Podcasts about cisos

Jeff and Jim sit down with David Llorens, principal at RSM, to break down the RSM 2026 Attack Vectors Report. Drawing from real-world offensive security engagements, David explains why identity continues to be the primary attack surface, how AI chatbots are creating new vulnerabilities through prompt injection, and what separates organizations that get breached from those that don't. The conversation covers MFA gaps, the explosion of non-human identities, why PAM is the top investment priority for 2026, and how CISOs can align security spending with business objectives. Plus, the episode wraps up with soccer stories and some quality trash talk.Connect with David: https://www.linkedin.com/in/david-llorens-009a3310/Review RSM's 2026 Attack Vectors Report: https://rsmus.com/insights/services/risk-fraud-cybersecurity/rsm-attack-vector-report.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 - Intro and Jim's big personal news4:51 - Main topic intro: RSM 2026 Attack Vectors Report5:55 - David's origin story and how he got into cybersecurity9:53 - What a principal is at RSM and David's current role11:16 - What the Attack Vectors Report is and how it is created14:40 - Why identity security is a dominant theme in this year's report17:19 - What separates organizations that get breached from those that don't18:18 - MFA as the first line of defense18:45 - Privileged access management as a growing priority19:40 - Detecting lateral movement through identity anomalies21:00 - Credential rotation as an advanced defensive technique22:26 - Non-human identities and service account risks24:37 - Middle market challenges and budget constraints25:17 - Is it the size of the budget or how you spend it?28:29 - Using internal audit and cross-department collaboration for security wins30:15 - Cybersecurity as a business enabler, not a deterrent32:45 - Non-human identities and agentic AI creating new attack surfaces35:51 - Prompt injection attacks and AI chatbot vulnerabilities39:42 - Actionable recommendations for practitioners42:41 - MFA implementation gaps and session hijacking45:02 - The case for FIDO2 and layered conditional access46:35 - Is identity security a board-level issue?49:47 - Three things CISOs should focus on through 202650:52 - PAM as the top investment priority51:28 - Removing unnecessary privileges from users56:11 - Redefining what privilege means in your organization57:43 - Social media accounts as privileged access58:42 - Credentials stored in SharePoint and OneDrive59:38 - Wrap up and where to find the report59:58 - Lighter topic: David's soccer background and playing semi-pro1:05:06 - Best trash talk stories1:07:03 - Jim's trash talk philosophy: scoreboard1:08:00 - Jeff's basketball trash talk and calling his shots1:10:00 - Final thoughts and sign offKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, David Llorens, RSM, attack vectors report, offensive security, penetration testing, identity security, MFA, multifactor authentication, privileged access management, PAM, non-human identities, service accounts, agentic AI, AI security, prompt injection, lateral movement, credential rotation, FIDO2, conditional access, session hijacking, middle market, CISO, board-level security, certificate-based authentication, active directory, configuration management, shadow AI

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Send a textCameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance.Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust.In this episode, we dig into:Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secureThe three stages of compliance maturity — and how to climb themWhat "compliance debt" is and why it's quietly eating your businessHow smart CISOs use their security posture as a revenue driver, not a back-office cost centerThe "$100/month" challenge: what actually moves the needle for startupsHow AI is reshaping compliance programs — for better or worseWhy Girish spent over a year talking to customers before writing a single line of codePlus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this Secur(IT) episode, host Philip de Souza talks with George Tsantes, Partner at Newport LLC, former Accenture partner, EY principal, and co‑author of Cyber Attacks: Managing the Risk and Results. They explore how boardscan turn cybersecurity into business strategy by prioritizing vigilance over pure prevention, protecting the “crown jewels,” and using business metrics instead of vanity dashboards. The conversation also covers AI‑driven threats, third‑party and “meta‑enterprise” exposure, incident readiness, and how CISOs can “prove cybersecurity” in clear board language

