Podcasts about cybersecurity podcast

⬥GUEST⬥Eric O'Neill, Keynote Speaker, Cybersecurity Expert, Spy Hunter, Bestselling Author. Attorney | On Linkedin: https://www.linkedin.com/in/eric-m-oneill/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of the Redefining CyberSecurity Podcast, host Sean Martin reconnects with Eric O'Neill, National Security Strategist at NeXasure and former FBI counterintelligence operative. Together, they explore how cybercrime has matured into a global economy—and why organizations of every size must learn to compete, not just defend.O'Neill draws from decades of undercover work and corporate investigation to reveal that cybercriminals now operate like modern businesses: they innovate, specialize, and scale. The difference? Their product is your data. He argues that resilience—not prevention—is the true marker of readiness. Companies can't assume they're too small or too obscure to be targeted. “It's just a matter of numbers,” he says. “At some point, you will get struck. You need to be able to take the punch and keep moving.”The discussion covers the practical realities facing small and midsize businesses: limited budgets, fragmented tools, and misplaced confidence. O'Neill explains why so many organizations over-invest in overlapping technologies while under-investing in strategy. His firm helps clients identify these inefficiencies and replace tool sprawl with coordinated defense.Preparation, O'Neill says, should follow his PAID methodology—Prepare, Assess, Investigate, Decide. The goal is to plan ahead, detect fast, and act decisively. Those that do not prepare spend ten times more responding after an incident than they would have spent preventing it.Martin and O'Neill also examine how storytelling bridges the gap between security teams and executive boards. Using relatable analogies—like house fires and insurance—O'Neill makes cybersecurity human. His message is simple: security is not a technical decision; it's a business one.Listen to hear how the business of cybercrime mirrors legitimate enterprise—and why understanding that truth might be your best defense.⬥RESOURCES⬥Book: Spies, Lies, and Cybercrime by Eric O'Neill – Book linkBook: Gray Day by Eric O'Neill – Book linkFree, Weekly Newsletter: spies-lies-cybercrime.ericoneill.netPodcast: Former FBI Spy Hunter Eric O'Neill Explains How Cybercriminals Use Espionage techniques to Attack Us: https://redefiningsocietyandtechnologypodcast.com/episodes/new-book-spies-lies-and-cyber-crime-former-fbi-spy-hunter-eric-oneill-explains-how-cybercriminals-use-espionage-techniques-to-attack-us-redefining-society-and-technology-podcast-with-marco-ciappelli⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

In this episode, Rob Aragao sits down with futurist Heather Vescent to explore how strategic foresight can be applied to cybersecurity. Heather explains what it means to be a futurist—blending creativity with analytical research—and shares her journey from Silicon Valley to becoming a leader in foresight methodologies. She discusses her early work on the future of money, digital identity, and how that naturally led her into cybersecurity.Together, they dive into topics such as spiral dynamics, scenario planning, and bias awareness, and how these tools help anticipate future threats and opportunities. Heather also breaks down the concept of agentic AI (digital employees), examining its potential as both an expanded attack surface and a defense enhancer. Finally, she previews her upcoming book, The Cybersecurity Futures Playbook, which translates foresight tools into practical frameworks for security professionals.Listeners will walk away with new ways to anticipate threats, improve response readiness, and think differently about the future of cybersecurity.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025]   00:00 - Intro 00:31 - Carter Zupancich Intro -          Website: https://carterzupancich.com/ 01:30 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:35 - Tools, Tactics and Procedures 05:19 - Tech Advances 08:16 - The Classics 10:01 - The Need for Testing 12:16 - Callback Phishing 17:26 - Setting Expectations 21:56 - Approved Language 23:56 - Verify! 25:16 - Empowerment 26:17 - And Now a Horrible Story 28:47 - Investing In Employees 31:19 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Guest and HostGuest: Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comHost: Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesIn this candid episode of Music Evolves, Sean Martin and Marco Ciappelli unpack the creative, ethical, and deeply personal tensions surrounding AI-generated music—where it fits, where it falters, and where it crosses the line.Sean opens with a clear position: AI can support the creative process, but its outputs shouldn't be commercialized unless the ingredients—i.e., training data—are ethically sourced and properly licensed. His concern is grounded in authorship and consent. If a model learns from unlicensed tracks, even indirectly, is it sampling without credit?Marco responds by acknowledging how deeply embedded influence is in all creative acts. As a writer and musician, he often discovers melodies or storylines in his own work that echo familiar structures—not out of theft, but because of lived experience. “We are made of what we absorb,” he says, drawing parallels between human memory and how AI models are trained.But the critical difference? Humans feel. They reinterpret. They falter. They declare their intent. AI does none of that—at least, not yet.The discussion isn't anti-technology. Instead, it's about boundaries. Both Sean and Marco agree that tools like neural networks can be fascinating collaborators. But when those tools start to blur authorship or generate perfect replicas of a human's imperfection—say, the crackle of a vinyl or the slide of a finger across a string—what are we really listening to? And who, if anyone, should profit from it?They wrestle with questions of transparency (“Did you write that… or did AI?”), authorship (“If you like it but don't know it's AI, does it matter?”), and commercialization (“Is it still your art if someone else feeds it to a machine?”). And perhaps most importantly, they invite you to answer for yourself.

