Podcasts about cisos

In this episode of the Identity at the Center podcast, hosts Jeff and Jim broadcast from InfoSec World 2025, sharing lively discussions on identity management, AI security, and identity's evolving role in information security. They are joined by Ross Young and G Mark Hardy, co-hosts of the CISO Tradecraft podcast, who share their journeys into cybersecurity, illuminating how identity intersects with cybersecurity topics like deep fakes, AI implications, and non-human identities. The conversation also covers practical advice for securing budget approvals for identity projects and speculations on the role of AI in cybersecurity's future. The episode wraps up with each guest sharing personal ideas for potential new podcast ventures.The CISO Tradecraft podcast: CISOTradecraft.comConnect with Ross: https://www.linkedin.com/in/mrrossyoung/Connect with G Mark: https://www.linkedin.com/in/gmarkhardy/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Welcome00:16 Live from InfoSec World 202500:52 Shoutouts and Day Jobs01:37 Meeting Ross and G Mark from the CISO Tradecraft podcast02:22 Ross's Journey into Cybersecurity04:24 G Mark's Cybersecurity Career Path07:44 Top Concerns for CISOs Today09:53 The Role of Identity in Cybersecurity16:18 Challenges and Trends in Identity Management24:33 Pitching Identity Projects to CISOs32:21 The Role of AI in Automating SOC Operations33:23 AI's Impact on Developer Efficiency35:48 The Future of AI-Assisted Coding37:42 Challenges and Opportunities in AI and Cybersecurity39:46 The Importance of Human Expertise in AI Development48:17 The Role of Identity in Information Security49:44 Introduction to CISO Tradecraft Podcast55:24 Podcasting Tips and Personal Interests01:00:48 Conclusion and Final ThoughtsKeywords:Identity at the Center, IDAC, CISO Tradecraft, InfoSec World 2025, cybersecurity leadership, identity security, IAM, AI security, Jeff Steadman, Jim McDonald, Ross Young, G. Mark Hardy, InfoSec, CISOs, cyber career development, non-human identity, deepfakes, security automation

In this episode of the Cyber Uncut podcast, David Hollingworth catches up with Proofpoint's chief strategy officer, Ryan Kalember, and vice president of systems engineering for the APJ region, Adrian Covich, while attending the Proofpoint Protect Tour in Melbourne. The three talk about the high-level trends and concerns they're seeing from CISOs both in Australia and abroad and the very real challenges of dealing with a fast-paced and ever-evolving threat landscape. Enjoy the episode, The Cyber Uncut team

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode, we dive into Microsoft's Zero Trust Assessment - an open-source, automated tool that scans hundreds of Entra ID and Intune settings against NIST, CISA, CIS, and Microsoft's own internal baselines. Discover how it aligns with the Secure Future Initiative, delivers actionable remediation, and turns Zero Trust from theory into measurable reality. Perfect for CISOs, SecOps teams, and anyone tired of spreadsheet audits. Key Takeaways: The Pain of Manual Zero Trust Audits What the Zero Trust Assessment Actually Does Why automate your security assessments What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.Read transcript

In 2025, Asia's digital economy surges beyond $330 billion in Southeast Asia alone, yet escalating cyber threats loom large for business, finance, and security leaders. SMS fraud is projected to intensify, with over 50% of telecom providers anticipating growth, fuelled by AI-enhanced smishing and artificially inflated traffic costing billions globally. Key concerns include ransomware, supply chain disruptions, and mobile payment scams eroding profitability and customer trust in finance, retail, e-commerce, and logistics. Opportunities lie in proactive, no-code tools for real-time detection, AI-driven prevention, and cross-sector collaborations, fostering operational agility and regulatory compliance amid a cybersecurity market reaching $74.22 billion.Igor Mostovoy, Product Director of CPaaS, 8x81.       Who/What is 8x8?2.       What are the latest projections for SMS fraud costs in Asia by 2026, including the impact of sophisticated threats like AIT on customer acquisition and operational margins?3.       Beyond direct financial losses, what quantifiable effects do major SMS fraud incidents have on brand reputation and customer churn rates in key Asian markets?4.       How might artificially inflated traffic and AI-powered scams like smishing affect e-commerce profitability and supply chain operations in logistics?5.       Are our current fraud defences reactive, requiring developer intervention and causing delays, or can business teams detect and act in real time?6.       What strategies can finance, and operations leaders employ to maintain customer trust amid rising threats, whilst ensuring secure communication channels during Southeast Asian expansion?7.       How can we better integrate fraud management across operations, finance, and security teams to dismantle internal silos and enhance organisational agility?8.       What capabilities are essential for proactively blocking fraudulent SMS traffic before it impacts customers or systems, including the use of no-code tools for non-technical teams?9.       What role will regulatory changes and cross-industry collaborations play in combating digital fraud and strengthening security in retail and finance sectors?10.   How would real-time visibility into SMS traffic patterns, powered by behavioural analysis, improve data-driven decisions on marketing spend and channel reliability?11.   What is the total cost of ownership of fragmented fraud tools compared to integrated platforms, and how can robust defences be leveraged as a competitive trust advantage?12.   (team sport) Into 2026, what is your advice for CISOs, CFOs and marketeers on the topic Proactive Fraud Defence?

