Podcasts about ciso

VDI (Virtual Desktop Infrastructure) and Desktop as a Service (DaaS) have been arriving “real soon now” for the past couple of decades. Will the advent of vendors' AI spyware (as Google is introducing through Chrome) be the accelerant that finally makes it happen? John and Johna discuss why the challenges in this brave new AI-enabled... Read more »

All links and images can be found on CISO Series This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Dmitriy Sokolovskiy, senior vice president, information security, Semrush. This episode was recorded in front of a live audience at the offices of Aqueduct Technologies in Canton, MA. See photos from the event. In this episode: A clock on everything The oversight loop Not a better tool, a different one It's not the alerts A huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.   A huge thanks to our sponsor, Dropzone AI Dropzone AI delivers a team of AI agents that investigate alerts, hunt threats, and respond to attacks across your full security stack. No playbooks required. No hidden humans in the critical path. Your analysts stay in control, directing strategy while AI agents handle the investigation workload at machine speed. Learn more at dropzone.ai.

Anthropic, the company that built Claude, just accidentally published the full source code of their most important product. And it was their second data exposure in five days. What does this teach every organization buying AI tools right now? Kip Boyle shares the best takeaways from CRO's AI governance training and explains why the risk of AI isn't the AI itself. Your host is Kip Boyle, CISO with Cyber Risk Opportunities.   Subscribe to Inflection Point -- https://cr-map.com/inflectionpoint/ SecureWorld AI Security PLUS course -- https://www.secureworld.io/events "Gears Don't Guess: The Executive's Practical Guide to Thriving in the Face of AI Hype and Risk" (forthcoming book, Fall 2026) AIR-MAP AI Risk Assessment -- https://air-map.io

PODCAST EPISODE | An Analog Brain In A Digital Age — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli Bronwyn Boyle can talk about software vulnerabilities for hours. Talking about her own — the burnout she didn't recognize until someone named it — turned out to be harder, and more important. We sat down at InfoSecurity Europe to talk about the human cost of guarding the machine, and whether our analog brains were ever built for this.

Send us Fan MailA vulnerability backlog can look like a crisis, but sometimes the real crisis is that you're staring at the wrong picture. We're joined by Dave Sims, most recently Staff VP at Elevance Health and a longtime technology leader, to talk through vulnerability risk management in plain terms and why “more findings” doesn't automatically mean “more security.” We get specific about the difference between vulnerability management and patch management, and how confusion between the two creates low-trust handoffs, endless ticket churn, and slow remediation.We also dig into the messy reality of asset inventory. CMDB data goes stale, cloud resources appear and disappear, and scanners can produce a better “what's out there” view without telling you why it matters. Dave explains how metadata tagging and business context turn raw vulnerability data into risk-based prioritization: knowing who owns a system, what it does, why the business depends on it, and which weaknesses truly expose critical services. Along the way, he shares a story of cutting through years of miscommunication with a single no-blame conversation that unlocked progress fast.If you're a CISO, security leader, architect, or practitioner trying to make VRM work at enterprise scale, this is a practical framework: outside-in black box assessment, inside-out discipline, and a people-first approach that values training, process, and continuous improvement over shiny tools. Subscribe, share this with a teammate who owns patching or VRM, and leave a review if it helps. What's the biggest thing keeping your vulnerability program from being truly risk-based?

This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our episode sponsor, Doppel Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your inbox, and manipulate your team. Stop playing whack-a-mole with fragmented tools. Doppel unifies Digital Risk Protection, Human Risk Management, and Email Security into one unified platform. One attack chain. Three pillars of defense. Zero blind spots. Secure your enterprise relentlessly at doppel.com.

Attackers reached full data exfiltration in just 72 minutes—four times faster than the year before. Learn the three critical AI workflow guardrails every CISO needs to scale securely without expanding blast radius. ITRADE Innovations City: Fort Lauderdale Address: 501 E Las Olas Blvd Website: https://www.itradeinnovations.com/

A great CISO doesn't just manage security - they align security with business success. In the modern enterprise, the role of a Chief Information Security Officer (CISO) has transcended purely technical oversight to become a critical business leadership function. In this masterclass, InfosecTrain breaks down the essential executive toolkit required to manage complex risk, satisfy regulatory demands, and lead cross-functional teams while maintaining a resilient security posture.The "course titled" CISO Certification Training is designed for professionals preparing to sit in the C-suite, teaching you how to bridge the communication gap between technical teams and board-level stakeholders. We explore the high-stakes world of executive decision-making, covering how to prioritize security investments, quantify cyber risk in financial terms, and build a program that enables business growth rather than restricting it.

Send us Fan MailWelcome to the Serious Privacy podcast, where Ralph O'Brien and Dr. K Royal, while Paul Breitbarth is out, meet with Ryan Boos of TrustArc. What's on the mic? Simplification of privacy programs. Ryan comes to this with the experience to back up his knowledge - he has fought in the data trenches and flown through the danger zone! Okay... he has major chops. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

In Episode 106 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Holger Hügel, Chief Technology Officer of SecurityBridge and a global authority on SAP cybersecurity with over 26 years of experience — to address a governance blind spot that exists inside the security perimeters of even the most mature enterprise organizations: the SAP environment.Opening with the August 2024 ransomware attack on Stoli Group USA — where attackers went straight for the company's SAP enterprise resource planning (ERP) system, disrupting financial operations and contributing directly to a bankruptcy filing within three months — Dr. Chatterjee frames the episode's central challenge: organizations can have zero trust architecture, network segmentation, and identity governance fully deployed across their IT landscape, and still be critically exposed, because most CISOs have never formally claimed accountability for SAP security, and most SAP teams do not think of themselves as part of the security function.Hügel explains the structural gap at the heart of this problem. SAP systems are simultaneously the most business-critical and the least security-governed assets in most large organizations. The C-suite depends on them for financial operations, payroll, procurement, and supply chain continuity, yet SAP teams and security teams speak different languages, operate under different budgets, and rarely collaborate. SAP departments typically define "security" as managing user authorizations and privileges — a narrow interpretation that leaves configuration drift, patch backlogs, and monitoring gaps entirely unaddressed.Analyzed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) framework, the conversation translates SAP cybersecurity from a technical niche into a governance imperative. The Medtronic case study demonstrates what good looks like: a CISO who crossed the organizational divide, sponsored SAP hardening from the cybersecurity budget, built a continuous patch management process, and created the governance structure that allowed the team to respond to an out-of-band vulnerability within hours rather than weeks.The episode's central message is neither technical nor abstract: the organizations that will survive the next ERP-targeted ransomware attack are not those with the most sophisticated tools — they are the ones that have claimed ownership of the problem, built the processes to address it continuously, and created the cross-functional governance structures that SAP and cybersecurity teams cannot build on their own.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-106-the-invisible-attack-surface-zero-trust-for-sap-and-erp-environments/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

In Podcast Folge #128 sprechen Julius und Marcel dieses Mal mit Janine Rauch, Head of Corporate Security und Chief Information Security Officer bei der Schnellecke Group. Gemeinsam beleuchten die drei die zentrale Frage, wie das global agierende Unternehmen Schnellecke seine Resilienz stärkt und sich gegen Bedrohungen zukunftssicher aufstellt.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: Permission creep at machine speed The pattern we keep calling a mistake Stop authenticating the human Vibe coded out of existence A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

Anyone can build software with AI now, and millions of people are giving it a try. But when AI can spin up an app in minutes, are security risks slipping through the cracks?

Every cyber crisis has one common thread: it never happens at a “good time.” I've led teams through high-stakes attacks while on vacation, during product launches, and even mid-board meetings. In this video, I'm breaking down 7 hard-earned lessons that every cybersecurity and crisis leader needs to survive (and shine) in a real-world cyber crisis. These aren't theories - they're lived, tested, and battle-proven.You'll learn: the difference between freezing and mobilizing, why fast doesn't mean hasty (and how to know the line), how to keep communication clear under pressure, why pulling the plug can cost millions (and what to do instead), the one thing that will make or break your crisis leadership reputationIf you're a CISO, security lead, or business executive — this video is your playbook to lead when chaos hits.Looking to go from chaos and unpredictability to resilience in the world of AI? Start here with The Predictability Factor newsletter at The Monica Talks Cyber (https://www.monicatalkscyber.com).

Most people think revenue leadership begins after product-market fit. Rob Witmer joined Onyx Security before there was a finished product, before the company emerged from stealth, and before the market fully understood the problem they were solving.In this episode, Rob shares what revenue leadership looks like when you're employee number 11 and the first go-to-market hire. We unpack how he approached the first 30, 60, and 90 days, why experienced sales leaders can create leverage long before a company reaches its first million dollars in revenue, and how close alignment between product and go-to-market execution accelerated Onyx's growth.Rob explains how the team validated market demand for AI-agent security, how they handled customer objections when the category was still emerging, and why transparency became a competitive advantage when selling as an early-stage company. He also shares the characteristics he looks for when hiring early-stage sellers, why recruiting is one of the most important responsibilities in revenue leadership, and how speed and low-friction execution became core principles inside Onyx.The conversation also explores the realities of scaling a cybersecurity company in a rapidly changing market, the influence of Israeli startup culture on execution speed, and why outcomes matter more than features when communicating value to customers.The Cyber Go-To-Market Talk is the show for cybersecurity sales leaders, founders, CROs, and go-to-market operators looking to improve cyber sales performance and build more predictable revenue growth. Hosted by Andrew Monaghan, founder of Unstoppable.do, covering cyber sales leadership, revenue leadership, sales onboarding, forecasting, pipeline generation, and cybersecurity go-to-market execution.About the guest: Rob Witmer is in his 26th year in software, roughly 20 of them as an individual contributor before moving into leadership. He was Onyx Security's first go-to-market hire, joining as employee 11 while the company was still in stealth.Notable quotes:"I was the first BDR, the first sales rep, the first operations guy, I was the first product manager.""Microsoft did more for AI agents than anyone else out there.""We want to be known as the easiest company to do business with."Chapters (approx.):00:00 — Joining Onyx as employee 1103:31 — Why early CISO reactions were humbling07:07 — How Microsoft flipped the agent market16:33 — Why hire an experienced sales leader this early22:44 — The three traits to look for28:49 — Differentiating in the noisiest market35:14 — Tim Youngblood and the people process Support the showThe Cyber Go-To-Market Talk is the show for cybersecurity sales leaders, founders, CROs, and go-to-market operators looking to improve cyber sales performance and build more predictable revenue growth. Hosted by Andrew Monaghan, founder of Unstoppable.do, covering cyber sales leadership, revenue leadership, sales onboarding, forecasting, pipeline generation, and cybersecurity go-to-market execution.Follow me on LinkedIn for regular posts about growing your cybersecurity startupWant to grow your revenue faster? Check out my cybersecurity sales consulting and trainingNeed ideas about how to grow your pipeline? Sign up for my newsletter.

