POPULARITY
Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
William Lyne of the UK's National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.When the UK's top cyber intelligence strategist sits down with you in London, you listen — and you hit record.At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK's National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It's not just a conversation — it's a rare front-row seat into how one of the world's most serious crime-fighting agencies is tackling ransomware 3.0.The message? Ransomware isn't just a cyber issue. It's a societal one. And it's evolving faster than we're prepared for — unless we change the game.“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn't just about tech — it's about access, scale, and business models. And most importantly, it's no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.Sean brings up the obvious: “Why does this still feel like we're always reacting?”Lyne responds: “We've shifted. We're going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.Marco flips the script by comparing today's cyber landscape to something deeply human. “Extortion is nothing new — we've just digitalized it. This is human behavior, scaled by tech.”From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it's all on their radar. But he's quick to note that cybercriminals aren't bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That's coming. And it will reshape how efficient — and damaging — these threats become.”And then the real insight lands:“You can't wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”That kind of operational openness isn't something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it's essential.William also highlights the NCA's partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.Why does this matter?Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It's not theory. It's strategy, lived on the front lines.
Asia's CISOs and CIOs face a uniquely complex cyber landscape in 2025. The convergence of AI-driven attacks and deepfakes intensifies disinformation and social engineering threats, demanding adaptive strategies. Simultaneously, securing sprawling IoT ecosystems against supply chain vulnerabilities call for more adaptive, scalable and resilient solutions. Regional disparities in 5G and cloud adoption create systemic resilience gaps, necessitating stronger public-private partnerships. Ethical deployment of autonomous response systems and safeguarding AI algorithms against poisoning are critical. CISOs must also navigate stringent data localisation laws amidst a cyber skills shortage, balancing AI orchestration with upskilling. Quantifying the ROI of resilience investments in emerging technologies remains a key priority for justifying essential budgets.Joining me on PodChats for FutureCISO is Sunny Tan, Head of Security Business for AMEA, BT Business1. How has the convergence of AI-driven attacks and deepfake technologies reshaped the threat landscape, and what adaptive strategies must CISOs prioritise to counter disinformation and social engineering?2. In what ways can blockchain architectures mitigate supply chain vulnerabilities, particularly in securing IoT ecosystems across Asia's manufacturing and logistics sectors?3. How do regional disparities in digital infrastructure—such as uneven 5G rollout or cloud adoption—create systemic risks, and what role should public-private partnerships play in bridging resilience gaps? (mention The Cyber Agile Organisation")4. With AI-powered autonomous response systems gaining traction, how can CISOs ensure ethical deployment to prevent unintended escalation during cyber incidents?5. What safeguards are necessary to secure AI training data and algorithms against poisoning attacks, particularly as organisations rely on machine learning for predictive analytics?6. How can CISOs reconcile stringent data localisation laws in markets like China and India with the operational demands of multinational businesses seeking regional cloud solutions?7. Amid a shortage of skilled cyber professionals, should organisations prioritise AI-driven security orchestration or invest in upskilling programmes to build human-machine synergies?8. What metrics should CISOs adopt to quantify the ROI of cyber resilience investments, particularly when justifying budgets for emerging technologies like deception platforms or homomorphic encryption?9. Final Advise for CISOs given the prevailing uncertainties in 2025?
In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In the latest Leader2Leader episode, Russ Branzell, President & CEO of CHIME, sits down with John Chirillo, Principal Security Architect at Connection, for a timely conversation on cyber resilience, digital trust, and the future of healthcare security.Together, they explore the evolving cybersecurity landscape, the challenges healthcare organizations are facing, and how leadership, continuous learning, and community engagement are key to staying ahead. From real-world insights to future-forward thinking, this episode is a must-listen for digital health leaders navigating today's complex threat environment.
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what's keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today's threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Show Notes: https://securityweekly.com/esw-409
"The problem is way bigger than people think… scams are now so good, even cybersecurity professionals fall for them." — Dmitri Vellikok, VP of Embedded Security, F-Secure In this compelling Technology Reseller News podcast, publisher Doug Green speaks with Dmitri Vellikok, Vice President of Embedded Security at F-Secure, about the urgent need for cybersecurity resilience in an AI-driven threat landscape. With nearly four decades of experience in digital protection and a long-standing, behind-the-scenes role powering cybersecurity for major telcos, F-Secure is stepping up efforts to help service providers build networks that are not only secure—but resilient. Dmitri Vellikok The conversation dives deep into how AI is a double-edged sword: enabling advanced threat detection, but also fueling a new generation of sophisticated scams that are increasingly difficult to identify. Vellikok discusses findings from F-Secure's recent global consumer security survey, which revealed that while 70% of users believe they can spot a scam, 43% have actually fallen victim—highlighting the growing disconnect between confidence and reality in the digital age. Vellikok emphasizes the critical role telecom operators can play in defending users. With access to rich behavioral and traffic data, service providers are uniquely positioned to identify and prevent threats in real time—especially as AI enables more targeted and scalable attacks. He outlines how F-Secure is working to empower these providers with predictive cybersecurity tools, including the concept of a “threat score” that can alert users when they're most at risk. Importantly, the podcast also addresses the balance between robust security and seamless user experience. Consumers, Vellikok notes, don't want tutorials or pop-ups—they just want problems to quietly go away. This insight is guiding F-Secure's approach to embedded protection that works silently and effectively behind the scenes. As 5G continues to roll out globally, the conversation ends on an optimistic note: this new architecture not only enhances connectivity but offers new opportunities for layered, real-time security solutions tailored to tomorrow's threats. Learn more about F-Secure: https://www.f-secure.com/us-en
Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
In a world where cybercrime is a business and national security secrets are often hidden in plain sight, this episode uncovers the gripping intersection of espionage and cybersecurity. Brian Boetig, a national security and public safety expert with 35 years of experience spanning the FBI, CIA, U.S. diplomacy, law enforcement, and consulting, shares fascinating stories from his career, including an unexpected brush with Russian intelligence, all thanks to a dachshund. In this episode we also discuss:The evolution of spycraft, from traditional field operations to modern cyber warfareHow cybercrime has transformed into a full-fledged business modelInsights into decoding behavioral patterns in cyberattacksThe complexities of cyber insurance and its limitationsHow businesses may be relying on cyber insurance in the wrong waysExamine how leadership engagement in cybersecurity has evolvedHighlight the critical role the C-suite plays in driving security initiativesStay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com
In this episode Jetro interviews Michael Ratemo, a cybersecurity expert and author, discussing his journey from Kenya to becoming a cloud and security leader.They explore essential topics such as cloud governance, identity and access management, the importance of cloud auditing, and cost management in cloud environments.Michael emphasizes the need for a business case before moving to the cloud, the significance of training for IT teams transitioning to cloud operations, and the role of Cloud Security Posture Management (CSPM) in maintaining security. The conversation highlights the dynamic nature of cloud environments and the necessity for continuous monitoring and auditing to ensure security and cost-effectiveness.In this conversation, Michael Ratemo and Jetro discuss the critical aspects of managing cloud operations and cybersecurity.They emphasize the importance of financial discipline in cloud usage, the necessity of a robust cybersecurity program, and the need to view cybersecurity as a business risk rather than just an IT issue.They also explore the concept of cyber resilience and how organizations can prepare for and respond to incidents.Finally, they touch on future trends in cybersecurity, particularly the integration of AI and secure development practices.CHAPTERS(00:00:00) INTRO (00:00:35) Introduction to Michael Ratemo (00:06:57) Michael's Journey into Cybersecurity (00:11:54) Cloud Security Governance Essentials (00:18:10) Identity and Access Management in the Cloud (00:24:41) The Importance of Cloud Auditing (00:27:45) Cost Management in Cloud Environments (00:29:05) Financial Discipline in Cloud Operations (00:32:44) Building a Robust Cybersecurity Program (00:41:42) Cybersecurity as a Business Risk (00:46:58) The Importance of Cyber Resilience (00:51:40) Future Trends in Cybersecurity and AI
DISCLAIMER: The information in this presentation is provided as education only, with the understanding that neither the presenter nor ENNIS Legacy Partners is engaged to render legal, accounting, or other professional services. If you require legal advice or other expert assistance, you should seek the services of a competent professional. Neither the presenter nor ENNIS Legacy Partners shall have any legal liability or responsibility to any person or entity with respect to any loss or damage caused, or alleged to be caused, directly or indirectly, by the information contained in this presentation.============================================“We want you to help you build a business that is sellable and exit successfully on your own terms and conditions.” - Pat Ennis============================================
Defense Information Systems Agency networks are leveraging AI and sensors to boost real-time monitoring and synthetic traffic, as well as improve user experience and incident resolution. At AFCEA TechNet 2025 in Baltimore, DISA J6 Global Services Directorate Vice Director Brig. Gen. Michael Cornell discussed the impact of emerging technology on data tagging, diagnostics and interoperability of DOD systems. Ahead of his June retirement, Cornell also reflected on his proudest moments in of his decades-long career in uniform, particularly working alongside dedicated service members in operational environments.
Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support.The research behind this project, supported by the University and its partners, explores how different types of SMEs—micro, small, and medium-sized—struggle with limited time, budget, and expertise. Many rely on third-party service providers, but often don't have enough cybersecurity knowledge to evaluate what “good” looks like. It's not just a resource problem—it's a visibility and literacy problem.Furnell emphasizes the potential of automation to lift some of the burden, from automated updates to scheduled malware scans. But he also makes it clear that automated tools can't fully replace the need for human judgment, especially in scenarios like phishing or social engineering attacks. People still need cybersecurity literacy to recognize and resist threats.That's where the idea of communities of support comes in. Rather than each SME navigating cybersecurity alone, the goal is to create local or sector-based communities where businesses and cybersecurity practitioners can engage in open, non-commercial conversations. These communities would offer SMEs a space to ask questions, share challenges, and exchange practical advice—without pressure, cost, or fear of judgment.The initiative isn't about replacing regulation or mandating compliance. It's about raising the baseline first. Communities of support can serve as a step toward greater awareness and capability—something that's especially critical in a world where supply chains are interconnected, and security failures in one small link can ripple outward.The message is clear: cybersecurity isn't just a technical issue—it's a social one. And it starts by creating room for dialogue, connection, and shared responsibility. Want to know what this model could look like in your community? Tune in to find out.__________________________________Guest: Steven Furnell | Professor of Cyber Security at University of Nottinghamhttps://www.linkedin.com/in/stevenfurnell/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
What if fixing cybersecurity wasn't about more tools, but about unlocking human potential? In this episode, Ron Eddings welcomes back David Shipley, CEO and Field CSO of Beauceron Security, for a conversation on the real force behind security resilience: people. Together they expose the failure of "reactive" cybersecurity strategies, drawing parallels with preventative healthcare — and explain why culture, psychological safety, and behavior change are the true secret weapons. Impactful Moments: 00:00 - Introduction 01:36 - The true meaning of "people in cyber" 03:13 - Cybersecurity's flawed healthcare analogy 07:31 - Nutrition for cyber: proactive strategies 10:00 - MSPs: why selling tools isn't enough 16:22 - Measuring culture, not just clicks 19:12 - Why people really click phishing emails 23:59 - Building psychological safety in security 30:30 - Celebrating human wins in security 34:00 - The future: empathy, transparency, trust Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: https:///www.beauceronsecurity.com/partner Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
As healthcare organizations become prime targets for increasingly sophisticated cyberattacks, a focus on prevention alone is insufficient and costly. Cyber threats, from ransomware to disruptive breaches, have the potential to impact care continuity and operational performance. So how can healthcare IT executives prepare for what many say is the inevitable? In this timely webinar, we'll speak with leaders who are embracing resilience strategies that aim to withstand disruptions and minimize downtime. Source: Building Cyber Resilience: Navigating Healthcare’s New Reality on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.
Discover the 6 Steps to Build True Cyber Resilience in 2025 with David White, President and Co-founder of Axio. In this insightful episode of the Risk Management Show, we discussed actionable strategies to enhance cybersecurity fundamentals, prioritize risk investments, and foster a culture of resilience. David draws on decades of experience in cyber risk quantification and operational resilience to share how companies can prepare for and recover from major events like ransomware attacks. Learn why financial modeling is key to aligning cybersecurity with business risk management and how tabletop exercises can strengthen your organization's preparedness. If you want to be our guest or suggest a speaker, send your email to info@globalriskconsult.com with the subject line “Guest Proposal.”
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Jonas Walker sat down with Vivien Mura, Group CTO at Orange Cyberdefense, to explore the dual role of AI in today's evolving threat landscape. Drawing on insights from the Security Navigator 2025 report, they discuss everything from generative AI and deepfakes to misinformation and automation—highlighting the urgent need for AI-aware, security-first strategies across the telco ecosystem. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
How prepared is your business for a ransomware attack? Not just to prevent it, but to continue operating when it happens. In this episode, I sit down with Trevor Dearing, Director of Critical Infrastructure at Illumio, to discuss the latest findings from their global ransomware report and what they reveal about cyber resilience. Trevor shares insight from a survey of more than 3,000 organisations across multiple sectors. The most concerning figure is that 58 percent of those impacted by ransomware were forced to halt operations. That number has risen sharply from 43 percent just two years ago. Despite this, many businesses in the UK still avoid reporting attacks, often due to fears around reputational damage or potential retaliation. Trevor explains why that reluctance is misguided and how public support, improved infrastructure, and more explicit government guidance could encourage more transparency. We also explore the rise of containment as a more practical and cost-effective approach than prevention alone. Rather than trying to stop every attack at the perimeter, organisations are learning how to isolate and limit damage quickly. Trevor explains how zero trust architecture, microsegmentation, and one-click containment tools are being used to keep systems operational even during an incident. Only 13 percent of organisations believe their cyber resilience exceeds what is required. Trevor helps us understand why this number remains low and where organisations should focus to shift from vulnerability to resilience. From evolving regulations to future applications of AI in security, this conversation covers what leaders need to know if they prepare for the next generation of cyber threats. To access Illumio's full ransomware report, visit illumio.com. Is your cyber resilience strategy built for recovery, or just defense?
In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security. 00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF's Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.
In this episode, learn about advanced solutions for detecting and responding to threats, recovering swiftly from cyberattacks, and the innovative Anomaly Detection feature in PowerProtect Data Manager. Tune in to discover how Dell empowers businesses to stay ahead in an evolving threat landscape.
CyberQuest, a joint venture between Data Edge, REIM Training Solutions, and CJHNetwork, is pleased to announce a free, one-hour cybersecurity webinar for Irish SMEs. NIS2 & cybersecurity - What Irish SMEs need to know now This interactive online event is specifically designed for SME leaders, IT decision-makers, and business owners seeking to improve their cybersecurity posture while navigating the upcoming NIS2 directive. Why attend? Learn about real-life cyberattacks and vulnerabilities experienced by Irish SMEs. Get clarity on the NIS2 directive and whether it applies to your business. Discover how to access funding and Enterprise Ireland grants to support your cybersecurity initiatives. Explore free and affordable tools other SMEs are using to protect their networks. Ask your questions directly in an interactive session with experts. Speaker panel: Eimear Murphy, Founder & Director, REIM Training Solutions Sandra Richardson, Director of Training, REIM Training Solutions Colm Hyland, Owner, CJHNetwork Omer Mukhtar, Cybersecurity Specialist, Data Edge "Cybersecurity often gets sidelined in busy SMEs, especially when business owners wear multiple hats," says Eimear Murphy. "This session is about making cybersecurity manageable and showing that you don't need to be an expert to protect your business." Sandra Richardson adds: "We want to break NIS2 down into something understandable and actionable. It's about giving SMEs the tools, support, and confidence to act." Colm Hyland will share insights on aligning cybersecurity strategies with business goals while working within the real-world constraints of SME life. Omer Mukhtar offers an industry-wide perspective, drawing on his strong background in defensive security. Cybersecurity doesn't have to be complicated and in this session, Omer will share practical insights from recent cyber reviews using tools like CyberScope and Link-Live, offering actionable steps any business can take to reduce cyber risk using the right tools and methodology. Participants will also have the opportunity to book a no-cost cybersecurity review to identify risks in their infrastructure. Register now: https://reimtrainingsolutions.com/cyberquest-webinar/ See more stories here.
Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.Cyber Resilience, Not Just StorageAccording to Herzog, today's enterprise buyers—especially those in the Global Fortune 2000—aren't just asking how to store data. They're asking how to protect it when things go wrong. That's why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.Built-In Defense and Blazing-Fast RecoveryThe integration isn't cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.Real-World Scenarios, Real Business OutcomesHerzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.Simplified Operations, Smarter SecurityThe message is clear: storage can't be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.Learn more about Infinidat: https://itspm.ag/infini3o5dNote: This story contains promotional content. Learn more.Guest: Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/ResourcesLearn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidatLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The federal government needs to share information on a wide variety of platforms and must provide methods to ensure this transmission is secure. Of course, the hard part is the “how” part of this data transfer. Tim Fuhl from Owl Cyber Defense gives the listener an overview of how Owl Cyber Defense can help federal agencies share information securely. To accomplish this task, he discusses two fundamental concepts: diodes and Cross Domain Solutions. Diodes. This is a mysterious word that was liberated from electrical engineers. When designing a semiconductor, one may need to create a one-way path to prevent a signal from returning. The solution in electronic design is a “diode.” Owl Cyber Defense took an electrical concept called a diode, which provided “one-way” data transfer. When they combined this one-way street with a data path, they developed a “data diode,” a device that limits data transfer to one direction, protecting the system from a reverse movement. When it comes to securing federal systems, a “data” diode is a device that restricts data transfer one way, essentially creating a one-way street. Cross Domain Solutions. One of the newest abbreviations in the world of security is Cross Domain Solution (CDS). The federal technical world is comprised of levels of protection. As a result, what is needed is a way for communication between varying security levels. During the interview, Tim Fuhl defines both terms and gives examples of where this innovation can be applied to federal systems.
Explore actionable strategies for building a robust cyber resilience posture in this insightful episode. From strengthening defenses to improving recovery agility and anticipating future cybersecurity trends, this conversation delivers practical insights to help you stay a step ahead in protecting your digital landscape.
Preparing for ransomware - where is your data and how is it protected? Building cyber resilience for your data, across on-premises and cloud Reducing the window of damage and minimising the time to recover This episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Heather Lowrie, Independent Advisor, Earthgard Ltdhttps://www.linkedin.com/in/heather-lowrie/Raza Sadiq, Head of Enterprise Risk, MQubehttps://www.linkedin.com/in/razasadiq7/Sandra Bell, Group Head of Organisational Resilience, Novunahttps://www.linkedin.com/in/sandra-bell-13a109183/Grant Caley, UK & Ireland Solutions Director, NetApphttps://www.linkedin.com/in/grant-caley-a424681/
UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he's discussing Advanced Persistent Teenagers (APTeens). And Google's AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily. Selected Reading UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg) Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer) Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek) Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record) NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News) Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News) Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot) Suspected Scattered Spider Hacker Pleads Guilty (SecurityWeek) This Alphabet Spin-off Brings “Fishal Recognition” to Aquaculture (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Climb Channel Solutions Ireland, the specialist technology distributor formerly known as DataSolutions, has announced a new partnership with Quest Software, a global leader in systems management, data protection, and security software. Quest is a software solutions provider which is trusted by more than 95% of Fortune 500 companies. With an office in Cork and more than a quarter of a century of pedigree in Ireland, its offering spans platform migrations, cloud deployments, Software-as-a-Service (SaaS), security, governance, data intelligence, database management, and solutions to ensure data is AI-ready. Through this partnership, Climb Channel Solutions Ireland will offer Quest's suite of security, data empowerment, and AI solutions to resellers. Quest's ever-expanding portfolio is designed to help organisations manage, format, and cleanse data, enabling the seamless adoption of AI. Climb Channel Solutions Ireland - which was recently recognised as Quest Distributor of the Year - and Quest will also focus on threat detection, backup and disaster recovery solutions and platforms. This includes Quest Security Guardian, an Active Directory (AD) security solution that significantly reduces the attack surface for enterprises and improves identity threat detection and response (ITDR). As one of only two vendors in Ireland providing Active Directory Recovery, Quest is uniquely positioned to help organisations quickly and securely restore critical identity services, reinforcing its leadership in identity resilience. Brian Davis, VP of Sales for the UK & Ireland, Climb Channel Solutions Ireland, said: "Given its 24/7 support services, technical certifications and expanding portfolio, Quest has the ability to transform, secure and drive impact for both resellers and end users. Ireland offers huge potential, and we look forward not only to solidifying our partnership but addressing challenges and powering success for enterprises." To support its partner network in Ireland, Quest will be rolling out several initiatives to help them identify and close new business opportunities. These include technical bootcamps, roundtables and an online training library. Alongside this, Quest also offers financial incentives to partners, such as rebates and referral fees. Olivia Donnell, Global Distribution, Quest Software, added: "With an office in Cork and more than 25 years of experience in Ireland, our partnership with Climb Channel Solutions Ireland will allow us to further strengthen cybersecurity for Irish enterprises. By combining well-established products with new solutions, we can make enterprises ready now for the future - ensuring resilience, reliability, and readiness across data management, Microsoft migrations, and security." See more stories here.
Ergo, Ireland's largest indigenous IT solutions provider, has announced the launch of its new Cyber Resilience and Cyber Recovery Service offering to coincide with World Backup Day. Ergo's offering is a robust end-to-end solution designed to safeguard organisations against cyber threats and ensure rapid recovery in the event of a cybersecurity incident. The growth of Ireland's digital economy has created both significant opportunities and challenges for businesses across all sectors. Approximately 41% of goods and services produced in Ireland are now transacted digitally, including both digitally ordered and digitally delivered products. As a result, cyber threats pose serious risks not only to individual businesses but also to the broader economy. Cyber threats are constantly evolving and becoming more sophisticated, and ransomware attacks globally and in Ireland, are on the rise, with global security spending expected to grow by 12.2% year-on-year in 2025. If an organisation's backup solution is not immutable, it can be entirely compromised by cyber-attack, making an organisation not only vulnerable to losing business critical data but also negatively impacting its bottom line due to unplanned downtime, reputational damage and potential regulatory penalties. Figures from Ireland's National Cyber Security Centre (NCSC) show more than 5,000 cyberattacks were reported by companies in Ireland in 2023 with an unknown quantity of unreported attacks. Regulatory pressure in the form of NIS2, DORA, CER, PART-IS, have also forced organisations across most sectors, to have cyber resilience policies and protections in place. In today's world, businesses must be more resilient and prepared for the potential risks and threats inherent with digital platforms. Ergo's new offering, available in Ireland and Northern Ireland, leverages the latest technologies and best practices to provide an end-to-end approach to cyber resilience, from backup management and rigorous testing to 24/7 monitoring and incident response. In the event of an incident, Ergo's Cyber Resilience and Cyber Recovery Service offering, ensures that businesses can recover efficiently and effectively. Commenting on the launch, Lorne Chedzey, CIO at Ergo said: "With the increasing prevalence of cyber threats, it's no longer a question of if, but when, a business will need to recover from an incident. We've seen an uptick in the number of attacks targeting organisations of all sizes, which show no signs of slowing down, and if we follow the trends, are only going to get worse. "With scores of Irish organisations reporting significant instances of cyberattacks as reported by the NCSC each year, something needs to change. "Our new Cyber Resilience and Cyber Recovery Service Offering is designed to provide peace of mind, ensuring our clients are prepared for whatever comes their way. World Backup Day is a timely reminder of the importance of both data protection and robust cyber resilience." To learn more about Ergo's Cyber Resilience and Cyber Recovery Services, visit https://ergotechnologygroup.com/security/cyber-resilience/ See more stories here.
- Response and Recovery (Part III) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 01:14 Once your team is activate, what are the key phases and actions required to mitigate the situation? 02:59 If there's a ransomeware attack on a company, should they pay or not? 09:46 How do you ensure your that your containment meausres do not interefre with the company's ongoing activities? 15:00 Do criminals follow some kind of internal SOP when they attack a company? 18:00 What steps should companies take to ensure that they are well prepared against a cyber attack?
The connection between technology and psychology may not be immediately apparent but our instincts when under attack, wherever the threat may come from, are often surprisingly similar. Lorne Chedzey, Chief Information Officer at Ergo, delves into the parallels between technology and psychology. As both a technology specialist and someone who has spent many years studying the human science of psychology, I have witnessed a parallel between how humans behave when facing a psychological threat, and how many CISO's and IT leaders behave when facing the potential threat of a data breach. Information technology is a product of the human mind so perhaps this is not too surprising. However, we can gain some insights from psychology that can be useful, like how the powerful human forces of fear and acceptance can play a key role in our cyber resilience strategy, and what to look out for as common pitfalls in strategic thinking. Many years ago, during my psychology degree, I studied the stress response, writing my thesis around the effectiveness of various coping mechanisms. It's human nature to focus on trying to prevent something unpleasant and the human body has developed a "fight or flight" response to respond to threatening events, which is often the cause for many people to suffer from a chronic stress response as well as anxiety. These symptoms can be incredibly debilitating for some people, and they were born during our evolution where this response, which raises cortisol levels in the bloodstream can lead to action, to flee from the bear chasing us through the woods. In modern times, we still feel the same feelings, but our environment is very different. When we have unpleasant experiences today, we often protect ourselves from these psychologically threatening events with defence mechanisms, such as avoidance. This can sometimes be effective in warding off the initial threat, but by doing so, we are not preparing ourselves for a time when we cannot avoid this situation. When this happens, the situation can cause considerable psychological damage. This coping strategy is only affective when we can control the variables. To draw parallels to the cyber-security realm, IT leaders have built a fortress, of prevention technologies, with firewalls, identity and access management systems, which are all effective at avoiding the threat of a cyber-attack. All of this is needed to protect their organisations valuable data from falling into the wrong hands, which is why it is a wise strategy to pursue. However, this alone is of no use if you do eventually get breached, and you are in a situation where you're facing a threat where you are not in control of the variables, and there is a risk of considerable business and reputational damage, as well as a lot of stress. If someone is struggling with chronic stress because they are finding it difficult to cope with external factors, sometimes it's helpful to understand where the issue is coming from, so that they can identify the root cause and start to do something about it. Often counselling or cognitive behavioural therapy can be useful in this instance. A good therapist will delve deeply into thoughts, and feelings, and how these may result in specific behaviours. This can sometimes provide someone with an "aha" moment, where they can link an external stimulus, to a thought, and then onto a behaviour. This can be effective at changing behaviour and reducing the stress response. From a cyber security perspective, it is the instigation of observability tools to identify and analyse where there may be potential breaches. Using SIEM systems to collect and analyse event logs can detect potential threats that could be a root cause to a possible breach. Utilising vulnerability management systems to identify systems, networks and software that may have holes that need to be plugged. This exploration work is very effective at understanding where the root cause of a breach may occur, and gives an...
In this episode of Security Matters, we dive into the world of retail technology and cybersecurity. Imagine a bustling retail chain during its busiest shopping season, only to be disrupted by a cyberattack. Our guest, Jason James, Chief Information Officer (CIO) at Aptos Retail, shares his insights with host David Puner on how to stay ahead of these threats. Discover the strategies for building cyber resilience, the role of AI in retail, the importance of protecting consumer trust and the critical role of identity in safeguarding sensitive data. JJ's journey from tech enthusiast to CIO offers actionable insights and expert advice for cyber professionals, business leaders and anyone with a seat at or view of the cybersecurity table.
How prepared is your organization for disruption? In our latest episode, we dive deep into the critical topic of Business Continuity Planning (BCP) with cybersecurity expert and new Reveal Risk Director Todd Wilkinson. As digital dependencies grow, the way companies approach BCP must evolve. Todd highlights the shift in ownership from IT departments to business leaders, shedding light on the necessity for everyone in the organization to take accountability for continuity strategies. Drawing from his wealth of experience, Todd recounts compelling stories of real-world failures and the stark realities of service disruptions, particularly in the healthcare sector. He explains how reliance on SaaS and cloud services has transformed the landscape of planning, creating both opportunities and vulnerabilities. Listeners will gain valuable insights into best practices for establishing effective BCP protocols, including the vital distinction between BCP and disaster recovery planning. We tackle the importance of clear communication strategies during crises, the need for frequent testing, and the changing roles of different departments when it comes to continuity planning. Engaging and informative, this episode encourages organizations to rethink BCP as a crucial aspect of operational resilience rather than just a checklist for IT departments. Subscribe, share, and let us know how your organization is preparing for unexpected challenges or if you need help along the way!
- Response and Recovery (Part II) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 02:30 How should companies communicate internally during the early stage of a crisis/incident? 03:53 What happens if the whole system is compromised and there are no redundant channels for crisis communication? 07:40 What could make a situation worse? 11:34 Should they call the police or that will make the situation worse? 15:35 Communicating with the Attacker - Am I allowed to speak to the cyber criminal?
Just last week, major cryptocurrency exchange Bybit's cold wallet of etherium was compromised triggering a rush of withdrawals from users fearing potential insolvency. Here in Singapore in late 2024, Singapore’s regulator unveiled new measures meant to ring-fence Singapore customers’ assets to avoid the huge losses that can occur when cryptocurrency firms went bust - among them requiring customers assets from those of the digital asset firm's own assets. Against this backdrop of increasing complexity and opportunity in digital finance, what do start-up founders in this space need to understand about how digital custody infrastructure is evolving? Michelle Martin finds out in conversion with Arthit Sriumporn, Founder & CEO, Rakkar Digital. See omnystudio.com/listener for privacy information.
In today's episode, I welcome Ricardo Ferreira, EMEA Field CISO at Fortinet, to discuss how the UK's proposed Cybersecurity and Resilience Bill compares to the EU's NIS2 directive. Ricardo brings a wealth of experience in cybersecurity strategy and regulation, and he shares why he believes the UK's bill is missing key components that could make it truly effective. With Brexit allowing the UK to take an independent approach, Ricardo argues that there is a unique opportunity to cherry-pick the most effective elements from NIS2 while avoiding its potential pitfalls. But is the current bill providing enough clarity? Ricardo highlights how the legislation introduces buzzwords like "digital supply chain" without actually outlining a clear path for addressing cyber threats. In contrast, NIS2 lays out a prescriptive approach that includes risk profiling, supply chain security frameworks, and post-breach recovery strategies. We also explore the growing need for board-level accountability in cybersecurity. Should executives and directors be held personally responsible for cyber resilience within their organizations? And how can governments ensure that businesses have both the guidance and incentives to proactively address security risks rather than reactively scramble to contain breaches? With cyber threats only growing more sophisticated, the role of regulation in mitigating risk has never been more important. But does the UK's current legislative approach go far enough? And what lessons can be learned from international frameworks like NIS2? Tune in for an insightful discussion on the future of cybersecurity policy, where it's headed, and what needs to change to create truly resilient digital infrastructures. As always, I'd love to hear your thoughts—how should governments balance regulation with innovation in cybersecurity?
Explore the Secrets to Cyber Resilience in Episode 169 of Business Influencers, René-Sylvain Bédard, Founder & CEO of Indominus, reveals how to turn your business into a fortress against cyber threats. With decades of expertise in AI, security, and risk management, he shares actionable insights to safeguard your organization. Hosted by Chris Salem, this is an episode you can't afford to miss! Tune in to TALRadio English now on Spotify and Apple Podcast! Host : Chris Salem Guest : René-Sylvain Bédard, Founder & CEO of Indominus You Can Reach René-Sylvain Bédard @ indominus.com #TALRadioEnglish #ExploreCyberResilience #BusinessSecurity #TechLeadership #CyberThreatProtection #DigitalFortress #AIandSecurity #ManagedSecurity #CyberDefense #SecureYourBusiness #BusinessInfluencers #touchalife #TALRadio
Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
What's the REAL cost of cyberattacks?
About the CISO Circuit SeriesSean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Heather Hinton, CISO-in-Residence, Professional Association of CISOsOn LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMichael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Episode NotesIn this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.This episode addressed three critical questions shaping the modern CISO role:How can CISOs build trust within their organizations?What is PAC doing to elevate cybersecurity as a recognized profession?How can CISOs prepare for increasing scrutiny and legal risks?Building Trust: A CISO's Key ResponsibilityHeather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO's success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.Elevating Cybersecurity as a Recognized ProfessionMichael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC's role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC's ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC's advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.Preparing for Legal Risks and Industry ChallengesThe conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.Looking AheadWith goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
This week on Feds At the Edge, we dive into the evolution of the Cybersecurity and Infrastructure Agency's Continuous Diagnostics and Mitigation (CDM) program in addressing the growing cyber-attack surface. Hemant Baidwan, CISO for DHS, OCIO, noted that Continuous Diagnostics and Mitigation is a comprehensive suite of tools and policies, with a key focus on understanding the attack surface and ensuring high data quality during deployment. John Schneider, Senior Systems Engineer, Axonius Federal, discussed the challenges inherent in managing IoT and OT devices for federal agencies, stressing interoperability and automation as best practices. Tune in on your favorite podcasting platform as we discuss the critical role of partnerships and inter-agency collaboration to enhance cybersecurity postures. = = =
The U.S. healthcare system, which includes roughly 200 federal hospitals, are constantly at risk for or under cyber-attack. This week on Feds-At-The Edge we explore ways to improve security through basic controls like software updates and patching, with the conversation quickly turning to the importance of practical strategy. >> Developing a good data inventory: Full of IoT devices? Learn what to include for your expanded attack surface >> Human Interaction: Learn the critical role humans play amid the new promises of AI >> Contingency Plans: If your agency was attacked today with ransomware, would you be able to identify your critical data?
Guest: Ravi Nayyar, PhD Scholar, The University Of SydneyOn LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems.The Cyber Zoo: Ravi Nayyar's Research FocusRavi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems.The Role of Humans in CybersecurityAt the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world.The Case for Stronger Cyber LawsRavi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security.Global Cooperation and the Fight Against Regulatory ArbitrageThe discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide.Incentivizing Secure PracticesDelving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem.Closing Thoughts: Collaboration for a Safer Digital WorldSean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesThe theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNriflLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss: How to identify these barriers to cyber resilience Be secure by design Align cybersecurity investments with the business Also, be sure to check out the first two installments of this series! Episode 380: Cybersecurity Success is Business Success Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! This week, in the enterprise security news, Funding and acquisition news slows down as we get into the “I'm more focused on holiday shopping season” North Pole Security picked an appropriate time to raise some seed funding Breaking news, it's still super easy to exfiltrate data The Nearest Neighbor Attack Agentic Security is the next buzzword you're going to be tired of soon Frustrations with separating work from personal in the Apple device ecosystem We check in on the AI SOC and see how it's going Office surveillance technology gives us the creeps All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-386
What happens when the backbone of modern society—our critical national infrastructure—faces an evolving cyber threat landscape? In this episode, Tony Burton, Managing Director of Cyber Security & Trust at Thales UK, joins the show to explore the growing cybersecurity risks posed to smart grids and essential utilities, backed by insights from Thales' 2024 Data Threat Report. Tony sheds light on the vulnerabilities introduced by the digitalization of critical infrastructure, explaining how the shift to smart grids and interconnected systems has opened new avenues for cybercriminals. He highlights the startling rise in ransomware attacks, insider threats, and human error as key contributors to data breaches in these high-stakes environments. With over 42% of critical infrastructure organizations reporting a cyber breach and 93% noting an increase in attacks, the stakes couldn't be higher. We'll discuss the real-world implications of these risks, from the potential for widespread blackouts and disruptions to essential services, to the theft of energy resources and compromised public safety. Tony also shares actionable strategies for safeguarding the future of energy supplies, emphasizing the importance of multi-layered defenses, proactive threat detection, and robust incident response plans. The episode also dives into the cutting-edge work at Thales' Cyber Resilience Lab in Ebbw Vale, where smart grid technology is stress-tested against a variety of cyber scenarios—all in a controlled offline environment. Tony underscores the critical role of innovation and compliance in building resilience, offering a forward-looking perspective on how the future of UK energy and national security hinges on addressing both present and emerging cyber threats. What do you think about the growing risks to critical infrastructure in a hyper-connected world? Join the conversation, and share your thoughts on how technology can help safeguard our most essential services.
This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guests: Jade Wilkie, Account Executive APAC, ThreatLocker [@ThreatLocker]On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/ResourcesEssential Eight: https://itspm.ag/threatq55qZero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerView all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
CISA's Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsoft's 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinet's Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Nuisance calls are in decline. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Selected Reading CISA Director Jen Easterly to depart on Inauguration Day (Nextgov/FCW) DHS Releases Secure AI Framework for Critical Infrastructure (Dark Reading) Palo Alto firewalls exploited after critical zero-day vulnerability (Cybernews) Microsoft 365 Admin portal abused to send sextortion emails (Bleeping Computer) Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report (SecurityWeek) 300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (SecurityWeek) Security plugin flaw in millions of WordPress sites gives admin access (Bleeping Computer) Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape (Proofpoint) Teen serial swatter-for-hire busted, pleads guilty, could face 20 years (The Register) FTC Records 50% Drop in Nuisance Calls Since 2021 (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices