Podcasts about ciso

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel. In this episode: Beyond the click High-risk users demand different metrics Building engagement over punishment Creating a security culture through community Huge thanks to our sponsor, Doppel Doppel is protecting the world's digital integrity. Impersonators adapt fast — but so does Doppel. By pairing AI with expert analysis, we don't just detect deception; we dismantle it. Our platform learns from every attack, expands its reach across digital channels, and disrupts threats before they cause harm. The result? Impersonators lose. Businesses become too costly to attack. And trust stays intact. Learn more at https://www.doppel.com/

JC Gaillard continues to revisit the "First 100 Days of the New CISO" and explains why understanding culture and context from the start is more important than early action

When cybercriminals lock up a children's hospital, denying treatment to kids with cancer, you realize just how dark the world of ransomware has become. Healthcare isn't just another target, it's the lifeline of our society, and it's under siege. In this episode of the Thales Security Sessions, Dr. Adrian Mayers, CISO of Premera Blue Cross, joins me to expose the reality of this growing “feeding frenzy” of cyberattacks on healthcare, the rise of AI-driven threats, and what it truly takes to defend the systems, and the people, who keep us alive. It is a lesson on the human element of defense that can be applied to any industry.

Send us a textJoin us on this episode of Serious Privacy, as Paul Breitbarth and Ralph O'Brien present the breaking news and hot events in data protection and privacy while Dr. K Royal was out this week. Tune in for a great discussion and catch up! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

This week, we review the Microsoft Digital Defense report 2025. We did the same for 2024 and 2023, so this time we'll look at what's interesting in the report and what to focus on from a security perspective.(00:00) - Intro and catching up.(03:40) - Show content starts.Show links- Microsoft Digital Defense Report 2025- Ctrl+Alt+Azure: Episode 275: Microsoft Digital Defense Report 2024- Ctrl+Alt+Azure: Episode 210: Microsoft Digital Defense Report 2023- HackTheBox- Give us feedback!

In this special Cybersecurity Awareness Month episode of the Tech for Business podcast, Todd (COO and CISO) and Nate (Director of Cybersecurity) discuss the importance of critical infrastructure and its relationship to cybersecurity. They provide insights into what constitutes critical infrastructure, the impact of legacy systems, and the foundational best practices for cybersecurity. Key highlights include the significance of multifactor authentication, password security, network segmentation, and the role of culture in cybersecurity measures. Whether you are a private business owner or part of critical infrastructure, this episode offers practical advice and strategies to enhance your cybersecurity posture.00:00 Introduction to Critical Infrastructure and Cybersecurity00:34 Defining Critical Infrastructure01:26 Impact of Critical Infrastructure on Daily Life02:15 Identifying Critical Infrastructure04:23 Cybersecurity Best Practices05:36 Challenges in Securing Legacy Systems07:32 Password Security and Common Mistakes10:02 Approaching Legacy Systems: Patch or Replace?15:51 Barriers to Improving Security19:27 Practical Advice for Dealing with Legacy Systems21:40 Conclusion and Future TopicsSources: https://www.cbsnews.com/news/china-hacking-us-critical-infrastructure-retired-general-tim-haugh-warns-60-minutes-transcript/https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors

　世界16か国1,600人のCISOを対象に行ったアンケート調査をもとに作成された最新のレポートは、課題、優先事項、役割の進化する性質に関する知見を提供しています。7つの主要テーマに関して、最も注目したい所見を紹介します。

Privacy is one of the most universally valued rights. Yet, despite its importance, data breaches exposing millions of people's sensitive information have become routine. Many have come to assume that their personal data has already been, or inevitably will be, compromised. Despite this reality, prioritizing privacy is more important than ever. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Kristy Westphal, the Global Security Director of Spirent Communications, to explore data privacy's impacts on cybersecurity efforts. Together, Kristy and Kim discuss why privacy cannot be an afterthought but rather must be something actively addressed through proactive security efforts, shifting security culture mindsets, and staying ahead of rapidly changing technologies. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response —
so you can see the full picture: what's connected, what's at risk,
and what needs immediate action. Learn more at https://vorlon.io/

On this episode, host Kim Jones is joined by Ethan Cook, N2K's lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about Meter. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ever wondered how easy it is to hack a car?