In S8E22, Greg Schaffer sits down with Alan Clinard, founder of Athena vCISO Services, to explore what it really means to be a trusted security advisor. Drawing from a career that spans the U.S. Army, operational risk consulting, banking, critical infrastructure, and virtual CISO services, Alan shares how understanding the business—not just the technology—is the key to effective cybersecurity leadership. The conversation dives into translating cyber risk into business language, the challenges of moving from technical expert to consultant, and why humility and relationship-building are often more important than technical knowledge when influencing organizations. Alan also discusses entrepreneurship, mentoring the next generation of security leaders, and helping clients become self-sufficient rather than dependent on outside advisors. Whether you're a security practitioner aspiring to leadership, a current vCISO, or a business executive trying to bridge the gap between security and business objectives, this episode offers practical insights on governance, risk management, consulting, and building security programs that truly support organizational success.

Send us Fan MailBobby Ford, a seasoned cybersecurity leader and CISO turned strategist, joins us for a powerhouse discussion on how AI is reshaping social engineering threats and what organizations need to do now to stay protected. From militaristic origins to startup innovation, Bobby's insights are both visionary and urgent. This episode is a must-listen for anyone serious about defending against tomorrow's cyber threats.Timestamps:00:00 - Why social engineering AI threats are now more relevant than ever02:12 - The importance of transparency about what you don't know in cybersecurity04:25 - The ‘third why' technique to test real expertise in security conversations06:40 - How a podcast episode led to a future leadership role at Doppel08:08 - Bobby's journey from military cybersecurity to startup strategy09:52 - The early days of Pentagon incident response teams and military innovation11:45 - De-gaussing hard drives in the 1980s and the evolution of data destruction13:09 - The FBI's updated wiping standards and data recovery advances14:16 - The challenge of data forensics and how little data is enough to piece together activity14:53 - How social engineering tests can be made more realistic and effective15:49 - The importance of testing controls, not just user awareness16:46 - Building resilient organizations with layered digital and human defenses18:46 - Why preventing attacks before they land is critical in AI-driven threats19:37 - External versus internal controls and the threat from outside-in protections22:23 - Social engineering as an effort to engineer humans for good or bad23:42 - How generative AI makes it impossible for users to tell real from fake24:17 - The alarming rise in convincing, AI-generated phishing emails and calls25:54 - The necessity of shifting accountability from users to technology27:19 - AI-to-AI attack scenarios and the future of autonomous cyber conflict29:34 - Mirroring military AI strategies in digital cyber warfare31:08 - The role of internet localization and firewalls in a future of AI-enabled conflict33:41 - How security controls will evolve in an AI-powered world36:49 - Why security is a business enabler, not just a gatekeeper41:29 - The history of security's “catch-up” game and embracing digital transformation44:47 - The mindset of a cyber mercenary—focusing on outcomes and results46:45 - The rapid evolution toward zero-day, AI-enabled breaches49:57 - The four pillars of AI-fueled attacks: hyper-personalization, multi-channel, speed, and volume51:13 - How a simple online search can make attack success egregiously easy52:05 - Demonstration of AI-based social engineering at scale, terrifying yet promising defenses56:41 - Bobby's closing thoughts: security as outcome-driven and resilientDoppel:  https://www.doppel.com/LinkedIn: https://www.linkedin.com/in/bobbyjford/Support the showFollow the Podcast on Social Media!Tesla Referral Code: https://ts.la/joseph675128YouTube: https://www.youtube.com/@securityunfilteredpodcastInstagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastAffiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

In this episode, former FBI cyber leader Jason Manar joins us to unpack the state of critical infrastructure security and why small and medium-sized businesses are more connected to it than they realize. From power, telecom, healthcare, finance, and supply chains, Jason explains how hidden dependencies can turn "not our problem" into a business-stopping event. With his FBI perspective and CISO experience, Jason shares what organizations should understand about risk, resilience, and protecting the systems we all quietly rely on. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-225

In this episode of the mnemonic security podcast, we're joined by Joe Sullivan - former Chief Security Officer at Uber, Facebook, and Cloudflare, federal cybercrime prosecutor, and one of the most consequential figures in the history of the CISO role. The conversation explores the security implications of AI becoming part of everyday life, from AI note-takers to wearables and humanoid robots. Joe discusses the privacy, legal, and security challenges these technologies introduce, why organisations need clear policies and stronger governance to manage them, and how the role of the CISO is expanding as AI risk moves higher up the boardroom agenda.Send us Fan Mail

Podcast: Industrial Cybersecurity InsiderEpisode: Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.Pub date: 2026-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it?In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap.Chapters:(00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