⬥GUEST⬥Walter Haydock, Founder, StackAware | On Linkedin: https://www.linkedin.com/in/walter-haydock/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥No-Code Meets AI: Who's Really in Control?As AI gets embedded deeper into business workflows, a new player has entered the security conversation: no-code automation tools. In this episode of Redefining CyberSecurity, host Sean Martin speaks with Walter Haydock, founder of StackAware, about the emerging risks when AI, automation, and business users collide—often without traditional IT or security oversight.Haydock shares how organizations are increasingly using tools like Zapier and Microsoft Copilot Studio to connect systems, automate tasks, and boost productivity—all without writing a single line of code. While this democratization of development can accelerate innovation, it also introduces serious risks when systems are built and deployed without governance, testing, or visibility.The conversation surfaces critical blind spots. Business users may be automating sensitive workflows involving customer data, proprietary systems, or third-party APIs—without realizing the implications. AI prompts gone wrong can trigger mass emails, delete databases, or unintentionally expose confidential records. Recursion loops, poor authentication, and ambiguous access rights are all too easy to introduce when development moves this fast and loose.Haydock emphasizes that this isn't just a technology issue—it's an organizational one. Companies need to decide: who owns risk when anyone can build and deploy a business process? He encourages a layered approach, including lightweight approval processes, human-in-the-loop checkpoints for sensitive actions, and upfront evaluations of tools for legal compliance and data residency.Security teams, he notes, must resist the urge to block no-code outright. Instead, they should enable safer adoption through clear guidelines, tool allowlists, training, and risk scoring systems. Meanwhile, business leaders must engage early with compliance and risk stakeholders to ensure their productivity gains don't come at the expense of long-term exposure.For organizations embracing AI-powered automation, this episode offers a clear takeaway: treat no-code like production code—because that's exactly what it is.⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Walter Haydock, Founder, StackAware | On Linkedin: https://www.linkedin.com/in/walter-haydock/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥No-Code Meets AI: Who's Really in Control?As AI gets embedded deeper into business workflows, a new player has entered the security conversation: no-code automation tools. In this episode of Redefining CyberSecurity, host Sean Martin speaks with Walter Haydock, founder of StackAware, about the emerging risks when AI, automation, and business users collide—often without traditional IT or security oversight.Haydock shares how organizations are increasingly using tools like Zapier and Microsoft Copilot Studio to connect systems, automate tasks, and boost productivity—all without writing a single line of code. While this democratization of development can accelerate innovation, it also introduces serious risks when systems are built and deployed without governance, testing, or visibility.The conversation surfaces critical blind spots. Business users may be automating sensitive workflows involving customer data, proprietary systems, or third-party APIs—without realizing the implications. AI prompts gone wrong can trigger mass emails, delete databases, or unintentionally expose confidential records. Recursion loops, poor authentication, and ambiguous access rights are all too easy to introduce when development moves this fast and loose.Haydock emphasizes that this isn't just a technology issue—it's an organizational one. Companies need to decide: who owns risk when anyone can build and deploy a business process? He encourages a layered approach, including lightweight approval processes, human-in-the-loop checkpoints for sensitive actions, and upfront evaluations of tools for legal compliance and data residency.Security teams, he notes, must resist the urge to block no-code outright. Instead, they should enable safer adoption through clear guidelines, tool allowlists, training, and risk scoring systems. Meanwhile, business leaders must engage early with compliance and risk stakeholders to ensure their productivity gains don't come at the expense of long-term exposure.For organizations embracing AI-powered automation, this episode offers a clear takeaway: treat no-code like production code—because that's exactly what it is.⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