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

This episode of the Blue Dragon podcast features Jason Brown, a seasoned cybersecurity leader, former CISO/vCISO, and author, discussing his book, "Unveiling NIST Cybersecurity Framework 2.0". The conversation centers on the NIST CSF 2.0, emphasizing the critical addition of the "Govern" function. Jason frames the CSF as an excellent introductory framework for building a cybersecurity program, often used in conjunction with the Center for Internet Security (CIS) controls. A key theme is moving cybersecurity beyond a technical "IT problem" and a "checkbox exercise" to a strategic business value driver that builds trust and unlocks revenue. Both speakers highlight the growing global focus on supply chain security (NIST CSF, NIS2, DORA) and the rising personal liability and accountability for CISOs and executives in the US and Europe. The discussion concludes with a deep dive into the importance of a well-structured three-layered documentation approach (Policy, Standard, and Procedure) and a formalized document lifecycle to maintain organizational security maturity.LINKS➰ https://bluedragonpodcast.com➰ linkedin.com/in/jasonbrown17➰ jason@jasonbrown.us➰ https://jasonbrown.us➰ Book: bit.ly/Unveiling-NISTCHAPTERS(00:00:00) 00:00:00 Introduction (Guest: Jason Brown, Author) (00:03:39) Guest Background & Path to Writing NIST CSF 2.0 Book (00:05:20) Core of NIST CSF 2.0: The addition of the 'Govern' function (00:06:34) Primary Driver for CSF 2.0: Supply Chain Governance (00:08:05) CSF's Role: An introductory framework, often paired with CIS Controls (00:09:21) Security as a Value Driver: Moving past compliance for revenue and trust (00:11:48) CISO's Role: Building relationships for program and financial support (00:14:00) Common Mistakes: Failing to assess gaps or focus on the 'how' (00:15:48) Overview of the Six CSF Functions (Govern, Identify, Protect, Detect, Respond, Recover) (00:17:43) Prioritizing Governance: It is the hardest step due to changing people (00:19:32) Overcoming Governance Hurdles: Dialogue with Executive Leadership Teams (ELT) (00:21:20) Executive Accountability: Personal liability and fines (US SEC, EU NIS2) (00:25:54) Communicating Value: Use Enterprise Risk instead of technical jargon (00:27:53) Security as a Business Problem: Not just an IT problem (Jaguar example) (00:30:41) Engaging Leaders: Involving department heads in identifying critical assets (ID.BE) (00:32:19) Future CSF Evolution: Expected integration of AI and emerging technologies (00:33:36) Three-Layered Documentation: Policy (what), Standard (guidelines), Procedure (how-to) (00:37:05) The Open Policy Framework: Jason's structured documentation approach (00:38:02) Document Lifecycle: Annual review prevents reliance on outdated, breakable standards (00:40:04) Personal Updates: Break from writing for family time (00:40:29) Automotive Industry Security: Brief mention of OT concernsKEYPOINTS1. NIST CSF 2.0's "Govern" function is key for a complete cyber program; it is the most critical starting point due to the challenge of changing people.2. Cybersecurity must be framed as a business value driver and revenue generator, moving past a simple compliance checklist mentality.3. The CISO's role is strategic: acting as a business enabler by communicating security needs via enterprise risk to the ELT.4. Global regulations (NIS2, SEC) are increasing personal liability for executives, making robust governance mandatory, not optional.5. A strong governance structure uses three distinct layers: Policy (public commitment), Standard (confidential guidelines), and Procedure (technical configuration).6. Security documents must have a formal lifecycle with annual reviews to ensure standards remain current and effective against threats.