For many years, technology projects were relatively predictable. A new system was implemented, a process was automated, or an application was modernized. The challenges were technical, but the path was usually clear. Then Generative AI arrived. I still remember some of the early conversations with technology leaders. Almost every discussion had the same underlying question: "How quickly can we adopt AI?" Yet very few people were asking a more important question: "Why are we adopting AI?" Throughout my career in enterprise technology, ERP, cloud, and AI transformation, I've seen organizations succeed when they focus on solving real business problems. I've also seen companies chase trends because everyone else was doing it. Today's conversation reminded me that technology leadership is no longer about buying the latest tool. It's about balancing innovation, security, business value, and human judgment. As AI becomes part of every organization, the challenge is not whether to adopt it. The challenge is adopting it thoughtfully. Episode # 188 Today's Guest: Kevin Carlson, TechCXO Partner Kevin Carlson is a seasoned tech exec and a go-to expert on AI's real-world impact within businesses. He's been a CTO or CISO four times over, working across different industries in both North America and Europe, so he brings a genuinely practical viewpoint to how AI is changing business and the world. Website: TechCXO  What Listeners Will Learn: Why do many AI initiatives fail despite large investments How technology leaders should balance innovation and business value The difference between AI hype and AI outcomes Practical approaches for introducing AI into organizations Why starting small often leads to bigger success Common mistakes enterprises make during AI adoption How security leaders should think about AI risks Data privacy considerations when using public AI models Why governance matters more than ever How AI is changing the role of developers Why communication and product thinking are becoming critical skills The rise of AI-assisted software development Resources: TechCXO

Join us for this week's Defender Fridays as Bobby Ford, Chief Strategy and Experience Officer at Doppel, talks about open-source labs, MITRE ATT&CK, and real-world defender workflows.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.About Our GuestBobby is a globally recognized cybersecurity “geek” with almost three decades of experience, including the last 14 years as a CISO, protecting some of the world's most complex and operationally intensive enterprises. His career began in the military as a founding member of the Pentagon Computer Incident Response Team. Bobby built and led cybersecurity programs in the Aerospace and Defense industry. He was the first CISO at Exelis Inc. and was the architect of ITT's global cybersecurity audit function under DOJ oversight.Transitioning from public to private sector, Bobby served as the first CISO at Abbott Labs, was CISO for Unilever, and most recently was SVP and Chief Security Officer at Hewlett Packard Enterprise (HPE). Known for his collaborative style and empathetic leadership, Bobby fosters an inclusive culture that empowers entire security organizations to excel.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Charles Grandjean - CTO and Co-founder at Hexiagon AI

This week's Department of Know is hosted by Rich Stroffolino, with guests Robb Dunewood, host, Daily Tech News Show, and David Cross, CISO, Atlassian. Get the show notes here. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk. Get started at vanta.com/headlines. 

95% of AI projects are failing — and your ministry can't afford to be part of that statistic. Gregory Richardson, founder of Six Levers Consulting and a 35-year veteran of cybersecurity and technology leadership, brings a rare combination of deep tech expertise and unashamed Christian faith to one of the most important conversations in ministry today. This episode will challenge the way you think about AI, risk, and what it means to be a faithful steward of technology.Key TakeawaysGregory has sat in the boardrooms of companies like Blackberry and McAfee, served ministries like Global Media Outreach, and spent decades wrestling with what it looks like to be a faithful Christian in the middle of a secular tech world. In this conversation, he brings that hard-won wisdom directly to ministry leaders navigating the pressure to adopt AI responsibly. Here's what stood out most:95% of AI projects fail — and the reason may surprise you. Gregory references a study conducted in partnership with the MIT Media Lab (confirmed Q4 of the previous year) showing the vast majority of AI initiatives collapse not because of bad tools, but because of poor strategy, misaligned leadership, and a lack of governance before deployment.Christians belong in the tech space — on purpose. Gregory shares vulnerably about spending decades feeling torn between his corporate identity and his Christian calling, only to discover that his presence in secular tech environments may have been the only "on-ramp to Jesus" many of his colleagues ever encountered.AI governance isn't optional — it's stewardship. Gregory walks through why ministries and organizations must establish AI policies before they begin experimenting with tools, drawing on his background as a former CISO to explain the cybersecurity and ethical risks that come with ungoverned AI adoption.Your team is your biggest AI risk and your greatest AI asset. The conversation digs into how staff behavior, shadow AI usage, and a lack of training create real vulnerabilities — and how intentional, human-first implementation changes everything.Faith and technology aren't competing callings — they're complementary ones. Gregory's framework of "Six Levers" offers a practical lens for leaders navigating how to steward AI in a way that honors mission, protects people, and advances the Kingdom.Deep Bible literacy matters more than ever in an AI age. Gregory delivers a powerful challenge around discernment, theological grounding, and the danger of applying Scripture out of context — drawing a direct line between how we read the Bible and how we evaluate the promises AI vendors make.Community is a competitive advantage. Gregory describes "The Table," a free monthly gathering he hosts for business and ministry leaders to share what's working, what's failing, and how to move forward — together.Ready to Stop Experimenting and Start Multiplying?If your ministry is feeling the pressure to "do something with AI" but isn't sure where to start, this episode is your roadmap. Gregory's experience spans Fortune 500 companies, global ministries, and educational institutions — and his perspective will give you both the clarity and the confidence to move forward wisely. Don't miss this one. Listen to the full episode now.ResourcesSix Levers Consulting — sixleversconsulting.comGregory Richardson (Personal Site) — gregoryrichardson.aiConnect with Gregory on LinkedIn — https://www.linkedin.com/in/gregorypkrichardson/Harvard Business Review Article (with link to MIP Report) — https://hbr.org/2025/08/beware-the-ai-experimentation-trapLord of Spirits Podcast — Referenced by Gregory as a resource for Christians who want to develop deeper Bible literacy and hermeneutical understanding. https://www.ancientfaith.com/podcasts/lordofspirits/Launch AI by Five Q — Ready to move from AI experimentation to measurable ministry impact? Learn more at fiveq.com/launch

All links and images can be found on CISO Series We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo. In this episode: Tools, not religion The case for structured discipline The management problem underneath Fix the damn holes A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

What happens when an AI agent inside your company starts behaving like an insider threat? In part two, Steve Moore picks the thread back up with former FBI operative Eric O'Neill to explore how agentic AI is rewriting cybersecurity, the legal traps that follow a breach, and why the modern CISO must think like a spy hunter.Eric opens with a sobering reality: ransomware victims who decline to pay are re-attacked at staggering rates. He explains why criminals treat cybercrime as a business, invest weeks in reconnaissance—mapping SharePoint, harvesting file trees, and studying access patterns—and why a botched recovery hands them the same door twice.The conversation turns to the new insider threat hiding in plain sight: rogue AI agents. Eric shares a real case in which one executive's casual query exposed the next round of layoffs and triggered coordinated lawsuits. They unpack how agents inherit excessive access, how attackers hijack them once inside, and why organizations are now building insider-threat programs to monitor AI behavior.Eric argues AI is an accelerant on every unresolved problem—weak identity management, entitlement drift, missing asset inventories, and absent data classification. They debate whether IT and security should be unified under the CISO, why the CISO needs a direct line to the board, and the legal landmines that follow a breach, from cyber insurance to the “reasonable steps” standard.The episode closes with Eric's advice for any new CISO: put “spy hunter” on your resume. Counterintelligence, not perimeter defense, is the discipline that wins today. Tune in for part two of a story-driven conversation on why preparation, mindset, and threat hunting beat any single technology.Key Topics• Why ransomware victims who decline to pay get re-attacked• How attackers map SharePoint, file trees, and access patterns• The new insider threat: rogue and hijacked AI agents• A real case of an AI agent exposing an HR layoff list• Shadow IT and the cost of banning AI outright• Permission structures and second-level reviews for agent actions• Why AI exposes gaps in identity, asset, and data classification• Unifying IT and security under the CISO• Why the CISO needs a direct line to the board• Legal traps: cyber insurance, reasonable steps, and missed alerts• The CISO as counterintelligence officer and spy hunterGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:

On today's Technology Report, Vince Crisler, who was the chief information security officer at the White House during the George W Bush administration who is now the CISO at cyber security firm Celerium and serves as a member of the Pentagon's Defense Industrial Base Cybersecurity Information Sharing Environment, joins Defense & Aerospace Report Editor Vago Muradian to discuss how ever more powerful AI models change cybersecurity; how the government should assess the security implications of new models as President Trump prepares to sign an executive order that would give the government a month to review models before their release; how to improve cybersecurity across the defense industrial base and flaws with the CMMC approach; and his company's “DIB CyberDome.”

Send us Fan MailWelcome to the Serious Privacy podcast, where Ralph O'Brien and Dr. K Royal, while Paul Breitbarth is out, discuss some reent events, namely graduation speakers, boos, and AI. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

By now most organizations have AI strategies (among their other tech strategies). But how do you know when it's time to make a midcourse correction? Better still: How can you predict when, and what kind of corrections you might need? John and Johna discuss, and tell the story of how a university prepared for technology... Read more »

Our Data Security Policy Is Transparent in That It Doesn't Exist All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Mike Melo, CISO, TMX Group. In this episode: The weight of old controls Data you can actually see 68 vendors and counting Authority you never had to claim A huge thanks to our sponsor, Vanta Still stuck on the quarterly audit treadmill? Meet Calm-pliance. Vanta combines compliance, risk, and proof on one Agentic Trust Platform—and continuously monitors your controls, keeping you audit-ready all year round. Find your Calm-pliance here.

By now most organizations have AI strategies (among their other tech strategies). But how do you know when it's time to make a midcourse correction? Better still: How can you predict when, and what kind of corrections you might need? John and Johna discuss, and tell the story of how a university prepared for technology... Read more »

In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let's find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, who lived through that attack and came out the other side with hard-won lessons about executive decision-making under pressure. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/stephanie-warren-0746343/

Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today's business update. Our guest is Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. Microsoft hits refresh on research relations.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices we are joined by Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. If you enjoyed this conversation, you can catch the full interview here. Selected Reading As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution (SecurityWeek) Why a surge of election-related websites could spell rising cyber threats for the midterms (PBS News) Election threats are focused on campaign systems, not voting machines (CyberScoop) Critical Windows Netlogon RCE flaw now exploited in attacks (Bleeping Computer) U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) CISA Town Halls Set Final Stage for CIRCIA Debate (BankInfo Security) Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years (The Record) 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access (SecurityWeek) Indian Exam Board Admits to Cybersecurity Holes Found by Teen (Bloomberg) Zscaler intends to acquire identity mapping company Symmetry Systems. (N2K Pro Business Briefing) Microsoft says it will not pursue security researchers after zero-day backlash (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

6/1/2026 What does StoryPower have to do with Executive Leadership?EPISODE 1793RESOURCES MENTIONED IN THIS VIDEO:

Christopher Leigh is the SVP and Chief Information Officer at Eversource Energy. In this episode, he joins Dylan DeAnda, Field CTO at Doppel, and host Paul John Spaulding, to discuss the double-edge sword of AI and how organizations can best face the associated threats. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

Irish Tech News is at Dublin Tech Summit and over the 2 days Ronan will be doing various podcasts. Our sixth and last podcast is with John Wilson CISO and President of Forensics at HaystackID, and Jeff Shapiro Managing Director of Europe  at HaystackID. John and Jeff talk to Ronan about their backgrounds, what Haystack does, their Dublin Tech Summit talk and AI deep fakes.

