Podcasts about cisos

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

S1E6: Beyond the 'Department of No': How CISOs are Shaping Healthcare's Future Steven Hajny is joined by Drex DeFord, President of 229 Cyber & Risk at This Week Health and host of “UnHack (the Podcast)” and “Two-Minute Drill.” Together, they discuss the evolving role of the Chief Information Security Officer (CISO) in the healthcare landscape. The conversation highlights how the CISO position has transitioned from an isolated "department of no" to a strategic, executive role that bridges security, technology, and business innovation. Drex offers real-world insights into the growing responsibilities of CISOs, the balance between innovation and protection, and the challenges posed by generative AI and trust issues in an increasingly complex digital world. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Why do smart people still click when every instinct tells them they should pause first? That question sits at the heart of this conversation with Denny LeCompte, CEO of Portnox and a rare cybersecurity leader who brings a background in cognitive psychology to identity, trust, and human error.   It is a discussion that pulls back the curtain on the habits, shortcuts, and blind spots that shape our decisions long before a breach becomes a headline.   Denny explains why people rely on benevolence cues, confirmation biases, and loss aversion, and then shows how attackers weaponize each. He explains why training alone cannot fix human fallibility and why a different design mindset is needed if we want security people can actually live with.   Through clear examples and thought-provoking analogies, he describes how teams can build environments that remove opportunities for mistakes rather than punishing people for being human.   We also explore what Zero Trust really means beyond marketing-speak. Denny cuts through the noise and frames it as a mindset shift rather than a product category. He draws on real conversations with CISOs to explain why passwordless adoption moves slowly and why the next wave of identity risk will come from AI agents operating within networks. It is a future in which the line between human and machine identity blurs, requiring access control to evolve just as quickly.   Later, Denny shares a personal story about a mentor who influenced his views, then explains Portnox's unified access control approach as organizations retire VPNs and passwords. His main point: security only works when systems reflect human nature, removing friction and helping people make safe choices. Every policy and workflow is a decision that impacts security outcomes.   What part of Denny's perspective made you reconsider your habits?   Useful Links Connect with Denny LeCompte, CEO of Portnox Learn more about Portnox Tech Talks Daily is sponsored by Denodo    

The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

In this powerful episode of Life of a CISO, Dr. Eric Cole shifts the focus from strategy, roadmaps, and organizational security, and puts the spotlight directly on YOU. Instead of asking what you want or why you want it, Dr. Cole explains that the real key to becoming a world-class CISO is asking: Who do you need to become? Dr. Cole breaks down the three types of CISOs, the difference between tactical and true strategic leadership, and what it really means to operate as a corporate officer. From proximity and communication to compensation models, risk tolerance, leadership habits, and even physical health, this episode lays out a blueprint for designing the ultimate version of yourself, the version capable of sitting with executives, influencing business outcomes, and driving organizational success. If you're ready to elevate from technical expert to business leader, this episode will give you the mindset, targets, and tools to build your future.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

As physical and digital threats collide, converged security models that unite physical and cyber protections under one strategy are becoming more essential. John Scimone, Chief Security Officer for Dell Technologies, offers guidance for CISOs looking to bridge physical and cyber security into one cohesive strategy.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore AI-driven operations, cultural barriers to experimentation, and how CISOs can adopt AI responsibly without compromising security. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: AI for AI's sake Stop selling, start protecting Stop calling everything sophisticated Least privilege, rebranded Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditional chat API platform to an AI agent platform and how security had to evolve to keep up.Yash spoke about the industry's obsession with "Zero Trust," arguing instead for a practical "Multi-Layer Trust" approach that assumes controls will fail . We dive deep into the specific architecture of securing AI agents, including the concept of a "Trust OS," dealing with new incident response definitions (is a wrong AI answer an incident?), and the critical need to secure the bridge between AI agents and customer environments .This episode is packed with actionable advice for AppSec engineers feeling overwhelmed by the speed of AI. Yash shares how his team embeds security engineers into sprint teams for real-time feedback, the importance of "AI CTFs" for security awareness, and why enabling employees with enterprise-grade AI tools is better than blocking them entirely .Questions asked:Guest Socials - Yash's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:20) Who is Yash Kosaraju? (CISO at Sendbird)(03:30) Sendbird's Pivot: From Chat API to AI Agent Platform(05:00) Balancing Speed and Security in an AI Transition(06:50) Embedding Security Engineers into AI Sprint Teams(08:20) Threats in the AI Agent World (Data & Vendor Risks)(10:50) Blind Spots: "It's Microsoft, so it must be secure"(12:00) Securing AI Agents vs. AI-Embedded Applications(13:15) The Risk of Agents Making Changes in Customer Environments(14:30) Multi-Layer Trust vs. Zero Trust (Marketing vs. Reality) (17:30) Practical Multi-Layer Security: Device, Browser, Identity, MFA(18:25) What is "Trust OS"? A Foundation for Responsible AI(20:45) Balancing Agent Security vs. Endpoint Security(24:15) AI Incident Response: When an AI Gives a Wrong Answer(29:20) Security for Platform Engineers: Enabling vs. Blocking(30:45) Providing Enterprise AI Tools (Gemini, ChatGPT, Cursor) to Employees(32:45) Building a "Security as Enabler" Culture(36:15) What Questions to Ask AI Vendors (Paying with Data?)(39:20) Personal Use of Corporate AI Accounts(43:30) Using AI to Learn AI (Gemini Conversations)(45:00) The Stress on AppSec Engineers: "I Don't Know What I'm Doing"(48:20) The AI CTF: Gamifying Security Training(50:10) Fun Questions: Outdoors, Team Building, and Indian/Korean Food

⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum  | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode of The Segment, host Raghu Nandakumara sits down with one of the most influential technology leaders of our time: Tony Scott, President & CEO of Intrusion and former U.S. Federal CIO under President Obama. With CIO roles at Microsoft, VMware, Disney, General Motors, Bristol Myers Squibb, and Sun Microsystems, Tony brings a rare, decades-wide perspective on how enterprise technology evolves—and where it's heading next.Tony shares his journey through some of the world's most complex organizations, offering a candid look at the forces that drive digital transformation, why organizational silos still shape most architectures, and how AI may finally help dissolve them. He breaks down how cybersecurity models must shift in an era of ubiquitous AI, legacy infrastructure, and escalating regulatory complexity—and explains why continuous monitoring and long-term institutional memory are now essential.We also dive into Tony's leadership philosophy, how he balances transformation with cyber risk, and what he's learned transitioning from CIO to CEO of a cybersecurity company tackling some of today's hardest problems. Key themes discussed:The evolution of the CIO role across decades of transformation Managing cyber risk amid AI proliferation, legacy systems, and modern architectures The importance of “useful life” frameworks for tech modernization Leadership lessons from navigating both public and private sector tech at scale A must-listen for CIOs, CISOs, tech leaders, and anyone preparing their organization for what's next in AI-driven transformation and cybersecurity.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum  | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Dive into the rapidly evolving world of AI with G Mark Hardy and Ross Young in this episode of CISO Tradecraft. Explore how AI is transforming business processes, the critical need for cybersecurity leadership in AI deployments, and the importance of setting clear goals, monitoring performance, and ensuring data quality. Learn about the different types of AI from traditional to generative and agentic AI, and understand the frameworks and risk assessments shaping the future of AI integration in organizations. Don't miss this essential conversation for cybersecurity leaders looking to stay ahead of the curve. Generative Artificial Intelligence Risk Assessment SIMM 5305-F: https://cdt.ca.gov/wp-content/uploads/2025/08/SIMM-5305-F-Generative-Artificial-Intelligence-Risk-Assessment-20250822FINAL.pdf

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider. Segment Resources: https://www.loginradius.com/ https://customeriambook.com/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-219

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Gartner debate keeps resurfacing on LinkedIn. Skeptics vs. pragmatists vs. the "it depends" crowd. Same arguments. Same camps. Same circular conversation. Everyone's missing the point. After having hundreds of direct conversations between vendors and CISOs, I've come to a controversial conclusion: The analyst relations industry exists because marketers don't want to do the hard work of actually understanding their buyers. In this episode, I'm going deep on what no one's willing to say: How buyer insight gets distorted through seven (at least) layers of interpretation before it reaches your strategy. By the time Gartner's "insight" hits your roadmap, it's a game of telephone. Vendors expect Gartner to generate pipeline. It generates awareness. That awareness doesn't convert. And the "justification" use case? I don't buy it anymore. I'll tell you what CISOs actually say. Gartner has become a shortcut to avoid the uncomfortable work of direct buyer relationships. More surprisingly, the analysts aren't doing the deep work either. You are the product, not the customer. AI is commoditizing surface-level insight. But the deep nuance, the psychology, the politics, the unspoken objections, that still requires human connection. The differentiator is becoming more human, not less. What to do instead. How to build buyer intimacy as a core competency. Why the vendors who win will be the ones who stop outsourcing the most important work in marketing. This episode isn't about whether Gartner is good or bad. It's about a harder question: How well do you actually know your buyer? If the honest answer is "not deeply enough", Gartner isn't your problem. If you're a cybersecurity founder, marketer, or GTM leader wondering who has even the smallest inkling or intuitive feeling deep down inside that your Gartner investment isn't worthwhile, this one's for you. Connect with me on LinkedIn Learn more about CyberSynapse

Thinking of building your own AI security tool? In this episode, Santiago Castiñeira, CTO of Maze, breaks down the realities of the "Build vs. Buy" debate for AI-first vulnerability management.While building a prototype script is easy, scaling it into a maintainable, audit-proof system is a massive undertaking requiring specialized skills often missing in security teams. The "RAG drug" relies too heavily on Retrieval-Augmented Generation for precise technical data like version numbers, which often fails .The conversation gets into the architecture required for a true AI-first system, moving beyond simple chatbots to complex multi-agent workflows that can reason about context and risk . We also cover the critical importance of rigorous "evals" over "vibe checks" to ensure AI reliability, the hidden costs of LLM inference at scale, and why well-crafted agents might soon be indistinguishable from super-intelligence .Guest Socials -⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Santiago's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:00) Who is Santiago Castiñeira?(02:40) What is "AI-First" Vulnerability Management? (Rules vs. Reasoning)(04:55) The "Build vs. Buy" Debate: Can I Just Use ChatGPT?(07:30) The "Bus Factor" Risk of Internal Tools(08:30) Why MCP (Model Context Protocol) Struggles at Scale(10:15) The Architecture of an AI-First Security System(13:45) The Problem with "Vibe Checks": Why You Need Proper Evals(17:20) Where to Start if You Must Build Internally(19:00) The Hidden Need for Data & Software Engineers in Security Teams(21:50) Managing Prompt Drift and Consistency(27:30) The Challenge of Changing LLM Models (Claude vs. Gemini)(30:20) Rethinking Vulnerability Management Metrics in the AI Era(33:30) Surprises in AI Agent Behavior: "Let's Get Back on Topic"(35:30) The Hidden Cost of AI: Token Usage at Scale(37:15) Multi-Agent Governance: Preventing Rogue Agents(41:15) The Future: Semi-Autonomous Security Fleets(45:30) Why RAG Fails for Precise Technical Data (The "RAG Drug")(47:30) How to Evaluate AI Vendors: Is it AI-First or AI-Sprinkled?(50:20) Common Architectural Mistakes: Vibe Evals & Cost Ignorance(56:00) Unpopular Opinion: Well-Crafted Agents vs. Super Intelligence(58:15) Final Questions: Kids, Argentine Steak, and Closing

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

There are some people in the cybersecurity industry who blaze a trail so bright, it's impossible and frankly unwise to miss them. Our guest on this episode is one of those people. We're delighted to welcome back FC, aka Freaky Clown. He's an ethical hacker with an impressive background, for example being paid to break into hospitals and rob banks, all in the interest of helping his clients improve security. He shares his wisdom on LEGO for hackers, the dangers of putting AI into everything, and his favorite advice for CISOs and the companies that employ them.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

Host Emily Wearmouth is joined by Netskope's Chief Digital and Information Officer, Mike Anderson, and Chief Information Security Officer, James Robinson, to discuss the evolving, and often conflicting, mandates of CIOs and CISOs concerning AI adoption. They dive into how to identify high-impact AI projects, the security challenge of shadow AI, and the need for new security models, like Model Context Protocol (MCP), to manage agent-to-agent communication. Additionally, learn about the internal initiatives Mike and James help to drive, such as the "Promptathon" and "AI Ambassador" program, designed to bridge the gap between innovation and security, and get their top tips for both disrupting and defending your organization in the age of generative AI.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

AI agents are rapidly moving into production, creating a fundamentally new and complex attack surface for enterprises. While the promise of "digital teammates" is immense, the security risks they introduce, from prompt injection, hijacked tool use to multi-agent collusion, are unprecedented. How can security leaders move beyond traditional frameworks to govern, protect, and respond to these powerful, autonomous systems? Join this RSAC podcast with authors of the groundbreaking book, “Securing AI Agents – Foundations, Frameworks, and Real-World Deployment." who will cut through the hype to provide a practical, actionable guide for CISOs, security architects, and AI developers. Ken Huang, CEO, DistributedApps.ai Chris Hughes, Co-Founder & President, Aquai Tatyana Sanchez, Content & Program Coordinator, RSAC Kacy Zurkus, Director, Content, RSAC

In this episode of The Digital Executive, host Brian Thomas welcomes Joshua Scott, Vice President of Security at Hydrolix and a veteran with nearly 30 years of experience turning complex security risks into clear business value. Josh shares how Hydrolix is redefining what's possible with massive-scale log data—processing everything from terabytes to petabytes and delivering insights in seconds.Josh breaks down why security leaders must speak the language of business, translating technical risk into financial and operational impact to earn executive alignment. He also unpacks the challenges of securing data at extreme velocity and scale, the growing need for automation, and why the next generation of security leaders will win by leveraging AI as an accelerator—not a replacement.Looking ahead, Josh discusses how AI-generated attacks, identity misuse, supply-chain compromises, and automated phishing will reshape security programs over the next three to five years. His message is clear: AI will empower defenders and attackers alike, and success will depend on how effectively teams adopt automation, prioritize intelligently, and stay ahead of rapidly evolving threats.A timely, insightful conversation for CISOs, security leaders, and technology executives navigating today's increasingly complex cyber landscape.If you liked what you heard today, please leave us a review - Apple or Spotify.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

On this episode of The Cybersecurity Defenders Podcast we speak with Erik Bloch, VP of Security at Illumio, about better tools to combat burnout rate and discuss the reality of AI in security.Erik Bloch has 30+ years of information and cyber security experience, both as an IC and as a leader of teams. “People first” has always been his approach. He has led entire security and IT functions at smaller companies, and been the CISOs leading big teams at larger orgs. Erik also spent time on the product side, trying to make better tooling for people like him. With a mix of security, IT and product under his belt, Erik is at a place where connections, making meaningful change and driving impact in peoples lives, mean a lot to him. The smartest person he knows once said "Problems are really opportunities in disguise"​, and that's something Erik always tries to see.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Security and privacy leaders are under pressure to sign off on AI, manage data risk, and answer regulators' questions while the rules are still taking shape and the data keeps moving. On this episode of Ctrl + Alt + AI, host Dimitri Sirota sits down with Trevor Hughes, President & CEO of the IAPP, to unpack how decades of privacy practice can anchor AI governance, why the shift from consent to data stewardship changes the game, and what it really means to “know your AI” by knowing your data. Together, they break down how CISOs, privacy leaders, and risk teams can work from a shared playbook to assess AI risk, apply practical controls to data, and get ahead of emerging regulation without stalling progress.In this episode, you'll learn:Why privacy teams already have methods that can be adapted to oversee AI systemsBoards and executives want simple, defensible stories about risk from AI useThe strongest programs integrate privacy, security, and ethics into a single strategyThings to listen for: (00:00) Meet Trevor Hughes(01:39) The IAPP's mission and global privacy community(03:45) What AI governance means for security leaders(05:56) Responsible AI and real-world risk tradeoffs(08:47) Aligning privacy, security, and AI programs(15:20) Early lessons from emerging AI regulations(18:57) Know your AI by knowing your data(22:13) Rethinking consent and data stewardship(28:05) Vendor responsibility for AI and data risk(31:26) Closing thoughts and how to find the IAPP

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Second Coming A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos. https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised Hacklore: Cleaning up Outdated Security Advice A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated. https://www.hacklore.org

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

All links and images can be found on CISO Series. Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. In this episode: Network security isn't dying—it's evolving The observability layer that can't be replaced What's old is new again The innovation gap Huge thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/  

In this episode of Life of a CISO, Dr. Eric Cole explains the top priorities every CISO must focus on as we move into 2026. He begins by highlighting the importance of personal health and why nutrition, hydration, and daily habits directly impact your ability to lead and make smart decisions in cybersecurity. After facing his own health challenges and losing friends in the industry, he shares why health must be the starting point for any world-class CISO. Dr. Cole also breaks down what it means to operate as a true chief officer. He covers why CISOs need to work in person with other executives, ask better questions, and always be prepared with the three slides that guide clear risk decisions. He also discusses the lessons learned from recent cloud outages and why understanding risk posture and critical data is essential for 2026. The episode encourages listeners to begin planning now, build their CISO roadmap, reduce noise, and strengthen their executive mindset.   Access Dr. Cole's $299 course deal here: https://ar407.infusionsoft.app/app/storeFront/showProductDetail?productId=135  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode of Great Women in Compliance, co-host Dr. Hemma Lomax welcomes Shannon Ralich, Vice President of Compliance and Chief Privacy Officer at Machinify, to discuss the evolving landscape of data privacy, cybersecurity, and responsible AI. Shannon shares her remarkable journey from a curious child taking apart electronics to a seasoned leader blending technology, law, and strategy. She offers insight into how curiosity and creativity can fuel governance excellence and explains what it means to design systems that anticipate risk and enable responsible innovation. Together, Hemma and Shannon explore: How privacy and cybersecurity intersect in today's fast-evolving AI environment The most pressing compliance challenges around data governance and global regulation Lessons from the SolarWinds and Uber cases and the growing conversation around individual accountability for CISOs and compliance leaders Practical steps for staying agile—through reliable news sources, cross-functional camaraderie, and professional networks How to translate corporate compliance skills into meaningful community impact through nonprofit leadership and animal rescue advocacy Shannon's message is a powerful reminder that the best leaders bring their full selves to the work: technical precision, ethical clarity, and human compassion. Biography: Shannon Ralich is the Vice President of Compliance and Chief Privacy Officer at Machinify, a healthcare intelligence company applying AI to improve the efficiency and integrity of healthcare payments. With more than 20 years of experience across legal, compliance, privacy, and cybersecurity roles, Shannon specializes in aligning governance frameworks with business innovation. She also serves on the Advisory Board of the Privacy Bar Section of the IAPP (International Association of Privacy Professionals). She is widely respected for her strategic, forward-thinking approach to data protection and responsible AI governance. Beyond her professional expertise, Shannon is a passionate advocate for animal welfare. She sits on the Board of Directors for the Neuse River Golden Retriever Rescue, where she leverages her operational and technological skills to strengthen fundraising, improve systems, and support global rescue missions. A lifelong learner and self-described “builder,” Shannon finds creativity and grounding through woodworking, outdoor adventures with her family, and contributing to causes that make both workplaces and communities more humane. Note: The views expressed in this podcast are our own and do not represent the views of our employers, nor should they be taken as legal advice in any circumstances. 

In this episode of the Identity at the Center podcast, hosts Jeff and Jim broadcast from InfoSec World 2025, sharing lively discussions on identity management, AI security, and identity's evolving role in information security. They are joined by Ross Young and G Mark Hardy, co-hosts of the CISO Tradecraft podcast, who share their journeys into cybersecurity, illuminating how identity intersects with cybersecurity topics like deep fakes, AI implications, and non-human identities. The conversation also covers practical advice for securing budget approvals for identity projects and speculations on the role of AI in cybersecurity's future. The episode wraps up with each guest sharing personal ideas for potential new podcast ventures.The CISO Tradecraft podcast: CISOTradecraft.comConnect with Ross: https://www.linkedin.com/in/mrrossyoung/Connect with G Mark: https://www.linkedin.com/in/gmarkhardy/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Welcome00:16 Live from InfoSec World 202500:52 Shoutouts and Day Jobs01:37 Meeting Ross and G Mark from the CISO Tradecraft podcast02:22 Ross's Journey into Cybersecurity04:24 G Mark's Cybersecurity Career Path07:44 Top Concerns for CISOs Today09:53 The Role of Identity in Cybersecurity16:18 Challenges and Trends in Identity Management24:33 Pitching Identity Projects to CISOs32:21 The Role of AI in Automating SOC Operations33:23 AI's Impact on Developer Efficiency35:48 The Future of AI-Assisted Coding37:42 Challenges and Opportunities in AI and Cybersecurity39:46 The Importance of Human Expertise in AI Development48:17 The Role of Identity in Information Security49:44 Introduction to CISO Tradecraft Podcast55:24 Podcasting Tips and Personal Interests01:00:48 Conclusion and Final ThoughtsKeywords:Identity at the Center, IDAC, CISO Tradecraft, InfoSec World 2025, cybersecurity leadership, identity security, IAM, AI security, Jeff Steadman, Jim McDonald, Ross Young, G. Mark Hardy, InfoSec, CISOs, cyber career development, non-human identity, deepfakes, security automation