LockBit is back—and stronger than ever. After multiple takedowns and sanctions, the ransomware-as-a-service giant has resurfaced with LockBit 5.0, a version designed to hit harder, spread faster, and target virtualization at scale.In this episode of Reimagining Cyber, Tyler Moffitt unpacks what's changed, why LockBit 5.0 matters, and what organizations should be doing now to reduce risk. From hypervisor attacks and cross-platform payloads to cartel-style alliances among cybercriminal crews, we explore how ransomware continues to evolve—and what defenders can learn from it.Whether you're an enterprise IT leader, MSP, or simply tracking the ransomware economy, this episode offers practical actions and strategic insights you can put to work this week.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Happy Patch Tuesday! In this October episode, security specialists Ryan Braunstein and Mat Lee break down some of the month's most critical vulnerabilities — and why this batch of CVEs might just be the spookiest yet.The duo dives deep into:A Unity Engine remote code execution flaw that impacts games, VR apps, and even training toolsThe Windows Hello bypass vulnerability that lets attackers inject their own biometric data to access local accountsA Microsoft Exchange Server privilege escalation that could expose entire inboxesWith expert insights, real-world context, and a touch of humor, Ryan and Mat unpack what these vulnerabilities mean for IT and security pros — and what steps you should take right now to stay protected

Why do cyber attackers always seem one step ahead — and how can defenders take back control?In this episode of Reimagining Cyber, host Tyler Moffitt (Senior Analyst, OpenText) sits down with longtime colleagues Grayson Milbourne (Security Intelligence Director) and Troy Gill (Senior Manager, Threat Research) to explore how the cybersecurity battlefield is evolving — and what it takes to shift the balance toward defenders.They break down:Why attackers appear to “make the rules” in cybersecurityHow AI and automation are transforming both offense and defenseThe rise of phishing, deepfakes, and social engineering in 2025Why identity is the new perimeterHow organizations can build cyber resilience through culture, transparency, and layered defenseWhy sharing breach intelligence matters more than everYou'll also hear real-world insights from the threat-research trenches, plus practical advice for CISOs and IT leaders on creating a security-first culture, improving visibility, and staying ahead of fast-moving AI-powered threats.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Send us a textIn this episode of Investors Coffee Shop, Brian Harte sits down with Joe Soeka, a cybersecurity and digital forensics expert with over a decade of hands-on experience in identifying and analyzing cyber threats. Joe has worked extensively in digital forensics and incident response, holding advanced certifications that allow him to tackle complex technical challenges head-on.Joe shares insights on:The most pressing cyber threats facing individuals and businesses todayHow digital forensics uncovers the truth hidden within systems and dataPractical steps anyone can take to strengthen their personal and organizational cybersecurity postureListeners will also walk away with tools and resources to stay ahead of evolving threats. One highlighted resource is Have I Been Pwned, a free service where you can check if your email or phone number has been part of a data breach.Whether you're an investor, entrepreneur, or just someone who wants to better understand how to protect your digital identity, this episode is packed with valuable knowledge.Support the show

⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

In this episode of Reimagining Cyber, cybersecurity expert Tyler Moffitt unpacks one of the most shocking cybercrime stories in recent years—the rise and supposed shutdown of Scattered Spider. From social engineering mastery and high-profile breaches to teenage ringleaders and sudden “retirements,” this group has rewritten the playbook on digital extortion.Tyler walks us through:Who Scattered Spider really is and how they operated as elite access brokersThe group's role in major incidents like MGM Resorts, Caesars, UK retailers, telecoms, and even government agenciesThe arrests spanning the UK, US, and Spain—including suspects as young as 17The bizarre shutdown announcement promising apologies, rehab, and deleted dataWhy most experts expect rebrands, not retirementThe episode closes with practical takeaways for CISOs: protecting identity, hardening help desks, modernizing MFA, and preparing for the next wave of copycats. Whether the group is gone for good or merely regrouping, their tactics will continue to echo across the threat landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

