Podcasts about ciso

Love a hot take?

In the digital era, cybersecurity plays a critical role in business, especially banking, as transactions, data, and customer interactions increasingly rely on technology. Beyond protecting financial and personal information from growing cyber threats, cybersecurity teams help build secure yet seamless systems that enable smooth transactions and support long-term customer trust.When implemented effectively, cybersecurity moves beyond being a passive defense function and becomes a strategic enabler, helping banks improve customer experience and maintain competitiveness in a digital-first environment.To explore this role further, Vietnam Innovators Podcast – Episode 371 features a conversation with Sandro Bucchianeri, Group Chief Security Officer at NAB.With more than 25 years of experience in cybersecurity, including 15 years in executive leadership roles such as CISO and CSO, Sandro has worked with multinational organizations, led global teams, and delivered large-scale strategic transformation programs. Combining deep expertise in risk management, security, and legal frameworks with an innovative mindset, he shares a clear and practical perspective on why cybersecurity matters—not only for organizations, but also for customer trust and experience in the digital age.Listen to this episode on YouTubeAnd explore many amazing articles about the pioneers at: https://vietcetera.com/vn/bo-suu-tap/vietnam-innovatorFeel free to leave any questions or invitations for business cooperation at hello@vni-digest.com

Michael Centrella is the Head of Public Policy at SecurityScorecard. In this episode, he joins host Paul Spaulding and Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud, to reflect back on 2025 and look ahead to 2026 in terms of cybersecurity. SecurityScorecard's mission is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risk to their boards, employees, and vendors. Learn more about our sponsor at https://securityscorecard.com

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com

Federal agencies are increasingly data-driven, but the challenge lies in integrating, securing and operationalizing vast amounts of information. In this episode, experts explore how AI and analytics are transforming decision-making, enhancing situational awareness and improving mission readiness.  Kurt Steege, CTO ThunderCat Technology, Bart Larango, Federal Strategic Industry Advisor at Splunk, Daniel Buchholz, Red Cell Section Chief for the U.S. Department of State and Mark Canter, CISO at the U.S. Government Accountability Office discuss data security risks, ethical AI considerations and real-world use cases where agencies are leveraging AI for operational success.

Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Larry Zorio, CISO from Mark43, to discuss first responders sounding the alarm on insider cyber risks. To see the full report, check it out here. Selected Reading HPE warns of maximum severity RCE flaw in OneView software (Bleeping Computer) China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear (SecurityWeek) Google Chrome patches two high severity vulnerabilities in emergency update (Beyond Machines) France arrests 22-year-old over Interior Ministry hack (The Record) France arrests Latvian for installing malware on Italian ferry  (Bleeping Computer) FBI dismantles alleged $70M crypto laundering operation (The Register) SonicWall Patches Exploited SMA 1000 Zero-Day (SecurityWeek) Zeroday Cloud hacking event awards $320,0000 for 11 zero days (Bleeping Computer) Senator Presses EHR Vendors on Patient Privacy Controls (Govinfosecurity) A nonprofit is paying hackers to unlock devices companies have abandoned (TechSpot) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

In this episode of Life of a CISO, Dr. Eric Cole explains why world-class CISOs must think like chief officers—not technicians. Drawing from boardroom experience and real-world cyber events, he breaks down the three threats executives are most concerned about heading into 2026: ransomware, cloud failures, and AI. Dr. Cole unpacks why the Land Rover Jaguar ransomware attack marked a turning point in cybersecurity, showing how a single breach can impact an entire national economy. He also highlights the growing over-reliance on cloud providers, referencing major AWS and Microsoft outages, and warns that organizations are rolling out AI without understanding data leakage, hallucinations, or business risk. At the core of the discussion is a powerful, concise definition of cybersecurity—and why most organizations still get it wrong. Dr. Cole explains why not knowing your critical data is the root cause behind ransomware exposure, cloud outages, and reckless AI adoption. He closes with what he believes should be the #1 cybersecurity priority for 2026: a complete data and asset inventory. This episode is a must-watch for CISOs, executives, and board members who want clarity, credibility, and control in an increasingly risky digital world.  

As we approach 2026, the promise of artificial intelligence across Southeast Asia and Hong Kong is palpable, driven in part by aspirations for unparalleled efficiency and innovation. Yet, for AI to truly deliver on this promise for business leaders, a critical threshold of trust and security must be crossed. The emergence of agentic AI—autonomous systems that can act, access data, and execute tasks—represents both the pinnacle of this potential and its greatest peril. With the region's rapid digital acceleration and complex regulatory tapestry, securing these agents from large-scale data breaches and operational disruption is no longer a future consideration; it is the definitive security mandate for 2026. The journey from hype to secured value depends on the governance, design, and vigilance we enact today.FutureCISO spoke to Ray Canzanese, director of Netskope Threat Labs, about the approaches the things that need to happen for AI to deliver on its promises in 2026.Questions:   1.       What is the most interesting observation you've seen in 2025?2.       As ASEAN releases its AI Guide and regional regulations evolve, what should be the priority for a CISO building a governance framework for agentic AI in 2026?3.       Why does agentic AI fundamentally change the cyber risk profile for an organisation, and how does this exacerbate threats in our interconnected Southeast Asian business landscape?4.       You've suggested the first major agentic AI-driven data breach could occur in 2026. What might a typical attack chain look like, targeting a poorly secured agent in a multinational based in Singapore or Hong Kong?5.       The principle of least privilege is challenging with dynamic AI agents. What are the practical steps for security leaders to implement effective permission models without stifling innovation?6.       How can frameworks like the Model Context Protocol (MCP) be leveraged to enforce a 'security-by-design' approach for AI agents, and is the industry in our region adopting them quickly enough?7.       With organisations here often using a mix of global and local AI providers, how should we approach the unique third-party and supply chain risks introduced by agentic AI ecosystems?8.       Beyond technical controls, what changes in day-to-day security operations (SecOps) are needed to monitor and respond to anomalous agent behaviour in real-time?9.       How can CISOs effectively communicate the tangible business risks—and secured value—of agentic AI to boards, CFOs, and COOs who are eager for competitive advantage?10.   Looking ahead to 2026, what one metric will indicate that an organisation in our region has successfully secured its agentic AI initiatives and is ready to scale?

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien, and Dr. K Royal connect with Val Ilchenko, Eric Sendelbach, and Ian Runyon of TrustArc to discuss the launch of the Arc. Join us as we discuss the factors that went into developing the Arc, challenges for privacy and data protection professionals, and how AI is baked in to give professionals the tools they need at their fingertips. Please subscribe in your favorite podcast app - sharing is caring!  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Your next security teammate might not be a traditional hire — it could be a Digital Security Teammate (DST),” says Secure.com CEO Uzair Gadit. In this sponsored episode, Uzair explains the concept of a DST and how it differs from an AI SOC. He highlights the operational and business benefits of deploying DST, including improved... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Brett Conlon, CISO, American Century Investments. Joining them are Ryan Barras, CISO, Mount Sinai Medical Center. In this episode: Nobody understands what we do Someone else should fix this Make the audience care Speaking CEO Huge thanks to our sponsor, Dropzone AI Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

Your next security teammate might not be a traditional hire — it could be a Digital Security Teammate (DST),” says Secure.com CEO Uzair Gadit. In this sponsored episode, Uzair explains the concept of a DST and how it differs from an AI SOC. He highlights the operational and business benefits of deploying DST, including improved... Read more »

How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

In this special episode of The Virtual CISO Moment, Greg Schaffer shares five cybersecurity predictions for 2026 grounded in real-world patterns — not hype. From the tightening of SOC 2 audits and the rise of “vibe coding” risks, to a coming shakeout in the vCISO market, influencer-driven security shaming, and the growing dangers of contractor misclassification, this episode explores the second-order consequences many organizations are already overlooking.If you're a business leader, CISO, or vCISO, this episode will challenge assumptions and help you see where governance failures quietly become security failures.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of the Software People Stories, my guest Ben Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch. Ben shares his fascinating journey from building a web hosting business as a teenager to his current role as CTO and CISO at ProArch. Ben discusses the evolution of his career, his involvement in various projects, and the ever-changing landscape of security, especially with the advent of AI. He also provides valuable insights into how enterprises should approach security, the complexities of data localization, and the importance of a continuous security model. The conversation also delves into career advice for aspiring IT and security professionals.00:00 Introduction and Guest Welcome00:42 Early Career and Web Hosting Business02:49 Transition to Software Development03:51 Joining Advisor Group and Pro05:06 Challenges of Running a Business as a Teenager07:55 Learning and Growth in a Larger Company09:14 Becoming a CISO and Security Focus12:21 Evolving Security Landscape and AI15:01 Data Security and Insider Risk Management20:51 Zero Trust Environments and Legacy Systems23:58 Sleepless Nights and Security Concerns25:50 Balancing Innovation and Security26:11 Finding Joy in Leadership26:54 Navigating the CTO and CISO Roles28:55 Keeping Up with Technology Trends31:27 Hyper-Personalization and Security Risks36:02 The Role of Open Source in Security41:03 Career Advice for Aspiring Security Professionals45:35 The Impact of AI on Security Jobs49:11 Conclusion and Contact InformationThe timestamps are approximate, and after the intro that is about 90 seconds.For more closer timestamps, add 90 seconds to the labels aboveBen Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch, where he leads the company's cloud, security, and AI enablement strategy. With more than 20 years of experience spanning software engineering, cybersecurity, and enterprise architecture, Ben helps organizations modernize their technology foundations while navigating the evolving threat landscape.Ben's career began in hands-on development and infrastructure work, giving him a deep technical grounding that informs his leadership today. He has built and led high-performing engineering teams, guided complex cloud migrations, and designed modern security programs that balance innovation with risk management. At ProArch, he works closely with clients to architect AI-ready, scalable systems that drive business transformation.Connect with Ben: https://www.linkedin.com/in/ben-wilcox

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China's Great Firewall. Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors. The research can be found here: Inside the Great Firewall Part 1: The Dump Inside the Great Firewall Part 2: Technical Infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China's Great Firewall. Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors. The research can be found here: Inside the Great Firewall Part 1: The Dump Inside the Great Firewall Part 2: Technical Infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

S1E6: Beyond the 'Department of No': How CISOs are Shaping Healthcare's Future Steven Hajny is joined by Drex DeFord, President of 229 Cyber & Risk at This Week Health and host of “UnHack (the Podcast)” and “Two-Minute Drill.” Together, they discuss the evolving role of the Chief Information Security Officer (CISO) in the healthcare landscape. The conversation highlights how the CISO position has transitioned from an isolated "department of no" to a strategic, executive role that bridges security, technology, and business innovation. Drex offers real-world insights into the growing responsibilities of CISOs, the balance between innovation and protection, and the challenges posed by generative AI and trust issues in an increasingly complex digital world. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

AI agents are moving from experimental tools to everyday enterprise workflows. Reporting live from AWS re:Invent 2025 in Las Vegas for Irish Tech News, I attended a press-only briefing titled Security and the Rise of AI Agents, where senior AWS leaders Amy Herzog, Chief Information Security Officer, Hart Rossman, Vice President in the Office of the CISO, Gea Rinehouse, Vice President of Security Services and Neha Rungta, Director of Applied Science outlined how the company intends to manage this transition. AWS is pushing ahead with autonomous agents, but only within a security model built on long-standing principles: identity, governance, compliance and clear oversight. What is an AI Agent? An AI agent is a software system that uses artificial intelligence to carry out tasks autonomously in pursuit of a specific goal. Unlike chatbots that only respond to prompts, an agent can reason, plan and take action across different steps of a workflow. It can use tools such as web services or APIs, monitor its progress and adjust its approach as conditions change. Over time, it can improve its performance based on the data and experience it gathers. This distinction matters, because the rise of agents raises new questions about accountability, access, oversight and safety. Security First AWS chief executive Matt Garman shaped much of the week's discussion. Speaking about the reality facing engineering teams, he noted: "Every customer wants their products to be secure, but you have trade-offs. Where do you spend your time? Do you improve the security of existing features, or do you ship new ones?" The briefing returned to this point several times. AWS's position is that strong design-stage security reduces the tension between improvement and innovation. Agents are seen as an opportunity to reinforce security, not dilute it. AWS Security Agent One of the major announcements at re:Invent was the preview of AWS Security Agent. The tool brings several security checks forward in the development process. It reviews designs, analyses code, gathers richer signals for incident response and performs penetration testing that reflects real system behaviour rather than generic patterns. AWS Security Agent is one of the new Frontier Agents introduced at re:Invent, a family of autonomous tools designed to handle multi-step tasks across development, security and operations. Neha Rungta described the significance of this shift. She called the Security Agent "one of these frontier AI agents, a sophisticated class of AI agents that are autonomous and scalable and can work for long periods without human intervention. Security doesn't have to be an afterthought." She added that AWS is expanding its proof-based assurance tools so teams can understand correctness without being specialists in system logic. The broader point is that verification needs to be continuous, not episodic. Guardrails for Autonomy The panel stressed that agents must operate within strict boundaries. Updated policy controls in Amazon Bedrock AgentCore allow organisations to specify what an agent can do, which systems it can reach and how its actions are logged and reviewed. Hart Rossman remarked that each major technology shift has increased the demands placed on security teams. With agents running for extended periods and across more systems, the real pressure points now are scale and speed. Guardrails are essential. The Sandbox Approach A theme repeated throughout the session was the use of sandbox environments. AWS encouraged organisations to test new agents in isolation before considering production use. This allows teams to observe long-running behaviour, confirm access paths, check escalation rules and understand how an agent reacts under different conditions. The sandbox was presented as a practical way to build confidence gradually rather than relying on assumptions. Inside the Press Briefing Questions focused on monitoring autonomy, preventing agents from widening their scope...

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

In this powerful episode of Life of a CISO, Dr. Eric Cole shifts the focus from strategy, roadmaps, and organizational security, and puts the spotlight directly on YOU. Instead of asking what you want or why you want it, Dr. Cole explains that the real key to becoming a world-class CISO is asking: Who do you need to become? Dr. Cole breaks down the three types of CISOs, the difference between tactical and true strategic leadership, and what it really means to operate as a corporate officer. From proximity and communication to compensation models, risk tolerance, leadership habits, and even physical health, this episode lays out a blueprint for designing the ultimate version of yourself, the version capable of sitting with executives, influencing business outcomes, and driving organizational success. If you're ready to elevate from technical expert to business leader, this episode will give you the mindset, targets, and tools to build your future.  

How cyber criminals are weaponising AI to defeat your threat detection and responseBeyond encryption – how ransomware has evolved to include data exfiltration, publication threats and supply chain compromiseHow geopolitical tensions are increasing nation-sponsored cyber-campaigns - proxy attacks, IT worker scams and supply chain risksThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Ed Tucker, Director - Cyber Security Practice, Telefornica Techhttps://www.linkedin.com/in/tuckeredward/Neil King, IT Security Professional, Canonhttps://www.linkedin.com/in/neilking/Christine Bejerasco, CISO, WithSecure Intelligencehttps://www.linkedin.com/in/christinebejerasco/

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-425

Send us a textJoin us for a rip-roaring week in privacy on this episode of Serious Privacy, where co-hosts Paul Breitbarth and Dr. K Royal (Ralph O'Brien is off this week) cover quality, not quantity - although there is no shortage of current events.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

AI agents are moving fast, and security teams are scrambling to keep up.Join us as Heather Ceylan, SVP & Chief Information Security Officer at Box, who has spent the last several years leading security teams through rapid change from the explosive growth years at Zoom to her current work shaping Box's AI posture.Heather shares what it actually feels like to run security at a time when agents can be created in minutes, permissions matter more than ever, and governance committees are struggling to keep pace. She explains why treating agents as identities fundamentally changes the model, how MCP servers introduce new exposure points, and why her team is embedding AI directly into SOC work, design reviews, and vulnerability remediation.It's a grounded look at how a CISO makes sense of AI while everything around the role continues to shift.In this episode, you'll learn:Why agents need their own identities and permissions rather than inheriting access from the people who create themHow SOC teams can shift from constant alert triage to real threat hunting with the help of AI agentsHow AI can speed up vulnerability remediation by creating pull requests that engineers only need to review and mergeThings to listen for: (00:00) Meet Heather Ceylan(00:58) Career path from healthcare to Zoom to Box(03:58) Risks of AI agents accessing unstructured content(05:18) Why agent identity and permissions are the new priority(06:50) The challenge of discovering and governing ephemeral agents(08:16) How sandboxes and policies support safe experimentation(09:20) AI governance gaps and the need for dedicated ownership(13:10) Defining AI governance across technical and legal domains(16:17) The rise of MCP servers and new exposure points(18:05) Four AI bets transforming Box's SOC and security workflows(23:31) KPIs and measuring AI's impact on security teams(25:27) Resource trade-offs when adopting AI in security(27:58) Managing the complexity of model selection and trust(29:58) Should companies form dedicated AI security teams?

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Show Notes: https://securityweekly.com/bsw-425

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-425

Matt Knight spent five years as OpenAI's CISO. Now he runs what colleagues call “the most interesting job at the company”: leading Aardvark, an AI agent that finds security vulnerabilities the way a human researcher would—by reading code, writing tests, and proposing patches. It recently found a memory corruption bug in OpenSSH, one of the most heavily audited codebases in existence.In this conversation with a16z's Joel de la Garza, Matt traces the evolution from GPT-3 (which couldn't analyze security logs at all) to GPT-4 (which could parse Russian cybercriminal chat logs written in slang) to today's models that discover bugs humans have missed for decades. They also discussed the XZ Utils backdoor that nearly compromised half the internet and why 3.5 million unfilled security jobs might finally get some relief, and how Aardvark could give open source maintainers a fighting chance against nation-state attackers.If you enjoyed this episode, please be sure to like, subscribe, and share with your friends.Follow Matt Knight on X: https://x.com/embeddedsecFollow Joel de la Garza on LinkedIn: https://www.linkedin.com/in/3448827723723234/ Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts. Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Organizations worldwide scramble to address the critical React2Shell vulnerability.  Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist's founder pledges support for cybersecurity, veterans and pigeons. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest ⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Selected Reading Researchers track dozens of organizations affected by React2Shell compromises tied to China's MSS (The Record) Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times) Three hacking groups, two vulnerabilities and all eyes on China (The Record) Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register) UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity) Trump says Nvidia can sell more powerful AI chips to China (The Verge) ICEBlock developer sues Trump administration over App Store removal (The Verge) New FBI alert urges vigilance on virtual kidnapping schemes (SC Media) FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch) Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

As you wind down 2025, what should you be planning to do for 2026? The Heavy Strategy team breaks it down for you with eight resolutions for the new year. From setting an AI strategy to cloud optimization, Johna and John can help you enter the new year prepared for what’s next. Other resolutions include... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: AI for AI's sake Stop selling, start protecting Stop calling everything sophisticated Least privilege, rebranded Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditional chat API platform to an AI agent platform and how security had to evolve to keep up.Yash spoke about the industry's obsession with "Zero Trust," arguing instead for a practical "Multi-Layer Trust" approach that assumes controls will fail . We dive deep into the specific architecture of securing AI agents, including the concept of a "Trust OS," dealing with new incident response definitions (is a wrong AI answer an incident?), and the critical need to secure the bridge between AI agents and customer environments .This episode is packed with actionable advice for AppSec engineers feeling overwhelmed by the speed of AI. Yash shares how his team embeds security engineers into sprint teams for real-time feedback, the importance of "AI CTFs" for security awareness, and why enabling employees with enterprise-grade AI tools is better than blocking them entirely .Questions asked:Guest Socials - Yash's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:20) Who is Yash Kosaraju? (CISO at Sendbird)(03:30) Sendbird's Pivot: From Chat API to AI Agent Platform(05:00) Balancing Speed and Security in an AI Transition(06:50) Embedding Security Engineers into AI Sprint Teams(08:20) Threats in the AI Agent World (Data & Vendor Risks)(10:50) Blind Spots: "It's Microsoft, so it must be secure"(12:00) Securing AI Agents vs. AI-Embedded Applications(13:15) The Risk of Agents Making Changes in Customer Environments(14:30) Multi-Layer Trust vs. Zero Trust (Marketing vs. Reality) (17:30) Practical Multi-Layer Security: Device, Browser, Identity, MFA(18:25) What is "Trust OS"? A Foundation for Responsible AI(20:45) Balancing Agent Security vs. Endpoint Security(24:15) AI Incident Response: When an AI Gives a Wrong Answer(29:20) Security for Platform Engineers: Enabling vs. Blocking(30:45) Providing Enterprise AI Tools (Gemini, ChatGPT, Cursor) to Employees(32:45) Building a "Security as Enabler" Culture(36:15) What Questions to Ask AI Vendors (Paying with Data?)(39:20) Personal Use of Corporate AI Accounts(43:30) Using AI to Learn AI (Gemini Conversations)(45:00) The Stress on AppSec Engineers: "I Don't Know What I'm Doing"(48:20) The AI CTF: Gamifying Security Training(50:10) Fun Questions: Outdoors, Team Building, and Indian/Korean Food

⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum  | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

As you wind down 2025, what should you be planning to do for 2026? The Heavy Strategy team breaks it down for you with eight resolutions for the new year. From setting an AI strategy to cloud optimization, Johna and John can help you enter the new year prepared for what’s next. Other resolutions include... Read more »

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jason Shockey, CISO, Cenlar FSB, and Mike Lockhart, CISO, Eagleview Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will exploit. Adaptive runs realistic simulations and delivers tailored, engaging training so teams respond correctly when it counts. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com    

Rob Israel, a versatile leader whose journey spans from the Navy to healthcare leadership, joins us for a compelling discussion on Sales Lead Dog. Rob opens up about the essential principles that have bolstered his career, emphasizing the strength in empowering and supporting team members, surrounding oneself with intelligent peers, and championing employee growth. One notable story features a leader who successfully took a year off from her business, demonstrating the transformative power of trust and autonomy in leadership. Rob shares how these experiences have influenced his current path, transitioning from a Chief Information Officer to embracing the challenges of a sales role, inspired by his father's legacy and his own pursuit of new challenges. Trust and transparency form the bedrock of Rob's approach to sales leadership. Highlighting the importance of honesty, he advises against bluffing when faced with tough questions, advocating instead for a candid approach that builds lasting client relationships. Rob underscores the significance of nurturing these connections even after the sale is complete, ensuring client satisfaction and opening doors for future opportunities. For those stepping into leadership roles, Rob shares insights on leveraging networks for guidance, fostering a culture of learning, and the nuances of understanding team motivators. As we navigate through the evolving landscape of sales, Rob discusses the critical role of AI and CRM systems. While AI holds the promise of revolutionizing efficiency and decision-making, Rob stresses the importance of maintaining the human element and critical thinking in processes. He brings a balanced perspective on CRM systems, acknowledging their potential benefits when used correctly, but also pointing out common pitfalls such as inefficiencies and depersonalization. Rob concludes with optimism about integrating AI to streamline CRM tasks, ultimately enhancing communication and driving sales success. Don't miss the chance to connect with Rob Israel on LinkedIn and explore additional resources shared on our website. Rob Israel is an accomplished sales and cybersecurity leader with a unique blend of executive technology, healthcare, and strategic account expertise. With a career that includes serving as both CIO and CISO in the healthcare sector, Rob brings a deep understanding of clinical, operational, and regulatory realities that few sales leaders possess. This firsthand experience enables him to connect more meaningfully with executive stakeholders and translate complex security challenges into practical, outcome-driven strategies. As a Regional Sales Manager at DeepSeas, Rob partners with enterprise leaders to strengthen their security posture, drive measurable business outcomes, and align world-class threat intelligence and MDR capabilities with each organization's mission. He is known for his customer-first philosophy, trusted-advisor approach, and ability to guide clients through high-stakes decisions with clarity and confidence. Prior to joining DeepSeas, Rob held senior sales leadership roles at industry-leading technology organizations, consistently ranking among top performers and elevating client engagement across complex environments. His earlier tenure as a healthcare CIO and CISO continues to shape his perspective, allowing him to bridge the gap between technology, cybersecurity, and business operations. Outside of work, Rob is an avid hiker, scuba diver, and skier who enjoys exploring the outdoors with his family. He brings the same curiosity, discipline, and sense of adventure to his work helping clients anticipate risk, embrace innovation, and advance their strategic objectives. Rob is an experienced international speaker on both CyberSecurity and Information Technology, and has routinely helped organizations both streamline processes and save money on critical infrastructure programs.     Quotes:  "Empowering your team means developing them to the point where you can step away, and the business not only survives but thrives."   "In sales, honesty and transparency aren't just virtues; they're necessities for building lasting client relationships."   "AI has the potential to revolutionize sales efficiency, but we mustn't lose sight of the human element and critical thinking it cannot replace."   "To lead effectively, surround yourself with people smarter than you, and always champion their growth and success."  "Don't be afraid to admit when you don't know something. It's a sign of strength, not weakness, and it builds trust with your clients."     Links:  Rob's LinkedIn - https://www.linkedin.com/in/rob-israel-a410831/ Find this episode and all other Sales Lead Dog episodes at https://empellorcrm.com/salesleaddog/ 

Predator spyware spotted across several countries Russia blocks FaceTime Draft US cyber strategy set for January release Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO

A live panel from Hacks & Hops featuring FRSecure's CFO, Vanae Pearson, Information Security Consultant, Greg Cloon, and Director of IT at Miner's Inc., Tyree Johnson. Veterans in the field discuss consulting, translating security needs to executive teams, and advocating for the best budget practices. Like, subscribe, and share with your network to stay informed about the latest in cybersecurity! We want to hear from you! Reach out at unsecurity@frsecure.com and follow us for more:LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Security used to be a headache. Now it is a growth engine.In this episode of IT Visionaries, host Chris Brandt sits down with Taylor Hersom, Founder and CEO of Eden Data and former CISO, to break down how fast growing companies can turn cybersecurity and compliance into a true competitive advantage. Taylor explains why frameworks like SOC 2, ISO 27001, and emerging AI standards such as ISO 42001 are becoming essential for winning enterprise business. He also shares how to future proof controls, connect compliance work to real business goals, and avoid the costly pitfalls that stall companies during scale.Taylor also highlights the biggest blind spots in AI security, including model training risks, improper data handling, and the challenges created by relying on free AI tools. If you are building a SaaS product or selling into large companies, this conversation shows how trust, transparency, and strong security practices directly drive revenue. Key Moments:  00:00 — The Hidden Risks of Scattered Company Data04:11 — Why Early-Stage Teams Lose Control of Security08:22 — Compliance Becomes a Competitive Advantage12:33 — SOC 2 vs ISO 27001: What Founders Need to Know16:44 — Framework Overload and How to Navigate It20:55 — Mapping Security Controls to Business Objectives25:06 — The Gap Between Compliance Audits and Real Threats29:17 — Startup Security Blind Spots That Lead to Breaches33:28 — Rising AI Risks Leaders Aren't Preparing For37:39 — Building Customer Trust Through Transparency41:50 — Protecting AI Models and Sensitive Customer Data46:01 — Why Free AI Tools Create Hidden Data Exposure50:12 — Automating Security Controls for Scale54:23 — Continuous Compliance Beats Annual Audits58:34 — Final Takeaways on Security, Trust, and Growth -- This episode of IT Visionaries is brought to you by Meter - the company building better networks. Businesses today are frustrated with outdated providers, rigid pricing, and fragmented tools. Meter changes that with a single integrated solution that covers everything wired, wireless, and even cellular networking. They design the hardware, write the firmware, build the software, and manage it all so your team doesn't have to.That means you get fast, secure, and scalable connectivity without the complexity of juggling multiple providers. Thanks to meter for sponsoring. Go to meter.com/itv to book a demo.---IT Visionaries is made by the team at Mission.org. Learn more about our media studio and network of podcasts at mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of The New CISO, host Steve Moore speaks with Iain Paterson, Chief Information Security Officer at Well Health Technologies, about his unconventional path into cybersecurity and the lessons learned from building programs across industries—from banking and healthcare to breach response and beyond.From skipping college to take an eight-month technical boot camp to leading enterprise security programs, Iain shares how curiosity, hands-on experience, and communication skills shaped his journey. He opens up about the realities of hiring in cybersecurity, why foundational IT work still matters, and how soft skills like empathy and composure are essential for effective leadership. Iain also reflects on leading through high-stress incidents, including the Ashley Madison breach, and explains why staying calm, communicating clearly, and maintaining emotional intelligence define the “new CISO.”Key Topics Covered:A nontraditional start: skipping college for certifications and hands-on learningWhy technical foundations—servers, networks, and support—still matterThe problem with “boilerplate” resumes and lack of real-world experienceWhy soft skills are a security superpower: communication, patience, and empathyTransitioning from technician to business enabler in cybersecurityHow early help desk experience builds composure and problem-solving abilityLessons from running vulnerability management in large-scale bankingLearning resilience and resourcefulness as a one-person security team in healthcareBehind the scenes of the Ashley Madison breach: stress, responsibility, and empathyWhy composure, calm communication, and credibility matter in crisis responseThe leadership evolution from technical expert to executive decision-makerBuilding peer networks and finding mentorship to combat isolation as a CISOIain's story highlights how real experience, emotional intelligence, and community support transform good technologists into exceptional leaders. His insights remind us that cybersecurity isn't just about defense—it's about communication, composure, and connection.

#SecurityConfidential #DarkRhiinoSecurityHusam Shbib is a cybersecurity consultant specializing in penetration testing, digital forensics, malware analysis, programming, and OSINT. He's the founder of Memory Forensic and the author of Captain Cyber and the Safe Surfing Adventure. Husam is also a global speaker featured at events like BlackHat MEA, ASFSFM, and 3D Forensics, known for his hands-on expertise in uncovering digital evidence and analyzing complex cyber incidents.00:00 Intro02:20 What's new in Cybersecurity?04:05 Companies in the news04:56 How does your data get leaked?17:10 Do you have to list all your processes?22:37 Technology is changing29:00 The Life span of a CISO31:50 The CISO, the CEO, and the CIO34:40 Penetration testing36:40 The Digital Forensics procedure44:00 More about Husam----------------------------------------------------------------------To learn more about Husam visit https://husamshbib.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​----------------------------------------------------------------------

Record-breaking DDoS attack React bug puts servers at risk RansomHouse attack Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit https://securityweekly.com/k365 to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company's Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-424

In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguards—including AI firewalls. He also discusses what smaller organizations can do to manage AI risk, how tools like code-generation models change expectations for developers, and the evolving regulatory landscape shaping how companies must deploy AI responsibly. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Anand Oswal, Executive Vice President at Palo Alto Networks, joins Johna Johnson and John Burke for a wide-ranging exploration of two emerging focal points of enterprise risk: cryptographically relevant quantum computing, and browser-mediated agentic AI. The looming arrival of quantum computers that can break legacy encryption has already created the threat of “harvest now, decrypt... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is John Barrow, CISO, JB Poindexter & Co. In this episode: Building unicorns, not hunting them Cold War frameworks for modern threats Trading dollars for stories Mirror, mirror on the wall Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

In this episode, Dr. Wayne Pernell sits down with Bill Dunnion, CISO at Mitel, to explore the winding path that took him from engineering to operations to leading global cybersecurity efforts. Bill shares candid insights on leadership, decision-making, project success, and navigating pressure in a world where cyber threats never take a day off. You'll hear stories about early career pivots, how to build credibility with executives, why delegation is a superpower, and the best advice Bill ever received from his dad — wisdom that applies to leadership, career moves, and even card games. Key Themes & Topics ● Bill's surprising route from engineering to a global leadership role ● What people misunderstand about cybersecurity ● Translating technical data into business outcomes ● Why only 17% of projects succeed — and what to do about it ● Managing priorities when everything feels urgent ● Small-team leadership vs. big-organization leadership ● The hidden role of communication in security ● How Mitel supports enterprise communication around the globe ● The mindset behind good delegation ● Decision-making that leaves doors open, not shut

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference. In this episode: -You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.” -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.   Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-435