Everyone is racing to build AI. Almost no one is securing it end to end. I sat down with Vidya Shankaran, CISSP, Field CTO, Commvault and we talked about the real picture. AI risk is not just about models. It is about data, access, and clean recovery. Most teams are missing the biggest gaps.We covered:• The top AI security threats right now and where teams underestimate risk• The AI stack no one is securing in practice• If a CISO asks where to start and how to prioritize controls• Why traditional data access governance is broken• What is at stake if enterprises do not modernize access to sensitive data• How Satori delivers faster access with tighter control• How Commvault protects AI end to end and even recovers vector indexes and configs after an incidentWe also talked about SHIFT 2025 in New York on Nov 11–12. This event will bring together AI security, data access, and resilience with real answers.In-person: https://lnkd.in/dZ6t8nbY?If you cannot attend in person, there is a full virtual experience on Nov 19.Virtual: https://lnkd.in/dz8yhf-cThis was a raw and tactical conversation. If you care about building AI that moves fast with control, you should watch it.SHIFT will set the tone for how enterprises secure AI in 2025.#data #ai #security #shift2025 #theravitshow

In this episode of CISO Tradecraft, G Mark Hardy and Ross Young dive into part two of their series on cybersecurity budgets. Continuing from where they left off, they discuss the OWASP Threat and Safeguard Matrix (TaSM), effective protection scoring, and practical strategies to enhance your budget management as a CISO. Learn about the importance of understanding material threats, leveraging AI, and employing tools like murder boards to optimize security practices. Ross also shares inside tips for negotiating master service agreements and improving organizational processes, all aimed at making you a more effective security leader.

Link to episode page This week's edition of The Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, operating partner and CISO, Craft Ventures, and Sasha Pereira, CISO, WASH Thanks to our show sponsor, ThreatLocker If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questions—always when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com

"5G is becoming a great enabler for industries, enterprises, in-building connectivity and a variety of use cases, because now we can provide both the lowest latency and the highest bandwidth possible,” states Ganesh Shenbagaraman, Radisys Head of Standards, Regulatory Affairs & Ecosystems.In the recent episode of the Tech Transformed podcast, Shubhangi Dua, Podcast Host, Producer, and Tech Journalist at EM360Tech, speaks to Shenbagaraman about 5G and edge computing and how they power private networks for various industries, from manufacturing, national security to space.The Radisys' Head of Standards believes in the idea of combining 5G with edge computing for transformative enterprise connectivity. If you're a CEO, CIO, CTO, or CISO facing challenges of keeping up the pace with capacity, security and quality, this episode is for you. The speakers provide a guide on how to achieve next-gen private networks and prepare for the 6G future. Real-Time ControlThe growing need for real-time applications, such as high-quality live video streams and small industrial sensors with instant responses, demands data processing to occur closer to the source than ever before. Alluding to the technical solution that provides near-zero latency and ensures data security, Shenbagaraman says:"By placing the 5G User Plane Function (UPF) next to local radios, we achieve near-zero latency between wireless and application processing. This keeps sensitive data secure within the enterprise network."Such a strategy has now become imperative in handling both high-volume and mission-critical low-latency data all at the same time. Radisys addresses key compliance and confidentiality issues by storing the data within a private network. Essentially, they create a safe security framework that yields near-zero latency to guarantee utmost data security.Powering Edge Computing ApplicationsThe real-world benefit of this zero-latency setup is the power it gives to edge computing applications. As the user plane function is the network's final data exit point, positioning the processing application near it assures prompt perspicuity and action."The devices could be sending very domain-specific data,” said Shenbagaraman. “The user plane function immediately transfers it to the application, the edge application, where it can be processed in real time."It reduces errors and improves the efficiency of tasks through the Radisys platform, with the results meeting all essential requirements, including compliance needs.One such successful use case spotlighted in the podcast is the Radisys work with Lockheed Martin's defence applications. "We enabled sophisticated use cases for Lockheed Martin by leveraging the underlying flexibility of 5G,” the Radisys speaker exemplified. Radisys team customised 5G connectivity for the US defence sector. It incorporated temporary, ad-hoc networks in challenging terrains using Internet Access Backhaul. It also covered isolated, permanent private networks for locations such as maintenance...

In this AMA edition of DailyCyber, I explore the challenges and opportunities defining the next wave of cybersecurity leadership.From AI threats to emotional intelligence, this session breaks down what's shaping 2025's security landscape — and how to stay ahead. 