In this episode of No Password Required, host Jack Clabby and guest host Sarina Gandy discuss the insights gained from their conversation with Demarcus Williams, a senior security engineer at Starbucks. They explore Demarcus's journey into cybersecurity, the importance of competitions like CCDC in career development, and the role of gut instinct in cybersecurity. The discussion also touches on the differences between corporate cultures, the significance of mentorship, and the fun aspects of the cybersecurity community, including a light-hearted lifestyle polygraph segment. TakeawaysDemarcus' curiosity about video games sparked his interest in cybersecurity.The transition from defense contracting to corporate roles offers broader access to tools.Gut feelings play a significant role in cybersecurity decision-making.Competitions like CCDC are crucial for career development in cybersecurity.Networking at competitions can lead to job opportunities.Corporate culture varies significantly between government contracting and tech companies.A people-first approach is essential in mentorship and cybersecurity.The red team experience enhances skills applicable to day-to-day work.Work-life balance is crucial in maintaining a sustainable career in cybersecurity.Engaging with the community is vital for personal and professional growth. Chapters00:00 Introduction to Cybersecurity and Curiosity02:47 Day-to-Day Life of a Senior Security Engineer05:30 The Role of Gut Instinct in Cybersecurity08:31 Early Inspirations and the Journey into Cybersecurity11:35 The Importance of Competitions in Career Development14:33 Transitioning from Student to Professional17:34 The Red Team Experience and Its Impact20:25 Recruitment Opportunities in Cybersecurity Competitions23:33 Navigating Corporate Culture in Cybersecurity26:31 Mentorship and People-First Approach29:11 Lifestyle Polygraph and Fun Insights

The cybersecurity industry operates on a fundamental misconception: that consumers want to understand and manage their digital security. After 17 years at F-Secure and extensive consumer research, Dmitri Vellikok has reached a different conclusion—people simply want security problems to disappear without their involvement.This insight has driven F-Secure's transformation from traditional endpoint protection to what Vellikok calls "embedded ecosystem security." The company, which holds 55% global market share in operator-delivered consumer security, has moved beyond the conventional model of asking consumers to install and manage security software.F-Secure's approach centers on embedding security capabilities directly into applications and services consumers already use. Rather than expecting people to download separate security software, the company partners with telecom operators, insurance companies, and financial institutions to integrate protection into existing customer touchpoints.This embedded strategy addresses what Vellikok identifies as cybersecurity's biggest challenge: activation and engagement. Traditional security solutions fail when consumers don't install them, don't configure them properly, or abandon them due to complexity. By placing security within existing applications, F-Secure automatically reaches more consumers while reducing friction.The company's research reveals the extent of consumer overconfidence in digital security. Seventy percent of people believe they can easily spot scams, yet 43% of that same group admits to having been scammed. This disconnect between perception and reality drives F-Secure's focus on proactive, invisible protection rather than relying on consumer vigilance.Central to this approach is what F-Secure calls the "scam kill chain"—a framework for protecting consumers at every stage of fraudulent attempts. The company analyzes scam workflows to identify intervention points, from initial contact through trust-building phases to final exploitation. This comprehensive view enables multi-layered protection that doesn't depend on consumers recognizing threats.F-Secure's partnership with telecom operators provides unique advantages in this model. Operators see network traffic, website visits, SMS messages, and communication patterns, giving them visibility into threat landscapes that individual security solutions cannot match. However, operators typically don't communicate their protective actions to customers, creating an opportunity for F-Secure to bridge this gap.The company combines operator-level data with device-level protection and user interface elements that inform consumers about threats blocked on their behalf. This creates what Vellikok describes as a "protective ring" around users' digital lives while maintaining transparency about security actions taken.Artificial intelligence and machine learning have been core to F-Secure's operations for over a decade, but recent advances enable more sophisticated predictive capabilities. The company processes massive data volumes to identify patterns and predict threats before they materialize. Vellikok estimates that within 18 to 24 months, F-Secure will be able to warn consumers three days in advance about likely scam attempts.This predictive approach represents a fundamental shift from reactive security to proactive protection. Instead of waiting for threats to appear and then blocking them, the system identifies risk patterns and steers users away from dangerous situations before threats fully develop.The AI integration also serves as a translation layer between technical security events and consumer-friendly communications. Rather than presenting technical alerts about blocked URLs or filtered emails, the system provides context about threats in language consumers can understand and act upon.F-Secure's evolution reflects broader industry recognition that consumer cybersecurity requires different approaches than enterprise security. While businesses can mandate security training and complex protocols, consumers operate in environments where convenience and simplicity drive adoption. The embedded security model acknowledges this reality while maintaining protection effectiveness.The company's global reach through operator partnerships positions it to address cybersecurity as a systemic challenge rather than an individual consumer problem. By aggregating threat data across millions of users and multiple communication channels, F-Secure creates network effects that improve protection for all users as the system learns from new attack patterns.Looking forward, Vellikok anticipates cybersecurity challenges will continue evolving in waves. Current focus on scam protection will likely shift to AI-driven threats, followed by quantum computing challenges. The embedded security model provides a framework for adapting to these changes while maintaining consumer protection without requiring users to understand or manage evolving threat landscapes. Learn more about F-Secure: https://itspm.ag/f-secure-2748Note: This story contains promotional content. Learn more. Guest: Dmitri Vellikok, Product and Business Development at F-Secure  On LinkedIn: https://www.linkedin.com/in/dmitrivellikok/ResourcesCompany Directory:https://www.itspmagazine.com/directory/f-secure Learn more about creating content with Sean Martin & Marco Ciappelli:  https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/purchase-programs Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥GUEST⬥Aunshul Rege, Director at The CARE Lab at Temple University | On Linkedin: https://www.linkedin.com/in/aunshul-rege-26526b59/⬥CO-HOST⬥Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Cybersecurity Is for Everyone — If We Teach It That WayCybersecurity impacts us all, yet most people still see it as a tech-centric domain reserved for experts in computer science or IT. Dr. Aunshul Rege, Associate Professor in the Department of Criminal Justice at Temple University, challenges that perception through her research, outreach, and education programs — all grounded in community, empathy, and human behavior.In this episode, Dr. Rege joins Sean Martin and co-host Julie Haney to share her multi-layered approach to cybersecurity awareness and education. Drawing from her unique background that spans computer science and criminology, she explains how understanding human behavior is critical to understanding and addressing digital risk.One powerful initiative she describes brings university students into the community to teach cyber hygiene to seniors — a demographic often left out of traditional training programs. These student-led sessions focus on practical topics like scams and password safety, delivered in clear, respectful, and engaging ways. The result? Not just education, but trust-building, conversation, and long-term community engagement.Dr. Rege also leads interdisciplinary social engineering competitions that invite students from diverse academic backgrounds — including theater, nursing, business, and criminal justice — to explore real-world cyber scenarios. These events prove that you don't need to code to contribute meaningfully to cybersecurity. You just need curiosity, communication skills, and a willingness to learn.Looking ahead, Temple University is launching a new Bachelor of Arts in Cybersecurity and Human Behavior — a program that weaves in community engagement, liberal arts, and applied practice to prepare students for real-world roles beyond traditional technical paths.If you're a security leader looking to improve awareness programs, a university educator shaping the next generation, or someone simply curious about where you fit in the cyber puzzle, this episode offers a fresh perspective: cybersecurity works best when it's human-first.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Dr. Aunshul Rege is an Associate Professor here, and much of her work is conducted under this department: https://liberalarts.temple.edu/academics/departments-and-programs/criminal-justiceTemple Digital Equity Plan (2022): https://www.phila.gov/media/20220412162153/Philadelphia-Digital-Equity-Plan-FINAL.pdfTemple University Digital Equity Center / Digital Access Center: https://news.temple.edu/news/2022-12-06/temple-launches-digital-equity-center-north-philadelphiaNICE Cybersecurity Workforce Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Aunshul Rege, Director at The CARE Lab at Temple University | On Linkedin: https://www.linkedin.com/in/aunshul-rege-26526b59/⬥CO-HOST⬥Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Cybersecurity Is for Everyone — If We Teach It That WayCybersecurity impacts us all, yet most people still see it as a tech-centric domain reserved for experts in computer science or IT. Dr. Aunshul Rege, Associate Professor in the Department of Criminal Justice at Temple University, challenges that perception through her research, outreach, and education programs — all grounded in community, empathy, and human behavior.In this episode, Dr. Rege joins Sean Martin and co-host Julie Haney to share her multi-layered approach to cybersecurity awareness and education. Drawing from her unique background that spans computer science and criminology, she explains how understanding human behavior is critical to understanding and addressing digital risk.One powerful initiative she describes brings university students into the community to teach cyber hygiene to seniors — a demographic often left out of traditional training programs. These student-led sessions focus on practical topics like scams and password safety, delivered in clear, respectful, and engaging ways. The result? Not just education, but trust-building, conversation, and long-term community engagement.Dr. Rege also leads interdisciplinary social engineering competitions that invite students from diverse academic backgrounds — including theater, nursing, business, and criminal justice — to explore real-world cyber scenarios. These events prove that you don't need to code to contribute meaningfully to cybersecurity. You just need curiosity, communication skills, and a willingness to learn.Looking ahead, Temple University is launching a new Bachelor of Arts in Cybersecurity and Human Behavior — a program that weaves in community engagement, liberal arts, and applied practice to prepare students for real-world roles beyond traditional technical paths.If you're a security leader looking to improve awareness programs, a university educator shaping the next generation, or someone simply curious about where you fit in the cyber puzzle, this episode offers a fresh perspective: cybersecurity works best when it's human-first.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Dr. Aunshul Rege is an Associate Professor here, and much of her work is conducted under this department: https://liberalarts.temple.edu/academics/departments-and-programs/criminal-justiceTemple Digital Equity Plan (2022): https://www.phila.gov/media/20220412162153/Philadelphia-Digital-Equity-Plan-FINAL.pdfTemple University Digital Equity Center / Digital Access Center: https://news.temple.edu/news/2022-12-06/temple-launches-digital-equity-center-north-philadelphiaNICE Cybersecurity Workforce Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Women make up only a fraction of the cybersecurity workforce—and many hit a career ceiling just 6 to 10 years in. At the same time, millions of cyber roles remain unfilled, and the talent gap keeps growing. Lynn Dohm, Executive Director of Women in CyberSecurity (WiCyS), is working to change that.In this episode, Lynn shares how WiCyS has grown from a single conference into a global nonprofit supporting 11,000+ members across 100 countries. She highlights groundbreaking research on the barriers women face in cyber, why skills-based advancement matters, and powerful success stories of women who've launched or transformed their careers through WiCyS programs.If you're passionate about advancing women in cyber, closing the talent gap, and building a stronger, more inclusive workforce, this conversation is one you won't want to miss.WiCyS Cyber Talent Study: https://www.wicys.org/initiatives/the-wicys-cyber-talent-study/Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

This week on Reimagining Cyber, we unpack one of the biggest supply chain attacks of the year: the NPM hack. Attackers compromised widely used packages like Chalk and Debug—billions of weekly downloads—slipping in code that silently hijacked crypto transactions. Tyler Moffitt joins us to explain how it happened, who's most at risk, and the practical steps every developer and security leader should take right now.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Faith Kent. Together, they delve into the critical role of effective communication, the art of role adaptation, and the psychological dynamics in crisis situations. The conversation highlights the importance of proactive preparedness and fostering trust within teams to tackle challenges with confidence. [Sept 15, 2025]   00:00 - Intro 00:42 - Faith Kent Intro 01:21 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:09 - Breaking & Entering 04:45 - Blending In 07:45 - Frank's Computer 10:13 - Unusual Communications 12:17 - Cochlear Implant 14:19 - Ethical Boundaries 16:11 - Community Pride 18:00 - Leaning Into the Discomfort 21:57 - Not an Afterthought 23:08 - Diversity for Security 27:00 – Trust, But Verify (Always) 28:23 - Wrap Up -          Deaf Gain: Raising the Stakes for Human Diversity -          https://gallaudet.edu/deaf-president-now/ -          https://www.lifeprint.com/ 29:03 - Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

Headlines claimed that 2.5 billion Gmail accounts were hacked—but what really happened? In this episode of Reimagining Cyber, Ben and threat intelligence expert Tyler Moffitt break down the facts behind the so called Gmail hackYou'll hear how cybercrime group ShinyHunters exploited a Salesforce system linked to Google—not Gmail itself—and why misleading headlines fueled unnecessary panic. We explore:How attackers tricked a Google employee through social engineeringWhy verified contact data is a goldmine for phishing and vishing campaignsThe growing trend of targeting people, not systemsPractical defenses you can take—passkeys, two-factor authentication, security checkups, and phishing awarenessTune in to understand what really happened, why it matters, and what you can do to stay secure in a world where perception spreads faster than facts.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

Cyber resilience goes beyond checkboxes. In this episode, cybersecurity veteran Jerod Brennen (virtual CISO, executive advisor, and indie filmmaker) joins Rob Aragao to explore how storytelling, culture, and business alignment turn security into a true business enabler. Real-world lessons and practical steps help you shift from traditional cybersecurity to resilience.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). A look back at issue #1 of BYTE magazine exactly 50 years ago The enforcement of the SHAKEN & STIR Telecom protocols Breaking: Judge rules against forced Google divestitures in monopoly case The inherent danger of consolidating authentication Can AI be controlled? Vivaldi says a big "no" to AI-enhanced web browsers How WhatsApp figured into Apple's recent 0-day attacks Leveraging AI as an attack aid The latest TransUnion data breach Two scummy websites sue the UK over age requirements OpenSSH reminds its users to adopt post-quantum crypto The DOD uses open source maintained by a Russian national Much great feedback from our terrific listeners Sci-Fi news from "The Frontiers Saga" Ryk Brown Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twit threatlocker.com/twit bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT

AI Dependency Crisis + EV Infrastructure Failures: Tech Reality Check 2025When Two Infrastructure Promises Collide with RealityThe promise was simple: AI would augment human intelligence, and electric vehicles would transform transportation. The reality in 2025? Both are hitting infrastructure walls that expose uncomfortable truths about how technology actually scales.Sean Martin and Marco Ciappelli didn't plan to connect these dots in their latest Random and Unscripted weekly recap, but the conversation naturally evolved from AI dependency concerns to electric vehicle infrastructure challenges—revealing how both represent the same fundamental problem: mistaking technological capability for systemic readiness."The AI is telling us what success looks like and we're measuring against that, and who knows if it's right or wrong," Sean observed, describing what's become an AI dependency crisis in cybersecurity teams. Organizations aren't just using AI as a tool; they're letting it define their decision-making frameworks without maintaining the critical thinking skills to evaluate those frameworks.Marco connected this to their recent Black Cat analysis, describing the "paradox loop"—where teams lose both the ability to take independent action and think clearly because they're constantly feeding questions to AI, creating echo chambers of circular reasoning. "We're gonna be screwed," he said with characteristic directness. "We go back to something being magic again."This isn't academic hand-wringing. Both hosts developed their expertise when understanding fundamental technology was mandatory—when you had to grasp cables, connections, and core systems to make anything work. Their concern is for teams that might never develop that foundational knowledge, mistaking AI convenience for actual competence.The electric vehicle discussion, triggered by Marco's conversation with Swedish consultant Matt Larson, revealed parallel infrastructure failures. "Upgrading to electric vehicles isn't like updating software," Sean noted, recalling his own experience renting an EV and losing an hour to charging—"That's not how you're gonna sell it."Larson's suggestion of an "Apollo Program" for EV infrastructure acknowledges what the industry often ignores: some technological transitions require massive, coordinated