Podcasts about cloud security

All links and images can be found on CISO Series We know human-paced security controls can't be applied to autonomous AI agents. So what needs to change with CNAPP and cloud security? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Dan Benjamin, vp product - data, identity, and AI security, Palo Alto Networks. In this episode: The detection ceiling A category gap, not a feature gap Resilience by design An insider threat with no face A huge thanks to our sponsor, Palo Alto Networks Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Visit Palo Alto Networks and search cortex cloud.  

Guests: Gal Ordo, Co-founder & CPO @ Native  Topics:  In Episode 186, we debated 'Native vs. Third-Party' as a binary choice. Native seems to be a third-party vendor whose entire existence depends on the belief that cloud-native controls are superior. Does your platform validate the 'Cloud Provider' side of the debate (that their controls are enough), or does the fact that you exist prove the 'Third-Party' side (that native interfaces aren't enough)? A key argument against native controls is an AWS WAF and a Google Cloud Armor don't behave the same way. If your tool manages native controls across multi-cloud, how do you handle the 'lowest common denominator' problem? Do you dumb down the policy to fit all clouds, or do you expose the unique complexity of each one? GuardDuty and SCC produce similar but meaningfully different results. How do you abstract across that so an analyst or IR team isn't having to dig into the exact meaning of the different JSON fields in their output? We often say native tools are 'good enough' for 80% of use cases but lack the depth of specialized third-party vendors (like a dedicated CNAPP or DLP). By betting your company on orchestrating native controls, are you effectively betting that 'good enough' is the future of the market? What happens when a customer needs a feature that the CSP hasn't built yet? What fraction of your users are taking this from a "I'm 80% this one cloud, I need great coverage there and good enough elsewhere" vs "I'm truly multi-cloud" or even scarier "I have a workload that is active spanning clouds"?  Do your customers push you towards helping with the kinds of SaaS platforms that SSPM vendors cover? If AWS and Google Cloud suddenly decided to make their native security UIs perfect and unified tomorrow, would your company cease to exist? Or is the complexity of the cloud strictly increasing, guaranteeing you job security forever? Related: Video version EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim EP160 Don't Cloud Your Judgement: Security and Cloud Migration, Again! The Great Cloud Security Debate: CSP vs. Third-Party Security Tools native.security blog

In Elixir Wizards S15E04, Charles Suggs and Emma Whamond are joined by Somtochi Onyekwere, a software engineer at Fly.io and contributor to the Corrosion distributed database project, to talk about distributed systems, infrastructure resilience, and the growing fragility of centralized cloud platforms.   We discuss what recent outages across major providers reveal about modern infrastructure and why more teams are starting to rethink assumptions around reliability, failover, and system design. Somtochi explains how Fly.io approaches geographic distribution, eventual consistency, and replication across nodes, along with the trade-offs that come with building systems this way.   The conversation explores CRDTs (Conflict-free Replicated Data Types), consensus, split-brain prevention, and what actually happens when distributed systems fail in production. We also talk about testing strategies, rollback planning, property-based testing tools, and how teams can reduce blast radius when things inevitably go wrong.   Along the way, we discuss AI infrastructure, sandboxing AI agents, and how newer workloads may add pressure to already centralized systems. The episode closes with practical advice for developers who want to build more resilient applications without over-complicating their architecture. Topics Discussed in this Episode: Corrosion and distributed database replication Centralized cloud fragility and recent outage patterns Distributed systems versus traditional cloud architectures Multi-region deployment strategies for Phoenix applications CRDTs and conflict resolution in distributed systems Eventual consistency versus strict consistency tradeoffs Consensus, leader election, and split-brain prevention Testing failover and recovery scenarios Property-based testing and Antithesis Rollback planning for database schema migrations Reducing blast radius through system isolation Health checks and blue-green deployment strategies Fly Proxy request routing and replay behavior Cross-region synchronization and replication challenges Single points of failure inside “redundant” systems Backup restoration testing and disaster recovery planning Network partitions and failure handling in production Infrastructure monitoring and operational visibility AI infrastructure workloads and operational strain Sandboxing and securing AI agents Sprites and AI workflows at Fly.io Latency improvements from geographic distribution Distributed systems tradeoffs in real-world environments Transitive dependency failures across cloud providers Practical resilience strategies for modern engineering teams Links Mentioned: https://fly.io https://github.com/superfly/corrosion https://docs.gitops.weaveworks.org/ FluxCD https://fluxcd.io/ Fly.io Stateful Sandbox Environments https://sprites.dev/ Cloudflare Workers AI Inference Platform https://www.cloudflare.com/products/workers-ai/ “An AI Agent Just Destroyed Our Production Data. It Confessed in Writing” Twitter post from PocketOS founder: https://x.com/lifeof_jer/status/2048103471019434248 Oct 2025 AWS Outage https://www.theguardian.com/technology/2025/oct/24/amazon-reveals-cause-of-aws-outage Dec 2025 Cloudflare Outage https://www.theguardian.com/technology/2025/dec/05/another-cloudflare-outage-takes-down-websites-linkedin-zoom July 2025 Crowdstrike Outage https://www.ibm.com/think/news/recent-crowdstrike-outage-what-you-should-know March 2026 Stryker Cyber Attack https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html https://aws.amazon.com/ https://cloud.google.com/ https://azure.microsoft.com/en-us https://fly.io/docs/elixir/ CRDTs!! https://smartlogic.io/podcast/elixir-wizards/s13-e03-local-first-liveview-svelte-pwa/ https://antithesis.com/docs/resources/property_based_testing/ https://hex.pm/packages/proper

In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it's now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated. This episode is also available on Youtube. Show notes

How often have you heard someone say they aspire to be an ISO consultant? Likely not at all! That's not surprising as it's quite a niche world to find yourself in, yet despite that, there are still thousands of ISO professionals worldwide. We're continuing with our mini-series where we introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification.   In this episode we introduce Steve Mason, a Principle isologist® at Blackmores, to share the journey of how he went from intern, to ISO Assessor, to ISO consultant and the challenges he's faced while working with clients. You'll learn ·      What is Steve's role at Blackmores? ·      What does Steve enjoy outside of consultancy? ·      What path did Steve take to become an ISO Consultant? ·      What is the biggest challenge he's faced when implementing ISO Standards? ·      What is Steve's biggest achievement?   Resources ·      Isologyhub ·      ISO 14001:2026 What's Changed And How to Comply Webinar Registration   In this episode, we talk about: [00:30] Episode Summary – We introduce Steve Mason, a Principle Isologist® here at Blackmores, to discuss his journey towards becoming an ISO consultant who specialises in ISO 27001, ISO 27701, ISO 27018, ISO 27017 and ISO 20000-1. [02:40] What is Steve's role at Blackmores? Her role primarily involves supporting clients in two key areas: maintaining and continually improving their existing ISO management systems and helping them establish and implement new standards. As part of that support, he: ·      Makes Standards understandable and accessible to clients ·      Conduct internal audits ·      Reviews and updates management system documentation ·      Facilitate management reviews ·      Train internal teams and prepare them for certification audits. Steve is the Standard champion for ISO 27001, ISO 27701, ISO 27017, ISO 27018 and ISO 20000-1 at Blackmores, but he also deals with ISO 9001, ISO 41001, ISO 22301 and ISO 42001 related projects and support. Steve's other main role at Blackmore's is as a Mental Health First Aider, which is shared with Minoo Agarwal. Together, they provide resources and offer support to the team. [06:00] The importance of Mental Health management in the workplace: Steve had faced bullying in previous roles, so preventing others from experiencing the same had become a big motivator for him taking on the role of Mental First Aider for Blackmores. He emphasizes it's importance, and highlights 2 key Standards that you can use to help support mental first aid within your business. This includes ISO 45003 Mental Health in the Workplace and BS 30480 Suicide and the Workplace. [09:10] What does Steve enjoy doing outside of consultancy?: Steve has a wide variety of interests and hobbies, including: Lay Minister: Steve is a Lay Minister in the United Reform Church and mainly based at the URC Chapel in Walkern, but can be found leading worship and preaching at Ashwell, Baldock, Stevenage and Knebworth chapels. Poetry: Steve enjoys writing poetry about anything and everything, racking up an impressive 190 poems so far. Some of his main inspirations include Wordsworth and Keats. If you ever see a poem on the Blackmores LinkedIn page, odds are, it was written by Steve! Classical Music: He's a fan of classical music, anything by Beethoven, Mahler or Shostakovich specifically. He likes these composers in particular due to their stretching of the rules of music for the time. Exploring hidden London: Steve often goes on hidden London tours which explore disused underground stations which may have been shut down as long as 100 years ago! Buses and Trains: Steve was lucky enough to drive a bus in his past, of which he has the licence plate of sitting in his office. He collects bus and train models and will go out to snap a photo or two of their real world counterparts when he comes across them. History: Steve is a huge mystery buff, with a particular fondness for Richard III and the War of the Roses and the Anglo Saxon period of history. Family Tree: Steve has been tracing his family tree back as far as he can on his mother's side, which extends as far back as 1547! Interestingly enough he found out that relatives from way back then got married in the church that he currently lives nearby and got qualified as a Lay Minister for the Church of England in Stevenage! Cats: He's owned his fair share of feline friends through the years, with one particular tabby holding the name 'Spartacus'. [22:35] What was Steve's path towards becoming an ISO Consultant?:  Steve was once told in the 1980s 'There is no future in Standards; find another career, perhaps in Sales or Purchasing'. How wrong that turned out to be! He's always worked with standards, from the first day he started work doing inspection in Goods Inwards, he was referring to them. The direction towards Management systems came in 1983 when he started implementing BS 5750. From that day onward he had been involved in Management Systems. Steve completed a management apprenticeship at Racal-Guardall where he was able to do 3 months' work experience in all departments, which helped him appreciate how companies function and how important it is to maintain good communication channels. He was at the end of this apprenticeship that the opportunity arose in the QA department to work on BS 5750. His career path has included other organisations such as Tektronix, BOC Ohmeda, Cirkit, Deta, TDK and BSI, all of which earned Steve a lot of experience in Manufacturing and Service and Distribution, mainly in Quality and Customer Service roles. Steve has always felt a bit like a closet consultant, even when he worked as an assessor at BSI. He feels as if Blackmores has enabled him to fully flourish and develop his portfolio of standards – not bad for a career where there was apparently no future in standards! [28:45] Born to be a consultant – Steve mentions that consultancy is a skill that many are born to be. You can train and learn the skills of course, but for some it comes very naturally and it can be hard to replicate that skillset in others. [30:15] What is Steve's favourite aspect of being a Consultant? Steve loves talking with clients and working with them to explore solutions that can address the requirements of the standards. His motto is 'Mould the Standard to the organisation and not the organisation to the standard' This means, always producing a management system that benefits the organisation first and then adjusting it to meet the requirements of the standard. Organisations that mould the business to the standard usually end up with a management system that is a 'bolt-on' and an uncomfortable, sometimes irrelevant, fit. Everyone in the organisation needs to feel that the management system is a natural fit to what they do. He also enjoys supporting his colleagues at Blackmores. We're a business built on knowledge sharing, and there's no point gatekeeping anything we've learned as a team. So consultants often get together to discuss lessons learned and ensure best practice is a shared experience. Ironically enough, one of Steve's least favourite aspects of being a consultant is auditing! Mostly since he's been doing it for some 40 years now, so he can be forgiven for finding the exercise a bit tedious at times. However, he never let's that affect the end result of an audit. [37:00] What Standards does Steve specilaise in and why? Steve initially started with ISO 9001 but was steered towards ISO 27001 and ISO 20000-1 during his time as BSI. This was based upon his career path up to the point he joined BSI as they align assessors to familiar business and technical environments. In Blackmores, he has been able to develop these areas of Quality, Service and Risk by adding standards related to Business Continuity, PII and Cloud Security, Facilities Management and AI Management. Steve's favourite standard is ISO 20000-1 which started off as an IT Service Management System but can also be used effectively for all services. He always refers to ISO 20000-1 as 'ISO 9001 on Steroids' because it is much more specific and focuses on the subject of service management. Sadly, ISO20000-1 is under rated, under sold and in some cases, never heard of – this is usually because contracts require IS O9001 but the people writing those contracts don't actually know or understand what they are asking for. In simple terms it is a Service Quality Management System and Steve has come across organisations which have shoe-horned ISO 9001 into the business instead of using the natural fitting standard ISO 20000-1. Steve would advise any company that is providing a service with helpdesk support to look at ISO 20000-1, especially if they find that ISO 9001 isn't working well for them. [43:00] What is the biggest challenge Steve had faced during a project and how did he overcome it?: Creating a management system in 10 days for a client which was due to lose a major contract because they had let their certification to ISO 9001 lapse between the 2008 and 2015 versions. Quite the undertaking in such a short amount of time! Steve refuses to claim full responsibility for the success however, as the client was totally invested in getting the system up and running and put in a lot of effort to work with Steve to get it done in time. If it had been any other standard, it would have been impossible, but because it was ISO 9001 and wthey were drawing on what had been in place previously it was possible. Generally, problems arise when there is limited or no Leadership support and commitment, because without this management systems can't be set up in a way that benefits the organisation. All management systems must align with the Business Strategy and should be used to ensure that the strategy is achieved. If you'd like to learn more about the importance of Leadership and aligning your management system with strategic direction, check out a few of our previous episodes. [50:10] What is Steve's proudest achievement?  Steve isn't really one to collect achievements, so he cites winning 1st Prize at 6 years old in a fancy-dress competition, dressed as a Snowman was a proud achievement for 6 year old him. He is also proud of becoming a Lay Reader initially in the Church of England at 37 and latterly in the URC. Another highlight is appearing on The Chase back in 2017, successfully passing the auditions which saw 40,000 applicants. If you want to go see him go up against the Chasers, he was in Series 10 episode 119. He can't point to any one ISO related project as he sees them all as an equal success. He puts all his effort into every project, and his success track shows this to be evident. [54:35] ISO 14001 Transition Webinar:  If you currently hold a 2015 certificate for ISO 14001, then the countdown has already started to transition to the latest 2026 version. We'll be covering the changes and what you need to do to comply and complete your transition in a webinar on the 29th May. You can register your place here.   If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Today’s headline news for Canadian IT solution providers: Acronis has launched Cyber Frame, a new hyperconverged infrastructure (HCI) and infrastructure-as-a-service (IaaS) platform built specifically for managed service providers. The platform allows MSPs to build and deliver infrastructure services with native integration into Acronis’ cyber protection and remote monitoring and management (RMM) tools. Acronis says it is designed to give service providers an alternative to legacy virtualization and hyperscaler cost pressures, offering better margin control and options for both fully hosted and partner-hosted deployments. Citrix has introduced Citrix Platform Flex, a new persona-based secure access model intended to help organizations move away from static, one-size-fits-all IT delivery. The new platform is built to align IT resources more closely with evolving business needs, delivering secure access, managed services, and observability with more flexible and predictable pricing. It acknowledges that different worker profiles require vastly different access parameters in a modern hybrid environment. Upwind has launched its new AI Agentic Pack, adding agent-driven capabilities to its cloud security platform. The tools are designed to help security teams investigate threats, validate active exposures, and prioritize remediation, leaning into the growing industry trend of using autonomous agents to compress the window between threat discovery and response. Nerdio vice president of MSP sales Will Ominsky warned in a Redmond Channel Partner interview today that MSPs who figure out how to monetize AI by the end of 2026 will grab massive market share. He noted that partners who only experiment with AI internally—without building client-facing, revenue-generating AI practices—will be left behind in the coming wave of SMB adoption. Boomi and Red Hat have announced a strategic collaboration to deliver an integrated stack for deploying agentic AI at scale. The partnership combines Boomi’s Agentstudio with Red Hat AI, providing organizations with a framework to orchestrate AI workflows securely without losing control of their data governance or allowing cloud consumption costs to spiral. The U.S. Department of Homeland Security is reportedly scrutinizing Instructure after a massive ransomware attack disrupted its Canvas online learning platform. The breach highlights the growing vulnerability of critical SaaS infrastructure and the widespread supply chain impact when platforms are targeted during peak usage periods, such as university finals week. Canadian cybersecurity provider Plurilock has announced CAD $1.13 million in new critical services contracts. The wins reflect continued momentum for the AI-native security firm as it expands its footprint across both public and private sector environments, capitalizing on the growing need for identity-centric security. [powerpresss] Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 14, 2026, and here’s what’s happening in the channel today. Acronis has launched Cyber Frame, a new hyperconverged infrastructure and infrastructure-as-a-service platform built specifically for managed service providers. The launch comes at a critical time for the channel, as many service providers are actively seeking alternatives to legacy virtualization platforms following recent industry shakeups and pricing model changes. Cyber Frame allows MSPs to build and deliver infrastructure services with native, seamless integration into Acronis’ existing cyber protection and remote monitoring and management tools. Rather than dealing with the unpredictable costs of hyperscale public clouds or the complexity of managing disparate vendor stacks, MSPs can use Cyber Frame to consolidate their service delivery. Acronis says the platform is designed to give service providers significantly better margin control and simplified management. It offers flexible deployment options, allowing partners to choose between a fully hosted model managed by Acronis, or a partner-hosted deployment running on the MSP’s own hardware in their local data center. By combining compute, storage, networking, and security into a single unified platform, Acronis is positioning Cyber Frame as a way for MSPs to scale their infrastructure offerings profitably while maintaining the tight security posture that modern SMB clients demand. Citrix has introduced Citrix Platform Flex, a new persona-based secure access model intended to help organizations move away from static, one-size-fits-all IT delivery. In today’s hybrid work environment, the access requirements for a call center employee, a traveling executive, and a remote software engineer are vastly different. Citrix built Platform Flex to recognize these distinctions, allowing IT teams to align resources, security controls, and application delivery specifically to the varying needs of different worker profiles. The new platform delivers secure application access, managed services, and comprehensive observability under a model designed for more flexible and predictable pricing. By shifting away from rigid licensing structures that often force companies to over-provision resources for basic users, Citrix aims to help enterprises optimize their cloud and infrastructure spending. Platform Flex also incorporates advanced analytics and security policies that adapt in real-time based on user behavior and location. For channel partners, this persona-driven approach provides a clear framework to help enterprise customers rationalize their IT investments, simplify the management of distributed workforces, and ensure that security protocols do not impede productivity for end users who require high-performance access to specialized applications. Upwind has launched its new AI Agentic Pack, adding autonomous, agent-driven capabilities to its cloud security platform. As cloud environments grow increasingly complex and security operations centers face unprecedented alert fatigue, the cybersecurity industry is rapidly shifting toward agentic AI to help manage the load. Upwind’s new tools are specifically designed to help security teams autonomously investigate threats, validate whether theoretical vulnerabilities are actually exposed to active exploitation, and prioritize remediation efforts based on real-world risk. Instead of simply generating more alerts for human analysts to sift through, the Agentic Pack leverages artificial intelligence to actively investigate the root cause of an incident, map the attack path across cloud infrastructure, and propose actionable fixes. This launch leans heavily into the growing necessity of using autonomous agents to drastically compress the window between threat discovery and response. With malicious actors utilizing AI to accelerate their attacks, defenders require matching speed to counter them. For managed security service providers, Upwind’s agentic capabilities offer a pathway to scale their operations, handle a higher volume of telemetry without adding headcount, and provide faster threat containment for their clients. In brief: Nerdio vice president of MSP sales Will Ominsky warned in a Redmond Channel Partner interview today that MSPs who figure out how to monetize AI by the end of 2026 will grab massive market share.  Boomi and Red Hat have announced a strategic collaboration to deliver an integrated stack for deploying agentic AI at scale.  The U.S. Department of Homeland Security is reportedly scrutinizing Instructure after a massive ransomware attack disrupted its Canvas online learning platform.  And Canadian cybersecurity provider Plurilock has announced 1.13 million dollars in new critical services contracts.  Later today on in the channel, we’re talking eCrime Reports and Threat Intelligence with Camerous Tousley and Pedro Kertzman of ESET. And if you missed it yesterday, check out my conversation with Auvik’s Steve Petryschuk on the gap between MSPs’ expectation around AI, and the reality they have realized to date. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

The cybersecurity industry in 2025 is evolving faster than ever. While companies lay off thousands, they're also desperately hiring cybersecurity leaders who can bridge AI, business, and security. In this ultimate tutorial, I share 20+ years of hard-earned lessons that took me from a $40K coder to a $250K cybersecurity leader and consultant.What You'll Learn: how to pivot before everyone else in cybersecurity, why skills beat credentials, the AI edge you MUST develop right now, leadership & communication skills that fast-track promotions, 5 career paths (Hacker, IAM, Cloud Security, GRC/Privacy, CISO), real strategies that helped me 10x my career. Whether you're entry-level, mid-career, or aiming for CISO, this roadmap is designed to help you secure, scale, and lead.Looking to go from chaos and unpredictability to resilience in the world of AI? Start here with The Predictability Factor newsletter at The Monica Talks Cyber (https://www.monicatalkscyber.com).

SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant topics in cybersecurity, including the discovery of a critical Linux vulnerability known as Copy Fail, the introduction of Cloud Security in public beta, and Microsoft's comprehensive AI security strategy. They explore how AI is revolutionizing vulnerability scanning, the implications of the Copy Fail bug, and the proactive measures organizations can take to enhance their security posture. The conversation emphasizes the importance of timely patching and the evolving landscape of cybersecurity driven by AI advancements.----------------------------------------------------YouTube Video Link: https://youtu.be/5Hrt9QdI7bY----------------------------------------------------Documentation: https://www.theverge.com/tech/922243/linux-cve-2026-3141-copy-fail-exploithttps://copy.failhttps://claude.com/blog/claude-security-public-betahttps://www.microsoft.com/en-us/security/blog/2026/04/22/ai-powered-defense-for-an-ai-accelerated-threat-landscape/----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant topics in cybersecurity, including the discovery of a critical Linux vulnerability known as Copy Fail, the introduction of Cloud Security in public beta, and Microsoft's comprehensive AI security strategy. They explore how AI is revolutionizing vulnerability scanning, the implications of the Copy Fail bug, and the proactive measures organizations can take to enhance their security posture. The conversation emphasizes the importance of timely patching and the evolving landscape of cybersecurity driven by AI advancements.----------------------------------------------------YouTube Video Link: https://youtu.be/5Hrt9QdI7bY----------------------------------------------------Documentation: https://www.theverge.com/tech/922243/linux-cve-2026-3141-copy-fail-exploithttps://copy.failhttps://claude.com/blog/claude-security-public-betahttps://www.microsoft.com/en-us/security/blog/2026/04/22/ai-powered-defense-for-an-ai-accelerated-threat-landscape/----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Is your cloud security strategy ready for the "messy middle" of AI adoption? With developers pushing code from inception to production in under three days using "vibe coding," and adversaries capable of exfiltrating data in just 25 minutes, human-led security is no longer fast enough .In this episode, Ashish sits down with Elad Koren from Palo Alto Networks (Cortex Cloud) to discuss the shift toward Agentic Cloud Security. Elad spoke to us about why bolting an AI chatbot onto legacy security tools doesn't work, and why you must run AI directly where your data lies . Elad shared a real-world case study: an organization that rapidly spun up an "internal" AI workload to test the market, only to have a red team discover it was exposed to the public internet with zero authentication .If you want to know how the role of cloud security practitioners will evolve from manual analysts to AI orchestrators within the next five years, listen to this episode.Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Elad's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Security, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:50) Who is Elad Koren? (Palo Alto Networks / RSA Security) (04:00) The Explosion of "Vibe Coding" and AI Applications (05:10) How CNAPP is Evolving from Posture to Active Protection (07:20) The New Threat Model: 25-Minute Exfiltration Windows (09:30) What is "Agentic Cloud Security"? (Fighting Machines with Machines) (11:40) The "Messy Middle" and the Evolution of Security Practitioners (14:30) Platformization: Why Security Can No Longer Survive in Silos (16:50) Blurring the Lines Between Cloud and Enterprise Estates (18:20) Case Study: An Unauthenticated "Internal" AI Workload Exposed (20:30) How AI is Shrinking Code-to-Cloud Cycles to 3 Days (22:30) The Coming Crisis: Security Token Budgets vs. Speed (23:30) Fun Questions: Kangaroo Jerky Tasting (25:20) Hobbies & Family: Cycling, Audiobooks, and Fatherhood (26:30) Favorite Food: Thai Cuisine in the Bay Area Resources spoken about during the episode:- Cortex Cloud- Symphony 26 - The Agentic SOC Summit- Palo Alto Networks Linkedin Page- Elad's Linkedin

If you walked RSAC Conference 2026 expecting incremental updates, you left with something very different. Thyaga Vasudevan, EVP, Product at Skyhigh Security, describes this year as unlike any prior conference -- not because of a single announcement, but because the customers asking how to secure agentic AI were the same customers already building and deploying it. The urgency was real, immediate, and universal across organization sizes. The defining theme was agentic security. Vasudevan frames it around three core questions every security team now needs to answer: who is acting (agent identity), what are they accessing (data and APIs), and what are they trying to do (actions and permissions). The ChatGPT launch in November 2022 marked a generational shift -- and at RSAC 2026, Skyhigh Security observed that the industry had moved decisively from data-in and data-out protection to governing the actions of autonomous agents themselves. Data sovereignty was the other major conversation thread, driven by geopolitical realities and tightening regional data regulations. Vasudevan spoke with CISOs from financial services, healthcare, public sector, and not-for-profit organizations, each with different infrastructure approaches -- from on-prem data centers to sovereign clouds to full cloud deployments -- but all navigating the same fundamental challenge. DSPM and hybrid architectures are no longer optional for global enterprises. And quietly but significantly, browser security emerged as a front-and-center priority, reflecting the browser's growing role as a primary cloud endpoint. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Thyaga Vasudevan, EVP, Product, Skyhigh Security LinkedIn: https://www.linkedin.com/in/thyaga12/ RESOURCES Skyhigh Security: https://www.skyhighsecurity.com RSAC Conference 2026 Coverage: https://itspmagazine.com/rsac26 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Thyaga Vasudevan, Skyhigh Security, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, agentic AI security, data sovereignty, SSE, Security Service Edge, DSPM, zero trust, browser security, cloud security, RSAC Conference 2026, RSAC 2026, AI agent security, MCP security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Raja Mukerji, Co-Founder & Chief Scientist, Extrahop Rafal Los, VP of Client Relations and Strategic Initiatives, Extrahop Topics: Is Network Detection and Response (NDR) coming back after being shoved to the side by EDR a bit? Is this for real? What's the value proposition of NDR in 2026, because some people still don't understand it? How does NDR apply to the world of WFH, cloud/SaaS, encryption, high bandwidth, etc? Is the value of NDR the same, or different, when it comes to public (or private) cloud? How does NDR fill visibility gaps that identity and agent-based solutions cannot? What does NDR offer that built-in cloud security tooling (as of right now) does not? Would you call NDR a key cloud security control? Does NDR help with shadow AI? NDR elephant in the room is sometimes cost. How does cost change the value prop when compared to on-premise or physical infrastructure? Resources: Video version EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty EP113 Love it or Hate it, Network Security is Coming to the Cloud EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer? EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI) "The GC+CISO Connection Book" book

In this episode of CISO Stories, Jessica Hoffman speaks with Richard Marcus, CISO at Optro, about how organizations are securing cloud environments at scale. They discuss secure by design principles, infrastructure as code, continuous monitoring, and how GRC and security teams are working together more effectively. The conversation also explores the impact of AI on both defense and the evolving threat landscape, with practical insights for modern security leaders. Segment Resources: Optro Cyber Risk Playbook: https://optro.ai/resources/ebook/the-cyber-risk-playbook-for-the-ai-threat-era This segment is sponsored by BlinkOps. Blink Micro-Agents stop AI threats with agentic speed and precision — visit https://cisostoriespodcast.com/blinkops to see the Agentic SOC in action. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-223

The CCSP (Certified Cloud Security Professional) certification is undergoing its most significant evolution yet. With a new exam outline effective August 2026, staying ahead of the curve is no longer optional; it is a requirement for passing. In this masterclass, InfosecTrain breaks down the high-level shifts in cloud-native security, AI integration, and DevSecOps that are now core to the (ISC)² curriculum.The "course titled" CCSP Certification Training is getting a major refresh in 2026, and understanding these updates is key to passing the exam on your first attempt. We provide a high-level briefing for cloud architects and security consultants on how to move from legacy mindsets to modern, AI-integrated cloud defense strategies.

Most organizations are not cloud-only and, according to Thyaga Vasudevan, EVP, Product at Skyhigh Security, they are unlikely to become cloud-only anytime soon. Legacy on-prem applications, new AI workloads kept inside the firewall, and the growing cost of routing all enterprise traffic through a cloud proxy are pushing organizations toward a hybrid security architecture -- one that needs to enforce consistent policy regardless of where the traffic goes or where the data lives. Skyhigh Security announced three major innovations at RSAC Conference 2026: a next-generation SSE hybrid platform with a single console managing on-prem and cloud enforcement under one policy construct; a patent-pending browser security capability that injects JavaScript controls dynamically into existing browser sessions without requiring a dedicated enterprise browser; and the general availability of its DSPM platform, which uniquely provides visibility into both data at rest and data in motion by combining proxy-layer inspection with posture management. The browser has quietly become the most important enforcement point in the enterprise. As AI tools like Microsoft Copilot operate through web socket connections that cannot be intercepted at the server level, security controls have to reach inside the browser session itself. Vasudevan describes a seamless approach: because Skyhigh Security already sees the traffic flowing through its SSE cloud, it can inject controls at the browser layer without asking employees to change the tools they use. Data sovereignty is no longer a compliance footnote -- it is an architectural driver. Vasudevan walked through a global manufacturer operating simultaneously in Europe, the United States, and China. Each region carries different regulatory constraints, different trust postures for cloud infrastructure, and different performance requirements. Skyhigh Security's hybrid platform handles all three scenarios under the same management framework and the same policy construct. The customer chooses where enforcement happens -- on-prem, cloud, or hybrid -- without rebuilding their security architecture. On AI agents, Vasudevan describes the evolution clearly: 2022 was about protecting data flowing into generative AI tools; 2025 became about protecting the actions of the agents themselves. Skyhigh Security positions itself as a proxy between agent traffic and the systems agents interact with -- whether MCP servers or SaaS applications -- monitoring what goes in and what comes out in real time. DSPM provides the baseline: know where sensitive data is and what risk it carries before any agent is given access to it. That distinction between sensitivity and risk is what allows organizations to make smart, dynamic decisions rather than blanket restrictions. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Thyaga Vasudevan, EVP, Product, Skyhigh Securityhttps://www.linkedin.com/in/thyaga12/ RESOURCES Skyhigh Security: https://www.skyhighsecurity.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Thyaga Vasudevan, Skyhigh Security, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, hybrid security, SSE, Security Service Edge, DSPM, data security posture management, zero trust, browser security, data sovereignty, AI agents, agentic AI, cloud security, RSAC Conference 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Sean Martin caught up with Rich Mogull at the Cloud Security Alliance booth for a candid conversation about where enterprise security programs stand -- and what it takes to keep pace with AI. Mogull, who joined CSA as Chief Analyst in October 2025, brings a practitioner's instinct to a research-first organization, and he arrived with a clear mandate: help organizations stop treating security frameworks as shelf documents and start treating them as operational tools. CSA operates across three pillars -- cloud, zero trust, and AI -- and Mogull is the first to acknowledge the identity tension that comes with that breadth. But his argument is consistent: each pillar represents a transformational technology that exposed the limits of existing security practices. "Our sweet spot is these transformational, disruptive technologies," he says. The same challenge that played out with cloud adoption is now repeating itself with AI, and CSA's job is to help security teams navigate it with research that is genuinely actionable. One of the most anticipated deliverables from Mogull's first year is the AI Security Maturity Model -- a structured framework that gives enterprise security programs a lens for assessing and improving their AI security posture. Modeled on CSA's Cloud Security Maturity Model (which Mogull also authored), it is built around measurable KPIs and designed to be as automatable as possible. After its first public draft drew over 600 comments from 60 international reviewers, Mogull is in the final stages of revision. The model covers governance, identity and access management, security monitoring, model security, AI infrastructure, agentic applications, MCP servers, and AI developer enablement -- a purpose-built lens for enterprise AI security programs, not a generic maturity template. Beyond the model itself, Mogull is building the operational infrastructure to help CSA members actually use it. The new Enterprise Membership program -- launched in March 2026 -- centers on the Operational Maturity Roadmap: a structured, year-long engagement where CSA analysts work directly with member organizations, providing monthly guidance, specific recommendations, and an annual progress report tied to measurable outcomes. The goal is to move CSA from research producer to implementation partner -- and to deliver the kind of decision support that scales beyond what any individual consultant can provide. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Rich Mogull, Chief Analyst, Cloud Security Alliance LinkedIn: https://www.linkedin.com/in/richmogull/ RESOURCES Cloud Security Alliance: https://cloudsecurityalliance.org CSA Enterprise Membership Program: https://cloudsecurityalliance.org/membership CSA AI Controls Matrix: https://cloudsecurityalliance.org/research/working-groups/ai-controls-matrix CSA Cloud Controls Matrix: https://cloudsecurityalliance.org/research/cloud-controls-matrix Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Rich Mogull, Cloud Security Alliance, CSA, Sean Martin, AI Security Maturity Model, cloud security, zero trust, AI security, enterprise security, security maturity model, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The cybersecurity industry is good at finding problems. What it has struggled with -- for decades -- is fixing them. Sunil Gottumukkala, CEO and Co-Founder of Averlon, calls this the exposure window: the gap between when a vulnerability is discovered and when it is actually resolved. That gap is where real risk lives, and closing it is the founding mission of Averlon. Speaking on location at RSAC Conference 2026, Gottumukkala draws on his experience as a security executive at Salesforce to explain why even the most well-resourced teams fall behind. More code, more acquisitions, and more attack surface means more findings -- but the capacity to remediate does not scale at the same rate. The answer, he argues, is not more people. It is better systems. Averlon approaches the problem by ingesting findings from across a customer's security stack, applying AI-driven analysis to determine what is actually exploitable in that specific environment, and eliminating noise. From there, rather than generating a ticket, the platform generates a fix -- actual code changes for application vulnerabilities, or compensating controls for situations requiring more time. The goal is not to manage vulnerabilities. It is to eliminate them. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Sunil Gottumukkala, CEO & Co-Founder, Averlonhttps://www.linkedin.com/in/sunilgottumukkala/ RESOURCES Averlon: https://www.averlon.ai Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Sunil Gottumukkala, Averlon, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, vulnerability remediation, remediation operations, exposure window, cloud security, agentic AI, CVSS, vulnerability management, RSAC Conference 2026, RSAC 2026, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This week on the GovNavigators Show, Adam and Robert sit down with Ryan Hoesing, Chief of Staff for FedRAMP, and Nicole Thompson, Security Director, for a deep dive into one of the most consequential federal IT programs undergoing transformation today.Ryan and Nicole walk through the sweeping changes to the FedRAMP program and explain what the new “FedRAMP 20x” approach means for agencies and industry. They unpack the shift from authorization to certification, the move toward continuous and machine-readable security data, and why redefining FedRAMP's role is critical to making cloud adoption actually work across government.Show Notes:Continued DHS appropriations uncertaintyLaunch of VP Vance's anti-fraud taskforceNew DEI EOWhat's on the GovNavigators' Radar:Mar 31: Oracle Federal ForumApr 8: ACT-IAC Contact Center Summit

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

In this episode, we look at the newly released Microsoft Cloud Security Benchmark v2, which is now in preview. What is it, why should you care - and what changed since v1? We take it for a spin, discuss aspects of governance and regulatory compliance, and how to apply them in practice.(00:00) - Intro and catching up.(03:57) - Show content starts.Show links- MCSB v2- Give us feedback!

In this episode Soeren, Myles and Robert discuss CloudFest 2026, highlighting its unique amusement park setting, various networking opportunities, and some new features for attendees.

Send a textMaking Data Simple dives into the world of data security with Josh Scott, CISO and VP of Security at Hydrolix — a real-time data platform built for massive scale. Josh unpacks critical challenges like AI adoption, cybersecurity priorities, and how organizations can harness data to stay ahead, all while keeping performance high and costs down.01:02 Investing 04:25 Meet Josh Scott 10:54 Adopting AI Safely 14:42 What IS a CISO? 17:14 What Keeps a CISO Up at Night? 19:11 Using AI for Security 20:47 Two Phones? 21:36 Password Sharing 23:03 CISO Prioritization 27:39 Signal From Noise 29:29 Leadership Style 32:27 The Crystal BallLinkedIn: https://www.linkedin.com/in/joshuascott/ Website: https://www.hydrolix.io/#MakingDataSimple #DataSecurity #Cybersecurity #CISO #AIAdoption #AIAndSecurity #Hydrolix #RealTimeData #DataPlatform #InfoSec #CyberLeadership #TechPodcast #Leadership #BigData #AI #DataPrivacy #CloudSecurity #SignalVsNoiseWant to be featured as a guest on Making Data Simple? Reach out to us at almartintalksdata@gmail.com and tell us why you should be next. The Making Data Simple Podcast is hosted by Al Martin, WW VP Technical Sales, IBM, where we explore trending technologies, business innovation, and leadership ... while keeping it simple & fun.

Send a textMaking Data Simple dives into the world of data security with Josh Scott, CISO and VP of Security at Hydrolix — a real-time data platform built for massive scale. Josh unpacks critical challenges like AI adoption, cybersecurity priorities, and how organizations can harness data to stay ahead, all while keeping performance high and costs down.01:02 Investing 04:25 Meet Josh Scott 10:54 Adopting AI Safely 14:42 What IS a CISO? 17:14 What Keeps a CISO Up at Night? 19:11 Using AI for Security 20:47 Two Phones? 21:36 Password Sharing 23:03 CISO Prioritization 27:39 Signal From Noise 29:29 Leadership Style 32:27 The Crystal BallLinkedIn: https://www.linkedin.com/in/joshuascott/ Website: https://www.hydrolix.io/#MakingDataSimple #DataSecurity #Cybersecurity #CISO #AIAdoption #AIAndSecurity #Hydrolix #RealTimeData #DataPlatform #InfoSec #CyberLeadership #TechPodcast #Leadership #BigData #AI #DataPrivacy #CloudSecurity #SignalVsNoiseWant to be featured as a guest on Making Data Simple? Reach out to us at almartintalksdata@gmail.com and tell us why you should be next. The Making Data Simple Podcast is hosted by Al Martin, WW VP Technical Sales, IBM, where we explore trending technologies, business innovation, and leadership ... while keeping it simple & fun.

Sumo Logic's VP of Security Strategy reveals how a ground-up agentic framework transformed their platform, and why clean data and autonomous agents are rewriting the rules of cloud security.Topics Include:Sumo Logic is a cloud analytics platform ingesting data from complex IT stacks.Built on AWS from the start, leveraging microservices for scalable solutions.Early AI efforts produced a natural language query co-pilot for security data.Bolting AI onto existing platforms proved brittle and one-dimensional.Customer feedback drove a decision to redesign AI from the ground up.The Dojo AI framework unifies purpose-built agents across the entire platform.New agents include a SOC analyst agent, knowledge agent, and MCP server.New frontier models on Bedrock give the whole platform an instant brain transplant.Autonomous agents require rethinking security controls beyond traditional programmatic guardrails.Federal and global customers demand rigorous, levelled-up security across all regions.Clean, normalized data proved the biggest unlock for reliable AI query results.Agent-to-agent communication and MCP will define the next era of AI platforms.Participants:Chas Clawson – Vice President, Security Strategy, Sumo LogicSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

Is AI security just "Cloud Security 2.0"? Toni De La Fuente, creator of the open-source tool Prowler, joins Ashish to explain why securing AI workloads requires a fundamentally different approach than traditional cloud infrastructure.We dive deep into the "Shared Responsibility Gap" emerging with managed AI services like AWS Bedrock and OpenAI. Toni spoke about the hidden dangers of default AI architectures, why you should never connect an MCP (Model Context Protocol) directly to a database.We discuss the new AI-driven SDLC, where tools like Claude Code can generate infrastructure but also create massive security blind spots if not monitored.Guest Socials -⁠ ⁠⁠⁠⁠⁠Toni's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Security, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:50) Who is Toni De La Fuente? (Creator of Prowler)(03:50) AI Security vs. Cloud Security: What's the Difference? (07:20) The Shared Responsibility Gap in AI Services (Bedrock, OpenAI) (11:30) The "Fifth Party" Risk: Managed AI Access (13:40) AI Architecture Best Practices: Never Connect MCP to DB Directly (16:40) Prowler's AI Pillars: Generating Dashboards & Detections (22:30) The New SDLC: Securing Code from Claude Code & Lovable (25:30) The "Magic" Trap: Why AI Doesn't Know Your Security Context (28:30) Top 3 Priorities for Security Leaders (Infra, LLM, Shadow AI) (30:40) Future Predictions: Why Predicting 12 Months Out is Impossible

CyberArk founder and executive chairman Udi Mokady returns to Security Matters at a transformational moment—now as part of Palo Alto Networks, following the acquisition's close on February 11. In this far‑reaching conversation, Udi and host David Puner explore why identity has become the attack vector for modern enterprises, driven by an unprecedented surge in human, machine and AI‑powered identities that attackers increasingly exploit.Udi discusses what the combined companies' scale and capabilities mean for customers, why identity security must now operate as frontline defense rather than a management layer, and how AI agents are rapidly reshaping the threat landscape. He also reflects on CyberArk's long‑distance entrepreneurial journey, the cultural foundations that have made the company durable over 26 years, and how productive paranoia, innovation and trust continue to guide the mission forward inside Palo Alto Networks.Note: This episode was recorded in January, prior to the acquisition's close.

The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Also, Outtake makes an agentic cybersecurity platform to help enterprises detect identity fraud. Its angel investors are a who's who. Learn more about your ad choices. Visit podcastchoices.com/adchoices

A new AI lab called Flapping Airplanes launched yesterday, and a Sequoia partner has an interesting take on why they stand out. Also, Upwind's $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this MSDW podcast episode, Mariano Gomez Bent, Chief Technology and Product Officer at Mekorma, shares a technology leader's perspective on moving to Business Central. Drawing from Mekorma's own transition from GP to Business Central, Mariano discusses key considerations around cloud security, selecting the right implementation partners, and managing change across teams. The conversation highlights real-world lessons, common pitfalls, and what organizations should prioritize to successfully navigate a move to the cloud. Considering a move to Business Central? Tune in to hear firsthand insights on cloud security, partner selection, and change management. See more Mekorma content on MSDW: https://msdynamicsworld.com/vendor/mekorma

Send us a textIn this energizing and uplifting conversation, Joey Pinz sits down with cybersecurity rising star ChiChi Ubah, whose passion for learning, adventure, and personal growth lights up every moment of the dialogue. ChiChi shares her love for adrenaline-filled activities, her ambitions to learn to fly a small aircraft, and the mindset that fuels her ongoing pursuit of new experiences—including her PhD focused on AI-driven cybersecurity curriculum development.A dedicated advocate for women in cybersecurity, ChiChi discusses the life-changing support she's received from WiCyS, where mentorship, training, and certifications helped guide her path into cloud security. She reflects on the role of representation, allies, and community in creating opportunities for women in a male-dominated industry.The conversation also explores breaking old beliefs, embracing intentionality, and the everyday practice of consistency—whether pursuing certifications, maintaining health, or building a TikTok channel from 0 to 5,000 followers. ChiChi also opens up about motivation, legacy, and redefining success through freedom, impact, and personal evolution.This episode is packed with insight, heart, humor, and the fearless drive of someone committed to becoming better every day.

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Welcome to Episode 419 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben is once again live from Workplace Ninjas and is joined by John Joyner, an 18-year Microsoft MVP in Cloud Security and Azure Management. They discuss some of the announcements from Microsoft Ignite focused around Microsoft Security as well as diving deep into the new Security Store, AI agents, Security Compute Units (SCUs), and how Microsoft is making enterprise AI security more accessible and affordable than ever. Key topics include the phishing triage agent, conditional access optimization, E5 integration with included SCUs, and the strategic consolidation of security services into the Defender XDR portal. Whether you’re a security professional or IT administrator, this conversation provides valuable insights into Microsoft’s AI-driven security roadmap and how to stay ahead of AI-powered threats. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes John Joyner on LinkedIn John Joyner’s Blog John Joyner’s Books Corica Technologies What is Microsoft Security Copilot? Security Store Microsoft Security Copilot agents overview Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Microsoft Security Copilot Phishing Triage Agent in Microsoft Defender John Joyner John Joyner is an inventor, author, speaker, and professor specializing in datacenter and enterprise cloud computing. He serves as Senior Director of Technology at Corsica Technologies (formerly AccountabilIT), where he delivers next-generation technology management services to customers worldwide as a cloud architect helping businesses stay competitive. John is a Microsoft Azure MVP and Security MVP, having been recognized eighteen times (2007-2026) as a Microsoft Most Valuable Professional for his exceptional technical expertise, leadership, speaking experience, online influence, and commitment to solving real-world problems. He holds a Bachelor of Science in Business Administration with an Emphasis in Human Resources Management from the University of Colorado at Boulder. From 2007 to 2024, John served as an Adjunct Professor at the University of Arkansas Little Rock, teaching a pro-bono cloud computing management course open to all Arkansas residents. As an author, John co-wrote the 2021 book “Azure Arc-Enabled Kubernetes and Server” from Apress and contributed to four editions of the industry-standard “System Center Operations Manager: Unleashed” from SAMS Publishing (2005-2013). Between 2012 and 2015, he authored weekly cloud and datacenter columns for CBS Technology publications including TechRepublic and ZDNet. A retired U.S. Navy Lieutenant Commander and computer scientist, John worked for NATO in Europe and aboard an aircraft carrier in the Pacific. He earned the Computer Scientist sub-specialty and served as chief of network operations for NATO during the former Yugoslavia conflict. He is also a veteran of the Persian Gulf War. Outside of technology, John’s personal passions include 4-wheeling in his ‘Black Ops’ Jeep Wrangler and running a visionary art clothing company called Lit Like Luma. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

In this special year-end episode of Inside the Network, we're joined by two of the most trusted strategic advisors in cybersecurity - Dino Boukouris, Managing Partner at Altitude Cyber, and Sam Bronstein, Partner at AXOM Partners. Between them, they've worked on billions of dollars in cybersecurity M&A, helped founders navigate exits to the world's largest tech companies, and advised the CEOs behind some of the biggest public and private deals in the industry. In this episode, which also happens to be the 20th episode of Inside the Network, we break down what really happened across the cybersecurity landscape in 2025, from customer buying patterns and budget constraints to the $96B in M&A deal volume. Dino and Sam share insights on what's driving consolidation, how buyers think about valuation and timing, and what defines a hot company in 2026 (hint: it's not just growth). We talk about how mega-deals like Wiz and CyberArk are reshaping competitive dynamics in the industry, why SASE, identity, and security for AI have been the most active M&A themes, and what founders need to understand about building relationships with buyers long before they're ready to exit. Sam and Dino explain that founders who achieve the best outcomes usually build relationships with potential acquirers over many years, and break down why many late-stage founders are likely to choose acquisition over IPO in the coming cycle.We close with tactical advice for founders heading into 2026: how to think about your board and investors, what metrics you'll be judged on, and how to align your capital strategy with your long-term goals. And yes, we also talk about race cars, zero interest rates, outcome-based pricing, and what Palo Alto Networks might buy next.

In this Risky Business News sponsored interview the CEO and founder of Prowler, Toni de la Fuente, explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths' in the context of cloud infrastructure and using them to minimise risk. Show notes

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into cloud security fundamentals, perfect for those preparing for the CompTIA Security+ exam. Join our study group as we explore the shifting security landscape from locked server rooms to identity-based perimeters and data distributed across regions. This practical, Security+-ready guide connects architecture choices to real risks and concrete defenses, offering valuable IT certification tips and tech exam prep strategies. Whether you're focused on your CompTIA exam or looking to enhance your IT skills development, this episode provides essential insights to help you succeed in technology education and advance your career.We start by grounding the why: elasticity, pay-per-use costs, and resilience pushed organizations toward public, private, community, and hybrid clouds. From there, we map service models—SaaS, PaaS, IaaS, and XaaS—and the responsibilities each one assigns. You'll hear how thin clients reduce device risk, why a transit gateway can become a blast radius, and where serverless trims surface area while complicating visibility. Misunderstanding the shared responsibility model remains the leading cause of breaches, so we spell out exactly what providers secure and what you must own.Identity becomes the new perimeter, so we detail IAM guardrails: least privilege, no shared admins, MFA on every privileged account, short-lived credentials, and continuous auditing. We cover encryption in all three states with AES-256, TLS 1.3, HSMs, and customer-managed keys, then add CASB for SaaS control and SASE to bring ZTNA, FWaaS, and DLP to the edge where users actually work. Virtualization and containers deliver speed and density but expand the attack surface: VM escapes, snapshot theft, and poisoned images require hardened hypervisors, signed artifacts, private registries, secret management, and runtime policy. Hybrid and multi-cloud introduce inconsistent IAM and fragmented logging—centralized identity, unified SIEM, CSPM, and infrastructure-as-code guardrails bring discipline back.We wrap with the patterns attackers exploit—public storage exposure, stolen API keys, unencrypted backups, and supply chain compromises—and the operating principles that stop them: zero trust, verification over assumption, and automation that responds at machine speed. Stick around for four rapid Security+ practice questions to test your skills and cement the concepts.If this helped you study or sharpen your cloud strategy, follow and subscribe, share it with a teammate, and leave a quick review telling us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

Send us a textIn this episode, Joe sits down with Vishnu Varma to explore the evolving landscape of cybersecurity and data management. Vishnu shares his journey from India to the US, detailing his experiences at Cisco and the rise of cloud security. They delve into the challenges of managing vast amounts of data in the age of AI, discussing how BonFi AI is innovating in data security. Tune in to learn about the importance of context in data protection and the future of cybersecurity in a rapidly changing digital world.00:00:19 Introduction to Vishnu's Journey00:00:30 Entering the US and Cisco00:02:18 Cloud Security and AI00:02:48 Data Governance and Challenges00:08:47 The Expansiveness of Cloud00:11:00 AI's Appetite for Data00:12:11 Data Security in the JNI Era00:14:29 The Importance of Context00:16:13 Data Used by Enterprises00:22:24 Conclusion and Future Trendshttps://www.bonfy.ai/Bonfy.aiBonfy ACS is a next-gen DLP platform built for the AI era. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Marina Moore, a security researcher and the co-chair of the security and compliance TAG of CNCF, shares her concerns about the security vulnerabilities of containers. She explains where the issues originate, providing solutions and discussing alternative routes to using micro-VMs rather than containers. Additionally, she highlights the risks associated with AI inference. Read a transcript of this interview: https://bit.ly/4qUCcyi Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI New York 2025 (December 16-17, 2025) https://ai.qconferences.com/ QCon London 2026 (March 16-19, 2026) https://qconlondon.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - X: https://x.com/InfoQ?from=@ - LinkedIn: https://www.linkedin.com/company/infoq/ - Facebook: https://www.facebook.com/InfoQdotcom# - Instagram: https://www.instagram.com/infoqdotcom/?hl=en - Youtube: https://www.youtube.com/infoq - Bluesky: https://bsky.app/profile/infoq.com Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

The journey from aerospace engineering at NASA to serial entrepreneur isn't a well-trodden path but it's one that's worked for Adam Markowitz. In this episode of The SaaS Revolution Show, Alex Theuma talks with the Drata Co-founder and CEO about the journey from NASA, to edtech, to Drata and how lessons at each stage led him to the next. From finding product-market fit and executing at speed, to building a culture of trust and timing the market just right, Adam shares the learnings behind Drata's rapid rise from $0-100M ARR in four years. Listen to learn: - How NASA inspired Adam's founder mindset and approach to problem-solving - The “lightning in a bottle” moment that catapulted Drata's product-market fit - How strategy, execution, and timing team became Drata's competitive advantage - Why a partner-led GTM strategy helped Drata scale faster - How AI is transforming compliance and customer expectations in SaaS Guest links: LinkedIn - https://www.linkedin.com/in/markowitzadam/ Website - https://drata.com/       Check out the other ways SaaStock is helping SaaS founders move their business forward: 

Today, we're joined by Chris McHenry, Chief Product Officer at Aviatrix, a cloud native network security company. We talk about:Prerequisites to driving operational efficiency with agentic AIBridging the gap between security & engineering so organizations can go fast & be secure What's required in order for agentic AI to create a magical momentWith cloud powering so much of our society, the need to get security right The security challenges introduced by agentic AI apps, including new attack vectors

The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the AI-driven landscape is forcing a fundamental change in how we secure our applications and infrastructure.The conversation explores why traditional security models and gates are "absolutely impossible" to maintain against the sheer speed and volume of AI-generated code . Learn why traditional threat modeling is no longer a one-time event, how the lines between AppSec and CloudSec are merging, and why the future of the industry belongs to "T-shaped engineers" with a multidisciplinary range of skills.Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠Tejas's Linkedin + Aditya's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Tejas Dakve? (AppSec)(03:40) Who is Aditya Patel? (CloudSec)(04:30) Common Use Cases for AI in Cloud & Applications(08:00) How AI Changed the Landscape for AppSec Teams(09:00) Why Traditional Security Models Don't Work for AI(11:00) AI is Breaking Down Security Silos (CloudSec & AppSec)(12:15) The "Hallucination" Problem: AI Knows Everything Until You're the Expert(12:45) The Speed & Volume of AI-Generated Code is the Real Challenge(14:30) How to Handle the AI Code Explosion? "Paved Roads"(15:45) From "Department of No" to "Department of Safe Yes"(16:30) Baking Security into the AI Lifecycle (Like DevSecOps)(18:25) Securing Agentic AI: Why IAM is More Important than the Chat(24:00) The Silo: AppSec Doesn't Have Visibility into Cloud IAM(25:00) Merging Threat Models: AppSec + CloudSec(26:20) Using New Frameworks: MITRE ATLAS & OWASP LLM Top 10(27:30) Threat Modeling Must Be a "Living & Breathing Process"(28:30) Using AI for Automated Threat Modeling(31:00) Building vs. Buying AI Security Tools(34:10) Prioritizing Vulnerabilities: Quality Over Quantity(37:20) The Rise of the "T-Shaped" Security Engineer(39:20) Building AI Governance with Cross-Functional Teams(40:10) Secure by Design for AI-Native Applications(44:10) AI Adoption Maturity: The 5 Stages of Grief(50:00) How the Security Role is Evolving with AI(55:20) Career Advice for Evolving in the Age of AI(01:00:00) Career Advice for Newcomers: Get an IT Help Desk Job(01:03:00) Fun Questions: Cats, Philanthropy, and Thai FoodResources discussed during the interview:Amazon Rufus: (Amazon's AI review summarizer) OWASP Top 10 for LLMsSTRIDE Threat Model: (Microsoft methodology) MITRE ATLASCloud Security Alliance (CSA) Maestro Framework CISA KEV (Known Exploited Vulnerabilities)Book: Range: Why Generalists Triumph in a Specialized World by David Epstein Anjali Charitable TrustAditya Patel's Blog

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.