Leaders can create accurate job descriptions based on actual needs, build stronger business cases for budgets, and proactively plan for growth. The results aren't just operational—employees feel invested in, leading to greater fulfillment, better retention, and improved professional efficacy.Both Deidre and Carraig emphasize that this approach isn't just about solving today's staffing needs. It's about preparing for a future where emotional intelligence, creative collaboration, and adaptability will be more critical than ever. As AI takes on repeatable tasks, the human ability to think strategically, work cohesively, and innovate will define success.The takeaway is clear: cybersecurity's greatest asset isn't a piece of technology—it's a workforce that's understood, empowered, and aligned with the mission.Learn more about CyberSN: https://itspm.ag/cybersn-476941Note: This story contains promotional content. Learn more.Guests:Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/ResourcesLearn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersnLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management
In this episode of Life of a CISO, Dr. Eric Cole dives deep into one of the most important yet often overlooked success principles for security leaders: simplicity. Drawing from decades of experience as one of the first CISOs before the title even existed, Dr. Cole explains why going back to the basics is critical for both personal growth and organizational success. He explores the growing demand for skilled CISOs, how to position yourself for top leadership roles, and why communication and rapport—not just technical skills—are the true differentiators for advancement. Using powerful real-world examples, career planning strategies, and a practical exercise to strengthen executive relationships, this episode equips you to not only accelerate your career but also make cybersecurity a business enabler.
Send us a textWhile we generally don't shy away from politics when it comes to data protection and privacy rights, the conflict in Gaza is not a topic that we would quickly raise on the podcast. Unless data protection plays a role, which it now does.On this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal enter a dimension not seen before on the podcast - a plea for human rights related to Israel and Gaza. The immediate reason for our discussion are two news reports: the registration requirement for humanitarian aid organisations imposed by the Israeli government, and the mass surveillance of phone communications in the Palestinian territories.We recognise this topic is divise, and may not be to everyone's liking. If that is you, maybe skip this week's episode. Sources:https://www.theguardian.com/world/2025/aug/06/microsoft-israeli-military-palestinian-phone-calls-cloudhttps://autoriteitpersoonsgegevens.nl/en/current/ap-aid-organisations-cornered-due-to-israeli-requirement-to-provide-personal-data If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.From zero-day vulnerabilities and machine identity risks to AI-powered attacks and insider threats, Ian shares practical strategies drawn from his experience in military intelligence, offensive cyber operations, and corporate security leadership. Learn how to build resilience, translate cyber risk into business outcomes, and lead with mission-driven clarity in a threat landscape that never slows down.
Please enjoy this encore of Career Notes. Chief Executive Officer and Founder of TAG Cyber, Ed Amoroso, shares how he learned on the job and grew his career. In his words, Ed "went from my dad having an ARPANET connection and I'm learning Pascal, to Bell Labs, to CISO, to business, to quitting, to starting something new. And now I'm riding a new exponential up and it's a hell of a ride." Hear from Ed how he sees security as a side dish that you'll progress into naturally once you've paid your dues and mastered a skill like networking, software or databases. We thank Ed for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices