Podcasts about cisos

How prepared are organizations for a world where today's encrypted communications could be quietly stored and cracked years from now? In this episode of Tech Talks Daily, I sat down with Nate Jenniges, Senior Vice President and General Manager at BlackBerry, to talk about why the conversation around quantum computing is moving from academic curiosity to operational reality.  For many leaders, quantum threats still feel distant, something for researchers and cryptographers to worry about. But as Nate explained, governments and adversaries are already capturing encrypted data today with the expectation that it can be decrypted later when quantum capabilities mature. This idea of "harvest now, decrypt later" attacks completely changes the timeline for security planning. If sensitive information needs to remain confidential for five, ten, or even twenty years, the exposure may already have started. That means the challenge is no longer theoretical. It is becoming a strategic issue that boards, CISOs, and government leaders must begin addressing right now. One of the most interesting parts of our conversation focused on something many people rarely think about. Metadata. While encryption protects the content of a message or phone call, the surrounding patterns often reveal just as much. Who spoke to whom, how often, from where, and at what time can tell a surprisingly detailed story. With modern analytics and AI tools, these patterns can expose command structures, business relationships, or crisis response activity even if the message itself remains encrypted. Nate explained why this is becoming a frontline issue in the emerging post-quantum era. As organizations integrate AI into communication platforms, new forms of metadata are emerging from model interactions, system queries, and inference activities. That means protecting communications requires a broader view than simply upgrading encryption algorithms. We also explored how governments and highly regulated sectors are preparing for this shift. BlackBerry today operates in a very different space than many people remember, focusing on identity-verified, mission-critical communications used by governments and institutions that cannot afford uncertainty. These systems are designed to operate during the moments that matter most, whether that involves cyber incident response, national security coordination, or emergency response to climate-related events. Another theme that stood out was the leadership challenge behind quantum readiness. Nate believes organizations should avoid treating quantum as a separate security initiative. Instead, it should be integrated into the technology refresh cycles that companies already manage, including hardware updates, software upgrades, and certificate renewals. The organizations that begin asking the right questions today will avoid scrambling later when regulatory expectations tighten and deadlines arrive. By the end of our conversation, one message became very clear. The first real defense in the post-quantum era may not come from stronger encryption alone. It may come from understanding and controlling the communication patterns and metadata that surround every digital interaction. As quantum computing research accelerates and governments begin setting deadlines for post-quantum security readiness, the question becomes increasingly hard to ignore. Are organizations truly prepared for the communications challenges that the next decade may bring?

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Show Notes: As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

What does it really take to lead in cybersecurity today? In this episode of Life of a CISO, Dr. Eric Cole sits down with longtime cybersecurity executive and educator Mary Kotch for a sharp, honest conversation about the future of the industry. From breaking into the field to building a career that lasts, Mary shares why continuous learning, technical depth, and real-world experience matter more than ever. Together, they unpack the growing role of AI in both cyber defense and cyber attacks, why ethical hacking may be one of the most valuable skills professionals can develop, and what aspiring CISOs need to understand about the difference between technical work and executive leadership. If you want a real look at where cybersecurity is heading and how to stay ahead of it, this is an episode worth hearing.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

AI is transforming every corner of technology—but it's also creating an entirely new frontier for cybersecurity.In just a few short years, AI security has exploded into one of the fastest-growing segments in the industry. New startups are emerging almost weekly, regulators are racing to keep up, and security leaders are grappling with a fundamental question: how do you secure systems that are learning, evolving, and increasingly making decisions on their own?Today's guest has been tracking the cybersecurity industry longer—and more closely—than almost anyone.Richard Stiennon is a renowned cybersecurity analyst, industry historian, and author of The Security Yearbook, widely regarded as the most comprehensive desk reference for the cybersecurity market. Now he's turning his attention to the next era of digital risk.His new book, Guardians of the Machine Age: Why AI Security Will Define the Future of Digital, is released this Wednesday, March 11—the same day this episode drops.In this conversation, we explore why AI security has exploded so quickly, the forces driving this new market—from regulation to real-world attacks—and why Richard believes the standalone category of “AI security” may disappear entirely within the next year as AI becomes embedded in every security product.We also dig into the rise of AI-driven SOC automation, what it means when machines begin triaging—and even responding to—threats autonomously, and the biggest misconceptions CISOs still have about securing AI systems.If you want to understand where cybersecurity is heading in the age of intelligent machines, this is a conversation you won't want to miss.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

What keeps a CISO up at night? Hint: It's probably not what you think. While the headlines scream about "genius hackers", the real battle in 2026 is being fought over resilience, identity, and the psychological warfare of AI-driven scams.In this episode of InfosecTrain Tech Talk: Real World Decoded, we sit down with seasoned risk professional Nizamuddin Khaja to peel back the curtain on the modern security leadership mindset. We move past the technical jargon to explore why cybersecurity is a "decision-making problem" rather than a "technology problem".Key Discussion Points:The Resilience Shift: Why the question is no longer "Will we be hacked?" but "How fast can we recover?"The Invisible Boundary: Managing the nightmare of vendor and supply chain risks in a borderless digital world.Human Psychology vs. Intelligence: Why even the smartest employees fall for phishing and how hackers exploit "urgency".The 24-Hour War Room: A CISO's step-by-step checklist for the first 24 hours of a major airline or bank breach.The Rise of the "Deepfake" Scam: How voice cloning and $25M impersonation frauds are changing the threat landscape.A Passwordless Future: Is the era of the "Secret Question" finally over?.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Your best employee is your biggest risk Stop guessing the next attack AI is not a feature Stop blaming the user Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Mike Armistead, a seasoned cybersecurity expert with over 40 years of experience, including more than 20 years as a vendor in the cybersecurity space. The conversation opens with a discussion about the challenges security leaders face in 2026. Mike highlights the complexity of their role, comparing it to that of a CFO managing financial risk, but notes that cybersecurity leaders often lack the comprehensive management tools that CFOs have. He emphasizes the fragmented nature of cybersecurity tools and the difficulty in stitching together disparate signals to form a coherent security posture. Mike further explains that the human element is the critical glue in cybersecurity programs. The effectiveness of security teams depends heavily on the leadership and the ability of individuals to contextualize technical signals within the business environment. This need for situational awareness is driving interest in AI technologies, particularly on the defender side, to augment human capabilities and expand the scope and depth of security operations. The chat then shifts to the role of AI in cybersecurity products. Mike observes that while AI is increasingly integrated into detection tools, the industry has largely shifted focus away from prevention. He advocates for a strategic return to prevention, where AI can play a significant role in helping security leaders develop and implement risk mitigation strategies tailored to their organizations. Mike stresses the importance of a holistic approach that goes beyond real-time detection to include employee training, access control, and disaster recovery. Addressing the challenges faced by middle-market organizations, Mike points out that these companies are often expected to meet the same cybersecurity standards as large enterprises but with far fewer resources. He advises middle-market CISOs to prioritize protecting their most critical assets—their “crown jewels”—and to have candid conversations with leadership about realistic security goals. This pragmatic approach helps ensure that limited resources are focused on the highest risks rather than attempting to cover every possible threat. Finally, Mike shares information about a community he helped start called the Security Impact Circle, which focuses on cybersecurity leadership issues such as board engagement. This community facilitates workshops that bring together CSOs and board directors to bridge the communication gap and align security priorities with business needs. Mike encourages listeners to visit securityimpactcircle.org to learn more and get involved. Five Key Points Covered Cybersecurity leaders face complex challenges similar to CFOs but lack equivalent management tools. Human expertise is essential to contextualize technical security signals within the business environment. AI is increasingly used in detection but should also be leveraged to enhance prevention strategies. Middle-market organizations must prioritize protecting their most critical assets due to limited resources. The Security Impact Circle community helps improve communication and alignment between security leaders and boards. Five Key Quotes from the Conversation “Security leaders have a tough job… it's not unlike what a CFO has to think about, right? That risk happens to be financial, and the CISOs really happens to be in cyber.” “The security teams are really bound by how good not only their leader, but the deputies, the managers, the architects, those individual contributors that really help lead it.” “I think the opportunity is to swing it back to prevention… AI can really start to help on the prevention strategy side of cybersecurity.” “Middle-market leaders are expected to do everything that the largest enterprises do, but they don't have the resources to cover all the ground.” “We bring in a director from a public company's audit committee to run workshops… it's less about what a CSO thinks they should say and more about what the director thinks they need to hear.” About Our Guest Mike Armistead brings nearly 40 years of business experience marked by a proven track record of building companies, navigating strategic acquisitions, and leading growth at every stage. As co-founder and CEO of Respond Software, acquired by Mandiant for $200 million, and co-founder of Fortify Software, acquired by HP for $285 million, Mike has played pivotal roles in multiple successful startups, including serving as SVP on the turnaround team at WhoWhere (acquired by Lycos for $133 million) and contributing to Pure Software's IPO. His post-acquisition leadership includes key roles as VP of Products & UX at Mandiant, Director at Google Cloud, and VP & GM for Fortify and ArcSight business groups at HPE, where he drove significant expansion and over $400 million in revenue impact. Alongside these successes, Mike gained valuable insights from two brief ventures, including leading InLeague through post-9/11 financial challenges and emphasizing product-market fit in another startup. Beginning his career as a Product Manager at HP in the late 1980s, Mike's multifaceted experience spans diverse industries and company sizes. Today, he remains passionate about building high-performing teams and tackling complex, noble challenges. Follow Our Guest LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Why do your friends and parents still get breach notification letters from companies they've never heard of?John Watters aka “The Cowboy” joins the show this week for a hard look at information security. In the early 2000s, he built iDefense from a bankruptcy buyout into one of the most influential threat intelligence companies in the world, pioneered responsible disclosure before the term even existed, and has watched the attack surface evolve from nation-state espionage into something that hits your credit card at a restaurant on a Tuesday.His answer to the breach question? The industry's been losing the clock. Attackers can move from target selection to exploitation in days. Defenders are still operating in weeks. And the gap isn't closing, not by a long shot. If anything, it's widening.This conversation goes from the living rooms of people who've stopped trusting cybersecurity to the boardrooms of Fortune 500 CISOs who still can't explain their third-party risk exposure in plain English. We talk time compression, threat intelligence architecture, the AI arms race that only one side seems to be taking seriously, and the uncomfortable truth about analysis paralysis in a field where the cost of inaction is terminal.John's closing advice to defenders: automate yourself out of a job before someone else does it for you.That one's worth the price of admission alone.Mentioned:This is How They Tell Me the World Ends, by Nicole PerlrothCISO Mike Melo's post on security theater

How does a CISO turn cybersecurity from a technical conversation into a business conversation that boards actually care about? In this episode of Tech Talks Daily, I sit down with Thom Langford, EMEA CTO at Rapid7 and a former CISO, to explore what he calls the second phase of cybersecurity leadership. For years, the industry worked hard to secure a seat at the boardroom table. In many organizations, that mission has largely succeeded. But as Thom explains, gaining access was only the first step. The real challenge now is communicating security in a way that drives meaningful business decisions. Thom shares why many CISOs still approach board conversations in the same way they did a decade ago, even though boardroom awareness of cybersecurity has changed dramatically. Today, many boards include members with cybersecurity knowledge or direct security experience. That means security leaders can no longer rely on technical jargon, complex frameworks, or compliance language to make their case. One of the most interesting insights from our conversation is the disconnect between how CISOs frame risk and what boards are actually focused on. While security teams often lead with risk reduction, boards tend to think in terms of revenue growth and operational costs. Thom argues that security leaders must learn to translate cybersecurity into the language of profit and loss if they want their message to resonate at the executive level. We also explore how traditional security tools such as risk frameworks, audits, and compliance standards can sometimes create distance rather than clarity in board discussions. Instead of helping executives understand security priorities, these models can obscure the real question boards are trying to answer. How secure are we, and what does that mean for the business? Another area we discuss is the growing role of tabletop exercises. Thom explains why these simulations are becoming one of the most effective ways for CISOs to demonstrate the real-world impact of security decisions. By walking executives through a realistic incident scenario, leaders can see how security, operations, legal teams, and business priorities intersect during a crisis. Looking ahead, Thom believes the most successful CISOs will increasingly need to think like business leaders rather than purely technical specialists. Communication skills, relationship building, and understanding the organization's financial priorities may prove just as important as deep technical expertise. So if cybersecurity leaders have already earned their place in the boardroom, the next question becomes much more interesting. Are they speaking the language the board actually understands, or are they still trying to solve business problems using only security vocabulary?

Podcast: Industrial Cybersecurity InsiderEpisode: The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity OutlookPub date: 2026-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationLuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers. While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed. They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises. Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments. The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP. Chapters: (00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report (00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality (00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments (00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems (00:09:00) - Third-Party and Supply Chain Security Gaps (00:12:00) - Remote Access: The Hidden Attack Vector (00:14:00) - Critical Supplier Dependencies and Decentralized OT (00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce (00:19:00) - The Shocking Truth About Incident Response Exercises (00:22:00) - Real-World Impact: When Manufacturers Get Hit (00:24:00) - Getting All Stakeholders in the Same Room (00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents (00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity? Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The CISO role isn't the finish line, it's a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger. Anthony Johnson, former Global CISO at JP Morgan and Fannie Mae, now founder and managing partner at Delve Risk, breaks down what really happens when a security leader stops buying tools and starts building companies. From the trap of unpaid advisory boards to why AI is eliminating the entry-level pipeline, Anthony delivers a no-nonsense look at career strategy, the future of fractional work, and why understanding how your company makes money is the most underrated skill in cybersecurity. If you're a security practitioner at any level, this episode will change how you think about your next move. Impactful Moments 00:00 - Introduction 01:00 - Meet Anthony Johnson 02:00 - 69% of CISOs want out 06:00 - Why Anthony left the CISO seat 09:00 - Revenue changes your security priorities 11:00 - Career paths after the CISO role 13:00 - The advisory board compensation trap 17:00 - AI's threat to the talent pipeline 22:00 - Hiring for aptitude over competency 24:00 - Soft skills win in the AI era 29:00 - Corporate loyalty is dead—now what 31:00 - Networking that actually lands roles 34:00 - Know how your company makes money 36:00 - Ron's personal reflection on freedom Links Connect with our guest, Anthony Johnson, on LinkedIn: https://www.linkedin.com/in/anthony-johnson-delverisk/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Podcast: Industrial Cybersecurity InsiderEpisode: IT SOC vs OT SOC How & Why They're DifferentPub date: 2026-02-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.Chapters:(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study(00:03:00) - Why IT SOCs Can't Manage OT Assets(00:05:00) - Line Changeovers and Operational Context(00:07:00) - First Responders and Incident Response Challenges(00:10:00) - The WannaCry Response Gap(00:12:00) - Asset Inventory and Baseline Challenges(00:15:00) - Incident Response and Phone Trees(00:17:00) - Organizational Accountability Problems(00:19:00) - Greenfield Opportunities and Standardization(00:22:00) - The IT-OT Collaboration Challenge(00:24:00) - Think Global, Act Local: Embedding IT in PlantsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

What separates an average CISO from a world-class cybersecurity leader? In this episode of Life of a CISO, Dr. Eric Cole explains why the most influential security leaders don't just manage technology—they become the trusted authority executives rely on to make critical business decisions. Dr. Cole shares how CISOs can gain influence with the board, communicate cyber risk in business terms, and guide organizations through major decisions around AI, data security, and emerging cyber threats. If you want executives to listen to cybersecurity—not ignore it—this episode shows you how.

#SecurityConfidential #DarkRhiinoSecurityTiffini Smith is a strategic legal executive and board advisor with over 20 years of experience in privacy, cybersecurity, and AI governance. A U.S. Patent Attorney with bar admissions in the U.S. and England & Wales, she helps organizations navigate everything from breach preparedness to the EU AI Act. Tiffini has led global legal teams and provided global cybersecurity legal advice, including addressing issues such as incident response readiness, vendor risk programs, AI model risk reviews, and board-level briefings, and is known for translating complex legal and cyber risk into actionable guidance for executives. She also authors a newsletter.00:00 Intro02:28 Our Guest05:48 Regulation across states and countries09:48 Cybersecurity regulation culturally14:00 Employee training and teaching them the Why 23:07 How do you mitigate against AI?25:00 CISOs don't understand how the business works29:11 Does being compliant actually reduce your exposure? 34:00 Regulations on AI in your business50:10 More about Tiffini----------------------------------------------------------------------To learn more about Tiffini visit https://www.linkedin.com/in/tiffini-smith/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Safe AI Automation for Cybersecurity: Practical Workflows Without the RiskPub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI can accelerate cybersecurity - or accidentally expose it. In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn't whether to use AI - it's how to use it responsibly. Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks. You'll learn: Where AI delivers immediate value in cybersecurity workflows How to automate without exposing proprietary or regulated data The difference between enterprise AI tools and public platforms How to align AI usage with corporate security policies Practical ways CISOs and analysts can boost productivity safely Why governance and awareness matter as much as innovation Whether you're leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier. Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

For years, information security was largely centered on protecting confidentiality. But as our world becomes more digital and increasingly dependent on always-available, trustworthy systems, integrity and availability are taking on equal importance. In this episode of Cyber at the Top, Dr. Hugh Thompson is joined by Bjørn Watne, Global CISO of INTERPOL, to explore how this shift is changing the way security leaders think about risk. Together, they discuss why disruption is becoming a defining threat, how emerging technologies are reshaping security priorities, and what it means to balance all three pillars of information security. The conversation offers a thoughtful look at how CISOs can reframe security as a driver of resilience, reliability, and organizational trust.

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of “machine mistakes.” This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-437

The MSP market is undergoing a critical shift toward risk management as the central value proposition, with operational accountability now defined by the ability to produce defensible documentation and deliver rapid incident response. According to Dave Sobel, MSPs are no longer primarily offering stack management, but are increasingly brokering risk through cyber warranties, insurance underwriting, incident retainers, and AI governance frameworks. Those unable to support their claims with evidence and formal processes risk becoming mere facilitators for third-party terms and losing control over their margins. Recent developments reinforce this shift. A Splunk report finds that nearly all CISOs now view AI governance and risk management as their responsibility, citing threat actor sophistication as a primary driver. AI is assisting with event triage and data correlation, but verification—especially around AI-generated content—is unreliable, with detection tools struggling against advanced fakes. Insurance mechanisms are becoming productized with prioritized incident response, and legal intelligence is being embedded into MSP workflows. Vendors like N-able, Monjur, SentinelOne, and DocuSign are directly integrating financial, legal, and governance functions into their offerings, fundamentally altering client and vendor relationships. Adjacent stories illustrate volatility in traditional safeguards and the operational reality of adaptive threats. CISA leadership changes indicate instability in public response institutions. AI-powered malware exemplifies the challenge: ESET's PromptSpy uses Gemini to continuously adapt its persistence, outpacing static detection models. Insurance underwriters are increasingly demanding machine-verifiable evidence of controls, using detailed questionnaires to distinguish autonomous AI from marketing claims. The risk is no longer just technical; it is structural. For MSPs and IT leaders, operational posture is now shaped by an ecosystem of embedded warranties, legal terms, governance requirements, and adaptive threats. The ability to document, defend, and productize risk controls becomes a baseline for credibility and insurance eligibility. Failure to build evidence pipelines and clarify vendor-imposed liabilities exposes service providers to compounded risk. The practical implication is a necessity for MSPs to treat governance and detection as measurable, documented capabilities—not assumptions or routine paperwork. Three things to know today: 00:00 CISOs Own Governance, Detectors Lag Fakes, Response Gets Contracted — Accountability Follows 03:14 N-able, SentinelOne, DocuSign Move Risk Management Into the Stack — MSP Terms Follow 05:10 CISOs Want Agentic AI, But Insurers and Adaptive Malware Are Forcing the Timeline 07:32 Why Do We Care?  Supported by:  CometBackUpSmall Biz Thoughts Community

#SecurityConfidential #DarkRhiinoSecurityTiffini Smith is a strategic legal executive and board advisor with over 20 years of experience in privacy, cybersecurity, and AI governance. A U.S. Patent Attorney with bar admissions in the U.S. and England & Wales, she helps organizations navigate everything from breach preparedness to the EU AI Act. Tiffini has led global legal teams and provided global cybersecurity legal advice, including addressing issues such as incident response readiness, vendor risk programs, AI model risk reviews, and board-level briefings, and is known for translating complex legal and cyber risk into actionable guidance for executives. She also authors a newsletter.00:00 Intro02:28 Our Guest05:48 Regulation across states and countries09:48 Cybersecurity regulation culturally14:00 Employee training and teaching them the Why 23:07 How do you mitigate against AI?25:00 CISOs don't understand how the business works29:11 Does being compliant actually reduce your exposure? 34:00 Regulations on AI in your business50:10 More about Tiffini----------------------------------------------------------------------To learn more about Tiffini visit https://www.linkedin.com/in/tiffini-smith/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Show Notes: https://securityweekly.com/bsw-437

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-437

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Show Notes: https://securityweekly.com/bsw-437

Cybersecurity leader and author George Finney joins Ann on this week's episode of Afternoon Cyber Tea to explore how trust, communication, and culture shape effective security leadership. Drawing on his experience in higher education and enterprise environments, George explains why Zero Trust succeeds or fails based on people not technology, and how CISOs can better communicate risk to executives and boards. The conversation also dives into AI governance, relatable storytelling as a leadership tool, and why making cybersecurity approachable is essential for building resilient organizations.  Resources:  View George Finney on LinkedIn   View Ann Johnson on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.    

AI hype isn't slowing down, and for cybersecurity leaders, that's exactly the point. As organizations race to inject generative AI and AI agents into every corner of the business, CISOs face a new challenge: cutting through inflated expectations without getting left behind.  In this preview of the Opening Keynote from Gartner Security & Risk Management Summit, Gartner experts Christine Lee and Leigh McMullen explain why now is the moment for cybersecurity to stop resisting the Hype Cycle, and start using it as a strategic advantage.   You'll learn: Why AI hype is becoming a catalyst, not a distraction, for cybersecurity How to use outcome‑driven metrics to guide smarter investments The biggest risks and realities of GenAI and AI agents What early AI adopters in cybersecurity are doing differently How embracing hype can strengthen resilience and unlock innovation   Dig deeper: Explore more Gartner for CISOs insights Attend a Gartner Cybersecurity Conference near you See why Gartner is the world authority on AI Become a client to try AskGartner  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

This week on Ethical Voices Bill Keeler, senior director of PR and communications with Semperis a leader in AI powered identity security, and cyber resilience, discusses: Why "vaporware" claims are the fastest way to lose credibility in cyber PR The ethics issues involved in ransomware attacks The issues CISOs face – and how it is coming to the big screen The power of transparency

Jeff and Jim sit down with David Llorens, principal at RSM, to break down the RSM 2026 Attack Vectors Report. Drawing from real-world offensive security engagements, David explains why identity continues to be the primary attack surface, how AI chatbots are creating new vulnerabilities through prompt injection, and what separates organizations that get breached from those that don't. The conversation covers MFA gaps, the explosion of non-human identities, why PAM is the top investment priority for 2026, and how CISOs can align security spending with business objectives. Plus, the episode wraps up with soccer stories and some quality trash talk.Connect with David: https://www.linkedin.com/in/david-llorens-009a3310/Review RSM's 2026 Attack Vectors Report: https://rsmus.com/insights/services/risk-fraud-cybersecurity/rsm-attack-vector-report.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 - Intro and Jim's big personal news4:51 - Main topic intro: RSM 2026 Attack Vectors Report5:55 - David's origin story and how he got into cybersecurity9:53 - What a principal is at RSM and David's current role11:16 - What the Attack Vectors Report is and how it is created14:40 - Why identity security is a dominant theme in this year's report17:19 - What separates organizations that get breached from those that don't18:18 - MFA as the first line of defense18:45 - Privileged access management as a growing priority19:40 - Detecting lateral movement through identity anomalies21:00 - Credential rotation as an advanced defensive technique22:26 - Non-human identities and service account risks24:37 - Middle market challenges and budget constraints25:17 - Is it the size of the budget or how you spend it?28:29 - Using internal audit and cross-department collaboration for security wins30:15 - Cybersecurity as a business enabler, not a deterrent32:45 - Non-human identities and agentic AI creating new attack surfaces35:51 - Prompt injection attacks and AI chatbot vulnerabilities39:42 - Actionable recommendations for practitioners42:41 - MFA implementation gaps and session hijacking45:02 - The case for FIDO2 and layered conditional access46:35 - Is identity security a board-level issue?49:47 - Three things CISOs should focus on through 202650:52 - PAM as the top investment priority51:28 - Removing unnecessary privileges from users56:11 - Redefining what privilege means in your organization57:43 - Social media accounts as privileged access58:42 - Credentials stored in SharePoint and OneDrive59:38 - Wrap up and where to find the report59:58 - Lighter topic: David's soccer background and playing semi-pro1:05:06 - Best trash talk stories1:07:03 - Jim's trash talk philosophy: scoreboard1:08:00 - Jeff's basketball trash talk and calling his shots1:10:00 - Final thoughts and sign offKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, David Llorens, RSM, attack vectors report, offensive security, penetration testing, identity security, MFA, multifactor authentication, privileged access management, PAM, non-human identities, service accounts, agentic AI, AI security, prompt injection, lateral movement, credential rotation, FIDO2, conditional access, session hijacking, middle market, CISO, board-level security, certificate-based authentication, active directory, configuration management, shadow AI

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

From ViVE 2026 in Los Angeles, Michael chats with John Kirkman, Vice President of Government, Healthcare, and Education at Island. Together, they discuss how CIOs and CISOs can show that their approach to AI governance is working; the playbook for securing AI-assisted workflows; overcoming the biggest "shadow AI" risk today; how CIOs are modernizing their systems while still relying on essential legacy applications; uncovering blind spots for managing third parties and contractor access; and much more.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Aleksandr Yampolskiy was doing everything right. He had the tools, the budget, the processes - the full security stack humming along at the e-commerce company where he served as CISO. Then one routine vendor integration blew the whole thing open. Unencrypted credit card data from other customers, just sitting there, inside a platform that had been rubber-stamped by a Big Four firm. In that moment, he realized something most security leaders spend their careers trying not to think about: you can do everything right and still lose your job because someone else didn't.That scar became SecurityScorecard.But here's where the story gets interesting. When Aleksandr, or AY - as he introduced himself when joining me in my studio, started telling people in 2013 that he wanted to quantify cyber risk the same way credit scores quantify financial risk, nobody was excited. The reactions ranged from "that's impossible" to a polite shrug. Most founders would have taken that as a signal to pivot. Alex took it as proof he was early enough to matter.In this episode, we go deep. We talk about why the status quo, not a named competitor, is the most dangerous thing your sales team will ever face. AY tells the story of twenty buyers who all said "I love it, I'll buy it" and then every single one of them disappeared when he came back with the finished product. (Oh, how I resonate deeply with this pain.)He explains how a pediatrician named Dr. Virginia Apgar, who saved tens of thousands of newborns with a simple scoring system, became the intellectual blueprint for how Security Scorecard thinks about risk. And he gets honest about hiring decisions that went wrong because he ignored a gut feeling he couldn't quite articulate at the time.We also get into territory that most cybersecurity podcasts don't touch. AY talks about boards adopting AI to impress Wall Street while CISOs scramble to secure shadow deployments nobody authorized. He walks through why 150 companies control ninety percent of the global attack surface and what that means for everyone else. He makes the case that quantum computing will be a Y2K-scale migration problem much sooner than the industry wants to admit. And he shares a question from his company advisor that I think every GTM leader needs to sit with: Who do you want your customers to become?This is a conversation about how a scientist thinks about risk, why the language gap between the SOC and the boardroom is an actual vulnerability, and what it really takes to build something that changes how an industry operates.Listen in and enjoy.A special thanks to our friends at SecurityScorecard for partnering with us to tell this story. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

Send a textCameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance.Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust.In this episode, we dig into:Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secureThe three stages of compliance maturity — and how to climb themWhat "compliance debt" is and why it's quietly eating your businessHow smart CISOs use their security posture as a revenue driver, not a back-office cost centerThe "$100/month" challenge: what actually moves the needle for startupsHow AI is reshaping compliance programs — for better or worseWhy Girish spent over a year talking to customers before writing a single line of codePlus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this Secur(IT) episode, host Philip de Souza talks with George Tsantes, Partner at Newport LLC, former Accenture partner, EY principal, and co‑author of Cyber Attacks: Managing the Risk and Results. They explore how boardscan turn cybersecurity into business strategy by prioritizing vigilance over pure prevention, protecting the “crown jewels,” and using business metrics instead of vanity dashboards. The conversation also covers AI‑driven threats, third‑party and “meta‑enterprise” exposure, incident readiness, and how CISOs can “prove cybersecurity” in clear board language

In this episode of Life of a CISO, Dr. Eric Cole sits down with cloud and AI expert Matt Lea to unpack the real risks and opportunities shaping cybersecurity today. They dive into AWS outages, cloud resiliency strategies, and how organizations should think about redundancy instead of blindly trusting a single provider. The conversation explores how CISOs can balance cost versus risk when designing cloud architectures and why insider issues, burnout, and knowledge silos often pose bigger threats than external attackers. Matt shares practical insights on AWS AI tools like Bedrock and SageMaker, when to adopt them, and how AI is changing cloud operations at scale. The episode also covers startup lessons, building resilient teams, and the importance of documenting knowledge to avoid single points of failure. Plus, they discuss Cloud War Games, a hands-on approach to training teams under real outage scenarios. If you're a security leader, cloud architect, or technologist navigating AI and cloud transformation, this episode delivers actionable guidance on building resilient systems, managing risk, and preparing for the next wave of cyber challenges.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

What does autonomous IT really look like when you move beyond the slideware and start wiring systems together in the real world? At Dynatrace Perform in Las Vegas, I sat down with Pablo Stern, EVP and GM of Technology Workflow Products at ServiceNow, to unpack exactly that. Pablo leads the teams focused on CIOs and CISOs, building the workflows and security products that sit at the heart of modern IT organizations. From service desks and command centers to risk and asset management, his remit is clear: enable AI to work for people, not the other way around. We began with ServiceNow's deepening multi-year partnership with Dynatrace. While the announcement made headlines, Pablo was quick to point out that the real story starts with customers. This collaboration is rooted in a shared goal of helping joint customers reduce outages, improve SLA adherence, and shrink mean time to resolution. The vision of autonomous IT operations is not about hype. It is about connecting observability data with deterministic workflows so that insight can evolve into coordinated, system-level action. Pablo walked me through the maturity curve he sees emerging. First came AI-powered insight, summarizing data and surfacing signals from noise. Then came task automation, drafting knowledge articles, paging teams, triggering predefined playbooks. The next step, and the one that excites him most, is orchestrated autonomy. That means stitching together skills, agents, and workflows into systems that can drive end-to-end outcomes. It is a journey measured in years, not months, and it depends as much on digitizing process and building trust as it does on technology. We also explored root cause analysis, still one of the biggest time drains in IT. By combining Dynatrace's AI-driven observability with ServiceNow's workflow engine, enterprises can automate forensic steps, correlate events faster, and shorten the time spent on major incident bridges where teams debate ownership. Even incremental improvements in accuracy can save hours when incidents strike. Trust, of course, remains central. Pablo was candid that full self-healing systems are still some distance away. What we will see first is relief automation, controlled failovers, scripted actions suggested by machines but approved by humans. Over time, as confidence grows and processes become fully digitized, the balance will shift. Beyond the technology, a consistent theme ran through our conversation. Outcomes have not changed. Enterprises still want higher availability, faster resolution, better employee experiences. What is changing is the how. ServiceNow is reimagining its platform to deliver those outcomes at a much higher standard, not through incremental tweaks, but through rethinking workflows for an AI-first world. From design partnerships with banks building pre-flight change checks, to internal teams acting as the toughest customers, this was a grounded, practical conversation about where autonomous operations are headed and what it will take to get there. If you are a CIO, CISO, or IT leader wondering how to move from theory to execution, this episode offers a clear-eyed look behind the curtain.      

What separates organizations that pass audits from those that survive real incidents? In this episode of The Segment, host Raghu Nandakumara sits down with Phil Park, global cybersecurity and risk leader at IBM. With more than 25 years advising financial institutions across the U.S., Europe, and Asia-Pacific, Phil brings a practical perspective on how supervision is rapidly evolving from compliance checklists to real-world operational readiness. Together, Raghu and Phil unpack the industry's biggest mindset shift: regulators no longer ask “Are you protected?” — they ask “Can you operate through disruption?” They explore why prevention alone is no longer enough, why containment and recovery now define security maturity, and how CISOs are moving from siloed operators to enterprise-wide risk leaders accountable to boards and regulators alike. The conversation also dives into: Why regulators evaluate response quality rather than technical perfection   How organizations are turning tabletop exercises into realistic resilience testing   The growing pressure created by third-party and supply-chain dependencies   Why evidence and outcomes matter more than policies and frameworks   How overlapping reporting requirements are reshaping incident response playbooks   The double-edged role of AI in both defense and attack, including deepfake risks   Why security fundamentals matter even more in the AI era   This episode is a must-listen for security leaders and executives navigating a world where passing the audit is no longer the goal — proving you can withstand disruption is. Also, if you're attending FSISAC, join Illumio, IBM, and Palo Alto Networks for an exclusive dinner at Capital Grille! Save your seat here: https://lp.illumio.com/20260302-Steak-And-Security-Dinner.html?utm_medium=email&utm_source=marketo

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com