In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful stories, practical advice, and a deep dive into the realities of cybersecurity for businesses of all sizes. 00:00 The Urgency of Cybersecurity 00:33 Introduction to the Podcast 01:00 Meet Graham Berry: A White Hat Hacker 01:31 Graham's Journey into Technology 04:04 From Technology to Cybersecurity 05:49 The Reality of Cyber Threats for Small Businesses 10:44 The Importance of Cyber Insurance 14:23 Engaging with Clients on Cybersecurity 17:08 Turning Around a Reluctant Client 20:10 The Growing Demand for Cyber Coverage 22:12 Third Party Risk Management 22:50 Effective Tabletop Exercises 23:58 Engaging Executives in Cybersecurity 26:43 Importance of Cyber Insurance 28:33 Successful Recovery Stories 34:16 Challenges with AI in Security 38:57 Looking Forward in Security 40:21 Conclusion and Farewell

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests David Cross, CISO, Atlassian, and davidcrosstravels.com, and Montez Fitzpatrick, CISO, Navvis Thanks to our show sponsor, ThreatLocker Imagine having the power to decide exactly what runs in your IT environment — and blocking everything else by default. That's what ThreatLocker delivers. As a zero-trust endpoint protection platform, ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats — stop them with ThreatLocker. All links and the video of this episode can be found on CISO Series.com

In this episode of the Cyber Uncut podcast, Daniel Croft and David Hollingworth touch on the latest in AI and how state governments are regulating its use, the Qantas leak and the 5 million people impacted, and we chat about major cyber attacks with SolarWinds CISO Tim Brown. Croft and Hollingworth begin by discussing the fight that CBA has ignited with the Finance Sector Union and former staff after they botched an AI rollout. The pair then discuss the massive Qantas hack, the 5 million people affected and the identity of the hackers behind it. The podcast then cuts to a chat between Hollingworth and SolarWinds' CISO, Tim Brown, who provides a deep insight as to what it's like being in the middle of a major cyber attack. Finally, the two discuss the social media age ban once again, with the government now having launched an education campaign. Enjoy the episode, The Cyber Uncut team

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today's CISO must be a radical collaboratorCarl's story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Send us a textOn this week of Serious Privacy, Dr. K Royal connects with Tash Whitaker to cover all things top of mind in data protection. Paul Breitbarth and Ralph O'Brien were out, so Tash and K hit the microphone unfettered! Join us as we discuss DSARs, AI, and more - in the run up to the Privacy Space in London in less than a month away. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

In this episode of Life of a CISO, Dr. Eric Cole breaks down what truly separates good CISOs from world-class ones — the ability to align cybersecurity strategy with the core business mission. He explains that understanding what business your organization is really in is the foundation of effective security leadership. Using real-world examples, Dr. Cole highlights how CISOs must adapt their security priorities based on organizational goals, whether it's stabilizing growth, driving acquisitions, or enhancing customer experience. He challenges the outdated view that security and business efficiency are at odds, emphasizing instead that cybersecurity should be a business enabler — efficient, cost-effective, and even profitable. Dr. Cole also explores critical areas like asset visibility, reducing attack surfaces through simplification, and aligning budgets to the CIA triad (confidentiality, integrity, availability). The episode wraps up with actionable insights on executive communication, including how to present cyber risk in business language using a simple, four-column “magic slide”: what could happen, likelihood of occurrence, cost if it happens, and cost to fix it. Dr. Cole's message is clear — world-class CISOs think like executives first, technologists second.  

Carl Maycock is the head of IT at the Aston Villa Football Club. In this episode, he joins host Charlie Osborne and Greg Crowley, CISO at eSentire, to discuss cyber resilience in the context of professional sports, including the unique challenges posed, the Premier League's cybersecurity standards, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

In this episode, host Jason Kikta talks with Dmitri Alperovitch – CrowdStrike co-founder and chairman of the Automox board – about how speed and precision define modern cyber defense. Alperovitch explores how the OODA loop (Observe–Orient–Decide–Act), a concept rooted in military strategy, can help IT and security teams detect, respond, and adapt to threats in real time.They discuss why cloud-native automation is essential for staying ahead, how to close gaps between IT and security teams, and what happens when organizations react too slowly. Drawing on decades of experience in cybersecurity and threat intelligence, this conversation challenges you to rethink what it means to be fast enough to defend your environment.This episode originally aired on June 13, 2024.

JC Gaillard revisits under a leadership lens the "First 100 Days of the New CISO" paradigm that was explored at length in Series 3 of the podcast

A world renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole – founder and CEO of Secure Anchor – helps organizations curtail the risk of cyber threats. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. In this episode, Dr. Cole and host Scott Schober discuss the impact of artificial intelligence on being a CISO. To learn more about our sponsor, visit https://drericcole.org

In this week's episode, we look at recent Microsoft Tech updates. By popular request, we're expanding the scope beyond just Azure to include Microsoft 365, Power Platform, and similar Microsoft platforms and capabilities. What's new? What's interesting? What's retiring?(00:00) - Intro and catching up.(04:40) - Show content starts.Show links- Public preview: VM Customization in Azure: Disable Multithreading & Constrained Cores- Containerization Assist (GitHub)- Microsoft Azure Migration Hub- Private Link service Direct ConnectFeedback - Give us feedback!

On this episode, host Kim Jones is joined by Ethan Cook, N2K's lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. Learn more about your ad choices. Visit megaphone.fm/adchoices

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understand how... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When EDR gets knocked out Red flags in vendor theater Configuration chaos The sticker problem Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understand how... Read more »

Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with our guest Dr. Keri Pearlson, MIT Sloan School of Management. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   HBR Article -- https://hbr.org/2023/10/a-tool-to-help-boards-measure-cyber-resilience   LinkedIn -- https://www.linkedin.com/in/kpearlson/   Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta

Send us a textOn this episode of Serious Privacy, hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal bring you a full week in privacy and data protection featuring new laws, new decisions, and new enforcement. We span from Pay to Play, to children's privacy, to California's Frontie AI - tune in... it's a hot one! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Anton Chuvakin is the Security Advisor at Office of the CISO, Google Cloud. In this episode, he joins host Amanda Glassner and Brandon Daniels, CEO at Exiger, to discuss how AI is reshaping software supply chain defense. Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers through its software and tech-enabled solutions. To learn more about our sponsor, visit https://exiger.com.

What happens when Apple Vision Pro meets enterprise AI? In this episode of The Audit, Alex Bratton—applied technologist and AI implementation expert—joins hosts Joshua Schmidt and Nick Mellem to reveal how spatial computing and artificial intelligence are colliding to reshape how we work. From conducting million-dollar sales meetings in virtual reality to building AI governance frameworks that actually work, Alex breaks down the cutting-edge tech that's moving faster than most organizations can keep up. This isn't theoretical innovation—it's practical implementation. Alex shares real-world examples of pharmaceutical reps training with AI-powered virtual doctors, airlines redesigning airport gates in spatial environments, and manufacturing teams using Vision Pro for secure work on confidential documents at 30,000 feet. If you've been skeptical about AR/VR or overwhelmed by AI adoption, this conversation delivers the clarity you need to make informed decisions for your organization. Key Topics: Why Apple Vision Pro is the "iPhone 1 moment" for spatial computing and what that means for enterprise security The three categories of AI tools: reactive assistants, task-based agents, and goal-oriented digital employees How to build AI governance frameworks without crushing innovation or falling behind competitors Real security concerns with AI tools and which vendors are actually protecting your data Why mid-market companies are outpacing Fortune 500s in AI adoption—and what that means for your industry Practical strategies for baking AI into company culture without triggering employee resistance The critical difference between free AI tools that steal your data and paid platforms that protect it Whether you're a CISO evaluating AI tools, an IT director building governance policies, or a security professional trying to stay ahead of threats, this episode delivers actionable intelligence you can implement today. The AI revolution isn't coming—it's already here. The question is whether your organization will lead or get left behind. #cybersecurity #infosec #AI #VR #AppleVisionPro

Welcome to Episode 4 of the Marketing Strategies for 2026 series by Exposure Ninja.Catch the full Marketing Strategies for 2026 series

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Tom Hollingsworth, networking technology advisor, The Futurum Group, as well as on BlueSky, and Brett Conlon, CISO, American Century Investments Thanks to our show sponsor, Vanta What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" ….or the really scary one: "how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep. Get started at vanta.com/headlines All links and the video of this episode can be found on CISO Series.com