In 2026, governments across Asia grapple with escalating cybersecurity challenges amid rapid digital transformation and geopolitical tensions. AI-powered threats, including sophisticated phishing and deepfakes, pose significant risks, with IDC forecasting that 76.5% of Asia/Pacific enterprises lack confidence in detecting such attacks. Ransomware continues to evolve, targeting critical infrastructure, while supply chain vulnerabilities expose sensitive data—Gartner predicts 45% of global organisations will face software supply chain attacks by 2025, a trend persisting into 2026. Cloud adoption amplifies hybrid environment breaches, compounded by espionage-driven incursions, as Verizon reports 25% of APAC cyberattacks motivated by spying, with public administration the most targeted sector. Regulatory mandates demand robust compliance, straining resources in an era of legacy systems and talent shortages.In this PodChats for FutureCISO, Aaron Bugal, Field CISO, APJ, Sophos, walks us through some of the coming cybersecurity issues government CISOs as well as those in the private sector, will find important in 2026.1.       How can government CISOs effectively measure and improve their cybersecurity resilience, moving beyond compliance-based checklists to ensure the continuous delivery of essential citizen services during an attack?2.       What strategies, have proven, most effective for securing legacy systems that remain critical to national operations, given they cannot be immediately replaced?3.       With Gartner highlighting that by 2026, 50% of C-level executives will have performance requirements tied to cybersecurity risk, how can government CISOs best align their security metrics with national-level outcomes? 4.       How can CISOs proactively defend against state-aligned (sponsored) actors who are increasingly targeting digital public services and critical infrastructure for espionage and disruption?5.       Name one CISO strategy for managing third-party and supply chain risk, particularly as organisations, both private and public, rely on an ecosystem of partners to deliver complex, cloud-native government services?6.       Given IDC's prediction that by 2026, 70% of organisations will consider environmental sustainability in their cloud purchase decisions, how can CISOs balance security, sovereignty, and sustainability in their technology procurements?7.       How are government CISOs addressing the critical cybersecurity skills gap, and what new models for talent acquisition and retention must be developed to compete with the private sector? a.       How to avoid burnout?8.       To what extent have CISOs integrated security into the entire application lifecycle (DevSecOps) for their national digital identity and other citizen-facing platforms?9.       Name a governance and technical framework for the safe and ethical adoption of AI, both to enhance a government's cyber defences and to mitigate its potential malicious use by threat actors?10.   How are government CISOs collaborating with regional counterparts and international bodies to share threat intelligence and establish coordinated response protocols for cross-border cyber incidents?11.   What is that one final advice for government CISOs as their update their cybersecurity strategies for 2026?

By 2026, the paradigm of network defence is set to undergo its most profound shift. For CISOs and Heads of Networking, the escalating velocity of AI-powered threats is rendering human-scale response obsolete. According to Cybersecurity Ventures, these attacks are projected to cost the world $60 billion annually by 2025, creating pervasive and costly risk. In this landscape, a self-defending network is no longer a futuristic concept but a strategic imperative. It represents the evolution from human-led, reactive security to an AI-native architecture capable of autonomous threat detection, isolation, and remediation, ensuring business resilience.In this PodChats for FutureCISO, we are joined by Nick Harders, APJ Systems Engineering Director, HPE Networking, to talk to us about why enterprises must reframe their security strategy around a self-defending network in 2026.1.       What is your definition of self-healing, AI-driven networks?2.       How can we effectively measure the ROI of self-healing, AI-driven networks beyond traditional uptime metrics, perhaps in terms of risk reduction or operational expenditure savings?3.       As we deploy agentic AI for autonomous network operations, what new governance and audit frameworks are required to ensure its decisions remain aligned with business objectives and compliance mandates?4.       In a region with diverse data sovereignty laws, how can we design our autonomous network architecture to ensure data for AIOps and security analytics is processed and stored compliantly across different Asian jurisdictions?5.       With AI-powered threats capable of social engineering and polymorphic code, how do we ensure our AI-native defences can adapt quickly enough without generating excessive false positives that disrupt business?6.       To what extent can we trust predictive insights from our network AI, and what processes are needed for human teams to validate and act upon these proactive recommendations?7.       Given the increased reliance on AI, how do we protect AI's own infrastructure—the data pipelines, models, and control loops—from becoming a primary target for sophisticated threat actors?8.       With the attack surface expanding to include every connected user and device, how does a converged NetSec strategy fundamentally change our approach to implementing and enforcing a zero-trust architecture?9.       As networking and security teams converge, how do we bridge the cultural and skills gap to create unified "NetSec" engineers, and what does their new career path look like?10.   What is the realistic division of responsibility between human teams and AI agents in a security incident response loop, and where should the final 'kill chain' authority lie?11.   What strategic, human-centric skills should we be prioritising in the recruitment and training of our next-generation NetSec professionals?12.   What are your expectations in 2026 and advise for CISOs and CIOs?

In this episode of the Cyber Uncut podcast, David Hollingworth catches up with Proofpoint's chief strategy officer, Ryan Kalember, and vice president of systems engineering for the APJ region, Adrian Covich, while attending the Proofpoint Protect Tour in Melbourne. The three talk about the high-level trends and concerns they're seeing from CISOs both in Australia and abroad and the very real challenges of dealing with a fast-paced and ever-evolving threat landscape. Enjoy the episode, The Cyber Uncut team

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this captivating episode of CISO Tradecraft, hosted by G. Mark Hardy, we delve into the incredible life journey of Jeri Ellsworth—a renowned inventor and tech entrepreneur. From her early fascination with electronics in rural Oregon to her innovative ventures in Silicon Valley, Jeri shares her unique experiences and hard-earned wisdom. Discover the highs and lows of her career, including her time at Valve Software, navigating significant security breaches, and her foray into the world of crowdfunding and startups. This episode is packed with invaluable lessons for CISOs, cybersecurity professionals, and aspiring entrepreneurs alike. Tune in now and get inspired by Jeri's story of resilience, innovation, and leadership. Jerri Ellsworth - https://www.linkedin.com/in/jeriellsworth/

Ask Me Anything: vCISO Strategy, IR, and Cyber Leadership | DailyCyber 279 ~ Watch Now ~In this AMA edition of DailyCyber, we go deep on what's actually happening in cybersecurity leadership today.From emotional regulation in the SOC to unapproved AI tools in the workplace, this episode unpacks the real conversations CISOs and vCISOs are having behind closed doors.

In this urgent and eye-opening episode of Life of a CISO, Dr. Eric Cole dives into one of the most consequential moments in U.S. cybersecurity history: the expiration of the Information Sharing Act of 2015, which quietly lapsed the same day the government shut down. Dr. Cole explains how this coincidence has effectively cut off the flow of critical cyber threat intelligence between the U.S. government and private sector, leaving organizations blind to emerging attacks and operating at a major disadvantage. He breaks down the data-driven realities every CISO must communicate to their executive teams: The collapse of formal information sharing protections and the resulting liability risks for companies. The severe reduction of federal cybersecurity capacity, with 65% of CISA furloughed. The surge in cyberattacks from foreign adversaries exploiting U.S. vulnerability. Practical strategies for regaining the upper hand—reducing attack surfaces, deploying AI-based threat detection, and reassessing over-reliance on cloud providers following suspicious AWS and Microsoft outages. Dr. Cole urges CISOs to lead with data, not emotion, and to act decisively in this new era of "cyber wartime." Whether you're an executive or a security professional, this episode delivers the critical insights and strategic playbook you need to safeguard your organization when the nation's early warning system has gone dark.  

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-420

Former FBI operative and cybersecurity strategist Eric O'Neill returns to Reimagining Cyber to discuss his new book Spies, Lies, and Cybercrime. Eric introduces his D.I.C.E.D. model—a spy-inspired framework for understanding how deception and espionage fuel today's cyberattacks. He and host Rob Aragao dive into how AI is transforming impersonation scams, what the coming quantum era means for encryption and digital trust, and how CISOs can prepare for the evolving threat landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more! Show Notes: https://securityweekly.com/bsw-420

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-420

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more! Show Notes: https://securityweekly.com/bsw-420

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode, Dr. Dave Chatterjee sits down with Pam Lindemoen, Chief Security Officer and Vice President of Strategy at the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), to explore the CISO's evolving role in global nonprofit organizations. Moving beyond traditional corporate metrics of cost and compliance, Lindemoen reveals how cybersecurity leadership in the nonprofit sector is ultimately about preserving trust, protecting donor data, and sustaining mission-driven operations. Drawing on three decades of experience across healthcare, finance, and retail, Lindemoen shares how RH-ISAC has become a collaborative force multiplier, enabling member companies to detect, respond, and adapt collectively to cyber threats. Through the Commitment–Preparedness–Discipline (CPD) framework, Dr. Chatterjee and Lindemoen illustrate how leadership, empathy, and shared intelligence drive resilience across the nonprofit ecosystem.Time Stamps• 00:49 — Dave introduces the topic and Pam Lindemoen's professional journey.• 02:49 — Career reflections: from IT foundations to cybersecurity leadership.• 04:23 — Inside RH-ISAC: a trusted model for cross-industry collaboration.• 07:06 — Navigating dual responsibilities—defending RH-ISAC and empowering members.• 09:09 — Governance, trust, and relationship management in a global community.• 12:27 — RH-ISAC's differentiation and member-driven value.• 14:00 — Leadership through listening and connection.• 20:50 — Advice for CISOs exploring nonprofit leadership paths.• 24:26 — Real-world example: supply chain attack mitigation through shared intelligence.• 27:55 — Final reflections on collective trust, collaboration, and resilience.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-94-guardians-of-trust-the-cisos-strategic-role-in-global-non-profits/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

“Cyber resilience isn't just about protection, it's about preparation.”Every business in this day and age lives in the cloud. Our operations, data, and collaboration tools are powered by servers located invisibly around the world. But here's the question we often overlook: what happens when the cloud falters?In this episode of Tech Transformed, Trisha Pillay sits down with Jan Ursi, Vice President of Global Channels at Keepit, to uncover the real meaning of cyber resilience in a cloud-first world. Are you putting all your trust in hyperscale cloud providers? Think again. Trisha and Jan explore why relying solely on giants like Microsoft or Amazon can put your data at risk and how independent infrastructure gives organisations control, faster recovery, and true digital sovereignty.Takeaways:The importance of cyber resilience in a cloud-first worldHow independent cloud infrastructure protects your SaaS applicationsCommon shared responsibility misconceptions that can cost organisations dataStrategies for quick recovery from ransomware and cyberattacksWhy digital sovereignty ensures control and complianceChapters:00:00 – Introduction to Cyber Resilience and Cloud Strategy05:00 – The Importance of Independent Infrastructure10:00 – Shared Responsibility and Misconceptions15:00 – Digital Sovereignty and Compliance20:00 – Practical Tips for CISOs and CIOs22:00 – ConclusionAbout Jan Ursi:Jan Ursi leads Keepit's global partnerships, helping organisations embrace the AI-powered cyber resilience era. Keepit is the world's only independent cloud dedicated to SaaS data protection, security, and recovery. Jan has previously built and scaled businesses at Rubrik, UiPath, Nutanix, Infoblox, and Juniper, shaping the future of enterprise cloud, hyper-automation, and data protection.Follow EM360Tech for more insights:Website: www.em360tech.comX: @EM360TechLinkedIn: EM360TechYouTube: EM360Tech

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Podcast: Industrial Cybersecurity InsiderEpisode: Dispelling IT/OT Convergence Challenges and MythsPub date: 2025-10-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino tackle IT/OT convergence, operational technology security, and manufacturing cybersecurity challenges head-on. They challenge the notion of OT being a "shadow IT group" and explore the fundamental differences between IT and OT operations in industrial environments. The discussion emphasizes that OT focuses on safety and physical outcomes, while IT prioritizes data security. They stress the importance of collaboration between IT and OT teams, highlighting how system integrators, OEMs, and plant operators must work together to improve cybersecurity posture. The conversation covers practical issues like Overall Equipment Effectiveness (OEE), incident response, and the need for proper funding and governance. Both advocate for CISOs and CIOs to actively engage with OT teams and system integrators, visit manufacturing facilities, and understand the unique challenges of industrial control systems to achieve true convergence and protect manufacturing plants and critical infrastructure.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident. The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security. Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments. Key topics covered: ✅ Understanding the dynamics of modern supply chain attacks ⚠️✅ Why detection and dwell time remain a major industry challenge✅ The growing importance of vendor risk and software transparency✅ Lessons learned for CISOs and IT leaders✅ Practical measures to improve visibility and response✅ Why collaboration and information sharing are key to resilience

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust? Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm's destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success. In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world ‘hit zero' or came close to it: Failure is ‘the gift', The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-419

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust? Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm's destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success. In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world 'hit zero' or came close to it: Failure is 'the gift', The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more! Show Notes: https://securityweekly.com/bsw-419

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust? Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm's destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success. In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world 'hit zero' or came close to it: Failure is 'the gift', The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-419

Amit Zavery, President, Chief Product Officer, and Chief Operating Officer at ServiceNow, sits down to talk with Bob Evans in this special episode of Cloud Wars Live. They dive deep into how ServiceNow's AI Experience is transforming enterprise workflows through automation, governance, and personalization. Zavery outlines a bold vision for delivering real ROI and trusted AI at scale.Reimagining Workflow with AI Experience The Big Themes:ServiceNow's AI Experience Is About Unified, Actionable Intelligence: Amit Zavery describes ServiceNow's AI Experience as more than a conversational interface, it's an orchestrated, end-to-end workflow platform that integrates voice, text, image recognition, agents, and enterprise systems. It's designed to eliminate the “spare part world” of fragmented tools and disconnected apps. By delivering one multimodal, multilingual interface, ServiceNow enables users to not just find information, but actually complete tasks and workflows.AI Governance and Control Are Built In, Not Bolted On: The AI Control Tower is ServiceNow's answer to one of the biggest enterprise challenges: AI governance. With this feature, companies can discover, monitor, and manage all AI usage, not only from ServiceNow but across third-party systems, too. CIOs and CISOs gain the ability to track who is using what AI systems, what agents are doing, and what data is being accessed.Industry-Specific Use Cases Drive Real-World AI Value: Enterprise AI Zavery says must be contextual, curated, and tightly integrated with business processes. ServiceNow is collaborating with customers like AstraZeneca (pharma), BT (telecom), and Rossmann (retail) to deploy agentic AI that delivers real value in vertical-specific environments. These aren't generic AI chatbots; they're intelligent agents embedded in workflows that help store managers order inventory, researchers manage supply chains, and employees navigate complex rules.The Big Quote: “I call it the spare part world we are in right now, and it's a very difficult thing for a lot of the leaders to really keep up with it. One to know, what are you using? How are you using it? What is the ROI on it? What are the costs associated with that?” Visit Cloud Wars for more.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today's CISO must be a radical collaboratorCarl's story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

In this episode of Life of a CISO, Dr. Eric Cole breaks down what truly separates good CISOs from world-class ones — the ability to align cybersecurity strategy with the core business mission. He explains that understanding what business your organization is really in is the foundation of effective security leadership. Using real-world examples, Dr. Cole highlights how CISOs must adapt their security priorities based on organizational goals, whether it's stabilizing growth, driving acquisitions, or enhancing customer experience. He challenges the outdated view that security and business efficiency are at odds, emphasizing instead that cybersecurity should be a business enabler — efficient, cost-effective, and even profitable. Dr. Cole also explores critical areas like asset visibility, reducing attack surfaces through simplification, and aligning budgets to the CIA triad (confidentiality, integrity, availability). The episode wraps up with actionable insights on executive communication, including how to present cyber risk in business language using a simple, four-column “magic slide”: what could happen, likelihood of occurrence, cost if it happens, and cost to fix it. Dr. Cole's message is clear — world-class CISOs think like executives first, technologists second.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials -⁠ ⁠⁠⁠⁠⁠Ariful's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429

All links and images can be found on CISO Series. Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components.  And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" by Evgeniy Kharam we referenced in this episode. In this episode: Beyond the technical playbook Influencing without authority Partnering, not just selling The deliberate work of connection Thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. https://www.hackerone.com/report/future-of-ai?utm_medium=Paid-Newsletter&utm_source=cisoseries&utm_campaign=Parent-FY25-AIAwarenessCampaign-GL

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spreadsheets and let the power of AI streamline your compliance and risk program. In the leadership and communications segment,Is the CISO chair becoming a revolving door?, When Integrity Collides with Bureaucracy: The Price of Leadership in Cybersecurity — and Why Walking Away Can Be the Bravest Act!, Improve Communication With Others By Talking Less — Not More, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-417

Today we're bringing back one of our favorite guests — Akili Akridge. He's a former Baltimore cop who transitioned to building and leading mobile offense and defense teams for federal agencies and Fortune 100s. These days he's a straight-talking expert on all things mobile security. We're digging into mobile threats, why they keep CISOs up... Read more »