In this episode of Life of a CISO, Dr. Eric Cole sits down with cloud and AI expert Matt Lea to unpack the real risks and opportunities shaping cybersecurity today. They dive into AWS outages, cloud resiliency strategies, and how organizations should think about redundancy instead of blindly trusting a single provider. The conversation explores how CISOs can balance cost versus risk when designing cloud architectures and why insider issues, burnout, and knowledge silos often pose bigger threats than external attackers. Matt shares practical insights on AWS AI tools like Bedrock and SageMaker, when to adopt them, and how AI is changing cloud operations at scale. The episode also covers startup lessons, building resilient teams, and the importance of documenting knowledge to avoid single points of failure. Plus, they discuss Cloud War Games, a hands-on approach to training teams under real outage scenarios. If you're a security leader, cloud architect, or technologist navigating AI and cloud transformation, this episode delivers actionable guidance on building resilient systems, managing risk, and preparing for the next wave of cyber challenges.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode of the CISO Tradecraft podcast, PKWARE Field CTO EJ Pappas joined host G Mark Hardy and Ross Young. The group talked about many challenges and solutions for modern data security. One critical component is the shift from platform-centric to data-centric security. The experts also discussed the barriers to data visibility that CISOs face and how discovery solutions bring clarity. No conversation could be complete without AI and its role as both a defensive framework and the threats it carries. Tune into this engaging conversation with takeaways that are practical and useful.

What does autonomous IT really look like when you move beyond the slideware and start wiring systems together in the real world? At Dynatrace Perform in Las Vegas, I sat down with Pablo Stern, EVP and GM of Technology Workflow Products at ServiceNow, to unpack exactly that. Pablo leads the teams focused on CIOs and CISOs, building the workflows and security products that sit at the heart of modern IT organizations. From service desks and command centers to risk and asset management, his remit is clear: enable AI to work for people, not the other way around. We began with ServiceNow's deepening multi-year partnership with Dynatrace. While the announcement made headlines, Pablo was quick to point out that the real story starts with customers. This collaboration is rooted in a shared goal of helping joint customers reduce outages, improve SLA adherence, and shrink mean time to resolution. The vision of autonomous IT operations is not about hype. It is about connecting observability data with deterministic workflows so that insight can evolve into coordinated, system-level action. Pablo walked me through the maturity curve he sees emerging. First came AI-powered insight, summarizing data and surfacing signals from noise. Then came task automation, drafting knowledge articles, paging teams, triggering predefined playbooks. The next step, and the one that excites him most, is orchestrated autonomy. That means stitching together skills, agents, and workflows into systems that can drive end-to-end outcomes. It is a journey measured in years, not months, and it depends as much on digitizing process and building trust as it does on technology. We also explored root cause analysis, still one of the biggest time drains in IT. By combining Dynatrace's AI-driven observability with ServiceNow's workflow engine, enterprises can automate forensic steps, correlate events faster, and shorten the time spent on major incident bridges where teams debate ownership. Even incremental improvements in accuracy can save hours when incidents strike. Trust, of course, remains central. Pablo was candid that full self-healing systems are still some distance away. What we will see first is relief automation, controlled failovers, scripted actions suggested by machines but approved by humans. Over time, as confidence grows and processes become fully digitized, the balance will shift. Beyond the technology, a consistent theme ran through our conversation. Outcomes have not changed. Enterprises still want higher availability, faster resolution, better employee experiences. What is changing is the how. ServiceNow is reimagining its platform to deliver those outcomes at a much higher standard, not through incremental tweaks, but through rethinking workflows for an AI-first world. From design partnerships with banks building pre-flight change checks, to internal teams acting as the toughest customers, this was a grounded, practical conversation about where autonomous operations are headed and what it will take to get there. If you are a CIO, CISO, or IT leader wondering how to move from theory to execution, this episode offers a clear-eyed look behind the curtain.      

What separates organizations that pass audits from those that survive real incidents? In this episode of The Segment, host Raghu Nandakumara sits down with Phil Park, global cybersecurity and risk leader at IBM. With more than 25 years advising financial institutions across the U.S., Europe, and Asia-Pacific, Phil brings a practical perspective on how supervision is rapidly evolving from compliance checklists to real-world operational readiness. Together, Raghu and Phil unpack the industry's biggest mindset shift: regulators no longer ask “Are you protected?” — they ask “Can you operate through disruption?” They explore why prevention alone is no longer enough, why containment and recovery now define security maturity, and how CISOs are moving from siloed operators to enterprise-wide risk leaders accountable to boards and regulators alike. The conversation also dives into: Why regulators evaluate response quality rather than technical perfection   How organizations are turning tabletop exercises into realistic resilience testing   The growing pressure created by third-party and supply-chain dependencies   Why evidence and outcomes matter more than policies and frameworks   How overlapping reporting requirements are reshaping incident response playbooks   The double-edged role of AI in both defense and attack, including deepfake risks   Why security fundamentals matter even more in the AI era   This episode is a must-listen for security leaders and executives navigating a world where passing the audit is no longer the goal — proving you can withstand disruption is. Also, if you're attending FSISAC, join Illumio, IBM, and Palo Alto Networks for an exclusive dinner at Capital Grille! Save your seat here: https://lp.illumio.com/20260302-Steak-And-Security-Dinner.html?utm_medium=email&utm_source=marketo

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Flavius Plesu is the founder and CEO of OutThink, a revolutionary Human Risk Management Platform (SaaS) empowering CISOs by targeting the source of 90% of all data breaches: human behavior. In this episode, he joins host Scott Schober and Adam Keown, CISO at Eastman, to discuss social engineering, humans, and why it's so important to train them. Culture Shapes Security is a Cybercrime Magazine podcast series brought to you by OutThink. To learn more about our sponsor, visit https://outthink.io.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode of the Shift AI Podcast, Scott Roberts, CISO at UiPath, joins host Boaz Ashkenazy for a deep dive into how agentic AI is reshaping enterprise security and automation—both for customers and inside UiPath itself.Scott shares his 25-year security journey spanning Microsoft's early Security Response Center days (including the era that produced Patch Tuesday and the Security Development Lifecycle), product security work across Windows and Xbox, time at AWS, and leadership roles at Google where he helped build the Android Security Assurance and Pixel Security teams and the Android Monthly Security Update process. He also discusses his work in security standards across IPsec, HTML5 encrypted media, GSMA device security, and most recently, contributions to emerging agentic AI security standards.The conversation then explores UiPath's evolution from traditional RPA into a unified platform that combines deterministic automation with agentic workflows. Scott walks through a real-world healthcare billing example where agentic automation increased deduplication accuracy dramatically by handling complex, variable inputs that classic RPA struggled with—while still keeping humans in the loop and feeding outcomes back into the system to improve over time.Boaz and Scott go deep on what's changed for CISOs in the post-LLM world: the need for guardrails, identity and entitlements for AI agents, and the challenge of end users copying sensitive information into consumer AI tools. Scott explains UiPath's approach: enable adoption while using nudges and policy controls to redirect sensitive workflows into enterprise-safe environments rather than relying solely on blocks.The episode closes with an eye-opening look at UiPath's internal “agentic threat analyst” system—an orchestration of 60+ agents that can investigate SIEM alerts end-to-end, generate structured incident writeups, and compress hours of analyst work into roughly a minute and a half. Scott's future-looking takeaway: as AI models evolve beyond “read-only” into potentially “read-write” systems that can update their foundational knowledge, the acceleration could be truly mind-blowing.This episode is essential listening for security leaders, enterprise operators, and automation teams trying to understand how agentic systems change not just productivity, but the entire security operating model.Chapters[00:01] Scott's Security Journey: Microsoft, Google, Coinbase, UiPath[01:33] Security Standards Work: From IPsec to Agentic AI Standards[04:08] What UiPath Does: Process Orchestration, RPA, and Enterprise Automation[06:28] RPA vs Agentic Automation: A Healthcare Billing Deduplication Example[09:17] The Agentic Stack: Canvas, Guardrails, and the AI Trust Layer[10:31] How LLMs Change Security: Data Controls, Access, and Governance[12:14] Internal Adoption at UiPath: AI Tooling by Persona (Legal, Finance, Engineering)[13:13] Code Velocity and Security: Agents Generating Code, Agents Verifying It[15:53] Two AI Security Worlds: Orchestration Platforms vs End-User Chat Interfaces[17:11] Securing End Users: Enterprise LLMs, Nudges, and Browser-Based Controls[19:07] Sovereign AI and Data Boundaries: Keeping Data in the Right Region[21:00] Over-Permissioning Meets Agents: Why AI Makes Old Problems Obvious Fast[22:21] The Next Wave: AI Transforming the Entire SDLC End-to-End[24:53] Security Pitfalls in Agentic SDLC: Misaligned Incentives and Permissions[26:02] UiPath's Agentic Threat Analyst: 60+ Agents, SIEM to Writeup Automation[30:07] What Changes for Humans: Faster “Time to Truth” and Higher-Leverage Work[32:09] Two-Word Future: “Mind Blowing” and Read/Write ModelsConnect with Scott RobertsLinkedIn: https://www.linkedin.com/in/scottroberts6/Connect with Boaz AshkenazyLinkedIn: https://www.linkedin.com/in/boazashkenazy/Email: info@shiftai.fm

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

OMB's new memo rescinds the Biden‑era requirements and shifts software and hardware security to an agency‑driven, risk‑based model. SBOMs and attestations move from “must” to “may.” That means CIOs and CISOs can tailor what they ask for from vendors, but they'll also carry the burden of proving those choices keep mission systems safe. We'll dig into what this change unlocks and where it could create blind spots with Jean‑Paul Bergeaux, Federal CTO at GuidePoint Security.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this video David speaks to Peter Bailey (SVP and GM of Cisco's Security business). AI agents are moving fast inside enterprises, and CISOs are hitting the brakes for one reason: the attack surface is expanding at machine speed. In this interview, we break down how agentic AI changes security, why MCP servers and agent tool access create new risks, and what a zero trust approach looks like when the “user” is a non-deterministic agent. We cover real-world problems like shadow MCP servers, agents touching sensitive systems and PII, and why traditional perimeter controls and firewalls are not enough when traffic is encrypted and actions happen too quickly downstream. You'll also hear what Cisco is doing across the AI lifecycle: AI Defense for model scanning, provenance and guardrails, plus new protections focused on agent identity, dynamic authorization, behavior monitoring, and revocation. On the networking side, we discuss how SD-WAN and secure access (SASE) can add visibility and policy control for AI usage, including prioritizing latency-sensitive AI traffic while still enforcing security. If you're a security engineer, network engineer, or CISO trying to move from AI hype to safe deployment, this video gives you a practical mental model and the controls to start building now. Big thank you to ‪@Cisco‬ for sponsoring this video and for sponsoring my trip to Cisco Live Amesterdam. // Peter Baily' SOCIALS // LinkedIn: / peterhbailey Guest Bio: https://newsroom.cisco.com/c/r/newsro... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:30 - Introduction 01:15 - CISOs Problems with AI 02:35 - Real Issues with AI Agents 04:29 - Growth of the Attack Surface 05:34 - Concern of Poisoned AI and MCP 08:09 - What is the Kill-chain 10:16 - AI with Built-in Security 11:56 - Best Practises for AI Security 14:08 - Cisco Innovations for AI 16:48 - Cisco's Red Team for own AI 18:27 - Secure AI in Public Places 20:09 - Should You get into Cyber Security 21:26 - Advice To Your Younger Self 22:29 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cisco #ciscoemea #ciscolive

Stevie Case is the CRO of Vanta, the trust management platform serving everyone from founders to Fortune 100 CISOs. A former pro-video gamer who stumbled into sales through a mentor's bet, Stevie has built one of the most unconventional paths to the C-suite in tech. In this episode, she unpacks why early revenue hires fail, what separates a true CRO from a VP of Sales, and why she believes fewer than 10% of current CROs will thrive by 2028. In today's episode, we discuss: Why early revenue hires fail What a top 1% CRO actually does The scaling mistake Stevie made by copying Twilio's playbook at Vanta Why Vanta remains 100% sales-led at every segment AI vs. humans in go-to-market References: Cursor: https://cursor.sh/ Gong: https://www.gong.io/ Salesforce: https://www.salesforce.com/ Twilio: https://www.twilio.com/ Vanta: https://www.vanta.com/ Where to find Stevie: LinkedIn: https://www.linkedin.com/in/steviecase/ Where to find Brett: LinkedIn: https://www.linkedin.com/in/brett-berson-9986094/ Twitter/X: https://twitter.com/brettberson Where to find First Round Capital: Website: https://firstround.com/ First Round Review: https://review.firstround.com/ Twitter/X: https://twitter.com/firstround YouTube: https://www.youtube.com/@FirstRoundCapital This podcast on all platforms: https://review.firstround.com/podcast Timestamps: 00:00 Why early revenue hires fail 02:23 Who to hire at $5M in revenue 04:16 Coin-operated sellers vs. long-term builders 05:57 What excellence looks like in the CRO role 07:44 Metrics, confidence, and velocity 12:04 Should CROs lead sales? 14:39 From shy seller to revenue leader 16:36 Learning to scale at Twilio 17:44 "There is no CRO playbook" 19:58 Stevie's scaling mistake at Vanta 22:16 Why Vanta stays 100% sales-led 23:16 The value of planning 24-26 months ahead 29:54 When trusting intuition was the wrong call 30:49 Do humans still have a place in the future of GTM? 33:33 Stevie's leadership non-negotiables 36:36 The myth of hiring for industry expertise 40:00 What stays centralized in a 600-person company 47:09 The hidden leverage of a customer's first 30 days 53:42 Why the CRO role will face enormous changes by 2028 58:42 What leaders must do now to stay relevant 01:02:30 Unpacking the CEO-CRO dynamic

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

As digital ecosystems expand, third-party relationships have become both business enablers and critical sources of cyber risk. In this episode, T.J. Patterson, VP and Information Security Officer at STAR Financial Bank, joins Dr. Hugh Thompson to explore how CISOs can navigate the growing complexity of third-party risk management. They discuss practical methods for identifying and prioritizing high-risk vendors, maintaining visibility beyond initial assessments, and driving accountability across the supply chain. From regulatory shifts to the limits of automation, this conversation offers actionable strategies for managing risk at scale.

Chris and Hector sit down with an anonymous CISO who pulls back the curtain on how cybersecurity actually works inside large organizations. From security theater and boardroom politics to AI risk, bug bounties, and why CISOs are often the fall guy during major incidents, the conversation gets candid fast. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

One year after the Digital Operational Resilience Act (DORA) came into force, what has actually changed?In this follow-up episode of Reimagining Cyber, Rob Aragao welcomes back Dominic Brown of Graveslight Consulting to assess the reality of DORA in practice. Last time, the regulation was looming. Now, firms across the EU — and global financial institutions operating within it — have been living with it.The conversation explores:Why DORA was designed as a systemic risk regulation — not just a compliance exerciseWhere firms struggled during year one, from immature ICT governance to gaps between policy and practiceHow regulators have responded — and why patience may be running outThe impact of Level 2 Technical Standards, including threat-led penetration testing under the TIBER-EU methodologyWhat ICT third-party risk management really means for cloud providers and subcontracting chainsWhy resilience is becoming both a supervisory priority and a competitive differentiatorWhy DORA may set a precedent for future resilience regulation worldwideThe impact on organisations with a global footprintWith enforcement expectations rising and supervisory scrutiny intensifying, year two marks the shift from preparation to proof. Boards, CISOs, and technology providers alike will need to demonstrate that operational resilience works in practice — not just on paper.If year one was about Europe adapting to DORA, year two is about the world responding to it.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

The open-source ClawBands project aims to restore human oversight to OpenClaw, a wildly popular autonomous AI assistant capable of executing shell commands, modifying files, and accessing APIs. Created by software engineer Sandro Munda, ClawBands intercepts every tool call and enforces “human-in-the-loop” approval before actions are executed, creating an auditable decision trail. The project emerges amid growing concern from security researchers and CISOs, who warn that OpenClaw's rapid adoption, deep system access, and messaging app integrations create serious attack surfaces. As agentic AI accelerates—and with OpenClaw's creator Peter Steinberger now joining OpenAI—ClawBands represents an early attempt to balance innovation with pragmatic risk management. This and more on the Tech Field Day News Rundown with ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Tom Hollingsworth and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Alastair Cooke. Time Stamps: 0:00 - Cold Open0:26 - Welcome to the Tech Field Day News Rundown 1:10 - Dell Adds Nutanix to Private Cloud Lineup, Expanding Hypervisor Choice4:34 - AI and RaaS Supercharge Cybercrime as Ransomware Groups Surge 30%8:44 - Cisco Takes Aim at VMware Lock-In with a Purpose-Built Hypervisor12:22 - Check Point Rewires Enterprise Security for the AI Arms Race16:14 - Google Locks In Solar Power to Fuel AI Data Center Growth19:27 - Ukrainian cyber forces say Russian troops paid for Starlink access—only to reveal their own locations.24:01 - Putting the Brakes on Agentic AI: Human Control Comes to OpenClaw33:00 - The Weeks Ahead 34:35 - Thanks for Watching the Tech Field Day News RundownFollow our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Tom Hollingsworth⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Alastair Cooke⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Stephen Foskett⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Follow Tech Field Day ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠on LinkedIn⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠X/Twitter⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Bluesky⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Mastodon⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Flavius Plesu is the founder and CEO of OutThink, a revolutionary Human Risk Management Platform (SaaS) empowering CISOs by targeting the source of 90% of all data breaches: human behavior. In this episode, he joins host Scott Schober to introduce Culture Shapes Security, a new Cybercrime Magazine podcast series brought to you by OutThink. To learn more about our sponsor, visit https://outthink.io.

Ron Green is the partner CISO at 5OH Consulting and former cybersecurity fellow at Mastercard. In this episode, he joins host Kris Lovejoy, Global Head of Strategy at Kyndryl, to discuss his shift from an organizational role to a strategic vantage point, what CISOs today should be aware of, and more. As the global leader in IT infrastructure services, Kyndryl advances the mission-critical technology systems the world depends on every day. Collaborating with a vast network of partners and thousands of customers worldwide, Kyndryl's team of highly skilled experts develops innovative solutions that empower enterprises to achieve their digital transformation goals. Learn more about our sponsor at https://kyndryl.com.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Cyber and AI risks are no longer confined to IT departments. They directly impact strategy, trust, reputation, and long-term business sustainability. Yet many boards and executives still struggle to translate technical risk into meaningful business insight. In this episode, we speak with Dr. Adeel Shaikh Muhammad about how business leaders can better understand, govern, and manage cyber and AI risks — without getting lost in technical complexity.  During the conversation, we explore: Why cyber risk today is fundamentally a business, trust, and reputation issue — not just a technical problem The most common misconceptions boards and executives have about cybersecurity and AI governance; How AI is expanding organizational risk exposure and reshaping how risk must be managed What non-technical leaders should look for to assess whether their organization is truly resilient; Why trust is becoming a competitive advantage — and how cyber resilience and AI governance directly influence brand value and sustainability; Practical, low-complexity steps organizations can take today to improve accountability, decision-making, and resilience From a leadership and governance perspective, what will separate successful organizations from those that struggle in the next 3–5 years. This episode is designed for board members, C-suite executives, risk managers, CISOs, compliance leaders, and anyone responsible for navigating cyber and AI risk at the strategic level. If you want to move from technical confusion to confident, business-focused risk leadership — this conversation is for you.

AI has quietly embedded itself across the enterprise but many security teams are still guarding it like a single tool, not the shared risk it's become.On this episode of Ctrl + Alt + AI, host Dimitri Sirota sits down with Aqsa Taylor, Chief Research Officer at Software Analyst Cyber Research, to break down how AI is changing the speed, scale, and structure of modern cyber threats. Drawing from direct conversations with CISOs, Aqsa explains why AI shortens attack timelines, lowers the barrier for sophisticated threats, and forces security teams to rethink response and recovery.The conversation focuses on what security leaders are missing as AI spreads across employees and third-party platforms. Aqsa outlines why securing AI requires treating it as an ongoing lifecycle tied to core security fundamentals rather than a one-time deployment.In this episode, you'll learn:Why AI-driven attacks demand faster containment, not more alertsHow overprivileged AI access quietly expands security riskWhy cleaning data before it reaches AI should be the top of mindThings to listen for: (00:00) Meet Aqsa Taylor(00:22) Why AI risk connects directly to data security(01:15) What CISOs are focused on right now(02:23) AI use is unavoidable inside organizations(03:51) Securing models and the data behind them(04:27) How AI speeds up attacks and response pressure(06:10) Data filtering, privileges, and prompt risk(07:15) LLMs, copilots, and agents create different risks(09:31) Cleaning data before it reaches AI(11:19) Why humans should stay in the loop(14:21) AI-driven phishing and malware scale faster(18:01) Testing AI SOC tools against real incidents(21:15) Governance helps but fundamentals matter more(24:31) Managing third-party AI access and visibility(26:49) Fix fundamentals before chasing AI threats

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Hackers abuse Gemini AI for all attack stages, says Google Apple patches decade-old possibly exploited iOS zero-day Acting CISA chief critiques potential DHS funding lapse Get the show notes here: https://cisoseries.com/cybersecurity-news-hackers-abuse-gemini-apple-patches-ancient-bug-cisa-criticizes-shutdown/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Mid-market organizations are transitioning from pilot projects to operationalizing generative AI and agentic workflows, according to a TechEYE article and Tech Isle survey cited by Dave Sobel. This shift centers on outcome-driven automation but exposes providers to new liability concerns, mainly due to fragmented, unreliable data and shadow AI usage—employees employing unauthorized tools outside official controls. The primary risk is that MSPs may be blamed for incidents where contract boundaries and technical controls do not cover browser-based generative AI use, making forensic evidence and documented enforcement essential for defending accountability. Supporting data from Tech Isle found that over 5,000 companies are pursuing structured approaches to AI-enabled growth, but face persistent issues in data trust, governance, and user fatigue. Additionally, European investment in sovereign cloud infrastructure is projected to triple between 2025 and 2027, driven by regulatory demands and concerns about U.S. data sovereignty. MSPs managing split architectures—sovereign providers for regulated data and hyperscalers for everything else—encounter API mismatches, operational complexity, and margin pressure. The recommendation is to standardize policy enforcement, identity management, and residency mapping while prioritizing audit-ready reporting and exception handling. AI-driven cyberattacks have increased, with reports from Level Blue and Check Point Research highlighting a surge in both attack volume and sophistication. Only 53% of CISOs feel prepared for AI threats, despite 45% expecting to be impacted within a year. Browser-based generative AI use introduces visibility gaps, raising the risk of negligence claims when service providers cannot demonstrate governance or forensic readiness. Reauthorization of the Cybersecurity Information Sharing Act (CISA) underscores that voluntary data sharing is inadequate, with CIRCA now requiring mandatory 72-hour incident reporting for critical infrastructure. The key takeaways for MSPs and IT leaders are to proactively define AI coverage and governance in contracts, enforce acceptable use policies, and instrument monitoring to close visibility gaps. Providers who can deliver forensic-grade telemetry, managed compliance programs, and operational readiness for incident reporting will be better positioned to defend against penalties, retain higher-value accounts, and offer meaningful differentiation. These structural challenges—fragmented control planes, increased compliance costs, and permanent risk friction—necessitate a strategic shift toward governance-led service models.Three things to know today00:00 Midmarket Shifts to Agentic AI as Europe Triples Sovereign Cloud Spending by 202706:08 Most Security Chiefs Say They're Not Ready for AI-Powered Cyberattacks Coming This Year09:46 CISA 2015 Reauthorized Through 2026; CIRCIA Mandates Expose Voluntary Sharing Failure This is the Business of Tech.   Supported by:  TimeZest  IT Service Provider University

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Crazy gang abuses employee monitoring tool Nevada unveils new data classification Georgia healthcare breach impacts more than 620,000 Get the show notes here: https://cisoseries.com/cybersecurity-news-google-gets-eu-wiz-approval-microsoft-secures-secure-boot-certificates-north-korean-hackers-target-crypto-exec/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “Are we quantum safe?” With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

EU grants Google approval for Wiz Microsoft rolls out Secure Boot certificates before expiration North Korean hackers target crypto exec Get the show notes here: https://cisoseries.com/cybersecurity-news-google-gets-eu-wiz-approval-microsoft-secures-secure-boot-certificates-north-korean-hackers-target-crypto-exec/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Show Notes: https://securityweekly.com/bsw-434

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

UNC3886 targets Singapore telecom sector VoidLink exhibits multi-cloud capabilities and AI code 135,000+ OpenClaw instances exposed to internet Get the show notes here: https://cisoseries.com/cybersecurity-news-february-10-2026/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Poya sits down with Vineet Edupuganti, Co-Founder & CEO of Cogent Security to talk about fighting AI-powered hackers with defensive AI agents, what Abnormal got right, and how to win over CISOs in one of the toughest markets in tech.Vineet Edupuganti is the CEO and Co-Founder of Cogent Security. With a background in machine learning and product management, Vineet brings a product-first mindset to solving complex security challenges for modern enterprises. Prior to founding Cogent, Vineet was a GM at Abnormal Security, where he joined as an early employee and helped build it into a category-leading company. 

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

A world renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole – founder and CEO of Secure Anchor – helps organizations curtail the risk of cyber threats. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. In this episode, Dr. Cole and host Scott Schober discuss what CISOs should plan for in the next six months. To learn more about our sponsor, visit https://drericcole.org

OpenClaw turns to VirusTotal to boost security CISA gives federal agencies one year to remove end-of-life devices Payments platform BridgePay confirms ransomware attack  Get the show notes here: https://cisoseries.com/cybersecurity-news-openclaw-embraces-virustotal-cisa-eol-deadline-ransomware-hits-bridgepay/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Nick Ryan, former CISO, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at  ztw.com. All links and the video of this episode can be found on CISO Series.com