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI, Cybersecurity & Career Growth: Why Curiosity Matters More Than CredentialsPub date: 2026-05-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization The future of cybersecurity belongs to people who can adapt - not just those with the longest list of certifications. In this episode of Protect It All, host Aaron Crow sits down with Peter Schawacker for a candid conversation about the evolving intersection of AI, cybersecurity, talent, and career growth. With nearly 30 years of experience in cybersecurity and technology leadership, Peter shares real-world insights on what organizations are getting wrong about hiring, why curiosity often matters more than credentials, and how AI is reshaping both technical work and the future of security teams. Together, Aaron and Peter unpack the changing role of CISOs, the dangers of checkbox-driven hiring, and why nontraditional talent may hold the key to solving the industry's growing skills gap. You'll learn: Why soft skills and curiosity are becoming critical cybersecurity assets How AI is transforming cybersecurity recruiting and technical roles The growing challenges around technical debt and workforce readiness Why traditional credentials don't always predict success How CISOs and leaders should think differently about talent and culture Practical career advice for cybersecurity professionals navigating rapid change Whether you're building a cyber team, hiring talent, or planning your next career move, this episode delivers honest insights into what it really takes to thrive in the AI-driven future of cybersecurity. Tune in to learn why adaptability, curiosity, and human ingenuity still matter most - only on Protect It All.. Key Moments:  04:08 The role of security in business 09:24 Managing Aramis online security 11:22 Hiring mindset for troubleshooting skills 13:55 Evaluating AI talent challenges 16:26 Discussing vulnerabilities in software 22:24 Early days of hacking and tech 25:55 Realizing the power of soft skills 28:15 Browsing eclectic book collections 32:13 Recent grads and AI opportunities 33:24 Getting into cybersecurity careers 37:22 Unexpected paths into security careers 40:41 Importance of critical thinking 44:35 Explaining tech's evolution over time About the Guest : Peter Schawacker is the Founder & CEO of Nearshore Cyber and a cybersecurity executive with more than 25 years of experience across multiple industries. A former CISO in four sectors, Peter specializes in cyber risk, AI governance, and workforce development. He is the creator of ARAMIS Insight, an AI-powered cybersecurity workforce competency platform aligned to the NIST NICE framework, and author of Governing AI at the Edge: An Operating Model for Citizen Development in the Enterprise. How to connect Peter:  LinkedIn: https://www.linkedin.com/in/schawacker  Nearshore Cyber: https://nearshorecyber.com.mx | ARAMIS Insight: https://project-aramis.com/insight  Email: peter@nearshorecyber.com.mx Phone: +1 (760) 880-4258 Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

#236: How Nevada Recovered from a Statewide Cyber Attack in 28 Days (And What Every CIO & CISO Should Do Before It Happens to Them)SummaryNevada woke up to a ransomware attack that took 60+ state agencies offline. No ransom paid. Full recovery in 28 days.State CIO Timothy Galluzi and Info-Tech's Mark Hellbusch break down the largest ransomware attack in Nevada state history - how the network came back in 48 hours, how they kept citizen trust through radical transparency, and what every state CIO, CISO, and public sector IT leader needs to know about incident response, Zero Trust Architecture, and building the partnerships that actually show up when it matters.FeaturingTimothy Galluzi, CIO State of NevadaMark Hellbusch, Director, AI Security & Privacy, Info-Tech Research GroupTimestamps(00:00) Every 39 seconds - ransomware by the numbers(01:00) The call Tim never wanted to get(05:50) 18-20 hour days and kicking people out of the office(08:00) Managing public comms with an active adversary watching(14:30) NASCIO community: peer intel sharing in a crisis(16:00) When Info-Tech showed up vs. the cold call vendors(17:30) "28 days of success" - building the after action report(24:00) Assembly Bill One: unanimous vote, statewide SOC(30:00) Trusted partner vs. vendor - the real difference(34:00) Zero Trust: 80% risk reduction and $1.5M ROIListen now: YouTube x Apple x SpotifyWhenever you're ready, there are 3 ways you can connect with TechTables:1.

Send us Fan MailIn this week's episode of a week in privacy, hosts Paul Breitbarth and Ralph O'Brien discuss some key movements in privacy, data protection, cyber law, and AI around the world. Dr. K Royal was off speaking at a Governance or Emerging Tech and Science conference in Arizona. Join Paul and Ralph to cover both the highs and lows and share concerns about trends we are seeing. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Ofir Stein is based in Tel Aviv, Israel, born and raised in Jerusalem. He spent many years in the Israeli air force, in infrastructure and security, before he moved to Tel Aviv. He's a tech guy through and through, bragging about his raspberry pi setup at home, which adjust the AC settings based on the temp outside. Outside of tech, he is married with a daughter and a dog. He's connected and close to his family, which he notes is how he refreshes and reloads as a founder, alongside playing tennis from time to time.Ofir and his cofounder started interviewing CISO's and security professionals on how they feel about access management. The found out that this was the first line of attack for bad actors, but from a business standpoint, access management is a slow to value feature. They decided to build a platform that was based on just in time access, over the slow to value setup plaguing the industry.This is the creation story of Apono.SponsorsUnblockedTECH DomainsMezmoBraingrid.aiLinkshttps://www.apono.io/https://www.linkedin.com/in/ofir-stein/Our Sponsors:* Check out Cash App and use my code CASHAPP10 for a great deal: https://click.cash.app/ui6m/mt82fpxl #CashAppPod. Cash App is a financial services platform, not a bank. Banking services provided by Cash App's bank partner(s). Prepaid debit cards issued by Sutton Bank, Member FDIC. See terms and conditions at https://cash.app/legal/us/en-us/card-agreement. Cash App Green, overdraft coverage, borrow, cash back offers and promotions provided by Cash App, a Block, Inc. brand. Visit http://cash.app/legal/podcast for full disclosures.* Check out Plaud AI and use my code CODESTORY for a great deal: https://plaud.aiAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Most enterprises have some kind of zero trust strategy, but a lot of them could be better described as good intentions rather than active programs being implemented. Making good on a zero trust strategy and achieving an actual zero trust architecture requires tools that embody the core precept of zero trust thinking: deny access by... Read more »