All links and images can be found on CISO Series. Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components.  And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" by Evgeniy Kharam we referenced in this episode. In this episode: Beyond the technical playbook Influencing without authority Partnering, not just selling The deliberate work of connection Thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. https://www.hackerone.com/report/future-of-ai?utm_medium=Paid-Newsletter&utm_source=cisoseries&utm_campaign=Parent-FY25-AIAwarenessCampaign-GL

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

In this high-speed episode of Life of a CISO, Dr. Eric Cole welcomes Ben Wilcox, a rare dual-role executive serving as both CISO and CTO at ProArch — and a race car driver to boot. Ben shares his 30-year journey from building websites in the early internet days to leading enterprise security and technology strategy today. Dr. Cole and Ben dive into the challenges and opportunities of balancing technical innovation with cybersecurity, how to win executive support for security investments, and how to leverage AI for productivity. Ben also drops valuable advice for aspiring CISOs, emphasizing the power of saying “yes” to new challenges, building business-aligned security strategies, and continuously learning. This episode is packed with practical insights on executive communication, risk quantification, AI in cybersecurity, and even how lessons from the racetrack apply to the boardroom.  

Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spreadsheets and let the power of AI streamline your compliance and risk program. In the leadership and communications segment,Is the CISO chair becoming a revolving door?, When Integrity Collides with Bureaucracy: The Price of Leadership in Cybersecurity — and Why Walking Away Can Be the Bravest Act!, Improve Communication With Others By Talking Less — Not More, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-417

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

In times of major change–whether in IT or the economy–organizations should take a fresh look at their sourcing strategy. Companies outsourcing key functions need to re-examine the reasoning and scrutinize the results. The same goes for in-house functions. IT leaders need to ask: is our sourcing strategy in line with our current corporate and IT... Read more »

How is the transition to passkeys going in 2025?

The Export-Import Bank of the United States (EXIM) facilitates trades of exports of goods and services and, in doing so, deals with massive troves of data. From the Billington Cybersecurity Summit, EXIM CISO, Chief Privacy Officer, and Deputy Chief AI Officer Darren Death tells CyberCast that his agency is centralizing data about user access and behavior to detect potential cyber threats. Death says that balancing cybersecurity with privacy remains a challenge, especially in complex IT ecosystems involving financial institutions. He stresses the need to “shift left” by embedding privacy and security requirements early in the development lifecycle and include business leaders in conversations about cybersecurity, privacy and usability. He also says that the EXIM is using generative AI to simulate incident response scenarios, escalating threats to test team readiness. Death adds that EXIM is positioning AI as a force multiplier rather than a job threat.  

International law enforcement take down the Breachforums domains. Researchers link exploitation campaigns targeting Cisco, Palo Alto Networks, and Fortinet. Juniper Networks patches over 200 vulnerabilities. Apple and Google update their bug bounties. Evaluating AI use in application security (AppSec) programs. Microsegmentation can contain ransomware much faster and yield better cyber insurance terms. The new RondoDox botnet exploits over 50 vulnerabilities. Researchers tag 13 unpatched Ivanti Endpoint Manager flaws. Our guest is Jason Manar, CISO of Kaseya, sharing his insight into how the private and public sectors can work together for national security. Hackers mistake a decoy for glory.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by ⁠Jason Manar⁠, CISO of ⁠Kaseya⁠, sharing his insight into how the private and public sectors can/must work together for national security. Selected Reading FBI takes down BreachForums portal used for Salesforce extortion (Bleeping Computer) Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign (SecurityWeek) Juniper Networks Patches Critical Junos Space Vulnerabilities (OffSeq)   Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits (WIRED) Google Launches AI Bug Bounty with $30,000 Top Reward (Infosecurity Magazine) In AI We Trust? Increasing AI Adoption in AppSec Despite Limited Oversight (Fastly) Reducing Risk: Microsegmentation Means Faster Incident Response, Lower Insurance Premiums for Organizations (Akamai) RondoDox Botnet Takes ‘Exploit Shotgun' Approach (SecurityWeek) ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities (SecurityWeek) Pro-Russian hackers caught bragging about attack on fake water utility (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices