Podcasts about cyber resilience act

  • 105PODCASTS
  • 174EPISODES
  • 37mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 11, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about cyber resilience act

Latest podcast episodes about cyber resilience act

Embedded Insiders
Navigating the Cyber Resilience Act with NXP Semiconductors and Axis Communications

Embedded Insiders

Play Episode Listen Later Jun 11, 2026 42:25


Send us Fan MailOn this episode of Embedded Insiders, we're diving into the EU Cyber Resilience Act with Giuseppe Guagliardo, Senior Product Manager at NXP Semiconductors, and Axel Keskikangas, Product Cybersecurity Architect at Axis Communications. During the discussion, the two provide an overview of the regulation and explain how NXP products and platforms help simplify CRA compliance, and how Axis supports the end user with evidence and assurance for CRA compliance. NXP Resources:CRA content hub: www.nxp.com/CRA CRA training academy: www.nxp.com/CRAacademyApplication note "Ease CRA compliance with EdgeLock Discrete Portfolio": https://www.nxp.com/docs/en/application-note/AN14671.pdf Axis Resources:Cybersecurity landing page: https://www.axis.com/about-axis/cybersecurityBlog article: https://newsroom.axis.com/blog/what-is-the-cyber-resilience-actFor more information, visit embeddedcomputing.com

Data Today with Dan Klein
Is it possible for tech for good to exist within a for-profit model with Jim Fruchterman

Data Today with Dan Klein

Play Episode Listen Later Jun 9, 2026 22:00


In a tech industry driven by profit, can companies really prioritise social impact over shareholder value?In this episode of Tech Tomorrow, David Elliman sits down with serial social entrepreneur and author Jim Fruchterman to explore what ‘tech for good' really means, and whether it can truly exist within traditional, venture-backed business models.Drawing on his experience building an OCR (Optical Character Recognition) startup, Jim explains how a venture capital board shut down a reading machine for blind users after deciding the market was too small. That experience eventually led him to launch a nonprofit focused on accessible technology, demonstrating that mission-driven organisations can still operate within Silicon Valley systems while benefiting underserved communities.The conversation also examines how investor incentives can unintentionally steer companies towards harmful outcomes, even when the people inside them have good intentions. Jim highlights alternative models, including B Corps, Pledge 1%, and treating social impact as a core business metric rather than a marketing add-on, as ways to help counteract this.Jim also shares examples of tech partnerships in which engineers and product teams offered steep discounts or free licenses to nonprofits because they believed in the mission and took pride in building useful tools. At the same time, he notes that large companies have sometimes scaled back or removed nonprofit-friendly pricing entirely once those markets became more commercially attractive.The conversation also explores which problems are best addressed through for-profit innovation, such as clean energy, and which may always rely on charities and nonprofits, including human rights advocacy. Overall, Jim emphasises that the wider tech ecosystem, from smartphones and app stores to open-source software, plays a vital role in making meaningful social impact possible.Episode Highlights01:18 – What is ‘tech for good'?01:45 – Jim's social entrepreneur origin story.05:46 –  Jim's mantra: ‘Try to do good on purpose rather than evil by accident'.07:59 – David's Thoughts:  Switching focus from profit to other measures of value.09:29 – Can every part of the tech industry do societal good?10:53 – The power of reducing software costs for nonprofits.15:15 – David's Thoughts:  Most of the engineers don't get out of bed for the share price.16:13 – What else could be done to help regulate big tech?20:13 – Is it possible for tech for good to exist within a for-profit model?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInJim Fruchterman WebsiteJim Fruchterman LinkedInThe Tech Matters PodcastTechnology for Good: How Nonprofit Leaders Are Using Software and Data to Solve Our Most Pressing Social Problems Book

Threat Talks - Your Gateway to Cybersecurity Insights
4. Europe Is Losing the Sea Cable Race

Threat Talks - Your Gateway to Cybersecurity Insights

Play Episode Listen Later Jun 9, 2026 35:10


In 2026, 40 new submarine cables go live. Most won't land in Europe. Europe is losing the sea cable race, and most people haven't noticed yet.In this second part of our sea cables conversation, host Peter Ernst sits down with Ernst Noorman, the Netherlands' Cyber Ambassador-at-Large and a member of the ITU Advisory Body on Submarine Cable Resilience, to move from the “how” of sea cables to the “why it matters.”We compare two places that were once called the two hardest spots in the world to build digital infrastructure, Amsterdam and Singapore, and unpack how Singapore solved its crunch with 32 cable landings, five years of zero cable faults, and a green-energy-first tender process, while the Netherlands risks resting on a 30-year-old head start.Along the way: the difference between sovereignty and autonomy, why “always the cheapest option” no longer works, the EU Cyber Resilience Act and security by design, what NIS2 means for boards and CEOs personally, and why Europe needs to stop being modest about Airbus-sized wins.Chapters00:00 — 40 new cables, most skip Europe00:30 — Meet Ernst Noorman & the ITU advisory body02:00 — The sea cable map is being redrawn04:08 — Why the Netherlands risks losing its head start06:26 — How Singapore solved it: 32 landings, zero faults08:09 — Tax cuts for digital, would Europe ever?08:59 — Sovereignty vs autonomy: it's about choice15:02 — You can't own the whole stack (ASML, Nokia, Ericsson)15:53 — Why “always the cheapest” stops working17:47 — The Cyber Resilience Act & security by design18:51 — The water-from-the-tap analogy19:51 — What boards and CEOs must actually ask25:30 — Back to Singapore: government-led, by design29:39 — The good news: Europe's real strengths36:15 — What needs to happen in the next 3–5 yearsThreat Talks is a podcast by ON2IT and AMS-IX. Subscribe for more on Zero Trust, cyber resilience, and the infrastructure behind the internet.

Bli säker-podden
#354 Säkrare eller osäkrare routrar?

Bli säker-podden

Play Episode Listen Later Jun 5, 2026 37:55


För att en router ska få säljas i EU måste den vara CE-märkt. Genom CE-märkningen garanterar tillverkaren att produkten uppfyller krav inom bland annat elsäkerhet och kemikaliesäkerhet. Nästa år kommer även krav på cybersäkerhet att bli en av CE-märkningen. Kraven införs som en del av CRA-förordningen (Cyber Resilience Act). En av de största förändringarna berör routertillverkarens underhållsåtagande. Tillverkaren kan inte längre sälja en router och strunta i att hålla den säker. För det första måste tillverkaren veta vilka komponenter som mjukvaran består av så att routern släpps utan några kända sårbarheter. För det andra måste tillverkaren åtgärda upptäckta sårbarheter i minst fem år. För det tredje måste köparen informeras om hur länge tillverkaren garanterar underhållet. CRA-förordningen kräver också att produkterna designas och konfigureras med cybersäkerheten i åtanke. Routrar ska skeppas med säkra standardinställningar och utan onödigt exponerade tjänster. På andra sidan Atlanten sker samtidigt stora förändringar. FCC har slutat godkänna nya konsumentroutermodeller som tillverkas utanför USA. Problemet är att nästintill inga routrar tillverkas i USA. FCC har därför skapat en undantagslista för routermodeller som får säljas i USA trots att de tillverkas i andra länder. I veckans podd pratar Peter och Nikka om förändringarna som sker på routerfronten. Nikka lyfter bland annat problematiken med att USA vill införa förbud mot firmware-uppdateringar av redan sålda routrar från utländska tillverkare. Firmware-uppdateringar är en av de viktigaste åtgärderna för att hålla routrar säkra. Därom instämmer den amerikanska cybersäkerhetsmyndigheten Cisa som lägger firmware-uppdateringar högst upp på sin lista över rekommenderade cybersäkerhetsåtgärder i hemnätverk. Se fullständiga shownotes på https://go.nikkasystems.com/podd354.

IT IST ALLES.
#127 | Falk Steiner - Wie viel Regulierung braucht unsere digitale Welt?

IT IST ALLES.

Play Episode Listen Later May 27, 2026 58:39 Transcription Available


Für Podcast Folge #127 haben sich Julius und Marcel journalistische Expertise ins Studio geholt. Mit dabei ist dieses Mal Falk Steiner, der seit vielen Jahren Journalist mit Fokus auf Digitalisierung, Politik und Regulatorik ist. Gemeinsam tauchen sie ein in die Welt zwischen Technologie und Gesetzgebung und werfen einen Blick hinter die Kulissen politischer Entscheidungsprozesse. Im Gespräch wird schnell klar, dass IT-Security längst kein rein technisches Thema mehr ist. Denn immer öfter spielt Regulatorik eine zentrale Rolle, wie bei NIS2 und dem Cyber Resilience Act. Julius, Marcel und Falk sprechen darüber, warum Regulatorik oft unterschätzt wird, welche Rolle sie für unsere digitale Sicherheit spielt und warum sie gleichzeitig in einer global vernetzten Welt an ihre Grenzen stößt.

Data Today with Dan Klein
Is irrational AI making our decision-making worse with Stephanie Antonian

Data Today with Dan Klein

Play Episode Listen Later May 26, 2026 22:01


Many people see artificial intelligence as a tool for making decisions faster and more logically. But what if we've misunderstood what AI really is and how to use it well?In this episode of Tech Tomorrow, David Elliman talks with Stephanie Antonian, Founder and CEO of Aestora, about whether AI really improves how we think. Focus on the arguments made in Stephanie's essay, AI is Irrational, which questions the idea that AI always follows traditional logic. Instead, she explains that most modern AI, especially machine learning, finds patterns and makes predictions based on past data rather than relying on strict logical reasoning.They discuss how this change has confused many business leaders, who expect certainty from AI systems that operate on probabilities and don't provide fixed answers. This misunderstanding has led to overinvestment, failed AI projects, and frustration with unclear or inconsistent results.David and Stephanie also look at what this means for accountability and governance. Stephanie stresses the need for real human oversight, transparency, and the ability to audit AI systems. Instead of only engaging in abstract ethical debates, Dave suggests a practical approach grounded in safety engineering, such as traceability and thorough testing.The episode features practical advice for leaders who want to use AI responsibly. Stephanie suggests that organisations should compare costs and capabilities, run controlled tests, and focus on current performance factors like accuracy and integration before expanding. She also warns that without careful management, AI can make organisations more complex and lead to analysis paralysis rather than better decisions.Episode Highlights01:28 – The core arguments of AI is Irrational.03:30 – Is it the tools we use, or the human interaction with them, that causes issues?05:06 – What are some use-cases for machine learning tools?07:09 – David's Thoughts: The current state of play in AI.08:29 – We need outliers, not probabilities, to make the world better.10:45 – There always needs to be a human in the loop.14:57 – David's Thoughts: The AI ethics debate.16:05 – What can business leaders actually do about all of this?18:21  – Is irrational AI making our decision-making worse?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInStephanie Antonian on LinkedInAestora WebsiteAI is Irrational EssayMIT report: 95% of generative AI pilots at companies are failing Article 

Data Today with Dan Klein
What boundaries should define our relationship with agentic AI in large-scale systems with Sam Newman

Data Today with Dan Klein

Play Episode Listen Later May 12, 2026 28:08


As agentic AI gets more advanced, how do we decide where its independence should start and stop?In this episode of Tech Tomorrow, David Elliman speaks with consultant and author Sam Newman about setting boundaries for agentic AI in large-scale systems. They also discuss why planning for uncertainty is now a key issue for many business leaders, and how doing small experiments with AI is ultimately the best approach.Sam points out that non-determinism in agentic AI is a major challenge because its results are not always predictable. When these AI workflows are connected, small mistakes early on can spread and impact later parts of the system. To handle this, Sam suggests breaking systems into smaller, manageable parts and adding checks between steps to catch problems early. He also highlights the importance of being able to trace issues and roll back changes, so teams can fix problems and recover from failures. These steps are only possible if boundaries are set early and humans stay in the loop throughout.They also talk about designing systems, so AI does not become a complicated dependency. One way is to keep AI tasks separate, using clear boundaries and security measures, often treating them as their own services within specific business areas. This makes it easier to manage data securely and to swap out models or vendors as technology changes and providers rise and fall.Of course, costs make things even more complicated. Token-based pricing models can lead to unpredictable expenses, much like the early days of cloud computing, where many businesses were shocked that the promise of cost-cutting wasn't delivered on. Subscription models for AI software can also hide high computing costs, making it hard for decision-makers to know how much they are really spending on agentic AI.Overall, Sam's main point is clear: try small, controlled experiments with agentic AI, but do not let them manage your large-scale systems without oversight, clear boundaries, and a way to undo changes if something goes wrong.Episode Highlights01:17 – How are agentic AI agents defined, and what is determinism in this context?03:56  – What kind of issues are Sam's clients having?07:13  – The shift to breaking down problems into lots of modular steps.08:48  – David's Thoughts: What happens when AI agents pass problems down the chain?10:12 – How does Sam approach agentic agent deployment?16:32  –  Sometimes it just makes sense to write the code yourself.19:30  – David's Thoughts: Lessons learned from the move to the Cloud.21:06  – Where Sam thinks generative AI may be heading.25:36 – Sam's advice on agentic AI? Do lots of small experiments.26:56 – Wrap up.About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInSam Newman Website

Mon Carnet, l'actu numérique
{ENTREVUE} - Vincent Lomba : Cybersécurité et souveraineté, protéger bien plus que des données

Mon Carnet, l'actu numérique

Play Episode Listen Later May 7, 2026 16:08


Vincent Lomba rappelle que la cybersécurité est devenue un enjeu stratégique directement lié à la souveraineté des États, des entreprises et des citoyens. À mesure que les sociétés dépendent des infrastructures numériques, les risques touchent désormais l'économie, la démocratie et les services essentiels. L'Europe tente de renforcer sa résilience avec des réglementations comme le RGPD, NIS2 et le Cyber Resilience Act, qui imposent de nouvelles obligations aux acteurs technologiques. Mais au-delà des outils techniques, l'enjeu repose aussi sur l'éducation et la sensibilisation dès le plus jeune âge. Pour l'expert, la clé demeure l'humilité : considérer la cybersécurité comme un processus permanent d'adaptation face à des menaces en constante évolution.

Wavelengths
The Europe Fiber Conversation: Market Standards, Strategy, and the Next Wave Pt. 2

Wavelengths

Play Episode Listen Later May 6, 2026 41:51


In this episode of Wavelengths, the Amphenol Broadband Solutions podcast, host Daniel Litwin continues the European broadband deep dive with Carsten Engelke, Director of Technology at ANGA, and Dr. Anthony Basham, VP of Active Products for the EMEA region at Netceed and President of SCTE, focusing on one of the most critical—and often underestimated—dimensions of next-generation networks: resilience.As fiber cements its role as the backbone of Europe's digital infrastructure, the conversation shifts beyond deployment and into durability. These networks are no longer just conduits for internet access—they underpin emergency services, energy systems, national security, and the broader digital economy. That shift raises the stakes: building fast networks is no longer enough. They must also be secure, resilient, interoperable, and adaptable to future technological change.Engelke and Basham explore how resilience must be designed into fiber networks from the outset—not retrofitted later—and why that requires a holistic approach spanning physical infrastructure, cybersecurity, AI-driven operations, workforce readiness, and global standards alignment. From network detection systems to autonomous maintenance, from interoperability gaps to lifecycle planning, this episode examines what it truly means to build broadband infrastructure that can stand the test of time. Key Discussion Highlights:• Fiber as Critical National Infrastructure: The conversation underscores that fiber networks now support far more than connectivity—they are foundational to public services, emergency response, energy systems, and national economies. This elevates resilience and security from optional considerations to core design requirements.• Resilience Requires a Holistic Approach: Basham emphasizes that resilience cannot be solved with a single technology or policy. It must integrate physical infrastructure protection, power redundancy, cybersecurity, supply chain integrity, and workforce preparedness into one cohesive strategy.• Cybersecurity Pressure Is Rising Fast: With increasing geopolitical tensions and regulatory frameworks like the EU's Cyber Resilience Act and Cybersecurity Act, operators face growing pressure to implement advanced monitoring, detection, and response systems—often driven as much by compliance as by operational necessity.• AI and Network Detection Are Becoming Essential: As network traffic complexity grows beyond human-scale analysis, tools like Network Detection and Response (NDR) systems, machine learning, and behavioral analytics are becoming critical for identifying anomalies, threats, and performance issues in real time.• The Role—and Limits—of Automation: While AI enables proactive maintenance, self-healing networks, and smarter deployment planning, both guests stress that human expertise remains essential. Engineers will still design architectures, interpret edge cases, and make strategic decisions—AI acts as an augmentation layer, not a replacement.• Workforce Transformation and Training Challenges: As networks become more software-driven and AI-assisted, the industry must rethink how technicians are trained. Future roles will require a blend of traditional field skills and digital intelligence—making global, standardized training frameworks more important than ever.• Interoperability and Standards Are Still Gaps: The discussion highlights ongoing fragmentation across vendors and systems, particularly in fiber environments. Without stronger global standards and interoperability, operators risk increased complexity, higher costs, and slower adoption.• Designing for Long Life vs. Fast Rollout: A key tension emerges between speed and durability. Rapid fiber deployment has often prioritized rollout velocity over long-term resilience, but future networks must balance both—building passive infrastructure for decades-long endurance while allowing active components to evolve.• Lifecycle Thinking and Circularity: Sustainability plays a growing role in resilience strategy. Operators must plan for equipment reuse, replacement cycles, and energy efficiency—treating networks as long-term systems rather than one-time builds.• Global Coordination and Standardization: Both guests stress the importance of aligning European efforts with global standards bodies and international partners. Broadband infrastructure must operate seamlessly across borders, making interoperability and shared frameworks essential.This episode brings the European broadband conversation full circle—moving from deployment strategy to long-term viability. It highlights a critical shift in industry thinking: success will not be defined solely by how quickly fiber is rolled out, but by how well those networks can adapt, endure, and operate securely in an increasingly complex digital landscape.

@BEERISAC: CPS/ICS Security Podcast Playlist
CE-Kennzeichen für Digitales: Wie der CRA die OT-Schieflage korrigiert | OT Security Made Simple

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 1, 2026 30:47


Podcast: OT Security Made SimpleEpisode: CE-Kennzeichen für Digitales: Wie der CRA die OT-Schieflage korrigiert | OT Security Made SimplePub date: 2026-04-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization Klaus Mochalski und Sarah Fluchs (admeritia) beleuchten den Cyber Resilience Act. Erfahren Sie, warum der CRA eine historische Schieflage beendet, weshalb Hersteller künftig in der Pflicht sind und wie Betreiber das neue Gesetz als mächtigen Hebel für ihre NIS-2-Compliance nutzen können.Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an podcast@rhebo.com.  The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Data Today with Dan Klein
Could AI and data science help us find a cure for Alzheimer's with Prof. Alejo Nevado-Holgado

Data Today with Dan Klein

Play Episode Listen Later Apr 28, 2026 25:07


An estimated 55 million people worldwide are living with dementia, of which Alzheimer's is the most common form. This number continues to rise as global populations age. Despite the scale of the problem and large amounts of funding, no one has been able to find a cure. Could it be that data science, rather than medicine, holds the answers to tackling this disease?In this episode of Tech Tomorrow, David Elliman speaks with Alejo Nevado-Holgado, Associate Professor of Psychiatry at the University of Oxford and member of the Big Data Institute. He leads AI research within the Computational and Molecular Neuroscience Laboratory, an interdisciplinary team spanning AI, biochemistry, and bioinformatics.The conversation explores how advanced computational methods are using vast biological and clinical datasets, including genomics, transcriptomics, proteomics, stem cell imaging, brain scans, and electronic health records. This integrated approach aims to uncover disease mechanisms, identify new drug targets, and advance more personalized treatments, all supported by high-performance computing.A key challenge in Alzheimer's research is the difficulty of accessing and studying the brain. The blood-brain barrier limits treatment delivery, while the disease develops over decades before symptoms appear. The discussion also highlights ongoing scientific uncertainty about whether hallmark features such as amyloid plaques and tau tangles are causes of the disease or downstream effects.The episode examines how AI can support early detection through blood-based biomarkers and why it is particularly effective in analysing complex, high-dimensional data such as molecular structures and genomic information. The importance of combining diverse datasets, such as population-scale biobanks and drug discovery data, is emphasised as essential for progress.However, challenges remain, including the need for explainable AI systems and more complete longitudinal health data. The conversation also touches on emerging techniques like AI-driven molecular simulations, which may help predict how drugs interact within the brain.Episode Highlights01:07 – The background of Alejo's project.02:25 – Why are Alzheimer's and dementia so hard to treat?05:50 – How can neurodegenerative brain diseases be prevented?07:05 – Drug discovery and machine learning.09:43 – David's Thoughts: Multi-modal data.10:29 – Why high-quality data is so hard to access.14:55 – Why AI explainability remains an issue.17:06 – David's Thoughts: A black box within a black box.19:23 – The UK Biobank and rich medical data.23:54 – Wrap up.About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInProf. Alejo Nevado-Holgado BioDementia Research Oxford WebsiteUK Biobank Website

OT Security Made Simple Podcast
CE-Kennzeichen für Digitales: Wie der CRA die OT-Schieflage korrigiert | OT Security Made Simple

OT Security Made Simple Podcast

Play Episode Listen Later Apr 28, 2026 30:47


Klaus Mochalski und Sarah Fluchs (admeritia) beleuchten den Cyber Resilience Act. Erfahren Sie, warum der CRA eine historische Schieflage beendet, weshalb Hersteller künftig in der Pflicht sind und wie Betreiber das neue Gesetz als mächtigen Hebel für ihre NIS-2-Compliance nutzen können.Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an podcast@rhebo.com.  

The Metal Pack Pod
Innovations Unveiled: Koenig & Bauer at Metpack 2026

The Metal Pack Pod

Play Episode Listen Later Apr 24, 2026 3:38 Transcription Available


Koenig & Bauer Previes: MetalCoat 484 Premiere and Digital Printing Updates for Metpack 2026  Damien and Alex discuss Koenig & Bauer's plans for Metpack 2026, highlighting the world premiere of the MetalCoat 484 coating machine aimed at high automation in metal sheet coating. Key features include a closed-loop system and, for the first time, automatic wash-up. They will also display their digital printing portfolio with samples from the MetJET ONE and MetJET PROB, including improvements and new features.The company notes its sales team is trained to address emission regulation and EU Cyber Resilience Act topics, with machines prepared to meet emissions regulations 2027 and the Cyber Resilience Act starting this year, and fulfilling these regulations starting 2026.  

Data Today with Dan Klein
5 New Episodes Starting April 28th!

Data Today with Dan Klein

Play Episode Listen Later Apr 22, 2026 0:30


Join David Elliman as he continues exploring the fast-changing world of emerging tech.  With his five new guests, he'll dive into topics like the role of agentic systems, how AI's irrationality is making our decision-making worse, and whether tech for good is even possible in a for-profit business.About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedIn

The Data Chronicles
Cyber developments in the EU and UK

The Data Chronicles

Play Episode Listen Later Apr 16, 2026 41:30


Cybersecurity regulation in Europe has entered a period of rapid expansion and fragmentation, moving well beyond traditional data protection into a complex framework governing enterprise security, product security, sector specific obligations, and supply chain risk.  In this episode of The Data Chronicles, we examine how evolving regimes such as NIS2, the Cyber Resilience Act, DORA, and proposed reforms to the EU Cybersecurity Act are reshaping legal and operational expectations for organizations operating across borders.  The discussion explores why global “one size fits all” security programs and reliance on baseline standards like ISO and NIST are no longer sufficient on their own, how post Brexit divergence between the EU and U.K. is creating material compliance challenges, and why cybersecurity has shifted from a best practice exercise to enforceable law – requiring tighter integration between legal, IT, and information security teams to execute compliance at scale.

Irish Tech News Audio Articles
31% of organisations dedicate less than 10 hours per month to oversight of AI-generated code

Irish Tech News Audio Articles

Play Episode Listen Later Apr 10, 2026 5:04


New research from leading cloud-native software artifact management platform Cloudsmith finds that, despite 93% of respondents' organizations using AI-generated code, 31% spend 10 hours or less per month validating, auditing, or securing it – including 5% who do not explicitly audit AI code at all. This, and other findings, released today in the Cloudsmith 2026 Artifact Management Report, highlight gaps in how organisations are managing risk across the modern software supply chain. A rise in software supply chain vulnerabilities The risks posed by weak software supply chain security have become increasingly clear in the past 12 months. With threat campaigns including Shai Hulud 2.0 and SANDWORM_MODE specifically targeting the software supply chain via upstream repositories, 44% of respondents have experienced a security incident caused by a third-party dependency. In the same time period, 44% of respondents reported their organisation spent over 50 hours per month investigating potential security issues linked to third-party dependencies, whether or not they resulted in a breach. Confidence in AI-generated code Confidence in AI-generated code is also lacking. 58% of respondents spend at least 11 hours per month validating and securing AI-generated code — rising to over 40 hours for 8% of respondents — as teams work to catch hidden dependencies and potential vulnerabilities. In fact, only 17% are very confident that AI is not introducing new vulnerabilities into their codebase. These concerns are well-founded, as AI is known to introduce risks in software development by generating insecure or incorrect code, including "slopsquatting" – where models hallucinate non-existent package names that attackers can then register and exploit – embedding hidden vulnerabilities that can compromise systems. Regulation on the horizon In addition to growing exploitation of third-party dependencies and concerns about the adoption of AI, there are a wider range of issues putting pressure on the software supply chain. With the arrival of new legislation like the EU's Cyber Resilience Act, companies have an incredibly tight deadline to respond to cyber attacks. This involves the obligation to provide a detailed assessment 48 hours after becoming aware of a breach. To do so, organisations will need to provide provenance data with little to no notice. Despite this, however, Cloudsmith's research shows that, if they were hit with a surprise audit tomorrow, 53% of respondents could only produce a comprehensive report of artifact versions, origins, and security attestations with a significant amount of manual effort or time. This is a particularly significant gap, given the number of organisations that are committing AI-generated code to production without understanding exactly how it functions, or why it was created. An inflection point for the software supply chain "We are at a huge inflection point in the history of software development," says Glenn Weinstein, CEO of Cloudsmith. "In a matter of months, we've gone from, 'How can AI help me write better code?' to, 'How can I help AI write better code?' But at the same time, AI tools are expanding the attack surface, introducing more open source dependencies. And those same tools are being used by malicious actors to find more vulnerabilities in existing libraries, leading to more CVEs." He continues: "Agentic development is an incredibly powerful way to build software, and teams will be far more productive and write even more software as a result. That is a good thing, because the world certainly needs more software and more automation! For enterprises to manage this new velocity and productivity, automated guardrails and context are the new keys to unlock the production of safer, more efficient code." In addition to these findings, the Cloudsmith 2026 Artifact Management Report also reveals respondents' plans for the future. The top three challenges respondents expect to face this year are: Ensuri...

Embedded Insiders
The EU Cyber Resilience Act & Industrial Power Conversion in Data Centers

Embedded Insiders

Play Episode Listen Later Mar 26, 2026 45:19


Send us Fan MailIn this episode of Embedded Insiders, Ken is joined by Heinz-Peter Beckemeyer,  the Director of Cybersecurity & Functional Safety Marketing at Texas Instruments, to discuss the EU Cyber Resilience Act (CRA) and global cybersecurity implementation.Watch this segment here: https://www.youtube.com/watch?v=87hTymmgcGA&t=440sNext, Rich and Steve Tateosian, Infineon Technologies' Senior VP for the IoT, Compute, and Wireless Business Unit, discuss industrial power conversion in the data center. But first, Ken and I briefly share our thoughts on the impending EU Cyber Resilience Act (CRA), which will take full effect in December of 2027. For more information, visit embeddedcomputing.com

IT IST ALLES.
Das Update #47 | Was bedeutet der Cyber Resilience Act für die Praxis?

IT IST ALLES.

Play Episode Listen Later Mar 25, 2026 13:42


Moin aus Osnabrück und herzlich Willkommen zur Folge 47 vom Update. Digitale Produkte begleiten uns heute überall. Vom Smart Home bis zur Industrieanlage. Doch wenn es um Sicherheit geht, gab es lange unterschiedliche Standards und wenig Transparenz. Das sorgte immer wieder für Risiken, die eigentlich vermeidbar gewesen wären. In dieser Folge schauen Ulf und Thomas sich den Cyber Resilience Act der genauer EU an und klären, was sich künftig ändern soll und warum das Thema Sicherheit jetzt für Hersteller:innen und Nutzer:innen gleichermaßen in den Fokus rückt.

På forkant med juraen
Cyberresiliens: Har vi fået mere sikkerhed – eller mere regulering?

På forkant med juraen

Play Episode Listen Later Mar 23, 2026 42:45


Cybertrusler er i dag et grundvilkår for virksomheder, myndigheder og kritisk infrastruktur. Samtidig vokser reguleringen markant – fra NIS2 og Cyber Resilience Act til nye forslag om ændringer i Cybersecurity Act.Men skaber mere regulering i sig selv mere sikkerhed? Eller risikerer vi, at fokus flytter sig fra reel robusthed til dokumenteret compliance?I denne episode ser vi nærmere på det aktuelle trusselsbillede, det komplekse reguleringslandskab og den rollefordeling, der tegner sig mellem virksomheder, leverandører og myndigheder.GæstChristian Wiese Svanberg, advokat og Director i DLA PiperVærtMagnus Krabbe

Sustain
Episode 285: Miranda Heath on Altruism & Burnout in Open Source

Sustain

Play Episode Listen Later Mar 6, 2026 44:11


Guest Miranda Heath Panelist Richard Littauer Show Notes In this episode of Sustain, host Richard Littauer is joined by PhD student Miranda Heath to discuss her research on altruism and maintainer burnout in open source, and specifically her report on burn out in open source maintainers. Miranda shares insights from her study on what motivates people to act altruistically and how these behaviors manifest in open source communities. She delves into the common issues maintainers face, such as changing motivations and the systemic challenges that contribute to burnout. Drawing on examples from her research, including kidney donors and open source maintainers, Miranda explores how community support, mentorship, and better funding can help mitigate burnout. The conversation also touches on the unique challenges neurodiverse maintainers face and the importance of creating supportive environments for them. Press download now to hear more! [00:00:44] Richard introduces Miranda Heath, whom he met at FOSDEM, and she's built a major report on maintainer burnout. [00:02:04] Miranda studies what motivates people to benefit others, how “altruism” is often framed too narrowly, and she points out neglected forms. [00:03:40] Richard asks about a name for the type of altruism, and they land on “collective altruism” as a useful label for shared/commons based giving. [00:04:25] Miranda explains her work on anonymous kidney donors and the key insight from the kidney donors is that altruism can be mundane. [00:06:45] Looking at the motivations of open source developers, Miranda sees overlap between altruistic impulses and open source and contrasts this with academia's paywall-driven publication system. [00:08:36] They discuss how motivation changes which leads to burnout risk, and Richard brings up Miranda's maintainer burnout report and what it was based on. [00:10:13] Miranda describes how this report started and what she wanted to change. [00:13:21] What are some systematic solutions for burnout? Miranda argues “money vs people” is a false dichotomy: respecting maintainers includes making it possible to live. Burnout is worsened by “double shift” dynamics and “Labor of love is still labor.” [00:16:18] Richard notes many maintainers are paid through employers, Miranda talks about paid maintainer roles still carry burnout risk, and some research done by Robert Karasek in the late 70's. [00:20:14] Miranda draws from social psychology: communities run on group norms (often unspoken), and emphasizes we need to make beneficiaries feel part of the in-group, so they adopt norms. [00:22:36] Richard highlights the Open Source Pledge and policy approaches like the Cyber Resilience Act, and Miranda notes policy could reduce autonomy and increase burnout if rigid. [00:26:22] What happens after burnout? Miranda believes we should prevent unwanted exits, normalize “sunsetting” conversations, and have a plan to wind down a project. [00:31:17] There's a discussion on how burnout shouldn't equal personal failure, and an example is brought up with the Tailwind CSS tensions. [00:35:19] Miranda stresses the importance of mentorship for community roles to be filled, Richard cites Abby Cabunoc's “3 C's” for mentor-worthy contributors, and Miranda mentions the concept of “Mentorship Triangle.” [00:38:03] Find out where you can follow Miranda and her work online. [00:38:27] We wrap with Miranda sharing there's an important gap with neurodivergence and autistic burnout and how more research needs to be done. Quotes [00:15:13] “Maintenance work is work, but a labor of love is labor.” Spotlight [00:40:47] Richard's spotlight is the klezmer band, OCH VEY. [00:41:33] Miranda's spotlight is the puzzle game, TR-49. Links SustainOSS podcast@sustainoss.org richard@sustainoss.org SustainOSS Discourse SustainOSS Mastodon SustainOSS Bluesky SustainOSS LinkedIn Open Collective-SustainOSS (Contribute) Richard Littauer Socials Miranda Heath Website Sentry Open Source Pledge Job Demands, Job Decision Latitude, and Mental Strain: Implications for Job Redesign by Robert Karasek, Jr. (Sage Publications) Cyber Resilience Act Abby Cabunoc Mayes-The Synthetic Senior: Rethinking Free Software Mentorship in the AI Era (FOSDEM 2026 talk video) OCH VEY Instagram TR-49 Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Miranda Heath.

CHAOSScast
Episode 129: Using Metrics in your OSPO

CHAOSScast

Play Episode Listen Later Mar 5, 2026 41:47


Thank you to the folks at Sustain for providing the hosting account for CHAOSScast! CHAOSScast – Episode 128 In this episode of CHAOSScast, host Harmony Elendu is joined by Matt Germonprez and Johan Linåker to explore how Open Source Program Offices (OSPOs) can use metrics to understand and demonstrate impact. The discussion centers around Chapter 6 of the TODO Group's OSPO book and how organizations can systematically measure the value of their open source engagement. [00:02:00] Introduction to OSPOs Johan explains what an Open Source Program Office (OSPO) is: a center of excellence that supports organizations in adopting open source strategically, aligning culture, governance, and business goals. [00:04:41] The Four Impact Areas Matt outlines the four key impact dimensions OSPOs should measure: Partner Impact Community Impact Ecosystem (Supply Chain) Impact Organizational Impact [00:06:29] Partner Impact How to assess which companies are contributing to the same projects, their level of influence, and how agendas align or conflict. [00:11:00] Community Impact Measuring contributor influence, merged pull requests, leadership roles, and employee growth within open source communities. [00:15:19] Ecosystem & Supply Chain Impact Why organizations must evaluate upstream dependencies and long-term project viability, especially in light of regulations like the Cyber Resilience Act. [00:23:00] Organizational Impact & Governance Aligning open source strategy with business goals, managing risk, automating dependency health checks, and enabling developers to contribute upstream efficiently. [00:29:31] Metrics Over Time (Not Snapshots) Why there is no universal red/yellow/green metric set. Context matters, and observing trends over time is critical for meaningful health assessments. [00:36:00] Resources & Working Groups Introduction to CHAOSS practitioner guides, OSPO metrics working groups, and research publications. Value Adds (Picks) of the week: [00:39:25] Harmony's pick is reflecting on old photos. [00:36:10] Matt's pick is embracing the opportunity to do winter sports. [00:37:54] Johan's pick is to enjoy parenting moments. Panelists: Harmony Elendu Matt Germonprez Guests Johan Linåker Links OSPO Book TODO Group CHAOSS Project OpenSSF Scorecard CHAOSS OSPO Metrics Working Group Harmony Elendu website Harmony Elendu LinkedInSpecial Guest: Johan Linåker.

ITSPmagazine | Technology. Cybersecurity. Society
Do You Know What's In Your Software? A Cybersecurity Story with Manifest Cyber | A Brand Highlight Conversation with Daniel Bardenstein, Co-Founder at Manifest Cyber

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 26, 2026 6:42


There is a question that sounds almost embarrassingly simple. After a vulnerability is discovered in a piece of widely used software — something like Log4Shell, which shook the security world and left hundreds of thousands of organizations exposed overnight — the question organizations scrambled to answer was this: where is this code, and what does it touch? Most couldn't answer it. Not the Fortune 500 companies. Not the government agencies. Not the critical infrastructure operators. Not the hospitals or the banks or the utilities. They had built and bought mountains of software over years and decades, and when the moment came to understand what was actually inside it, they were effectively blind. That gap is exactly what Daniel Bardenstein set out to close when he co-founded Manifest Cyber in 2023. And in a conversation on ITSPmagazine's Brand Highlight series, he made a case for technology transparency that is hard to argue with — not because it's technically complex, but because the analogy he draws is so strikingly obvious once you hear it. "If you want to buy a house, you get to go inside the house, do the home inspection," he said. "You want to buy food from the grocery store — you can look at the ingredients. Even our clothes tell you what they're made of, how to care for them, and where they're from." But software? The technology running hospital MRI machines, weapon systems, financial infrastructure, water delivery? No transparency required. No ingredient label. No inspection rights. Just trust. That trust, as Log4Shell demonstrated, is a vulnerability in itself. Bardenstein came to this problem with credentials that few founders in the space can claim. Before starting Manifest, he spent four and a half years in the US government leading large-scale cyber programs and serving as technology strategy lead at CISA — the Cybersecurity and Infrastructure Security Agency. He saw firsthand how defenders are perpetually at a disadvantage, operating without the basic visibility they need to do their jobs. His mission became building the tools to change that. The problem, he's quick to point out, has not improved in the years since Log4Shell. Software supply chain attacks have multiplied — XZ Utils, NPM Polyfill, and others following the same pattern: trusted software becomes the attack vector, and it spreads fast. Meanwhile, most security teams are still operating with SCA tools that generate noisy, overwhelming alerts and vendor risk programs built on Excel spreadsheets and questionnaires rather than actual empirical data about the security of what they're buying. "Security teams have a false sense of security," Bardenstein said. The gap between what organizations think they know and what they actually know about their software supply chains remains dangerously wide. Manifest Cyber addresses this across the full lifecycle. For organizations that build software, the platform maps every open source dependency, assesses it for risk, and ensures developers can write more secure code without losing velocity. For organizations that buy software — which is everyone — it finds risks before procurement, then continuously monitors every third party component so that when something breaks, they know the blast radius in seconds, not weeks. The timing matters. Regulation is catching up to the problem. The EU AI Act, the Cyber Resilience Act, and a growing body of global policy are beginning to demand exactly the kind of software supply chain transparency that Manifest is built to provide. Organizations that wait to build this capability will find themselves scrambling to comply — those that build it in now will have it as a competitive advantage. The ingredient label for software has always been missing. Manifest Cyber is writing it. ________________________________________________________________ Marco Ciappelli interviews Daniel Bardenstein, CEO & Co-Founder of Manifest Cyber, for ITSPmagazine's Brand Highlight series. HOST Marco Ciappelli — Co-Founder & CMO, ITSPmagazine | Journalist, Writer & Branding Advisor

@BEERISAC: CPS/ICS Security Podcast Playlist
The OT Mistakes Attackers Count On—And How to Fix Them Before They Do

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 13, 2026 31:16


Podcast: Exploited: The Cyber Truth Episode: The OT Mistakes Attackers Count On—And How to Fix Them Before They DoPub date: 2026-02-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and OT/ICS security expert Mike Holcomb, founder of UTILSEC, for a candid discussion about the weaknesses attackers exploit inside industrial environments. Mike shares what he repeatedly finds during assessments of large OT and ICS networks: no effective firewall between IT and OT, flat networks with little segmentation, stale Windows domains, shared engineering credentials, exposed HMIs, and OT protocols that will accept commands from any reachable host. He explains how attackers move from IT into OT using familiar enterprise techniques before pivoting into PLCs, RTUs, safety systems, and historians. Joe outlines why secure-by-design practices, higher software quality, and “secure by demand” procurement are critical to long-term resilience—especially as cloud connectivity and AI accelerate modernization in industrial environments. Together, they explore: Why a missing or misconfigured IT/OT firewall remains the most common and dangerous gapHow micro-segmentation and unidirectional architectures reduce blast radiusThe risks of web-enabled HMIs and long-lived legacy systemsWhy monitoring PLC programming traffic and historian queries mattersHow the Cyber Resilience Act is reshaping accountability for OT vendors If you're responsible for industrial operations, plant uptime, or product security, this episode shows how attackers actually move through OT environments—and how to eliminate the mistakes they depend on.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Ropes & Gray Podcasts
The Data Day: World Data Protection Day & Regulatory Insights for 2026

Ropes & Gray Podcasts

Play Episode Listen Later Jan 28, 2026 17:30


On this special edition of The Data Day podcast, Ropes & Gray partner Rohan Massey—leader of the firm's data, privacy & cybersecurity practice and managing partner of the London office—is joined by counsel Edward Machin and associates Catherine Keeling and Suzie Wilson to celebrate the 19th World Data Protection Day and explore the evolving landscape of data, privacy, and cybersecurity regulation across the UK and EU in 2026. The discussion covers headline-making cybersecurity breaches, new compliance obligations under DORA and the Cyber Resilience Act, and the anticipated UK cyber bill. The panel also examines the regulatory outlook for AI, including key dates for the EU AI Act and the potential direction of the UK's AI Bill. Rounding out the conversation, the team highlights upcoming changes in digital regulation, such as the UK's Data (Use and Access) Act, the EU Data Act, and the Digital Omnibus package.

Data Today with Dan Klein
More Tech Tomorrow, Coming 2026!

Data Today with Dan Klein

Play Episode Listen Later Dec 19, 2025 0:39


We're excited to announce that Tech Tomorrow will be extending Season 3 into early 2026. Join host David Elliman for more insightful conversations designed to help you navigate the complex world of emerging technology and make more informed decisions as a leader and decision-maker.You can expect deep dives into topics like AI, cybersecurity, and more.Be sure to follow the show on your preferred podcast app so that new episodes are delivered to your feed as soon as they're released.About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedIn

Data Today with Dan Klein
Down the rabbit hole: Will our secrets survive the quantum computing leap with Dr. Sarah McCarthy

Data Today with Dan Klein

Play Episode Listen Later Dec 9, 2025 26:57


Quantum computing may feel like a distant part of the future, but many experts believe its widespread adoption could arrive sooner than expected. And with it comes a profound challenge: today's encryption, which protects global cybersecurity, banking, digital identity, and confidential communication, may no longer be secure.So what happens when quantum computers can break the cryptography that protects our most sensitive information?In this special Alice in Wonderland-themed episode of Tech Tomorrow, David Elliman speaks with Dr. Sarah McCarthy, Quantum Readiness Programme Lead at Citi, to explore the looming post-quantum era. Together, they discuss what executives, security leaders, and organisations need to understand about quantum risk, how to prepare now, and why waiting may already be too late.Through playful Wonderland metaphors inspired by Lewis Carroll, including the Red Queen's race and the Garden of Talking Flowers, David and Sarah explain complex security concepts with clarity and imagination. They outline what quantum computing really is, how modern cryptography works, why cryptographic agility matters, and what could happen if organisations fail to adapt in time. The conversation emphasises that leaders must first understand their organisation's current cryptographic estate, then develop a strategy that allows their systems to adapt and evolve, and finally begin taking practical steps today to ensure readiness well before ‘Q-Day' arrives.Episode Highlights00:34 – Introducing the Wonderland theme and framing the topic.02:13 – What is quantum cryptography, and why does it matter?03:5 – How modern cryptography protects everyday digital life.06:16 – David Through the Looking Glass: Understanding the Red Queen's Race.07:23 – Why security strategies must evolve continuously.09:24 – Cryptographic agility and how leaders can practice it.11:22 – The urgency behind quantum readiness.15:49 – David Through the Looking Glass: The Garden of Talking Flowers and digital estate management.16:32 – Practical, actionable steps executives can take today.19:59 – What is Q-Day, and when might it arrive?22:30 – David Through the Looking Glass: The White Rabbit of quantum security.23:03 – Which companies are making progress in quantum-safe security?24:38 – Can our secrets survive the quantum leap?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInDr. Sarah McCarthy WebsiteDr. Sarah McCarthy on LinkedIn

Data Today with Dan Klein
Can executives balance AI innovation with societal responsibility with Lord Clement-Jones

Data Today with Dan Klein

Play Episode Listen Later Nov 25, 2025 27:26


As artificial intelligence continues to redefine industries, the question isn't just what we can build, but what we should. In a world of accelerating automation and algorithmic decision-making, can leaders harness innovation without losing public trust?In this episode of Tech Tomorrow, David Elliman speaks with Lord Clement-Jones, Liberal Democrat peer, former Chair of the House of Lords AI Select Committee, and co-chair of the All-Party Parliamentary Group on AI. Together, they explore how business leaders can align technological progress with human values and why doing so is not just ethical but essential for sustainable innovation.They unpack what ‘responsible AI' really means in practice: from explainability and human oversight to data quality, fairness, and transparent governance. Lord Clement-Jones argues that regulation, far from stifling innovation, can actually enable it by creating the trust, certainty, and accountability businesses need to adopt AI confidently.The discussion also explores the roles of boards and executive committees, including why AI literacy is now a core competency, how to establish effective oversight mechanisms, and what it means to integrate ethics into AI design rather than retrofit it later. Drawing on his book Living with the Algorithm: Servant or Master?, Lord Clement-Jones reflects on how technology should serve humanity, not the other way around, and why progress must be measured by its benefits to people, not just profit.Episode Highlights:01:39 – Introducing Lord Clement-Jones.03:45 – Why Lord Clement-Jones decided to write Living with the Algorithm: Servant or Master.06:03 – What is the biggest risk that boards face if they don't take into account societal responsibility in relation to AI?07:20 – David's thoughts: Steps boards and executives can take to ensure they implement useful and trusted AI tools.08:39 – Defining ethical frameworks in AI.10:21 – What sort of skill sets do boards need to help them work effectively with AI?11:31 – What can boards and executive committees do to ensure they are implementing AI tools ethically?13:25 – The problem with black-box solutions.15:56 – David's thoughts: The impossibility of retrofitting responsibility into AI systems.17:39 – Changing the culture around AI implementation.20:06 – Why Lord Clement-Jones included the subtitle Servant or Master in his book title.23:14 – David's thoughts: The three pillars of responsible AI.25:26 – The current political landscape and how AI regulation fits into it.27:16 – Can executives balance AI innovation with societal responsibility?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInLord Clement-Jones WebsiteLiving with the Algorithm: Servant or Master? AI Governance and Policy for the Future

Privacy International
End of Life: Time to X goodbye to Windows 10

Privacy International

Play Episode Listen Later Nov 14, 2025 66:26


This week we're discussing the end of support (kind of) for Windows 10 - find out more from Chris and Tom about what you should worry about and what you can do now Windows 10 is officially (mostly) End of Life. Links- Read more about your options: https://privacyinternational.org/news-analysis/5686/end-line-windows-10- Learn more about PI's position on the Cyber Resilience Act: https://privacyinternational.org/advocacy/5060/our-position-eu-cyber-resilience-act-cra

Data Today with Dan Klein
Will AI and digital twins make animal testing in drug discovery obsolete with Professor Julie Frearson

Data Today with Dan Klein

Play Episode Listen Later Nov 11, 2025 23:32


AI and digital twins are redrawing the boundaries of drug discovery. Once defined by lab benches, animal studies, and years of trial and error, the field is now embracing virtual methodologies that promise faster, safer, and more precise innovation. But could these technologies ever make animal testing obsolete?In this episode of Tech Tomorrow, David Elliman speaks with Professor Julie Frearson, SVP and Chief Scientific Officer at Charles River Laboratories, about how artificial intelligence is transforming early-stage drug discovery. Julie explains how AI is already accelerating small-molecule design and enabling the use of virtual control animals, reducing the need for live testing without compromising scientific integrity.They also unpack the growing challenges of explainability, bias, and regulation in AI-driven science. From ensuring transparency and accountability in complex models to understanding how regulators like the FDA are beginning to accept hybrid data sets that combine in vivo results with AI predictions, the discussion balances optimism with realism in a rapidly evolving field.Ultimately, Professor Julie and David agree that while AI is reshaping discovery, humans must remain firmly in the loop. For now, it is the only way to ensure that innovation remains both ethical, trustworthy, and safe.Episode Highlights:01:31 – Areas of drug discovery already transformed by AI and digital twins.03:25 – Digital twins in animal testing and the creation of “virtual animals.”05:50 – David's thoughts: What executives often get wrong about digital twins.07:30 – How digital twins accurately recreate parts of animals.10:11 – How regulation currently views AI models in drug discovery.13:30 – The timeline for regulators to become more comfortable with hybrid data sets.14:37 – David's thoughts: How ‘black box' AI processes create challenges, and how to address them.16:31 – The role of humans in the drug discovery loop.17:37 – Will technology outpace regulation?20:34 – Could AI and digital twins make animal testing in drug discovery obsolete?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInProfessor Julie Frearson on LinkedInCharles River Laboratories Website

Data Today with Dan Klein
Will the next biotech breakthrough be digital before it's biological with Bibi Ephraim

Data Today with Dan Klein

Play Episode Listen Later Oct 28, 2025 27:44


AI is transforming biotechnology from the inside out. What was once a world of petri dishes and pipettes is now increasingly powered by algorithms, models, and digital twins. But as machine learning accelerates drug discovery and reshapes clinical trials, how far can we go before biology itself becomes the follower, not the leader?In this episode of Tech Tomorrow, David Elliman speaks with Bibi Ephraim, Head of Digital Sciences at Genentech, about how artificial intelligence is redefining the biotech landscape. They explore how data-driven approaches are rapidly compressing timelines in drug discovery, enabling precision medicine, and even simulating virtual clinical trials.They also tackle the cultural and organisational transformations needed to make digital biotech work; from breaking down data silos and fostering collaboration across competitors, to treating data as a product and investing in strong governance. Drawing parallels with digital transformation in other industries, they ask what it will take for biotech to move from project-based to product-based innovation, and why pre-competitive collaboration could unlock the next generation of cures.Episode Highlights:01:40 – What do AI, data science, and digital governance in the biotech landscape look like today?03:06 – Biotech and the data foundations needed for transformation.04:52 – Examples of successful data-driven approaches in biotech.08:10 – Will parts of the medical process be completely handed over to AI?09:39 – David's thoughts: The importance of sustained, iterative innovation.11:49 – The biggest mistake Bibi sees executives make in relation to data.13:08 – The huge issue of low-quality data.14:59 – Data sharing is critical in this field.19:03 – David's thoughts: How pre-competitive collaboration benefits everyone.21:17 – Is biotech reaching a standardisation tipping point?24:11 – Can biotech scale digitally and effectively?26:30 – Will the next biotech breakthrough be digital before it's biological?28:33 – If digitalisation expands, will researchers miss the “happy accidents” of drug discovery?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInBibi Ephraim on LinkedInGenentech Website

Data Today with Dan Klein
Is net zero even possible without open data with Gavin Starks

Data Today with Dan Klein

Play Episode Listen Later Oct 14, 2025 28:18


The UK's 2025 Data Act marks a turning point in how data is shared and governed. Just as common standards in telecoms and banking unlocked innovation, trusted data could be the key to credible climate action. But with carbon reporting fragmented and confidence in the numbers low, can open data really help us reach net zero?In this episode of Tech Tomorrow, David Elliman speaks with Gavin Starks, founder of Icebreaker One, about why net zero is impossible without shared, reliable data. They draw lessons from open banking—how standards, governance, and collaboration turned a technical challenge into a multi-billion-pound ecosystem—and ask what it would take to do the same for climate.They also spotlight Icebreaker One's project Perseus, which is building the data infrastructure to automate SME sustainability reporting and connect emissions data directly with green finance. By cutting friction for small businesses and giving banks numbers they can trust, Perseus shows how shared data can turn compliance into opportunity.Episode Highlights:01:00 – An introduction to Gavin.01:25 – When we talk about open data in the context of climate action, what do we actually mean?04:17 – The parallels between open banking and net zero.06:25 – David's thoughts: Finding clarity in carbon reporting.07:47  – The current crisis in carbon reporting.11:05  – When it comes to getting this right, 90% of the work is governance.13:37  – David's thoughts: The power of narrow use cases.15:02  – Why open banking was a success.16:54  – When it comes to sustainability, compliance should really be the floor and opportunity should be the ceiling.19:04  – David's thoughts: The 2025 UK Data Act.20:43  – Why 2025 is an inflection point for data in the UK.22:57  – What does Gavin think will happen next?25:53 – Is net zero even possible without open data?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInGavin Starks on LinkedInIcebreaker One WebsitePersus Website

Reality 2.0
Episode 159: Building Sustainable Open Source: Keeping the Lights On

Reality 2.0

Play Episode Listen Later Oct 8, 2025 27:31


In this episode of Reality 2.0, Katherine Druckman talks with Lori Lorusso from the Rust Foundation about the critical importance of sustainable stewardship for open source infrastructure. They discuss a joint statement from the OpenSSF, the Rust Foundation, and other community organizations emphasizing the need for financial support of package managers used widely in both hobbyist and enterprise applications. The conversation touches on the complexities of open source dependency management, the influence of the EU's Cyber Resilience Act, and the interconnectedness of various open source initiatives including the Valkey project. Lori shares insights into the Rust Foundation's outreach efforts and encourages community engagement to ensure open source projects continue to thrive. 00:00 Welcome and Introduction 00:28 Meet Lori Lorusso from the Rust Foundation 01:58 Open Source Sustainability and the Joint Statement 04:34 Challenges in Open Source Contribution 06:36 The Importance of Supporting Open Source Projects 15:38 The Cyber Resilience Act and Its Implications 21:40 Engaging with the Rust Foundation 24:36 The Value of Open Source Communities 26:33 Conclusion and Upcoming Events Site/Blog/Newsletter (https://www.reality2cast.com) FaceBook (https://www.facebook.com/reality2cast) Twitter (https://twitter.com/reality2cast) Mastodon (https://linuxrocks.online/@reality2cast) Special Guest: Lori Lorusso.

Data Today with Dan Klein
Is the global food crisis a problem that only tech can solve with Illtud Dunsford

Data Today with Dan Klein

Play Episode Listen Later Sep 30, 2025 30:16


According to the United Nations, the world's population is projected to exceed 9.5 billion by 2050, placing unprecedented strain on our food systems. Climate change, land scarcity, and rising demand for protein mean that traditional agriculture alone may no longer be enough. Could cultivated meat and other food technologies provide the answer?In this episode of Tech Tomorrow, David Elliman speaks with Illtud Dunsford, CEO and co-founder of Cellular Agriculture Ltd, about the promise and limitations of lab-grown foods. Together, they explore whether technology alone can solve the global food crisis or whether the deeper challenge lies in human choices and culture.They also discuss the parallels between scaling in biotech and software engineering. How ambitious visions must be broken into achievable steps, the risks of hype cycles, and why collaboration across disciplines is essential. Just as DevOps reshaped software delivery, cultivated foods may depend on breaking down silos.Episode Highlights:01:49 – What is cultivated meat?02:46 – How cultivated meat may help optimise and reduce waste.04:03 – How the extremities of technology and ideas help us push forward.05:02 – David's thoughts: What does pushing the boundaries look like in software engineering?06:21 – The story of Cellular Agriculture Ltd and how their technology works.09:53 – Where is the cultivated meat industry today?11:45 – David's thoughts: Are long R&D cycles necessary for software engineers?12:31 – What challenges are cultivated foods trying to tackle?16:29 – What's stopping this technology from expanding?18:35 – How long is it going to take for this technology to reach an inflection point?20:13 – David's thoughts: Why cross-collaboration is so important in software engineering.22:34 – What does the future of cultivated food look like?25:03 – What could we miss about this field if we only concentrate on the technology?27:58 – Is the global food crisis a problem that only tech can solve?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInIlltud Dunsford on LinkedInCellular Agriculture Ltd Website

@BEERISAC: CPS/ICS Security Podcast Playlist
Wie können Hersteller proaktiv auf den CRA reagieren?

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Sep 25, 2025 23:23


Podcast: OT Security Made SimpleEpisode: Wie können Hersteller proaktiv auf den CRA reagieren?Pub date: 2025-09-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDr. André Egners, verantwortlich für die Sicherheitsstrategie bei Landis+Gyr und in verschiedenen Standardisierungsgremien tätig, spricht über Cybersicherheit in Smart Metern und die Bedeutung des Cyber Resilience Act. Er erläutert, wie er die Sicherheitslevel des IEC 62443 Standards anwendet und wie Unternehmen beim Einkauf von Komponenten mehr Cybersicherheit einfordern können. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The WP Minute
How Patchstack Approaches WordPress Security

The WP Minute

Play Episode Listen Later Sep 23, 2025 54:17


Thanks Pressable for supporting the podcast! What hosting should feel like...nothing! https://pressable.com/wpminute n this episode of The WP Minute+ podcast, Matt Medeiros speaks with Oliver Sild from Patchstack about the evolution of WordPress security, the challenges of managing plugin vulnerabilities, and the implications of the Cyber Resilience Act. They discuss the role of AI in development, the importance of vulnerability management, and how hosting security measures often fail to protect against exploits. Oliver emphasizes the importance of compliance and proactive security measures in the WordPress ecosystem.Takeaways:Patchstack has evolved from a simple scanning tool to a leader in WordPress security research.Half of the team at Patchstack focuses on security research and vulnerability management.30% of security vulnerabilities in plugins are not patched in time.The Cyber Resilience Act will require compliance for digital products sold in Europe.Vulnerability management will become mandatory for agencies and plugin developers.AI is being used to create plugins, but it also poses security risks.Many websites are hacked without the owners' knowledge.Hosting security measures often fail to protect against application-level vulnerabilities.Patchstack provides a managed vulnerability disclosure program for plugin developers.Continuous maintenance is essential for WordPress websites.Important Links:The WP Minute+ Podcast: thewpminute.com/subscribePatchstackConnect with Oliver Sild:LinkedIn | Twitter/X Support our work at https://thewpminute.com/supportGet the newsletter at https://thewpminute.com/subscribe ★ Support this podcast ★

Data Today with Dan Klein
Should we trust AI as a creative collaborator with Professor Anjana Susarla

Data Today with Dan Klein

Play Episode Listen Later Sep 16, 2025 27:26


By 2026, Europol estimates that more than 90% of online content could be AI-generated – from music and written work to imagery and beyond. But what does this shift mean for creativity, originality, and the role of human value in the process?In this episode of Tech Tomorrow, David Elliman speaks with Anjana Susarla, Professor of Responsible AI at the Eli Broad College of Business, Michigan State University. Together, they explore whether AI can truly be trusted as a creative collaborator in both work and wider society.Their conversation looks at how the traditional process of drafting and redrafting may change when AI enters the picture, and the rise of so-called ‘AI slop' – mass-produced, low-quality outputs – in areas such as writing, design, and programming. They also consider whether agentic AI might one day predict our preferences more accurately than we can ourselves, and reflect on the persistent hype and ‘magic' surrounding new AI tools, asking what this means for the future of creativity, business, and work.Episode Highlights:00:47 – What happens to the iterative creative process when AI is introduced?02:59 – The polarising reactions to AI tools.04:03 – Do we even like the creative outputs of AI?05:16 – David's thoughts: Can we put a qualitative value on creativity?06:31 – What was the AI-generated podcast based on  Anjana's paper like?10:28 – The homogenising effect of AI.11:45 – Feedback loops and the halo effect.13:04 – David's thoughts: AI prediction models.16:28 – Human oversight in AI creativity.19:08 – Maintaining the quality of AI-generated outputs.21:05 – David's thoughts: What happens when AI tools enter the workplace?23:08 – AI creativity, brain drain, and deskilling24:58 – Should we trust AI as a creative collaborator?About Zühlke:Zühlke is a global transformation partner, with engineering and innovation at its core. We help clients envision and build their businesses for the future – running smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in technology strategy and business innovation, digital solutions and applications, and device and systems engineering. We thrive in complex, regulated sectors such as healthcare and finance, connecting strategy, implementation, and operations to help clients build more effective and resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedInProf. Anjana Susarla on LinkedIn

@BEERISAC: CPS/ICS Security Podcast Playlist
Wie geht Bosch Rexroth mit dem Cyber Resilience Act (CRA) um?

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Sep 15, 2025 25:57


Podcast: OT Security Made SimpleEpisode: Wie geht Bosch Rexroth mit dem Cyber Resilience Act (CRA) um?Pub date: 2025-09-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHans-Michael Krause von Bosch Rexroth erklärt am Beispiel der Automatisierungsplattform ctrlX, wie Hersteller digitaler Industriekomponenten die Anforderungen des EU Cyber Resilience Act erfüllen können. Er blickt auf die aktuelle Awareness in der Automatisierungsindustrie und gibt Argumente, warum Open Source die beste Option für die Softwareentwicklung darstellt. Abschließend gibt er praktische Tipps an produzierende Betriebe, worauf sie bei der Bewertung von Komponentenanbietern achten sollten. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Data Today with Dan Klein
Welcome to Tech Tomorrow

Data Today with Dan Klein

Play Episode Listen Later Sep 9, 2025 0:48


Tech Tomorrow is your front-row seat to the conversations redefining the future.Each episode explores a big, thought-provoking question, from how we collaborate with machines to the possibilities intelligent systems could unlock in the future. Created for leaders steering innovation through complexity, the show cuts through the noise, connecting cross-disciplinary trends so you can make confident decisions in a rapidly changing world.Your host, David Elliman, Chief of Software Engineering at Zühlke, draws on four decades of global experience in technology and innovation. An expert in enterprise-scale solutions and emerging technologies, including AI, IoT, blockchain, and cloud computing, David brings clarity and insight to even the most complex topics.Tech Tomorrow, from Zühlke – coming soon, wherever you get your podcasts.About Zühlke:Zühlke is a global transformation partner, with engineering and innovation in our DNA. We're trusted to help clients envision and build their businesses for the future – to run smarter today while adapting for tomorrow's markets, customers, and communities.Our multidisciplinary teams specialise in tech strategy and business innovation, digital solutions and applications, and device and systems engineering. We excel in complex, regulated spaces, including health and finance, connecting strategy, tech implementation, and operational services to help clients become more effective, resilient businesses.Links:Zühlke WebsiteZühlke on LinkedInDavid Elliman on LinkedIn

Application Security PodCast
Getting Ready for the EU CRA

Application Security PodCast

Play Episode Listen Later Aug 20, 2025 40:46


The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to break down everything you need to know about this legislation. Nariman has over 20 years of software development experience and today he's sharing his expertise with us. Learn what the EU CRA is and why it matters for global software companies, key compliance requirements, and how OWASP SAMM can help you.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ITSPmagazine | Technology. Cybersecurity. Society
Your Business Apps Are Bringing Friends You Didn't Invite | A Brand Story with Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital | A Black Hat USA 2025 Conference On Location Brand Story

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Aug 14, 2025 28:03


In an era where organizations depend heavily on commercial applications to run their operations, the integrity of those applications has become a top security concern. Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital, shares how protecting the software supply chain now extends far beyond open source risk.Zdjelar outlines how modern applications are built from a mix of first-party, contracted, open source, and proprietary third-party components. By the time software reaches production, its lineage spans geographies, development teams, and sometimes even AI-generated code. Incidents like SolarWinds, Kaseya, and CircleCI demonstrate that trusted vendors are no longer immune to compromise, and commercial software can introduce critical vulnerabilities or malicious payloads deep into enterprise systems.Regulatory drivers are increasing scrutiny. Executive Order 14028, Europe's Cyber Resilience Act, DORA, and U.S. Department of Defense software sourcing restrictions all require greater transparency, such as a Software Bill of Materials (SBOM). However, Zdjelar cautions that SBOMs—while valuable—are like ingredient lists without recipes: they don't reveal if a product is secure, just what's in it.ReversingLabs addresses this gap with a no-compromise analysis engine capable of deconstructing any file, of any size or complexity, to assess its safety. This capability enables organizations to make risk-based decisions, continuously monitor for unexpected changes between software versions, and operationalize controls at points such as procurement, SCCM deployments, or file transfers into critical environments.For CISOs, this represents a true technical control where previously only contractual clauses, questionnaires, or insurance policies existed. By placing analysis at the front of the software lifecycle, organizations can reduce reliance on costly manual testing and sandboxing, improve detection of tampering or hidden behavior, and even influence cyber insurance rates.The takeaway is clear: software supply chain security is a board-level concern, and the focus must expand beyond open source. With the right controls, organizations can avoid becoming the next headline-making breach and maintain trust with customers, partners, and regulators.Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57bNote: This story contains promotional content. Learn more.Guest: Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital | On Linkedin: https://www.linkedin.com/in/sasazdjelar/ResourcesLearn more and catch more stories from ReversingLabs: https://www.itspmagazine.com/directory/reversinglabsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, Black Hat USA, sean martin, saša zdjelar, software supply chain security, commercial software risk, binary analysis, software bill of materials, sbom security, malicious code detection, ciso strategies, third party software risk, software tampering detection, malware analysis tools, devsecops security, application security testing, cybersecurity compliance

@BEERISAC: CPS/ICS Security Podcast Playlist
NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jul 30, 2025 53:55


Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]Pub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationNIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Industrial Security Podcast
NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]

The Industrial Security Podcast

Play Episode Listen Later Jul 28, 2025 53:55


NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.

Open Source Security Podcast
EU Regulations will change everything with Daniel Thompson

Open Source Security Podcast

Play Episode Listen Later Jul 28, 2025 31:57


In this episode, we dive into the Product Liability Directive and Cyber Resilience Act with Daniel Thompson, CEO of Crab Nebula. The EU's new legislative framework impacts manufacturers in ways we don't totally understand, but are going to bring substantial changes to how companies use and develop open source. Daniel explains the broader implications for software security and the future of digital products in the European market. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-07-eu-regulations-daniel-thompson/

כל תכני עושים היסטוריה
NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]

כל תכני עושים היסטוריה

Play Episode Listen Later Jul 28, 2025 53:55


NIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.

The Tech Blog Writer Podcast
3337: Aeris and The Future of IoT Security

The Tech Blog Writer Podcast

Play Episode Listen Later Jul 6, 2025 28:25


In this episode of Tech Talks Daily, I speak with Syed Zaeem Hosain, Founder and Chief Evangelist at Aeris. This conversation comes at a critical moment. Deloitte's 2024 Cyber Threat Trends Report reported a 400 percent surge in IoT malware attacks across industries. Forrester has gone further, warning that a major IoT breach could disrupt a large class of devices by 2025. With the stakes higher than ever, Aziz shares his vision for protecting a hyperconnected world. We explore the growing risks in sectors like healthcare, energy and transportation, where compromised devices could have serious real-world impact. Aziz explains why IoT security can no longer be treated as an afterthought and how Aeris is tackling the problem with AI-powered solutions like IoT Watchtower, designed to detect and respond to threats at scale. He also addresses the shifting regulatory landscape, from the EU's NIS2 Directive to the upcoming Cyber Resilience Act. These frameworks are beginning to push organisations toward stronger protections and greater accountability. But are they moving fast enough? My guest outlines where he believes the future of IoT security is heading and what enterprises need to do now to avoid being caught off guard. From embedded AI to next-generation cellular infrastructure, this is a conversation that connects the dots between innovation, risk and responsibility. So how prepared is your organisation for the coming wave of IoT threats? Are we securing what matters most, or sleepwalking into a preventable crisis? Let me know what you think. Is IoT security finally getting the attention it deserves, or are we still too focused on convenience over caution? Join the conversation and share your thoughts.   Check out the Internet of Things for Business book.      

Aperture: A Claroty Podcast
Sarah Fluchs on the Cyber Resilience Act

Aperture: A Claroty Podcast

Play Episode Listen Later Jun 17, 2025 37:46


Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.

Insurance Monday Podcast
Regulatorische Anforderungen & Cloud: Match oder Murks?

Insurance Monday Podcast

Play Episode Listen Later May 25, 2025 46:30 Transcription Available


Dieses Mal tauchen wir ein in die Welt der Cloud-Technologien und schauen ganz genau hin, welche Chancen und Herausforderungen sie für Versicherungsunternehmen mit sich bringen. Besonders im Fokus: die aktuellen regulatorischen Anforderungen wie DORA, Solvency II und der Cyber Resilience Act, die die digitale Widerstandsfähigkeit und das IT-Risikomanagement der Branche auf ein neues Level heben.Unsere Hosts Dominik Badarne und Herbert Jansky begrüßen zwei absolute Cloud-Urgesteine: Achim Heidebrecht, dessen jahrzehntelange Erfahrung und Pionierarbeit bei der Cloud-Einführung in der Versicherungsbranche besonders heraussticht, und Adrian Wnek, der seit 2012 Cloud-Projekte – insbesondere mit AWS – auf ein neues Level hebt und Unternehmen befähigt, selbstbewusst und sicher in die Cloud zu starten.Freut euch auf ehrliche Einblicke, persönliche Erfahrungen aus echten Transformationsprojekten, Anekdoten aus den frühen Tagen der Cloud-Migration bei Talangs, Learnings rund um Compliance und Regulatorik und einen Blick darauf, wie Unternehmen heute Cloud-Lösungen industriell und sicher umsetzen können. Außerdem werfen wir einen Blick über den Tellerrand, sprechen über Innovationen in anderen Branchen und klären, warum gerade die Cloud helfen kann, regulatorische Anforderungen besser zu erfüllen.Lehnt euch zurück und begleitet uns auf dieser spannenden Reise durch Vergangenheit, Gegenwart und Zukunft der Cloud im Versicherungssektor!Schreibt uns gerne eine Nachricht!Folge uns auf unserer LinkedIn Unternehmensseite für weitere spannende Updates.Unsere Website: https://www.insurancemondaypodcast.de/Du möchtest Gast beim Insurance Monday Podcast sein? Schreibe uns unter info@insurancemondaypodcast.de und wir melden uns umgehend bei Dir.Dieser Podcast wird von dean productions produziert.Vielen Dank, dass Du unseren Podcast hörst!

The InfoQ Podcast
Embrace the Requirements of The EU Cyber Resilience Act to Strengthen Your Software Project

The InfoQ Podcast

Play Episode Listen Later Apr 21, 2025 40:38


Eddie Knight, OSPO lead at Sonatype, discusses how the EU Cyber Resilience Act can help with improving your software project's security and in the same time to slow down the alarming acceleration of software supply chain attacks. Read a transcript of this interview: https://bit.ly/3RDMPVX Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: InfoQ Dev Summit Boston (June 9-10, 2025) Actionable insights on today's critical dev priorities. devsummit.infoq.com/conference/boston2025 InfoQ Dev Summit Munich (October 15-16, 2025) Essential insights on critical software development priorities. https://devsummit.infoq.com/conference/munich2025 QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI NYC 2025 (December 16-17, 2025) https://ai.qconferences.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - Twitter: twitter.com/InfoQ - LinkedIn: www.linkedin.com/company/infoq - Facebook: bit.ly/2jmlyG8 - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

ITSPmagazine | Technology. Cybersecurity. Society
The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | A Conversation with Sarah Fluchs | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 11, 2025 44:10


⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

The Tech Blog Writer Podcast
3133: Cybersecurity Predictions for 2025: What Businesses Need to Know

The Tech Blog Writer Podcast

Play Episode Listen Later Dec 29, 2024 21:41


How are businesses preparing for the evolving threats and challenges in the world of cybersecurity? In today's episode of Tech Talks Daily, I'm joined by Dominik Samociuk, Head of Security at Future Processing, a technology consultancy and software delivery partner with over two decades of experience.  Together, we explore the current state of cybersecurity and dive into predictions for 2025, focusing on emerging threats, regulatory changes, and the critical importance of cyber resilience. Dominik shares insights into the rise of AI-driven attacks, including deepfakes and automated phishing campaigns, which are increasing in sophistication and volume. These threats are forcing organizations to rethink their strategies, moving beyond prevention to comprehensive approaches that include detection, response, and recovery. We also discuss how businesses can strengthen their defenses through zero-trust architecture, third-party risk management, and enhanced employee training—especially as the human factor remains one of the most vulnerable aspects of cybersecurity. Regulatory changes, such as the NIS2 Directive, DORA, and the upcoming Cyber Resilience Act, are also driving a shift in how organizations approach security. Dominik explains how businesses can align with these evolving requirements by conducting regular gap analyses, automating compliance processes, and leveraging frameworks like ISO 27001 and NIST. Data privacy in the era of AI is another key focus of our discussion. Dominik outlines the steps businesses must take to classify and protect sensitive data, ensure transparency with stakeholders, and build robust incident response plans. Additionally, we delve into the importance of embedding security practices throughout the development lifecycle and the role of open-source intelligence in identifying vulnerabilities and emerging threats. Whether you're looking to stay ahead of cyber threats or understand how regulatory changes will impact your organization, this episode provides actionable insights to navigate the complexities of modern cybersecurity. How is your business preparing for the future of cyber resilience? Join the conversation and share your thoughts!