Podcasts about cyber resilience

Earl Gosick, CTO at ESTI Consulting Services Earl Gosick has been attending Dell’s annual event since the EMC World days, and the ESTI Consulting Services co-founder brought to this year’s Dell Technologies World a perspective grounded in 35 years of building deep technical expertise on the Prairies. ESTI, the Saskatoon-based solution provider that won Dell’s Data Centre Solutions Excellence Award for Canada last year, runs a pure-play Dell infrastructure practice with particular depth in storage and data center design. Earl also sits in Dell’s CTO Connect program – a small, invitation-only group of partner technologists with early visibility into Dell’s product roadmap and a real voice in shaping it. His framing for the week: AI is fundamentally a data story, and data stories are storage stories. The push toward on-premises AI infrastructure – from deskside devices up through the newly announced Exascale and Rackscale solutions – is being driven as much by data governance requirements and token economics as by raw performance. Organizations that don’t control their data, Earl argues, can’t truly control their AI outcomes. On cyber resilience, he made a point worth underlining for anyone running managed services: ransomware insurance changes the recovery equation in ways clients don’t always anticipate. When a claim is filed, infrastructure gets frozen for forensic analysis. Recovery speed from a clean, air-gapped golden image – built with technology partners like Index Engines – isn’t a nice-to-have. It’s the whole game. And to close: Saskatchewan and Alberta may be poised to become Canada’s next significant data center hubs. With regulated power, guaranteed energy supply, and a provincial government that has now seen a CoreWeave-scale facility successfully built in the province and is actively pursuing more, Earl sees a real and growing opportunity – and ESTI is already working to support it. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor at ChannelBuzz.ca, and your host for the show. We’re continuing our series of conversations from Dell Technologies World in Las Vegas. This week, we’re shifting from the Dell executive perspective to the partner perspective, and today’s guest has been making the trip to this event since the EMC World days. Earl Gosick is co-founder and senior consultant at ESTI Consulting Services, a Saskatoon-based solution provider that just celebrated 35 years in business and took home Dell’s Data Centre Solutions Excellence Award for Canada last year. Earl also sits inside Dell’s CTO Connect program, a small, invitation-only group of partner technologists who get an early look at where Dell’s roadmap is actually heading – and, importantly, a real opportunity to push back on it. Earl’s a storage specialist at his core, and that turned out to be a useful lens at a conference that was fundamentally about AI infrastructure. Because if you pull on that AI thread long enough, it leads you back to data, and data always leads you back to storage. We talked about what the Exascale and Rackscale announcements mean for real customer deployments, why the cyber resilience conversation is as much about recovery speed as backup integrity, and a genuinely interesting thread about why Saskatchewan and the broader Canadian Prairies may be sitting on one of the most underappreciated data centre opportunities in North America right now. Let’s get right into it. My chat with Earl Gosick. Earl, thanks for taking the time. I appreciate it. Earl Gosick: I appreciate you having me here. It’s always nice to talk about what we’re doing with Dell. Robert Dutt: No doubt, and you guys are doing a lot. I understand this is by no means your first DTW rodeo. Earl Gosick: No, I’ve been coming since the EMC World days, and I’ve never – I missed a year through COVID, that was about it. Robert Dutt: Well, I guess we’ll allow you that. So you’ve got this background here, you do the CTO Connect with Dell. What’s different about this year, if anything? What’s the tone or the energy that tells you something about where the industry is at right now, and not necessarily just where Dell would like it to be going? Earl Gosick: I think the driving factor of today is really the supply constraints. You can see what AI is doing and the effect that’s having across the board on every product that has memory or CPU or flash drives in it – which is everything in technology. So that’s really setting the tone. But it also shows how effective AI is as a market driver, and what people think is going to come out of that technology – which is, I think, very important for people to understand. It’s ubiquitous technology that’s going to drive a lot of change in our industry. And we’re seeing a leading edge of that. And if this is the leading edge, there’s some pretty exciting things coming, I suspect, and it’s going to do some pretty important and probably quite wonderful things for our clients. Robert Dutt: We heard from the main stage the idea of encouraging customers to get their hand up early – to get those orders, or even an inkling of where things are going for orders, in as early as possible – and that that will, in effect, Jeff Clarke was suggesting, get folks the best possible results. What’s the guidance you guys are providing your customers around that whole issue, and thinking about availability and pricing of hardware in this current super-fun environment? Earl Gosick: Our position does align with what we’re hearing from Dell when we’re dealing with Dell Technologies, so we try and pass on the messages as transparently as we can, understanding there are supply constraints coming. And we have to deal with those in the only way we have, and that is to figure out what we need. Let’s plan early. Let’s plan the budgets we have for the year, and we can make some estimates about what’s going to be happening six months from now – but they’re estimates, and they’re going to be higher. So it’s probably going to be cheaper for you to have technology that’s sitting on the floor unused for a few months and waste through some support potentially, as opposed to delaying the purchase for three months. So if we know what we’re going to buy, we should operate in a manner that allows us to order those technologies as soon as possible and make sure you’re not waiting for something that delays your business initiatives. Robert Dutt: You guys won the Data Centre Solutions Excellence Award last year for Canada. Take your victory lap. Tell me – what is it you guys are doing in the data centre space that earned that, and what does winning the award tell you about where your practice is focused? Earl Gosick: I hope it helps demonstrate our success. So what ESTI likes to do as a business – our business model is really to build highly competent experts all the way from solution architecture to implementation of those technologies at the customer site. That takes a lot of effort on our behalf, and so it’s nice to get a reward that says we’re doing the right things. Because if you can build a strong rapport with a client who trusts your experts in their field, that creates long-term relationships – which is what both ESTI and Dell are after, and what our clients want. Robert Dutt: You’re a storage specialist at a conference that has been at its core all about AI infrastructure. But at the same time, you go back to when it was – you said – EMC World, all about storage. The more I heard this week, the more it feels like the AI story is really a data story, and data stories are storage stories to at least some degree. How are you seeing that translate in terms of what your customers are actually asking about, or what they’re going to be asking you about? Earl Gosick: It’s significant. You’re right. In order for any type of artificial intelligence to derive a useful data product out the end, it’s built on the data that you have. So customers are coming to the realization that they have to store everything. So it is driving a lot of demand for storage. It’s driving storage in different ways and they just keep everything. Then there’s another product that comes after that, which is cleaning that data – building the data pipelines. When I talk about storage, it’s really about data, and AI is a data-driven product. So it’s doing great things for the storage industry. But the clients understand that they do have to have the data – it has to be there, it has to be available. And then when they build these data products, they have to protect those data products. They’ve got to make sure they’re secure. So it’s driving a lot of initiatives on both sides of the fence that are good for all of us. Robert Dutt: Especially with new or newer customers, or customers who are looking to expand what they’re doing with AI – and acknowledging there’s going to be a range from folks who have had the religion since day one and folks who’ve just been randomly shoving stuff digitally wherever they can. Where do you find those newer customers are at, generally speaking, in terms of sophistication of data management and data governance and all that kind of fun? Earl Gosick: Unfortunately, I’d like to say there’s a median in there. There is not. Everybody is at a different stage in that cycle for them. So you really have to be a little bit cognizant and ask the questions to find out where they’re at before you can really sort of hold their hands and walk them down the road. Many people who started that journey early – you can learn from them. And so they’re going to tell us to start and do something, and you may fail, there may be some things, but you’re going to learn something from that. The second time will be more successful. Then you take that information, you pass it on to the newer people who are trying to get quick value from those investments they’re making on the AI front. So it could be things about how to connect those various data sources because they’re spread everywhere, to how do they build, or select which ones they put their money and their efforts behind. And so you take from the ones that have been doing this for a while, you pass that information on to the ones that are starting on this journey, and you connect the dots. You provide value and make pain go away wherever you can. And customers appreciate that. Robert Dutt: And that sounds like that’s where you’re kind of bridging that gap that exists and trying to bring customers to the level they need to be at to get something out of this. Earl Gosick: Absolutely. Like I said, everybody’s on a journey at a different stage of that journey. And so you have to communicate well to understand where they’re at and what they’re trying to achieve. Once you know that – we don’t always have the answers, but we leverage great partners like Dell who do have somebody that knows the answer. And so building this sort of ecosystem of potential partners to bridge that gap is great. And Dell does that not just from us and the partner community, but their partner community as well, to support all the component pieces that go together to build these pretty highly complex solutions in some cases. Robert Dutt: Of all the announcements, all the stuff that we heard on the main stage and elsewhere this week, what kind of caught your attention – your major aha moment – the thing that’s going to be interesting going back to your business or going back to your customers with new opportunities or the ability to do something better, faster, more? Earl Gosick: So as we talked about, I am a storage guy. So I look at something like Exascale. They’ve been talking about this for a couple of years now in the CTO cycles that I’ve been to. To see that product sort of come to fruition, where you have something and you can just put a personality on that module and build something out – I think that could be very game-changing, especially for AI. They might want to do a lot of things with file storage today, object storage tomorrow. Being able to build up a cluster and put a personality on it that meets the needs of the day – I think that could be quite interesting. That Rackscale solution you saw on the stage with Michael Dell and Jensen the other day – for the larger clients, something like that could be quite interesting. I mean, we’re building these large data centers right now and trying to fill them. Rackscale infrastructure that helps with power and energy and doing a lot of powerful things is going to probably be a game changer for a lot of people. Robert Dutt: One of the things that struck me here is what I want to call the AI agnosticism, as long as you’re doing it on Dell infrastructure – that Dell is talking about here, ranging from, if you’ve got really basic needs, run it locally on your AI PC, moving up a bit there’s the GB10, which is more of a deskside machine, up to the big old box that Jensen signed on stage. How does that map with what you see in terms of customer needs for AI, and what do you think of that kind of approach to structuring both the data center and broader AI processing across the enterprise? Earl Gosick: I think as we touched on earlier, everybody’s on a different stage in that journey. So if you’ve got a guy that’s working at his desk and he’s trying to do some cool things, but he doesn’t have access to a million tokens – that little GB10 you put on the desk beside him and he’s going to do some development, he’s going to learn some wonderful things. Then as you move up the stack in your journey, you’ve got some big clients who are going to do small proof-of-concept type scenarios where they might want a smaller box and then move up that stack. I think it’s important to have a product that covers a diverse range of those people because nobody’s in that one sweet spot – they’re all over the map. Having that full technology set supports wherever they happen to be in their life cycle. Robert Dutt: You touch on tokens, and Jeff Clarke’s presentation was really deep into tokenomics and the kind of the trap there. I’m curious how that maps with what you’ve seen in customers as they’ve started to explore AI. Are they seeing these same challenges, and how are they thinking about it? Earl Gosick: Tokens are the buzzword of the day, but they’re out there for a reason. Everybody has finite resources to put towards the solution they’re trying to build. They may or may not know what that solution is – they’re working towards something, they need tokens to achieve that. What I find interesting is the people who are very early into the game of AI and building solutions around that – it doesn’t take them long before they’re like, “I’m out of tokens. I need to do some stuff.” So it just comes back to the fact that there are only so many resources to solve the needs you have, and you only have so many tokens, and you’ve got to learn to live within what you can get your hands on. And that’s driving the economy, whether it’s at a data center level or at an internal level for any business. Robert Dutt: And does that in turn drive – which I believe is Dell’s thesis here – does that in turn drive the interest in building out infrastructure in-house, so that the relative incremental cost of those additional tokens goes way down because it’s bought and built versus rented? Earl Gosick: Yeah. I think there’s a step along that AI journey where people have potentially outgrown what they can do in the cloud in an economic fashion. We see the supply constraints are driven by CPU and memory usage. If you look at what the cloud hyperscalers offer, when you get into highly intensive memory and CPU, it starts to get very expensive. A lot of storage, a lot of bits and bytes moving back and forth – very expensive. All those things are prevalent in AI. You’re moving a lot of data back and forth, you’re touching a lot of things, you need a lot of memory at times. So once you get to a point where you’re doing useful things with your AI and building generative models, no matter what you do with inferencing, it starts to get really expensive. Then it becomes a time where you can move those things into a data center you control. You can get some economics from it and you can get some sovereignty out of it. A hyperscaler outside of your control can turn things off – they can’t do that when it’s your data center. So you’ve got a lot of control as well as the economics behind how you’re achieving the outcomes you’re looking to achieve. Robert Dutt: I used a word which is actually where I wanted to go next, which is sovereignty. When we’re talking about data center infrastructure and moving bits around and enterprise storage, how is data sovereignty trending among your customers, especially folks who have regulatory concerns and that sort of thing? Earl Gosick: Being a Canadian company, predominantly, we have a larger focus on sovereignty and data sovereignty and sovereign solutions than maybe you’ll see south of the border here. And we find our friends in the European Union are a little bit different – they’re ahead of us even. But it’s a really big concern, especially when you have any type of government agency that you’re dealing with, or anybody that really has intellectual property that they’re looking to protect. They’ve learned that open AI models may expose things – even if it’s just from how they’re creating their algorithms. But if the data gets out there, it’s a concern. They’re protecting their assets as well. These AIs are delivering very useful outcomes for them. They need to make sure they own those outcomes and that they can actually reach them when they need them. So part of data sovereignty is not just the sovereign part of your data, but it’s the actual access to your data. We’re learning things from not just the AI piece but from ransomware – all of a sudden your data goes away. The same thing could happen with a hyperscaler for some people. Sovereign IT solutions are going to be, I think, increasingly important moving forward. Robert Dutt: On that note, you mentioned ransomware, and data resilience and protection is another area I wanted to touch on. We heard the figure that 97% of cyber attacks are now specifically targeting backup infrastructure – because of the old line about, I forget the particular bank robber’s name, but why do you rob the banks? Because that’s where the money is. Why do you go after the backup? Because that’s where all the data is. Does that match with what you’re seeing, and if so, how does that change how you’re designing and recommending data protection for your customers? Earl Gosick: It is absolutely changing people’s realization of how they need to protect their data. This one doesn’t matter if it’s AI or your regular business practices – your data has value, whether it’s to support applications that are running your critical business or you’re building AI products that you need to protect. That has value and you need to access it. What we’re seeing more and more – and we’ve built a really strong practice around this – is building things like cyber vaults and using Dell’s technology partners like Index Engines, where they come in and they can quickly identify threats inside your environment and act on those. Because these guys loiter around for potentially months at a time. They know how to get to your backups. They know they’re not getting paid if you can recover. So they’re going to do everything they can to try and disrupt that. They have AI engines just like ours, but they have a lot of money and they don’t have the constraints about how they use their AI. I mean, these people are criminals, so they act in a method that makes them money. We’re going to be facing even more potential threats in the future, and some of those are going to be AI-driven. We’re going to have to react at AI speeds. There are changes coming, but certainly people are learning to build protection mechanisms that are air-gapped and can respond very quickly to threats. Robert Dutt: When you’re sitting in front of a client who thinks they’re covered – they’ve got a backup solution, they’ve got someone who’s responsible for it – what are the most common gaps that you find between what they think they have and what they actually have? Earl Gosick: I think for many clients, they don’t really understand how disruptive it’s going to be if they run into a ransomware attack. If you’re a client that may have ransomware insurance, for example, and they get hit – you have to tell them, “Do you understand you’re not going to be able to touch any of that infrastructure? Because your insurance company is going to want to do some analysis on that to see how the threat came in.” That infrastructure is dead and gone. You’re starting from scratch. You need a golden image – you need something you know nobody has touched. Protecting the data is only the first piece. Rebuilding from that data, and how fast you can do that – that’s the very critical component. That’s where an air-gapped cyber recovery solution like Dell Cyber Recovery is critical, because you can understand what data to recover and you can recover quickly. Having the data there – that’s the great first step and that’s where you should start. But following that, that is only the first step. Robert Dutt: Your client base is different from a lot of partners I talk to. Given where you sit and who you’re focused on – not necessarily organizations that are under the same kind of pressure or have the same kind of resources to pursue AI – how do you translate and filter what you hear at a conference like this, where a lot is focused towards big enterprise, to a message that makes sense for your customers and scales to their needs and appetites? Earl Gosick: That’s one I think isn’t really that difficult – it’s not as difficult as you would think. Because everybody has the same problems. They run into the same problems. How they build solutions to those problems might change on the scale, but you just have to understand and recognize that everybody’s having the same problems. You can articulate and communicate to them that you’re not the only one that has this. We can resolve this problem at a large scale, but we don’t have to. You came back to it earlier when we talked about the product sets, from small to large – you just pick the right one to meet the solution that these guys have. How you solve that problem of the day doesn’t necessarily change for a really, really large client versus a very, very small client. It’s really just the scale of the end solution and the architecture that’s put together to solve the need. Robert Dutt: From a Titanium partner’s seat, what did the program changes that we saw rolled out – the agentification of the program, some of the incentive shifts – tell you about where Dell sees growth opportunity, and how does it align with where you’re already going or where it might take you? Earl Gosick: I think you can see very easily that Dell is putting a large focus around AI and what it can do for them to streamline their business and be successful. We, like any other company we deal with, are doing the same thing. What they’re doing with their Dell One program, and having a single operation from lead generation down to quoting and pricing and follow-up – it matches what we’re doing on the back end and trying to automate that. Because as long as we can automate that process and reduce the friction in those programs and dealing with Dell, we can spend that time focusing on our clients’ needs. You see Dell, I think, leveraging the same technologies to do that. And if we’re smart business people today, we’re looking to the people around us who are being successful and trying to do what they’re doing in a sense. That’s true for us and our clients. Leveraging AI and seeing how that’s being successful for our partners is driving what we’re all doing – to drive automation and simplification through the processes that are just painful every day that we have to do better at, to support our clients. Robert Dutt: I’m guessing you guys are pretty far down this road already because you’re pretty much a pure-play Dell on the infrastructure side, as far as I understand. But when a company like Dell rolls out these incentives focused on expanding customer footprints – getting a Dell storage customer into Dell PCs or any of the other solution lines – just curious if that moves the needle for you in terms of the incentive, or is it already baked into what you’re doing? Earl Gosick: It’s baked into what we’re doing. In the end of the day, you are trying to build a rapport with a customer based on being a trusted expert. You’re not going to flip your technologies around based on what’s going to get somebody a little bit more money. You’ve got to do the right thing for the customer today and every time you deal with them. The advantage of dealing with Dell is they typically tie their incentives to the product that they are investing in today – that they see the future growing into. So they usually coincide. They understand the pain points of the year, and the incentives usually match the requirements of the day as well. So they’re really good at that. And then they usually have a lot of tools to support that initiative of IT transformation, whatever it is for that time and place in our industry. Robert Dutt: You mentioned earlier you’re on the CTO Connect program – pretty small room, an exclusive group. Tell me about what that relationship looks like on the inside of the room, and the value that an organization like ESTI gets from sitting in there. Earl Gosick: I guess I’ll put it this way. We deal with some technology providers – predominantly Dell. Dell puts us in a room, they tell us what they’re doing for the next year or two, and they ask us if they’re on the right track. That’s telling to me – they care and they listen. They talk about the technologies that we’re going to see upcoming, so it’s helpful for us to talk to our clients about where the industry is headed. But they do sometimes say, “We’re going to do this,” and the room says, “Oh, no, you can’t do that. Our customers love this,” or, “We like this for this reason.” And they say, “Oh, okay.” And we have a dialogue about those things. So I think that’s one of the most important things that comes out of CTO Connect – we hear about industry trends, but they also ask us our opinion on whether they’re on the right track, and then they listen to that opinion. I think that’s telling for any company you deal with – one that engages not only with their clients, but with their technology partners. It’s one of the things I really like about CTO Connect. Robert Dutt: You guys just turned 35 or so, as I understand, as an organization. That’s a long time to be running a consultancy in any market – and markets move, vendors come and go. What’s the philosophy behind building something that durable in a market that changes so fast, and especially in an area of the country that doesn’t necessarily get as much headline attention from vendors as a Toronto or a Vancouver or a Montreal? Earl Gosick: I think it comes back to what I stated earlier around building strong and capable expertise across the board – and that’s building relationships with the clients, building relationships with partners like Dell to solve the solutions of the day. Our clients respect that because they know they can come back to us again and again and we’ll do the right thing together. So that’s really the crux of it. Our business model is a little different in that we support a little bit more of an entrepreneurial aspect to our business. When young, capable people come on board and they build differentiating products, they get a seat at the table – and that’s critical for ESTI and the way we operate. But it’s really about looking at modern technology solutions and being agile to support those ever-changing technologies. It makes our industry exciting. You’re never doing the same thing every day. And as long as you can recognize the fact that you won’t be doing the same thing tomorrow and you just have to find a way to deal with it – that’s how we thrive in our company, and in working with Dell as well. Robert Dutt: All right, so let’s close with asking you to do a little bit of the impossible, given that pace of change. What’s one thing that you’re thinking about today, but maybe not totally all-in on at this point, that you think is going to be shaping the business for ESTI and your customers when we’re sitting here at DTW 2027? Earl Gosick: Well, that’s a really hard question. On the investment side, we do look at some of the technologies today – and as we talked about, AI is big for us. We need to build services that our clients don’t have. So we spend a lot of focus on where they have skills and where they don’t. We’re going to build a lot of expertise around cleaning data, building data pipelines and that kind of stuff, to focus on the needs our clients are asking us to help them solve. So that’s kind of an easy one because everybody sees that going forward. Beyond that – we’re making a strong effort in Saskatchewan and Alberta to build a sort of data center economy to support a lot of these data centers that need to be built. We already have access to power infrastructure to support those things. That’s going to drive a little bit of a change in our operating model just to support our local governments as they try and take advantage of the differentiators we have. That’ll drive some change for ESTI. And then as we expand across the rest of Canada, different geographies have different requirements as well. So lots of change, lots of new people coming on board all the time – interesting but dynamic. Robert Dutt: That will be an interesting thread to pull on. I remember going to an event – God, it must have been 15 years ago now – talking about how Canada really should be a data center powerhouse. When you consider we have power, clean power in relative abundance, we have cold, which turns out to be important – it sounds like maybe there’s an opportunity to realize some of that with what you guys are doing and what governments are starting to look at more seriously. Earl Gosick: They are. Also, right outside my hometown, they just announced a very large data center which is going to house some infrastructure from CoreWeave – and we’re going to see more of that, I think, because that process went very well. I sat in on a conference a couple of weeks ago where it was government and industry getting together to talk about why they were successful, what they bring to the table. Saskatchewan is unique because they have regulated power, energy, and land. They can guarantee, “We will give you power, we can guarantee you’ll get LNG.” Those types of things are very important for anybody trying to build a data center – it’s the critical piece. And with the government having control over all of those, they can guarantee them. That’s where I think Saskatchewan is going to have a real differentiator to support that technology, and the government is well aware of that fact now. They’re going to want to do more of these things. And then our neighbors in both Alberta and Manitoba are sort of on board as well. Certainly Alberta has done a few key data centers to support AI and those are going to continue to happen. We’re sometimes slow to move because it’s government. But once they realize the differentiators they have and what it can do for the market, I think there’ll be some traction there. Robert Dutt: Should be interesting times, and sitting where you’re sitting sounds like a big opportunity. Earl Gosick: Absolutely. I think it’s a big opportunity for all of us – supporting your community around you as well as building a thriving business. Robert Dutt: Earl, I appreciate you taking the time once again. I hope this has been a good DTW for you. Earl Gosick: It’s been a great discussion and a good DTW, so thanks a lot for having me. Robert Dutt: There you have it – Earl Gosick from ESTI Consulting Services. I’d like to thank Earl for his time last week in Las Vegas. Thirty-five years building deep technical expertise from Saskatoon, in a vendor relationship game that tends to reward proximity to the bigger centres – that’s not an accident, and it came through in the conversation. A few things I’ll take away from this one. First, the AI-is-a-storage-story framing. Every AI product ultimately requires data to be collected, governed, moved, and protected. That’s not news to Earl, but it’s a useful reframe for anyone still trying to connect their existing practice to the AI conversation. The hardware gets the headlines. The data work actually gets the contracts. Second, on cyber resilience – the ransomware insurance point Earl raised is worth sitting with. The moment a client files a claim, that infrastructure gets frozen while the insurance company figures out how the breach happened. Your ability to recover doesn’t just depend on whether the backup is intact – it depends on whether you built a clean, air-gapped golden image that nobody has touched. That’s the conversation. And if you’re not having it with your clients, maybe someone else is. And third, keep an eye on Saskatchewan. Regulated power, guaranteed energy supply, and a provincial government that has now seen a CoreWeave-scale data center get successfully built in the province and wants more of them. Earl thinks that’s just the start of something, and I’m inclined to agree. If you’re enjoying the show, please follow or subscribe wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, and most of the usual podcast directories. And if you have a moment to leave a rating or a review, that really does help folks in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Are organizations investing enough in cybersecurity, or are they simply spending more money while falling further behind? In this episode of Tech Talks Daily, I speak with Martyn Ditchburn, CTO in Residence for EMEA at Zscaler, about the findings from the company's latest Ripple Effect Report and what it reveals about the growing gap between cybersecurity investment and true organizational resilience. Drawing on insights from more than 1,700 IT leaders across 14 countries, Martyn explains why many organizations are still struggling to adapt to a threat landscape that is evolving faster than their security strategies. While cyber resilience budgets continue to rise, many leaders admit their approach remains too inward-looking, leaving critical vulnerabilities across supply chains, cloud environments, third-party ecosystems, and emerging AI deployments. We explore why shadow AI is rapidly becoming the new shadow IT challenge, with employees adopting AI-powered tools faster than governance frameworks can keep pace. Martyn discusses how AI is quietly being embedded into countless business applications, creating visibility and security challenges that many organizations have yet to recognize fully. The conversation also examines the growing importance of supply chain resilience. As businesses become increasingly dependent on external providers, cloud platforms, and interconnected digital services, traditional security perimeters continue to disappear. Martyn shares why third-party risk remains one of the biggest blind spots in modern cybersecurity programs and how organizations can better understand their expanding attack surface. Agentic AI is another major focus of our discussion. As AI systems move beyond assisting users and begin taking autonomous actions, security teams face entirely new challenges around identity, governance, accountability, and risk management. Martyn explains why many organizations are racing ahead with adoption while still lacking the guardrails needed to manage these emerging technologies safely. We also discuss lessons from previous technology shifts, including cloud computing and shadow IT, and why history keeps repeating itself when innovation outpaces security planning. Martyn offers practical advice on limiting risk, reducing blast radius through segmentation, and treating AI agents as digital identities that require the same controls and oversight as human users. As organizations pursue AI-driven growth and competitive advantage, are they building resilience into their foundations or creating new risks they cannot yet see? And in a world where AI is becoming embedded in everything, how can security leaders stay ahead of threats that are evolving faster than ever before?

Rob Emsley, director of cyber resilience marketing at Dell Technologies For most of the history of managed services, backup has been foundational but frankly unremarkable. You back up the data. Customers sleep better. Everyone moves on. That model needs to evolve. In this episode of In The Channel, recorded at Dell Technologies World in Las Vegas, Rob Emsley, director of cyber resilience marketing at Dell Technologies, makes a compelling case for why MSPs need to reframe their entire backup practice around cyber resilience – and why the opportunity to do so has never been bigger or more urgent. The stat that sets the table: 97% of cyber attacks now involve targeting the backup infrastructure directly. Attackers know that if they can compromise the backup, the game is essentially over. An MSP whose backup practice is not built around isolated, immutable copies is not selling a last line of defense – it’s selling false assurance. Central to the conversation is the idea of the “minimum viable company”: a framework Emsley encourages MSPs to bring to their customers, ideally at the board level. The question is deceptively simple – if everything goes down, what are the absolute minimum systems and data sets required to bring the business back online? Building a resilience strategy around that answer changes how you architect backup, and how you price and position it. Emsley walks through Dell’s PowerProtect portfolio, including the Data Domain platform and its multi-tenant capabilities for MSP environments, the Workspace Protection endpoint play, and the new premium rebate incentives for cyber resilience solutions in Dell’s Modern Partner Platform. His most practical advice for the mid-market? Have an incident response plan – and print it out. Because when ransomware strikes, the runbook sitting on the encrypted server is not going to help anyone. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. We’re still coming to you from Dell Technologies World in Las Vegas this week, where AI Factory and agentic AI have understandably grabbed most of the headlines. But while I was on the show floor, I also wanted to bring you a conversation that I think is going to resonate long after the conference fades. The question of how MSPs should be thinking about cyber resilience – not just backup or data recovery, but the full picture of what it actually takes to bring a customer’s business back to life after a ransomware attack – sits at or near the top of virtually every board-level buying agenda right now. And with AI increasingly in the hands of the bad guys as much as the good guys, the calculus around protecting data is changing fast. I sat down with Rob Emsley, director of cyber resilience marketing at Dell Technologies, for a conversation about the difference between disaster recovery and cyber recovery, the concept of the minimum viable company, and why MSPs who are still selling backup the old-fashioned way may be leaving both value and their customers seriously exposed. Let’s get right into it. My chat with Rob Emsley. Robert Dutt: Rob, thanks for taking the time. I appreciate it. Rob Emsley: Yeah, great to meet you, Robert. Robert Dutt: Director of cyber resilience marketing. You’re sitting in a pretty fascinating place right now, I have to think. Let’s start by sort of setting the table a little bit for an MSP and solution provider audience. How do you define cyber resilience at Dell today and how is that different from what it looked like even a couple of years back? Rob Emsley: Yeah, I mean, for many years, what the portfolio that I market was really the data protection portfolio. And like many vendors in the industry, one of the things that’s dramatically changed over probably the last decade, I would say, is the increase in cyber attacks and really the concern over things like ransomware, over things like insider threats, basically anything where bad actors are going after your data. And over the last probably 10 years, you’ve seen a lot more interest in cyber recovery as opposed to disaster recovery. Disaster recovery has been around forever. Bad things happen to good people. Do I have a set of infrastructure that I can restart from, whether it’s a natural disaster or human error, et cetera, et cetera. And the interesting thing with cyber recovery is the frustrating reality is that your hardware is probably still in good shape. You’re not under five feet of water or your infrastructure hasn’t been destroyed by a tornado. So everything looks as if it’s recoverable, but you know it isn’t because it’s been impacted, it’s been infected, and your good data is now bad data. So many MSPs that work with vendors in this market have seen an evolution of those vendors changing their messaging to certainly become more security companies. And some of that, you could argue, is based on vendor evaluations, especially private companies that are looking to go public or be acquired, et cetera, et cetera. So Dell Technologies was probably one of the last to really make a hard pivot from the products that we sell, predominantly delivering backup and recovery, but really to position those products and market those products as cyber resilience offerings. And cyber resilience really drives us to have new conversations with different parts of the customer’s team. Certainly it’s the old adage that when you’re selling data protection, you take the elevator to the basement to talk to the infrastructure team. When you’re selling cyber resilience, you take the elevator to the top floor to talk to the board, and it really has become a board-level discussion. So I think for managed service providers, the topic of cyber resilience is a much broader conversation that they can have with prospective customers. I think that customers know that there’s only two things that they’re afraid of losing. One is their employees, and two is their data. Losing either of them is really a bad day. So I think that when you look at buying intentions from many analyst firms that do those types of research projects – Omdia, for instance, is one – cyber resilience tops the top three, if not the top two or even top one, buying intentions for the coming years. And it has done for many, many years. So I think that’s why cyber resilience is an opportunity for managed service providers to expand the conversations and the people that they’re talking to, because it’s a horizontally required discipline. One of the things that customers, unfortunately over the years, have overspent on – maybe not overspent, but maybe not got the balance correct – is they’ve spent a lot of their budgets on cybersecurity products, trying to make their environments more secure. Basically build a wall. Firewalls fall into that category of technology, ransomware detection, those types of things. The area where we’ve tried to get a better balance in IT budgets is on recovery and resilience, based on the premise that there’s no such thing as absolute security. So you need to be prepared to have a good copy of your data to bring back to life, to bring your company back to life. Robert Dutt: Obviously, a lot of talk about AI because it’s the 2020s and we’re at a tech conference. Everyone’s going that way, which is good news in some regards and bad news in other regards in the security sphere, because it turns out the bad guys have access to it. Rob Emsley: Yeah. And that’s true for, as you imagine, a lot of technology. If you think about just life in general, there’s a lot of things that are available in the market that can be used for good and can also be used for bad. It all depends on what hands those technologies are in. And certainly, if you look at the use of AI to manufacture more sophisticated cyber attacks, certainly if you think about the use of AI to provide more sophisticated phishing emails, that’s certainly one thing I think we’ve seen. And certainly the concern around using AI to more quickly identify vulnerabilities – that’s been something that’s been top of mind in the news over the last few weeks, a couple of months. But again, I think both of those just reinforce the importance of having a surety that you have a good known copy of your data that you can take to the bank to bring the company back online. And I think from an MSP perspective, offering an infrastructure that gives their customers that assurance is really beneficial to customers. The old adage of customers want to sleep well at night – and if an MSP can help them do that, then a good night’s sleep is worth a fortune sometimes. Certainly my wife would say so. Robert Dutt: I think after 365, backup has been a fundamental underpinning of managed services for such a long time. I’m curious what you think is most common for MSPs to miss in terms of evolving and doing more than just the old-fashioned backup technology and getting more out of that. Rob Emsley: Yeah, I think if you look at a lot of the backup technologies that are available, certainly backup has always been that last line of defense. And unfortunately, being that last line of defense, the bad actors realize that if you compromise the backup infrastructure, you can pretty much do whatever you want. All bets are off. The customer doesn’t have a last line of defense. So if you think about some of the research that’s in the industry, 97% of cyber attacks involve attacking the backup infrastructure. And that doesn’t matter whether or not it’s managed by the customer or managed by an MSP. So I do think that MSPs need to become much more conversant in explaining what they are doing and how they have implemented a backup infrastructure that really is that last line of defense. And that’s something which you start getting into the concept of offering isolated copies of backups – maybe not for every single data type, but certainly we believe wholeheartedly in the concept of the minimum viable company, which really is a discussion to have with the board about when everything is gone, what needs to come back in order for you to be viable. Because I think that’s the killer – some people have a laissez-faire attitude to, well, everything’s important. But if everything’s important, then nothing’s important. So I do think that the MSPs that are in the backup industry need to realize that the backup value has changed. It used to be very much around being there for operational recovery. Having backups is just good hygiene, but having backups that aren’t secure is a no-no in today’s market. So that becomes a very important shift for MSPs that are in the backup market. Because I do agree with you – backup, God bless it, has been a great value creator for MSPs. Many customers realize that they need to back up their data. Subscribing to a service to do that is certainly an easy way to use your resources for more productive work to drive revenue. But at the end of the day, if you’re not secure, it’s difficult to innovate with confidence. Robert Dutt: All right. How does the portfolio that you guys are offering today help partners position their customers to be able to bounce back based on what really happens when they get attacked, breached, when their backup is part of that? Rob Emsley: Yeah. So within the Dell Technologies portfolio, this occurred probably about seven years ago. When I came back to Dell in 2018, we were simplifying the infrastructure portfolio of the company – storage predominantly, servers, and at the time data protection and cyber resilience. So many of our customers and our partners realized we have a portfolio of Power-branded products: PowerEdge, PowerStore, PowerMax, PowerSwitch. And probably in 2019, we introduced PowerProtect. So PowerProtect is the umbrella portfolio for everything we do in that backup and recovery, data protection, and cyber resilience space. Within there, we sell software to create copies of data and store them on hardware. And the hardware that we sell is something that we’ve been very lucky to have ownership of for literally 20 years. It’s an acquisition that was made by Dell Technologies, actually prior to the acquisition of EMC – it was an EMC acquisition, a company called Data Domain. And Data Domain has been really foundational for delivering cyber resilience. It falls into the category of what IDC calls the purpose-built backup appliance market. So unlike general purpose storage that many backup vendors use, this is a storage tier that was specifically developed for the purpose of storing backups. So it was developed with three attributes in mind. One was performance – how fast can I back up, how fast can I recover? It was built on efficiency – backup is a very repetitive process, so how can I store multiple backups in less physical capacity? So data reduction, deduplication. And then scalability – how can I start small and scale? But then overarching to that is how can you make it rock solid and secure? So the security features of our PowerProtect Data Domain appliances are something that’s very advantageous. And many of our managed service providers have stood that up in their data centers and offered that as the foundation for cyber resilience. The nice thing is that Data Domain, as well as supporting Dell Technologies software – so PowerProtect Data Manager, and other software assets that we’ve had for even longer, products like Networker and Avamar – it also has a very healthy ecosystem. There’s a protocol called Data Domain Boost that we use to allow third parties to integrate with Data Domain directly. Because the reality is that an MSP, when they go and talk to a customer, that customer has more than likely already made choices around the backup software that they’re using. And it’s more than likely not just one. And sometimes when they go to the MSP, they’ll say, well, can you basically choose a backup software application? But even the nice thing is, from an MSP perspective, Data Domain is multi-tenant. So you can slice up Data Domain into an ability to serve many MSP customers using different software if the customer so chooses. So if you look at our expo floor this year, we’ve got companies like Commvault exhibiting, companies like Veeam exhibiting. That’s the way that our portfolio is set up to provide that backup infrastructure for MSPs to leverage. Robert Dutt: Obviously, one of the big occurrences here from a partner point of view is the Modern Partner Platform that’s rolling out. And in part of all of those changes, you got the specific call out for cyber resilience solutions as one of the differentiated product areas for premium rebates. That’s a pretty big carrot. What does it say about the signal to the channel about where you see the biggest growth opportunities across Dell? Rob Emsley: Yeah, we have historically done the majority of our business through the channel, but we also recognize that the channel has a lot of choices. Many of our competitors, in fact most of our competitors in that cyber resilience backup solution space, are all pure-play individual companies, most of which have very little direct sales capabilities. So very channel-focused and therefore have blanketed the channel to sell their wares, sell their products. We wholeheartedly believe that the Dell Technologies portfolio, either standalone from a cyber resilience solutions perspective, but also taken in context of the other key elements – you think about things like private cloud and AI – gives a channel partner the concept of delivering secure infrastructure and the opportunity to take advantage of that broader portfolio. And as we talked about earlier, you can’t deny that cyber resilience is top of mind. It’s as high on the board’s agenda as, hey, how are we going to take advantage of artificial intelligence? Some could argue that cyber resilience is either on par or if not, for many customers, more of a concern, because it’s that ever-present danger of – is the infrastructure that I have now, even before I’ve implemented AI, secure enough to allow us to sleep at night? We certainly see the pivot from data protection to cyber resilience fitting well with the other vendors that our MSPs talk to. We certainly have a portfolio that addresses small customer needs to large customer needs, can absolutely be leveraged by our MSP partners to build a practice behind. And also, with cyber resilience solutions, there’s that upfront services component built in – identifying what is the minimum viable company that needs to be the most secure, the most isolated, to give those customers the peace of mind and actually show the MSPs as valued trusted partners. Robert Dutt: So much of the focus is obviously on enterprise data, on the data center, on the infrastructure side. But you also have the Workspace Protection offering going on. How important is securing the endpoint in the overall resilience strategy, and what’s the play there for partners from a resilience point of view? Rob Emsley: Yeah, certainly if you think about the entry point into most networks, the endpoints are clearly the most numerous, just by the volume of endpoints compared to the volume of elements in the data center. So certainly when we look at cyber resilience, we look holistically – not only at the data center infrastructure, but absolutely the endpoints that we sell. We continually look at the elements of security across the portfolio. And there’s a lot of foundational technology across the Dell product line, whether it be in the client space or in the server or storage space. The concept of trusted boot, secure BIOS, really carries forward through the PC line all the way into our server line and then the leverage of those servers into our storage portfolio. And then from an MSP standpoint, when you engage with Dell from a purchase perspective, you gain the advantage of the secure supply chain that Dell uses to its advantage. Our supply chain forever has been an incredible value, not only to ourselves, but also to anybody that buys from us, including our partners. But the fact that the way that we leverage that supply chain securely gives a lot of peace of mind. Because many of our partners, when they’re working with security companies, those security companies are not manufacturing their devices. Certainly they’re not manufacturing endpoints. Most of the time, they’re not manufacturing data center servers and data center storage solutions. They’re buying from somebody else. So the concept of a secure supply chain becomes harder to rationalize when you have multiple suppliers providing your solution. So at the end of the day, one of the advantages when it comes to Dell is that if you choose to work holistically with Dell, you get this foundational benefit across the portfolio of a lot of commonality when it comes to security and resilience. That’s one take-it-to-the-bank benefit that an MSP can achieve when they work with Dell Technologies across the entire portfolio. We’re fortunate enough to be in a position to have that entire portfolio, and long may that continue. And certainly that’s one of the advantages – when we look at security and resilience, we can look at it from the endpoint all the way to the data center and beyond. And I think that’s something that is a big benefit for MSPs to lean into the whole portfolio, as well as the advantages of aggregation of benefits and different tier levels by having a single-vendor, multi-portfolio opportunity, as opposed to slicing and dicing their vendor engagements across half a dozen different vendors. Robert Dutt: What do you see as the most common gap, especially in the mid-market, in terms of incident response plans today? Rob Emsley: I think it’s one, having one that is documented and printed out. That may seem very basic, but… Robert Dutt: Until your systems are locked down by ransomware. Rob Emsley: Exactly. So the very basic advice of have a plan and print it out may sound very old-fashioned and simplistic, but in the mid-market, that is probably something that people should consider. Certainly, practice does make perfect is not a trite saying. Practice, practice, practice in the mid-market becomes important. You don’t want to be developing a plan or using a plan for the first time when the house is on fire. You want to know where the exits are, where the fire extinguisher is, and you want to know how to use it. You want to make sure that when you use it, they work. Something which we can probably all think about in our own home lives, to be honest. So I think that’s probably something which, no matter what size company you are, it comes back to – you don’t want to lose your employees, you don’t want to lose your data. And when it comes to cyber resilience, you’re never too small or too big to take a fresh look at what you do and what your plan is. Robert Dutt: Once again, I appreciate you taking the time. Great chat. Rob Emsley: Great. Thanks, Robert. Robert Dutt: There you have it, Rob Emsley from Dell. I’d like to thank Rob for carving out some time during what has been a very busy week on the show floor at DTW. A couple of things from the conversation that I think are worth mentioning. First, that 97% figure – 97% of cyber attacks now involve targeting the backup infrastructure directly. If you’re an MSP and your backup practice is still built on the assumption that the backup is the safe harbor, that’s a foundational problem. The attackers know exactly where the life raft is. And second, the idea of the minimum viable company sounds simple, even obvious, but it’s actually a board-level conversation that most MSPs probably aren’t having and probably should be. What are the absolute minimum systems, data sets, and processes that a business needs to restart their operations? Answering that question and then building a resilience stack around that answer is the real difference between selling backup and selling business continuity. And his parting advice – have a plan and print it out – almost laughably basic until you consider how many organizations discover their incident response runbook is sitting on the encrypted server when they need it the most. I’d like to thank you as always for listening to the show. Please follow or subscribe wherever you get your podcasts – Apple Podcasts, Spotify, YouTube, most directories. Ratings and reviews are always appreciated and always help. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today’s headline news for Canadian IT solution providers: Dell’s ‘Modern Partner Platform’ brings AI directly to deal registration: Launching in the second half of the year, this unified portal introduces an “agentic partner experience.” Powered by a family of AI assistants, the platform connects demand signals, sales collaboration, deal registration, and pricing into a single interface. The impact on velocity: The new platform promises to reduce deal registration approvals from days to just “minutes.” It also features dynamic, real-time pricing—meaning partners can generate competitive, account-specific quotes without the friction of endless email loops with a Dell rep. AI matchmaking: Dell is using AI to analyze partner install bases and proactively surface cross-sell opportunities. In FY26 alone, Dell pushed more than 200,000 of these “demand signals” to its channel partners. Incentivizing a $6.1 trillion addressable market: Dell’s programmatic changes go live in August, aimed at helping partners capture an enterprise IT market where more than $4 trillion is delivered through the channel. Focus Accounts incentive: In a massive win for the platform MSP model, Dell is finally building a structured incentive that rewards partners for line-of-business expansion (e.g., cross-selling storage to a client device customer) rather than strictly prioritizing net-new logos. Differentiated base rebates: Partners will earn a premium rebate when selling strategic solutions. Dell explicitly named Dell Private Cloud, Dell Automation Platform, Cyber Resilience solutions, PowerStore, Z-Series networking, and premium Client+ products as the qualifiers. Advisory and SI recognition: Dell is formalizing a co-sell track that recognizes the influence of systems integrators and advisory partners who architect complex cloud and AI solutions, decoupling their reward from the ultimate hardware transaction. The ‘DeskSide Agentic AI’ sandbox tackles spiraling token costs: On the product side, Dell announced a massive expansion of the Dell AI Factory with NVIDIA, creating an on-premise development environment aimed at organizations suffering from public cloud API sticker shock. The economics of local AI: Built using NVIDIA NIM, OpenShift, and Dell Precision workstations, this secure sandbox allows developers to build and test AI agents locally. Dell claims this setup can reduce token spend by up to 87 percent compared to the public cloud, offering an ROI break-even point in as little as three months. Ecosystem expansion: Dell is also officially weaving Hugging Face, Mistral, xAI, Palantir, and ServiceNow natively into its validated AI ecosystem. PowerRack standardizes AI infrastructure: To help partners deploy complex AI infrastructure faster, Dell introduced a new turnkey, rack-scale solution for compute, networking, and storage. Speed to value: Designed for extreme rapid deployment, PowerRack allows partners to go from delivery on the loading dock to running live customer workloads in just six and a half hours. Read Full Transcript Hello and welcome to a special mid-day Holiday Monday episode of The Buzz from ChannelBuzz.ca. I’m Robert Dutt, and today is Monday, May 18, 2026. While you’re all hopefully back home enjoying Victoria Day, I’m here live from Dell Technologies World in Las Vegas, where Dell has announced a major overhaul of its partner experience, betting heavily that AI and new incentive structures will remove friction for the channel. The centerpiece is what Dell is calling its “Modern Partner Platform,” scheduled to roll out in the second half of the year. Chief Partner Officer Denise Millard says the platform is designed to connect demand signals, sales collaboration, deal registration, and pricing into a single hub. It delivers an “agentic partner experience,” relying on a new family of AI assistants to guide partners through quoting and post-order support. Critically for velocity, Dell promises this new platform will enable automated deal registration with approvals in minutes, alongside dynamic, real-time pricing that reduces the need for partner reps to negotiate via email. The platform will also proactively surface “demand signals,” using AI to analyze a partner’s install base and suggest perfectly timed cross-sell opportunities. On the programmatic side, Dell is launching new incentives in August that align directly with the platform MSP model. A new Focus Accounts incentive will reward partners for line-of-business expansion within existing accounts, rather than strictly prioritizing net-new logos. Also, Dell is formalizing a co-sell track that rewards systems integrators and advisory partners who architect complex AI and cloud solutions, decoupling influence from the ultimate transaction. Partners will also see a new differentiated base rebate targeting strategic solutions like Dell Private Cloud, PowerStore, and Cyber Resilience products. While the partner program announcements focus on how the channel goes to market, Dell’s Day 1 product announcements focus on what they are selling, highlighted by a massive expansion of the Dell AI Factory with NVIDIA. For the channel, the most actionable announcement is the introduction of a new “DeskSide Agentic AI” sandbox. Recognizing that public cloud API costs are spiraling out of control for developers building AI agents, Dell has created an on-premise, secure sandbox utilizing NVIDIA NIM, OpenShift, and Dell Precision workstations. Dell claims this local development environment can reduce token spend by up to 87 percent compared to public cloud alternatives, offering a break-even point in as little as three months. Dell is also formalizing the Dell AI Ecosystem, bringing validated solutions from players like Hugging Face, Mistral, xAI, Palantir, and ServiceNow natively into the fold. To support these massive AI workloads, Dell introduced PowerRack, a new turnkey, rack-scale solution encompassing compute, networking, and storage. Designed for rapid deployment, PowerRack can go from delivery to running live workloads in just six and a half hours, giving partners a highly standardized, rapidly deployable AI infrastructure offering. There’s more information on all of these announcement in the show notes or the blog post for this episode, and stay tuned to the site and the podcast all week for full coverage and interviews from Dell Technologies World. And if you’re a Canadian partner on-hand here in Vegas this week, drop me a note, I’d love to have a chat. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great Victoria Day.

In 2026, cyber attacks are far from the sole provision of cybersecurity professionals. These incidents pose real, hugely destructive impacts for businesses and can seriously impact employee and customer experience in the short and long term.It's not a matter of if, but when your business is targeted by threat actors. But in the gap between realizing this and implementing the right cyber resilience strategy, there's potential for enormous financial losses.How can businesses prepare for the worst? And what role can a trusted partner play in reaching true cyber resilience?In this special edition of the ITPro Podcast, in association with 11:11 Systems, Rory is joined by Sean Tilley, senior director of sales EMEA at 11:11 Systems, and Sam Woodcock, senior director of solutions architecture EMEA at 11:11 Systems.

I did not expect to walk into a wrestling ring at RSAC conference. But that is exactly what Commvault built at their booth. And after my conversation there, it made complete sense. I spoke to Michelle Hartley Graff and Michael Fasulo from Commvault right in the middle of that ring, and we got into what this partnership actually means beyond the announcements with Microsoft.Here is the reality I keep hearing from teams. Detection is not the problem anymore. The real struggle starts after that. You detect something. Then what?That gap between detection and clean recovery is where most teams slow down. What stood out in this conversation was how tightly Microsoft and Commvault are trying to close that gap. With Microsoft Sentinel in the mix, the day to day operations start to feel more connected. Signals are not sitting in silos anymore.Then you bring in Security Copilot. Now you are not just seeing alerts, you are actually understanding them faster and deciding what to do next without digging through ten different tools. And the most interesting part for me was this idea of real signal sharing. Not just integrations on paper, but systems actually talking to each other in a way that helps you move faster when it matters.Because in a real attack, speed is everything. But so is getting back to a clean state you can trust. That is where this partnership is focused#data #ai #security #rsac #attack #api #commvault #theravitshow

In dieser Folge sprechen Arsim und Milena mit Simon Gassner, Senior Sales Executive bei N-able, über Cyber Resilience und Business Resilience. Und über die Vozüge vom Datenstandort Schweiz. Hast du Fragen oder Feedback zur Folge? Melde dich bei uns unter cyberheroes@infinigate.ch. Werbung: Willst du mehr über N-able COVE (Backup mit Datenstandort Schweiz) erfahren? Hier findest du alle Infos: https://www.infinigate.com/ch/Hersteller/n-able/#backup Dies ist ein Podcast der Infinigate (Schweiz) AG.

In this episode, Aimé Nsengiyumva, Deputy-Chief Information Security Officer, Department of Finance and Administration, State of Tennessee shares how the state is strengthening its cybersecurity posture as threats become more complex. The keynote reflects on recent progress and explains how Tennessee is aligning with growing federal momentum to better protect both state and local government systems.The session highlights key milestones, outlines Tennessee's priorities for cyber resilience heading into 2026, and unpacks how the state is balancing governance, technology choices, and workforce readiness. It also offers practical takeaways for agencies looking to modernise their own cyber programs, including lessons from supporting local government through federally funded initiatives. Aimé Nsengiyumva, Deputy-Chief Information Security Officer, Department of Finance and Administration, State of Tennessee   For more great insights head to www.PublicSectorNetwork.co  

As digital transformation accelerates across the country, cybersecurity is emerging as a critical enabler of national development, not just a technical safeguard.In this episode of “Where the Digital World Converges: Conversations on Cloud,” a collaboration of BusinessWorld B-Side with Converge Global Business, Mr. Eric Andrew Malijan (Senior Vice President & Head of Corporate Information Security Office, Converge) and Mr. Jeffrey Ian Dy (Former DICT Undersecretary for Infrastructure Management, Cybersecurity, and Upskilling) break down the country's cybersecurity posture, from national readiness to private sector innovation.Interview by Beatriz CruzAudio editing by Jayson John Marinas

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• AI in Cybersecurity Defense: Best Practices and Limitations — Gate 15 • FS-ISAC releases advisory on hardening cybersecurity from AI • Sector Risk Advisory: AI-Enabled Vulnerability Detection & Remediation Perspectives on Third Parties • Sector Risk Advisory: Preparing the Enterprise for AI-Enabled Vulnerability Discovery • Executive Overview: Implications of AI-Enabled Vulnerability Detection & Exploitation • Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns • FB-ISAO Newsletter V8 Issue 4 Main Topics:WHCD Attack• White House Dinner Shooting Suspect's Family Alerted Police To Threats Minutes Before Attack • Read White House Correspondents' Dinner gunman Cole Allen's full anti-Trump manifesto • WHCD shooting suspect Cole Allen mocked lack of security on every leg of cross-country journey in manifesto: ‘Actually insane' • Who Are The Wide Awakes? What We Know About Group Tied to Cole Allen • White House Correspondents' Dinner gunman 'assembled long weapon in unsecured room' before firing near ballroom, volunteer reveals • Correspondents' dinner shooting suspect called himself ‘friendly federal assassin' • White House correspondents' dinner was not given top security status • White House correspondents' dinner shooting suspect reached ballroom staircase • Trump shooting at correspondents dinner raises security concerns • Staged conspiracy theories are everywhere following White House Correspondents' Dinner shooting Cyber Resilience• Cyber Centre warns of sophisticated smishing activity targeting Canadians & Smishing: Protect yourself from SMS attacks - Canadian Centre for Cyber Security • NCSC: Leave passwords in the past - passkeys are the future – UK National Cyber Security Centre • Cyber security considerations for passkeys (ITSAP.30.033) — Canadian Centre for Cyber Security • How NOT to Be Your Adversary's Best Friend | FIRST CTI 2026 Day 2 - FIRST CTI 2026 • Could your choice of metrics be harming your SOC? – UK National Cyber Security Centre • NCSC CEO keynote speech, CYBERUK 2026 — UK National Cyber Security Centre • Vendor diversification (ITSAP.10.006) - Canadian Centre for Cyber Security FBI: Open Letter to Parents, Guardians, and Caregivers Quick Hits:• AI tools are helping mediocre North Korean hackers steal millions - WIRED • Inside Lazarus: How North Korea Uses AI to Industrialize Attacks on Developers - Expel • Distinguished ex-cop arrested for ‘mass shooting' plot to gun down black people at New Orleans festival• UK warns of Chinese hackers using botnets of hijacked consumer devices to evade detection • FIRESTARTER Backdoor - CISA • Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS's SRMA Role for the Communications and IT Sectors - House Committee on Homeland Security. Witnesses include Sam Visner, Chair of the Board of Directors at Space Information Sharing and Analysis Center; and Scott Algeier, Executive Director of the Information Technology-Information Sharing and Analysis Center. • CISA director pick Sean Plankey withdraws his nomination - CyberScoop • Treaty Adjacent: Why Tribal Data Sovereignty Matters - LinkedIn

Send us Fan Mail

Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflict means for cyber investment in the private sector, British critical infrastructure, and the British government's approach to cyber resilience. Steve and Juliette also discuss the UK Financial Minister's Spring Statement, which didn't include any references to cybersecurity. What does this omission signal? How will multinational companies react? Is cyber a macro economic issue? This, and more, in Steve's latest appearance on Business Matters.Key Takeaways:  Cyber is a macroeconomic issue, not just a technical one.  AI has changed the way that the threat landscape is evolving, but it's also brought benefits for cyber defence.  Governments have limited abilities to support the cyber resilience of the private sector; cooperation between large enterprises supports the whole business landscape. Tune in to hear more about: If Steve thinks the UK Finance Minister's spring statement will impact cyber investments (8:57) The impact on UK businesses of slower economic growth in the UK (14:59) The state of government cyber resilience in the UK (22:39) Standout Quotes: “What you have to do is you have to look at your crown jewels and back to this minimum viable company notion that I mentioned right at the beginning of our chat. You have to understand what the most critical elements of your business are, and then you can track those through these complex supply chains. Those are the pieces you need to be protecting because that's what's gonna bring your business down or ensure that you can continue to operate.”  - Steve Durbin “The business climate in the UK at the moment is exceptionally tough, exceptionally demanding. I think if you look at some of the legislation that's recently come in particularly around hiring, retaining employees, the sheer cost of doing business has risen pretty much exponentially for most organizations, and that means that they have to make cuts somewhere. If they can't do it in terms of some of the core business, they will look to some of the fringe elements. So if you've got an organization that perhaps does not view cyber as being core to what they do, then that may well be somewhere where a cut is made.” - Steve Durbin “I think we'll certainly see a maturing of the industry. It's a very young industry still in terms of the way that it's evolving and changing, and I think that with the benefit of a couple of years under our belt, then most organizations will have moved to a stronger position from a maturity standpoint, and I would hope certainly that we're talking very much more about resilience rather than protection.” Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

When a production line stops, the financial damage is immediate — and the window to respond safely is narrower than most security teams realize. Rob Demain, CEO and Founder of e2e-assure, joins this Brand Highlight to explain why OT security demands a fundamentally different mindset than IT, and what organizations can do about it. Operational technology runs the infrastructure that keeps the world moving — manufacturing floors, power grids, air traffic control systems. Rob Demain founded e2e-assure in 2013 and has spent the past seven years narrowing its focus to one discipline: SOC and MDR services. He calls it "specificity" — the principle that doing one thing with precision delivers better outcomes than spreading resources thin. In IT security, the primary concern is data. In OT, the stakes are entirely different. Downtime is the real threat. For a manufacturing business, minutes of halted production translate directly into significant financial loss. That distinction changes everything about how security teams must respond. The "safety first" rule in OT means responders sometimes have to run alongside a threat rather than immediately neutralize it — because disconnecting systems could halt the production line entirely. The most common attack path into OT environments runs through IT: adversaries compromise IT first, then move laterally into OT systems. Supply chain risk is the second major vector. Firmware updates, software patches, and third-party management systems all represent potential entry points. Detection takes longer too — OT systems often lack the endpoint tools that trigger fast alerts, leaving threats to surface as subtle pattern deviations over extended periods. This is a Brand Highlight — a short introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Rob Demain, CEO & Founder, e2e-assure LinkedIn: https://uk.linkedin.com/in/rob-demain-01733468 RESOURCES e2e-assure website: https://e2e-assure.com OT Downtime and Remediation Gaps Research: https://e2e-assure.com Are you interested in telling your story? Full Length Brand Story: https://www.studioc60.com/content-creation#full Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight Brand Highlight Story: https://www.studioc60.com/content-creation#highlight   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Eric Herzog, Chief Marketing Officer of Infinidat, sat down with Sean Martin for a booth-side Brand Highlight that reframes a familiar blind spot. Infinidat is a high-end enterprise storage company serving global Fortune 500 organizations and mid-range managed service providers -- and Herzog argues that leaving storage out of a corporate cybersecurity strategy means leaving the largest concentration of enterprise data exposed. Infinidat embeds cybersecurity directly into its storage platform through InfiniSafe, a software suite that has earned recognition from both storage and cybersecurity analysts. The centerpiece of the offering is a written guarantee: any dataset, regardless of size, will be recovered in one minute or less. Herzog explains that this is backed by immutable snapshots that cannot be altered or deleted, a management plane separated from the data plane, and AI/ML-powered scanning through InfiniSafe Cyber Detection that validates a snapshot is clean before it is restored. The goal is a "known good copy" -- a forensically clean snapshot that can be brought back with confidence. Herzog notes that security teams often focus on confidentiality and availability while underweighting integrity. Infinidat's approach addresses all three: snapshots are verified clean, recovery is fast, and the process is demonstrable in live proof-of-concept environments. At the beginning of April 2026, Infinidat recovered six petabytes in three seconds in a live demo. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Eric Herzog, Chief Marketing Officer, Infinidat LinkedIn: https://www.linkedin.com/in/erherzog RESOURCES Infinidat Website: https://www.infinidat.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Eric Herzog, Infinidat, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, enterprise storage, cybersecurity, ransomware recovery, data protection, InfiniSafe, immutable snapshots, cyber resilience, RSAC Conference 2026, next generation data protection, MSP security, storage security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury. Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture. Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation. Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster. A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET: https://www.eset.com ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The rapid adoption of mobile applications for managing consumer whole-house battery and energy systems has introduced new questions about software supply chain security. While these applications are not currently integrated with critical infrastructure, their growing role in connected energy environments highlights the importance of understanding the dependencies,permissions, and external services that support their operation. Many of these applications rely on shared third-party libraries, analytics frameworks, and messaging services, creating overlapping software ecosystems across vendors.In this talk, I will present an analysis of several battery-management mobile applications using static and dynamic analysis techniques. The study examines third-party dependencies, Android permission usage, and outbound network activity to identify common software components and shared external infrastructure. The results reveal significant overlap in libraries and permissions across applications, suggesting that vulnerabilities in widely used components could introduce shared risk pathways across multiple vendors. This work highlights the need for stronger dependency governance,permission minimization, and ongoing monitoring as mobile energy applications continue to evolve. About the speaker: Jen Sims is a cybersecurity technical professional in the Cyber Resilience and Intelligence Division at Oak Ridge National Laboratory (ORNL). Her research focuses on resilient cyber-physical systems and vulnerability assessment of technologies used within the electric grid, with particular emphasis on supply chain risk. She also conducts research in cybersecurity for manufacturing and is actively involved in cyber education outreach, engaging students from grade school through graduate programs.Jen earned a Master of Software Engineering and a Bachelor of Computer Science with a concentration in Secure Cyber Systems from the University of Texas at El Paso (UTEP). During her time at UTEP, she founded the Women in Cybersecurity (WiCyS) student chapter and helped launch the university's summer cybersecurity camps.Outside of her research, Jen is passionate about workforce development and cybersecurity education, volunteering with Oak Ridge Computer Science Girls (ORCsGirls) and creating hands-on cybersecurity activities to inspire the next generation of students.

At RSAC Conference 2026, Anthony Cusimano, Chief Evangelist and Director of Solutions Marketing at Object First, joins Sean Martin on the show floor to break down what separates truly immutable storage from the checkbox version. The answer comes down to zero access: no command line interface, no root access, no administrative back doors at any layer -- for customers or for Object First itself. Object First appliances are purpose-built for Veeam and ship with S3 protocol storage in automatic compliance mode, versioning, and object lock. Once data is written and a retention period is set, nothing -- no admin, no attacker, not even the vendor -- can touch it. Cusimano describes the architecture as a storage utility, not an administration platform: Veeam handles all backup policy and configuration; Object First handles one thing only, ensuring the data cannot be erased. The statistics behind the design are sobering. According to Cusimano, 96 percent of ransomware attacks specifically target backup data -- a figure validated across four independent industry surveys. Organizations that rely on encryption alone, without immutable storage, are leaving a critical gap that attackers have learned to exploit. Many do not discover that gap until recovery is already underway. Cusimano also makes the case for recovery testing as a security priority in its own right. He recommends full tabletop exercises that assume worst-case conditions: every admin credential compromised, active directory gone. Teams that run through this process discover gaps in their architecture that no amount of vendor documentation will surface. His practical tip -- collect coworkers' cell phone numbers before an incident -- reflects just how complete the communications blackout can be when directory services fail. Two capabilities from Object First round out the conversation. Fleet Manager, launching May 6th, gives managed service providers and large enterprises a single SaaS dashboard to manage all Object First instances with unified telemetry and honeypot visibility -- with no backup data leaving the appliance. And the honeypot feature, included on every device at no cost, simulates a Veeam backup and replication server as a decoy. When agentic AI-driven attacks probe the environment, they interact with the honeypot exactly as they would a real target, triggering alerts that can surface threats days or weeks before a full attack develops. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Anthony Cusimano, Chief Evangelist & Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, ransomware, immutable storage, backup security, Veeam, data protection, RSAC Conference 2026, cyber resilience, absolute immutability, ransomware recovery, Fleet Manager, honeypot detection, managed service providers, zero trust storage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On this episode of the Washington AI Network Podcast, host Tammy Haddad sits down with Sean Cairncross, White House National Cyber Director, and Sanjay Poonen, CEO and president of Cohesity, for a live conversation recorded at The House at 1229 in Washington, D.C.They discuss President Trump's new cyber strategy and cybercrime executive order, the growing role of the private sector in protecting critical infrastructure, and how AI is reshaping both cyber risk and cyber defense.

Cyber resilience has become a defining priority for today's security leaders, but translating the concept into real-world impact isn't easy. In this episode of Cyber at the Top, Dr. Hugh Thompson is joined by Emma Smith, CISO at Vodafone, to explore what cyber resilience looks like in practice and how it shapes decision-making at scale. Drawing on her experience leading a major global security transformation, Emma shares how organizations can prepare for disruption, reduce impact, and recover more effectively over time. The conversation looks at resilience through the lens of people, culture, operating models, and measurement, and highlights why trust, accountability, and continuous improvement are essential to sustaining resilience in complex, highly regulated environments.

Backup storage rarely gets a spotlight at security conferences. Object First is working to change that. Anthony Cusimano, Director of Solutions Marketing, joined Sean Martin and Marco Ciappelli ahead of RSAC Conference 2026 to make the case that absolute immutability -- baked into hardware, not bolted on as a feature -- is one of the most critical layers of any modern security stack. Object First builds physical, on-premises appliances purpose-built for Veeam. Once backup data lands on the device, it cannot be changed by anyone: not an admin, not the vendor, not an attacker. That guarantee is the foundation of the company's entire product philosophy. As Anthony Cusimano puts it, the threat is clear -- ransomware operators now specifically target backups because destroying that data eliminates the victim's options. Heading into RSAC Conference 2026, Object First is bringing new capabilities to South Hall Booth S3601. Demos will include Honeypot, a feature that causes the Object First appliance to simulate a Veeam backup and replication server as a decoy. If a bad actor attempts brute-force access or a remote desktop connection, an alert fires immediately -- a signal that your real Veeam environment is likely also being probed. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Anthony Cusimano, Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, ransomware, backup security, immutable storage, Veeam, data protection, RSAC Conference 2026, cyber resilience, backup immutability, ransomware protection Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

Cyber Resilience, AI Threats & MSP Security Blind Spots| DailyCyber 287 with Andrew Scott   Cybersecurity threats are evolving faster than many organizations can adapt. MSPs and SMBs are increasingly being targeted by sophisticated attackers using automation, AI-assisted tools, and highly coordinated attack chains that exploit weaknesses across modern IT environments. In this episode of DailyCyber, Brandon Krieger speaks with Andrew Scott — Field CISO at Todyl — about the real cyber risks facing service providers today and why organizations must rethink how they approach cybersecurity strategy.   Episode Overview Cybersecurity has shifted from a prevention-first mindset to one that increasingly focuses on resilience. Attackers are operating faster, using automation and AI to scale attacks, and targeting MSP ecosystems as high-value entry points into multiple organizations. Andrew Scott shares insights from working directly with MSPs and partners in the field, helping them strengthen their security posture and evolve their cybersecurity strategies. The conversation explores how providers can move beyond prevention-only models toward security architectures designed to detect, respond to, and recover from attacks quickly. The discussion also examines the rapidly expanding role of artificial intelligence in cybersecurity. While AI is enabling attackers to automate phishing campaigns, reconnaissance, and vulnerability discovery, it is also providing powerful capabilities for defenders to improve detection, automate SOC operations, and strengthen threat intelligence analysis. Andrew's experience spans enterprise security architecture, SOC transformation, and threat intelligence leadership across major organizations including Leidos, CrowdStrike, and IBM. Now working closely with MSPs as a Field CISO at Todyl, Andrew helps organizations rethink their cybersecurity strategy, identify blind spots in their security programs, and adopt modern platforms designed to simplify and strengthen security operations.   Topics covered: • The biggest cyber risks facing MSPs and SMBs today • Why cyber resilience must replace prevention-only security models • How AI is reshaping both cyber attacks and defensive capabilities • The blind spots many service providers still overlook   Guest: Andrew Scott — Field CISO, Todyl https://www.linkedin.com/in/andrew-s-8b691729/ https://www.todyl.com   Host: Brandon Krieger — CEO & vCISO Advisor https://www.linkedin.com/in/brandonkrieger https://www.DailyCyber.ca   Listen to the podcast: DailyCyber.ca

In this episode of the Cybersecurity at ViVE series on The Beat Podcast, host Sandy Vance sits down with Chad Alessi, Managing Director of Cybersecurity at CTG, for a wide-ranging conversation about what it really takes to protect healthcare organizations in today's threat landscape. With a background spanning chemical engineering, the U.S. Marines, energy sector Operational Technology security, and IT consulting, Chad brings a unique cross-industry perspective to healthcare cybersecurity. From the difference between cybersecurity and cyber resilience to the rise of AI-powered attacks, this episode is packed with practical insights for healthcare leaders who want to stay ahead of what is coming. In this episode, they talk about how: Cyber resilience focuses on operational continuity when an attack happens, not just prevention Breaches resolved within 200 days can save organizations over $1 million Bad actors often sit idle inside networks for months, collecting data before launching an attack Baseline requirements are identity-first security, including multi-factor authentication (MFA) and privileged access management Human-only Security Operations Center (SOC) models are too slow to keep up with today's automated, AI-powered attacks CTG uses Microsoft's Unified Security Operations (SecOps) platform to eliminate tool sprawl and improve response time Zero-trust architecture is expanding from department-level to enterprise-wide in healthcare New HIPAA regulations now require provable network segmentation for legacy medical devices AI-assisted security operations will continue to grow in the next few years A Little About Chad: As CTG's Managing Director of Cybersecurity, Chad Alessi leverages decades of experience in technology, cybersecurity, and operational strategy across enterprise and mid-market sectors to meet the evolving cybersecurity needs of clients in the U.S. During his time in IT consulting, Chad was instrumental in driving IT transformation in the company's regulated pipeline and gas processing business units. He holds a BS in Chemical Engineering, an MBA from the University of Alabama, an MS in Information Systems with a concentration in Information Security from Syracuse University, and post-graduate certifications in leadership, full stack development, cybersecurity, and cloud computing. Chad is known for his strong work ethic, integrity, resourcefulness, and service-based leadership, which he attributes to his time in the U.S. Marine Corps.

Josh Howell, Healthcare CTO at Rubrik, spoke with Moshe Beauford of Technology Reseller News at the HIMSS Global Health Conference & Exhibition about the growing importance of cyber resilience in healthcare and Rubrik's collaboration with the American Hospital Association (AHA) to strengthen security across the sector. Howell explained that healthcare organizations remain among the most targeted industries for cyberattacks, making resilience and recovery capabilities essential. Rubrik has been working closely with the AHA's cybersecurity initiative, which is led by veteran security experts focused on helping hospitals and health systems better prepare for ransomware and other threats. The partnership highlights how public and private sector collaboration can improve readiness across healthcare infrastructure. A key theme of the discussion was the need to move beyond traditional backup strategies toward a broader cyber resilience framework. Rubrik's platform focuses on protecting critical healthcare data, ensuring that hospitals can recover quickly and safely if systems are compromised. In an industry where downtime can directly affect patient care, rapid and reliable recovery capabilities are critical. Howell emphasized that cybersecurity in healthcare is no longer just an IT concern—it is a patient safety issue. “Healthcare organizations must be able to protect their data and ensure that critical systems can recover quickly when incidents occur,” he said. This perspective is driving new investments in data protection, ransomware recovery, and operational resilience across healthcare systems. As healthcare leaders gathered at HIMSS to discuss the future of digital health, the conversation underscored the growing recognition that cybersecurity and resilience must be foundational elements of modern healthcare infrastructure. Learn more about Rubrik: https://www.rubrik.com/

In this episode, we sit down with Technical Evangelist Don Poorman for a deep dive into the most engaging and eye-opening questions from the past year of the customer-focused Ask Us Everything (AUE) webinar series. The AUE forum has proven to be an invaluable resource for the Everpure community, driving real-time feedback and high-quality, practical discussions directly with experts. Tune in as we revisit the most pertinent topics and customer use cases, revealing how these community interactions are shaping the Everpure roadmap and delivering tremendous value. The conversation recaps the biggest AUE sessions, starting with Fusion, where customers were focused on the operational reality of managing fleets, automating data placement across data centers, and multi-tenancy. Next, we discuss the highly attended session on Purity Upgrades and the success of the self-support upgrade model, emphasizing Everpure's commitment to building confidence and providing tools like AI Copilot to make storage OS upgrades a non-event. The review moves into Cyber Resilience, highlighting the shift from prevention to recovery, the role of SafeMode snapshots, and the importance of ecosystem integration with partners like Rubrik and Superna to address ransomware attacks holistically. Finally, our discussion covers the rapid evolution of FlashArray File, including the much-anticipated ActiveCluster for Files use case, and a look at the comprehensive value delivered by the Evergreen portfolio—from the included features in Evergreen//One to the Cyber Resiliency SLA add-on and its role in hybrid-cloud environments. The episode wraps up with the highly relevant session on the Nutanix integration, exploring how the Everpure Platform helps decouple storage growth from hypervisor licensing and enables modern container-based workloads with features like NVMe/TCP. This recap provides a high-level overview of the technical and strategic conversations defining the Everpure platform today and what's coming next. To learn more, visit https://purecommunity.purestorage.com/category/events/events/webinars Check out the new Pure Storage digital customer community to join the conversation with peers and Pure experts: https://purecommunity.purestorage.com/ 00:00 Intro and Welcome 02:25 Ask Us Everything Webinars 06:25 Fusion 10:05 Self Service Upgrades 16:19 Cyber Resilience 24:29 File Services 29:23 Evergreen//One 38:42 Nutanix and Everpure 47:45 Observations on the AUE Program

On this episode of The Cybersecurity Defenders Podcast, we speak with Chris Cochran, Field CISO & Vice President of AI Security at SANS Institute, about how to navigate the future of AI risk and security strategyChris works at the intersection of cyber defense, AI safety, and emerging risk, where the threats are converging and the playbooks are still being written. His career has taken him from the Marine Corps to NSA, U.S. Cyber Command, the U.S. House of Representatives, Mandiant, and Netflix. Across every role, one throughline: understanding adversaries, building high-trust teams, and translating complex problems into strategies leaders can act on.Today, Chris advises organizations, governments, and research institutions on AI governance, agentic threat preparedness, and unifying safety and security into a single discipline. He contributes to global standards efforts including the EU AI Act (via OWASP AI) and leads executive education on cybersecurity and AI strategy at SANS.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

Sam Jones started his career as a GS-7 cyber operator in the Air Force. Today, he's the co-founder and CEO of Method Security, a bleeding-edge, dual-use cybersecurity and AI company that has raised $26M from top investors, including Andreesen Horowitz and General Catalyst. In this BreakLine Arena conversation, Sam doesn't just talk with Zayn (CEO and Host) about cybersecurity; he talks about building for the business effect from the onset. Sam unpacks why his team chose what he describes as the “psychotic approach” of serving Fortune 500 companies and the Department of War from day one. Resilient software isn't a strategic choice but a structural requirement if the government and Fortune 500 are to secure their organizations. And what it means to design a company, technically and culturally, around the hardest missions first.“To become resilient, you need to test the whole of the enterprise all the time where it matters most.”This episode is about more than AI and cyber. It's about raising standards. Building teams with real conviction. Choosing the harder path early so the ceiling stays high later and for the long game.If you're a visionary founder or a purpose-driven top performer building the future with clarity, community, and access to the most ambitious companies in America, join us!Learn more about our Effects-Based Hiring approach here: BreakLine.org

As more small businesses move sales, payments, and customer relationships online, they unlock new opportunities, but they also become easier targets for cyber-criminals and other threat actors.In this episode of Local to global: The power of small business, host JJ Ramberg sits down with Shamina Singh, Founder & President of the Mastercard Center for Inclusive Growth, and Brian Cute, Interim CEO and Director of Capacity & Resilience at the Global Cyber Alliance, to explore what Southeast Asia's fast-growing digital economy reveals about the cybersecurity challenges facing micro, small and medium-sized businesses everywhere.Together, they unpack what cyber-risk looks like on the ground, from phishing, ransomware, and malware to low-tech scams like QR-code sticker switching. They also examine why the damage rarely stays local; when a small supplier gets hit, disruptions can cascade through regional networks and even global supply chains.The good news is that their collaboration in Southeast Asia is also surfacing solutions that the rest of the world can borrow. Singh and Cute share what works, including public-private partnerships that deliver practical toolkits, localized training, and basic cyber hygiene that businesses can adopt, especially as AI-driven fraud and deepfakes make scams harder to spot.Local to global: The power of small business is a podcast series from GZERO Media's Blue Circle Studios and Mastercard, exploring why small businesses are poised to play an even bigger role in the future of the global economy. Host: JJ RambergGuests: Shamina Singh, Brian Cute Subscribe to the GZERO World with Ian Bremmer Podcast on Apple Podcasts, Spotify, or your preferred podcast platform, to receive new episodes as soon as they're published. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As more small businesses move sales, payments, and customer relationships online, they unlock new opportunities, but they also become easier targets for cyber-criminals and other threat actors.In this episode of Local to global: The power of small business, host JJ Ramberg sits down with Shamina Singh, Founder & President of the Mastercard Center for Inclusive Growth, and Brian Cute, Interim CEO and Director of Capacity & Resilience at the Global Cyber Alliance, to explore what Southeast Asia's fast-growing digital economy reveals about the cybersecurity challenges facing micro, small and medium-sized businesses everywhere.Together, they unpack what cyber-risk looks like on the ground, from phishing, ransomware, and malware to low-tech scams like QR-code sticker switching. They also examine why the damage rarely stays local; when a small supplier gets hit, disruptions can cascade through regional networks and even global supply chains.The good news is that their collaboration in Southeast Asia is also surfacing solutions that the rest of the world can borrow. Singh and Cute share what works, including public-private partnerships that deliver practical toolkits, localized training, and basic cyber hygiene that businesses can adopt, especially as AI-driven fraud and deepfakes make scams harder to spot.Local to global: The power of small business is a podcast series from GZERO Media's Blue Circle Studios and Mastercard, exploring why small businesses are poised to play an even bigger role in the future of the global economy. Host: JJ RambergGuests: Shamina Singh, Brian Cute Subscribe to the GZERO World with Ian Bremmer Podcast on Apple Podcasts, Spotify, or your preferred podcast platform, to receive new episodes as soon as they're published. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “Are we quantum safe?” With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Show Notes: https://securityweekly.com/bsw-434

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this week's episode of the Security Sprint, Dave and Andy covered the following topics:Opening:Check out the new SUN format and Subscribe to GRIP! Gate 15's Resilience and Intelligence PortalBig News! The Tribal-ISAC Appoints First Executive Director to Advance Cybersecurity for Tribal Governments and Enterprises – Tribal-ISAC | 27 Jan 2026: Keys & Locks – The Overlooked Security Risk – Fact Sheet — WaterISAC | 28 Jan 2026 Main Topics:Insider Threats: Assembling A Multi-Disciplinary Insider Threat Management Team — CISA | 27 Jan 2026 (Analysis/Commentary) CISA's new infographic guides organizations in forming insider threat teams that bring together HR, legal, IT, security, and leadership under a “Plan, Organize, Execute, Maintain” framework. Savannah Best Buy employee says hacker group blackmailed him into theft ring scheme Study: Future workers would sell patient data Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology Former TD Bank Employee Pleads Guilty to Accepting Bribes and Laundering $55 Million From Colombia Two Recent Guilty Pleas Highlight Financial Crime Risks Posed by Bank Insiders The Evolution of Insider Threat Ransomware Threat Outlook 2025-2027 — Canadian Centre for Cyber Security | 28 Jan 2026 The Cyber Centre assesses that ransomware against Canadian organizations is increasing and rapidly evolving, with actors almost certainly opportunistic and financially motivated, and essentially all organizations and individuals at risk of being targeted at some point. Ransomware: How to Prevent and Recover (ITSAP.00.099) — Canadian Centre for Cyber Security Ransomware Playbook (ITSM.00.099) — Canadian Centre for Cyber Security Threat Spotlight: Ransomware and Cyber Extortion in Q4 2025 NCC Group Monthly Threat Pulse – Review of December 2025 The Convergence of Infostealers and Ransomware: From Credential Harvesting to Rapid Extortion ChainsFBI Operation Winter SHIELD: 10 Cybersecurity Actions for Critical Infrastructure & FBI Launches ‘Winter SHIELD' Cyber Campaign — FBI & Infosecurity Magazine, 29 Jan 2026. NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines How to prepare and plan your organisation's response to a severe cyber threat: a guide for CNI Cyber security considerations for drone use (ITSAP.00.143) Cyber security advisory AV26-058: OpenSSL Security Advisory Cyber Incident Reporting Guidelines: Key Information & Sharing Requirements — Canadian Centre for Cyber Security, 2026DOD: JIATF 401 Publishes New Guidance for Physical Protection of Critical Infrastructure (U.S. Department of Defense, Jan 2026) Spotting malicious email messages (ITSAP.00.100) — Canadian Centre for Cyber Security | Jan 2026 Quick Hits:2025 Threat Report: Exploitation Grows Across IT, IoT, and OT — Forescout Vedere Labs | 29 Jan 2026 Man arrested after spraying substance on Rep. Ilhan Omar Ilhan Omar Attack: Suspect Identified as Anthony Kazmierczak Amid Rising Political Violence Calls to Impeach DHS Secretary Noem Grow After Minneapolis Shootings and Omar Attack ‘No Kings' march event in Twin Cities & ‘No Kings' protest march set for March 28 USCP Threat Assessment Cases for 2025 – Source: U.S. Capitol Police, 27 Jan 2026.

In this enlightening episode, hosts Frank La Vigne and Candace Gillhoolley are joined by Benita Zazueta, a leader in quantum-safe initiatives at IBM and a doctoral candidate exploring the intersection of quantum risk and supply chain resilience.Together, the team tackles the looming threat posed by fault tolerant quantum computers—those machines capable of cracking today's encryption and altering the balance of cybersecurity. Benita Zazueta breaks down complex concepts like “harvest now, decrypt later,” and explains how business leaders, not just researchers and engineers, must prepare for a quantum future. The conversation covers practical strategies for organizations to assess vulnerabilities, foster quantum talent, and transform their security posture without causing panic.Whether you're a seasoned technologist, a curious executive, or just starting your quantum journey, this episode delivers actionable insights, fascinating anecdotes, and critical leadership lessons from the front lines of quantum innovation. Tune in and discover how to build resilience, not just protection, in the age of quantum breakthroughs!LinksIBM Quantum – https://www.ibm.com/quantumIBM Quantum Safe – https://www.ibm.com/quantum/quantum-safeQiskit – https://qiskit.orgTime Stamps00:00 Quantum Threats and Business Decisions05:34 "Harvest Now, Decrypt Later"09:53 "Impending Data Decryption Risks"12:34 Cyber Resilience Against Future Threats14:48 Preparing for Quantum Encryption Shift17:59 Quantum-Safe Supply Chain Security22:42 Quantum Computing Misconceptions Debunked26:48 "Internet-Dependent Smart Bed Issues"27:58 "Driving Innovation Through Core Values"31:23 "Explore Free Quantum Learning Resources"36:42 "Application Risk Assessment Process"39:51 "Securing Supply Chain Software"41:47 "Quantum Computing's Impact and Race"48:02 "Ethical Hacking in Perspective"52:10 "Aerospace Engineer's Flight Story"55:49 "Quantum Podcasts: Breaking the Mold"

Andy Grotto, William J. Perry International Security Fellow and the founder and co-director of the Program on Geopolitics, Technology, and Governance at Stanford University's Center for International Security and Cooperation (CISAC), and Jim Dempsey, a senior policy adviser to that program and a Lecturer at the UC Berkeley Law School, join Lawfare's Justin Sherman to discuss their recent study on the U.S. military's domestic operational technology (OT) cybersecurity vulnerabilities, domestic installations' dependencies on critical infrastructure both “inside the fence” and “outside the fence,” and how U.S. adversaries could exploit the flaws. They also discuss the myth of the air gap; the Pentagon's Energy Resilience Program; the role that standards, regulations, and procurement could play in strengthening the cybersecurity of OT systems on which the military depends; and what the threat landscape will look like in the coming years.Resources:James X. Dempsey and Andrew J. Grotto, “Ensuring the Cyber Resilience of Critical Infrastructure Serving Domestic Military Installations: Questions for Senior Leadership,” The Cyber Defense Review 10, no. 2 (2025): 115-138Jim Dempsey and Andrew J. Grotto, “The Pentagon's Operational Technology Problem,” Lawfare, December 15, 2025To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

The Pure Report welcomes two key members of Pure's Technical specialist team, Principal Technologist Joey Clark and Field Solution Architect Drew Kessel (who covers Cyber Resilience). Our conversation begins with a look at their backgrounds, including their surprising common start in healthcare IT, and the value of professional development, like Pure's EBC speaker training. We quickly pivot to the successes Pure is seeing in the areas of file, object, and unstructured data, driven by innovative products like FlashBlade and FlashArray. The core of our discussion centers on why Pure is successfully tackling the toughest challenges in unstructured data, noting the significant shift to object storage for backup, which provides benefits like immutability via object lock. Joey and Drew highlight how Pure's unique approach—focusing on simplicity and eliminating "tech debt"—is resonating with customers and leading to major business breakthroughs. This success is made stronger by strategic partnerships with data protection leaders like Rubrik, Commvault, and Veeam, creating a connected ecosystem that delivers layered resilience against modern threats. Finally, we explores the powerful narrative of the Enterprise Data Cloud (EDC), with Fusion acting as the intelligent control plane. We discuss how Fusion is the vehicle for EDC, helping customers mitigate risk and human error through automation. This includes using presets to enforce protection policies (like SafeMode snapshots and replication) and delivering audit and compliance alerts when security settings are changed. Drew shares a powerful, real-life customer success story of an 8-hour recovery from a cyber event using Pure snapshots, emphasizing that cyber resilience is a unified team sport that requires both infrastructure and security teams to collaborate. To learn more, visit https://www.purestorage.com/products/storage-as-code/pure-fusion.html Check out the new Pure Storage digital customer community to join the conversation with peers and Pure experts: https://purecommunity.purestorage.com/ 00:00 Intro and Welcome 09:02 File and Object Momentum 16:45 SLA-Backed Cyber Recovery 20:20 Fusion Presets and Cyber 27:33 Cyber and Enterprise Data Cloud 34:06 Bridging Cyber IT to Security Teams and CISOs 38:11 Pure Tech Summit Events 42:11 Hot Takes Segment

Recorded live at the Cloud Connections event in Delray Beach, Doug Green, Publisher of Technology Reseller News, spoke with Darin Gull of C3 Complete about the growing importance of compliance, cyber resilience, and partner-centric security services in today's cloud and UCaaS ecosystem. Gull describes C3 Complete as an “anything IT” company with a clear mission: to complete a partner's portfolio without ever competing with it. Working exclusively through channel partners, C3 Complete focuses on filling gaps—particularly in security and compliance—while preserving partner ownership of the customer relationship. “We're here to complete, but never compete,” Gull explains, emphasizing the company's commitment to protecting partner equity. A central theme of the conversation is compliance, which Gull frames less as a punitive obligation and more as an education and awareness challenge. C3 Complete leads with what it calls cyber resilience—helping organizations understand what they are required to do, why it matters, and how to consistently track and maintain compliance over time. “Most compliance failures aren't bad actors trying to break rules,” Gull notes. “It's usually a lack of awareness.” C3 Complete's approach begins with deep listening and discovery. By understanding a client's operational realities and pain points, the company's subject-matter experts—guided by its security leadership—identify shortfalls, improve efficiency, and develop clear, actionable roadmaps to move customers from their current state to their desired level of compliance and security maturity. Gull also reflects on the relevance of the Cloud Communications Alliance community, noting that many of the challenges facing today's UCaaS and cloud providers—particularly around security, governance, and AI—mirror those seen in earlier phases of the industry, albeit at greater scale and complexity. As AI adoption accelerates, he sees compliance and governance as unresolved but critical questions that service providers must address proactively. Looking ahead to 2026, C3 Complete plans to expand its partner ecosystem, deepen its security offerings, and continue delivering what Gull calls “white-glove service without the insane price.” For MSPs and service providers lacking a full security stack, C3 Complete positions itself as a trusted extension of their business—stepping in when needed, then stepping back to ensure partners retain the customer relationship. More information about C3 Complete is available at https://c3-complete.com/.

Join Brendan Hall and Michael White, Alliant Cyber, and Scott Erickson, APT Healthcare, as they explore how Alliant's PortCo Protect program supports private equity organizations in advancing cybersecurity maturity across their portfolio companies. The discussion highlights how portfolio-wide risk assessments, sponsor transparency and ongoing remediation guidance help drive alignment, justify investment and strengthen security posture. Scott also shares firsthand insights on modernizing IT infrastructure, improving defenses against threats like ransomware and the value of collaborative partnership in elevating enterprise risk management.

In this episode, Joy Oh, Chief Information and Digital Transformation Officer at Christ Hospital Health Network, shares how strong governance, disciplined AI pilots, and close operational partnerships are accelerating digital transformation while managing risk.

In this episode, Rob Aragao sits down with Theresa Lanowitz for a deep dive into the evolving meaning of cyber resilience and why it has become a true business imperative. Moving beyond traditional cybersecurity, the conversation explores how organizations must unite leadership, technology, and operations to withstand and recover from today's most disruptive cyber events.Theresa shares insights on the defining attacks of 2025, including the rise of AI-driven social engineering, software supply chain compromises, and credential-based intrusions from new-generation threat groups. The discussion also looks ahead to 2026, examining emerging risks around data misuse, non-human identities, insider threats, and the long-term impact of breached data.Together, Rob and Theresa unpack why cyber resilience must be owned at the board and C-suite level, how software supply chain complexity has become a critical weakness, and what organizations can do to better govern, protect, and use their most sensitive data. This episode offers a strategic perspective for leaders looking to align cyber resilience with business outcomes in an increasingly connected and unpredictable digital world.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

In today's evolving digital environment, many leaders are facing unprecedented levels of complexity. Cyber threats are escalating, regulatory demands are tightening, and organizations are expected to maintain resilience while embracing innovation. Few people understand this landscape more deeply than Scott Alldridge, CEO of IP Services, President of the IT Process Institute, and author of the globally acclaimed VisibleOps series. With more than three decades of experience guiding technical and non-technical teams alike, Scott has built a reputation for transforming complicated cybersecurity concepts into clear, actionable strategies. His people-process-technology framework has helped organizations strengthen governance, reduce risk, and build cyber-mature cultures capable of thriving in high-stakes environments.  In this episode, we discuss: How boards can elevate their cybersecurity oversight. Why organizations fail at cyber risk management, and how to fix it. Common misconceptions surrounding cybersecurity maturity. Scott's strategies for fostering ethical leadership and a security-first culture. Scott's most recent book, VisibleOps Cybersecurity, is an Amazon Best Seller and continues to influence executives, boards, and cybersecurity professionals around the world. Join us in this conversation as he breaks down the mindset and practices leaders need to stay ahead of current and future threats… You can connect with Scott and his work on his website!