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is their sponsored guest Amit Megiddo, CEO and founder, Native. In this episode: The CISO you don't need Misconfigurations aren't a cloud problem Secure by design means enforcing it Finding bugs faster isn't the bottleneck A huge thanks to our sponsor, Native Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.  

https://youtu.be/sUyjA0muVgM Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning. In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance. — Turn Your IT into Your Growth Engine with Tom Kirkham Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.  Oh, it’s great to be here, Steve.  Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?  That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it's been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading. And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird. So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism. In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.Share on X And so we’ve been trying to perfect that system in the culture for the past ten years. Of course, no one's perfect, but if you pursue perfection, you can achieve excellence. And I think we've done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it's really fulfilling. It's more of a personal feeling because I've been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I'm sixty-four now. So I didn't really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.  What resonated with you with this idea of stakeholder capitalism? It just made sense. The obvious part is with employees—all of that is true. That's obvious to any good leader or manager, right? As you well know, there's a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it's something new—a new tool that we're going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.  So it's not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I'm dealing with a vendor, if it fails for us, it's not our fault—it's their fault, right? Either they oversold the product or they didn't deliver on the service component. I didn't want it to be because we failed to do the right training, or didn't communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.  Yeah. I like it. So you're looking for partnership-based relationships where it's win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can't exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I'm always looking for frameworks—something practical that helps businesses achieve results. Usually it's some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?  Well, we have a thing we call the IronTech Framework.  Okay.  And it was something that we came up with many years ago and started practicing seven or eight years ago, and it's a framework. It's like the NIST Cybersecurity Framework. I looked at NIST and there's five components to it, and it's about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it's not enough just to throw it out there and tell all your people to take it. You've got to follow up, you've got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.  If somebody accidentally fires off a ransomware attack, they need to know they're not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there's a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it's all well and good if you want to put these protections in and these particular products, but we're a best-of-breed company. Like one of our critical tools that's required for our clients to put in place, to buy it and use it every single day on every single computer, is what's known as an EDR. And it's basically an AI-based super turbo antivirus.  To even call it an antivirus is not doing it justice. So there's three legs to the IronTech Framework. We want to make sure that you're getting a return on your investment in IT, because that's why you buy it. If you treat IT as an expense, you need to kind of change the way you're thinking. You want to improve productivity and efficiency.Share on X The second leg is cybersecurity, because a bad cyberattack can put you out of business. I think the last stats I saw were something like 40 to 60% of businesses go out of business within two years of a significant cyberattack. And then finally, the third is governance. That's the three legs of our IronTech Framework. So part of governance is engaging with our clients' management and leadership—the CEO, finance, of course the CIO, the CISO or security officer, and maybe even the board sometimes. Really getting to know: what are your objectives, and how can we utilize our services to best help your company realize those objectives? Because for most companies, there's no other vendor they engage with as much as us.  We're talking to Susie every day. We're talking to Bill every day. We know that Mary's out sick and Steve's on vacation. I mean, when you're running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far. So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.Share on X “Okay, you need to replace these 30 laptops that are four years old. You're not getting an ROI on them.” “This server's five years old. Let's start thinking about replacing it.” “We have this new tool that's really excellent. We're recommending everybody get it.” And because we've developed that trust, those conversations become pretty easy. For the most part, everybody just says yes. But of course, we don't sell just to sell, especially when it comes to things like hardware. That's not really what we're here for. We're here for the day-in, day-out work: keeping things running, stopping breaches, and putting the policies and procedures in place to run your company as smoothly as possible.  Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot. And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don't have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they're going to be more motivated and more effective. So I thought it was a no-brainer.  Yes, but there's still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.  Yeah, that makes sense. So Tom, tell me, what drives growth in your business?  Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don't know if you're asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don't cold call people unless we've already contacted them in another way, if that's what you're asking.  Yeah. I'm asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you? Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don't treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don't understand the size and scale of that industry. It's a $10 to $12 trillion industry now.  Wow.  If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything's fine… If they don't already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don't understand. That email was one of 100,000 emails that got blasted out. They don't know who you are, nor do they care who you are.” They're playing a numbers game. And it's kind of like marketing. They're looking at conversion numbers. Yeah.  Let's say it's 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let's say 1% become victims. And let's say they collect an average of $10,000 per victim. Well, that's a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It's done at scale, and it's a much bigger industry than that. That's just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We're one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you've got China and other nation states not only trying to get into your client, but you're also a threat vector. You're a way to get into that client's patents and secrets.  So we've got to treat that differently. It's not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we're offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don't publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That's one of the things we do. You spent time on our website, and you didn't see a single client name on there. And that's just one of the small things we do to protect our clients' security and privacy, because privacy and security go hand in hand. Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?  I think because of all the chaos in the United States, making a decision to do anything—everybody's kind of frozen. There are a lot of hiring freezes. I know we've got a freeze on right now because we're looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That's one of the challenges, is getting people over the hump. No matter what you do, if you've got an IT company doing your stuff and you only call them when things are broken, there's a much more profitable way to do that. You're spending more money.  So there are benchmarks in industries, right? Basically, the research—and these aren't numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that's everything. I'm talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That's the way it works. So when we engage with a prospect and find out they're only spending 3 or 4%, then I already know they have gaps. I don't even have to do an assessment to see what they're not doing.  They're either not getting a return on investment, or they're not secure. That's it. If all the accounting firms are spending 6%, and you're only spending 4%, don't just pat yourself on the back. That's one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that's a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven't uncovered? And those are some of the things we try to educate our clients on. They don't have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it's $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it's hurting productivity by 10% or more? Yeah. That’s a no-brainer.  Yeah. It should be.  Yeah. It's not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn't have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.  Precisely. I mean, we're so tuned into that that we're a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We'll order it and get it there for you. We're so tuned into that, that we went all Mac back when they were still Intel Macs. And I don't know how much you know about Macs, but they were…  I have a couple. Okay. Yeah, we're Mac people too. Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don't think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren't as dramatic as going from Intel to the first M-series chip. But it's still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That's where the sweet spot is on trade-in value. We rotate them every two to three years and they're out. I think mine is maybe a year old, but I'll probably keep this one for a couple more years.  By the way, you're the first IT company and MSP I've met that doesn't use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn't need them anymore since I had the Mac.  Yeah, that's kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.  Yeah. Classic. Very classic.  Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we're a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn't break. It doesn't mind being unplugged from a docking station. It just works.” Yeah.  And then all the other things—that they're generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody's going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”  Yeah.  About half the office resisted it. And I said, “You gotta try it because I think you'll like it, and if you don't, then we'll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.” Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they're finally talking to an IT service company that's not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally? The website is the best place to go. It's www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you're thinking, because we want to know what you're thinking and see if there's a fit with the way we do things. Macs started becoming important with executives. That's where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we're perfectly happy with that.  Yeah. Okay. Very good. So if you're listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you're doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you're going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.  Oh, it’s been my pleasure, Steve. Important Links: Tom's LinkedIn Tom's website

An AI agent was given access to email. It found a threat in its environment and chose blackmail. This is not a hypothetical. I sat down with security researcher Graham Cluley, where we discussed the real case study of an AI model that, when faced with the possibility of being shut down, decided its best move was to threaten the very humans trying to govern it. In another scenario the AI was responsible for fire alarms. When there was fire and CTO was inside, the AI turned off the alarm nonetheless. This video breaks down what actually happened, why it matters for every executive responsible for AI deployment, and what it tells us about the governance frameworks most organisations still don't have.If you are a CISO, CRO, board member, or any leader responsible for AI risks or AI deployment in your enterprise, this one is for you.Looking to go from chaos and unpredictability to resilience in the world of AI? Start here with The Predictability Factor newsletter at The Monica Talks Cyber (https://www.monicatalkscyber.com).

Most enterprises have some kind of zero trust strategy, but a lot of them could be better described as good intentions rather than active programs being implemented. Making good on a zero trust strategy and achieving an actual zero trust architecture requires tools that embody the core precept of zero trust thinking: deny access by... Read more »

S3E7: Bridging the Divide: How Provider Sponsored Health Plans Navigate Financial Pressure and More Host: Frank Cutitta Guest: Jesse Fasolo, PhD, CHCIO, CDH-E To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

Cisco issues 10.0 Secure Workload admin flaw warning Spammers abuse internal Microsoftonline account Google's surge in Chrome vulnerability announcements Get the show notes here: https://cisoseries.com/cybersecurity-news-ciscos-10-0-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

How can enterprise IT folks prepare for the age of Mythos? Anthropic says its Claude Mythos model is so much better at finding software vulnerabilities that it has delayed public release. Instead Anthropic launched Project Glasswing to give IT infrastructure and software makers early access, so they can have some lead time to address vulnerabilities... Read more »

All links and images can be found on CISO Series This week's CISO Series Podcast features David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Jadee Hanson, CISO, Vanta. In this episode: The compliance receipt nobody reads Who signs off on the AI that wrote the code The agent that wouldn't stop The questionnaire that should not exist A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Most people think it takes a decade to become a cybersecurity leader. I did it in just four years and I'm breaking down exactly how. In this video, I share my 9-step framework that helped me land a CISO role in 90 days, without a laundry list of certifications or endless applications. This is a no-gatekeeping, no-fluff roadmap that works because I've lived it. In this episode you'll learn: the real skills and mindset that define cybersecurity leadership, how to position yourself as a business leader, not just a technical expert, the S.T.A.R storytelling method for impactful interviews, how to network strategically and negotiate like a pro, my 5C's negotiation framework for securing the role you deserve.Looking to go from chaos and unpredictability to resilience in the world of AI? Start here with The Predictability Factor newsletter at The Monica Talks Cyber (https://www.monicatalkscyber.com).