investment beyond individual company capabilities. The cars work; the surrounding ecosystem barely exists. Sound familiar to anyone implementing AI without considering organizational infrastructure?From his Object First webinar on backup systems, Sean extracted a deceptively simple insight: immutability matters precisely because bad actors specifically target backups to enable ransomware success. "You might think you're safe and resilient until something happens and you realize you're not."Marco's philosophical take—comparing immutable backups to never stepping in the same river twice—highlights why both cybersecurity and infrastructure transitions demand unchanging foundations even as everything else evolves rapidly.The episode's most significant development was their expanded event coverage announcement. Moving beyond traditional cybersecurity conferences to cover IBC Amsterdam (broadcasting technology since 1967), automotive security events, gaming conferences, and virtual reality gatherings represents recognition that infrastructure challenges cross every industry."That's where things really get interesting," Sean noted about broader tech events. When cybersecurity professionals only discuss security in isolation, they miss how infrastructure problems manifest across music production, autonomous vehicles, live streaming, and emerging technologies.Both AI dependency and EV infrastructure failures share the same root cause: assuming technological capability automatically translates to systemic implementation. The gap between "this works in a lab" and "this works in reality" represents the most critical challenge facing technology leaders in 2025.Their call to action extends beyond cybersecurity: if you know about events that address infrastructure challenges at the intersection of technology and society, reach out. The "usual suspects" of security conferences aren't where these broader infrastructure conversations are happening.What infrastructure gaps are you seeing between technology promises and implementation reality? Join the conversation on LinkedIn or connect through ITSP Magazine.________________Hosts links:

A ransomware attack shut down St. Paul, Minnesota—forcing a state of emergency and even the calling in of the National Guard. Cybersecurity expert Tyler Moffitt unpacks how it happened, who was behind it, and what cities and individuals can learn to avoid becoming the next target.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think Random and Unscripted Weekly Update Podcast with Sean Martin and Marco Ciappelli__________________SummarySean and Marco dissect Black Hat USA 2025, where every vendor claimed to have "agentic AI" solutions. They expose how marketing buzzwords create noise that frustrates CISOs seeking real value. Marco references the Greek myth of Talos - an ancient AI robot that seemed invincible until one fatal flaw destroyed it - as a metaphor for today's overinflated AI promises. The discussion spirals into deeper concerns: are we becoming too dependent on AI decision-making? They warn about echo chambers, lowest common denominators, and losing our ability to think critically. The solution? Stop selling perfection, embrace product limitations, and keep humans in control. __________________10 Notable QuotesSean:"It's hard for them to siphon the noise. Sift through the noise, I should say, and figure out what the heck is really going on.""If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make things better.""We'll stop thinking and we won't use it as a tool to make our minds better, to make our decisions better.""We are told then that this is the reality. This is what good looks like.""Maybe there's a different way to even look at things. So it's kind of become uniform... a very low common denominator that is just good enough for everybody."Marco:"Do you really wanna trust the weapon to just go and shoot everybody? At least you can tell it's a human factor and that's the people that ultimately decide.""If we don't make decision anymore, we're gonna turn out in a lot of those sci-fi stories, like the time machine where we become dumb.""We all perceive reality to be different from what it is, and then it creates a circular knowledge learning where we use AI to create the knowledge, then to ask the question, then to give the answers.""We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head.""You're selling the illusion of security and that could be something that then you replicate in other industries." Picture this: You walk into the world's largest cybersecurity conference, and every single vendor booth is screaming the same thing – "agentic AI." Different companies, different products, but somehow they all taste like the same marketing milkshake.That's exactly what Sean Martin and Marco Ciappelli witnessed at Black Hat USA 2025, and their latest Random and Unscripted with Sean and Marco episode pulls no punches in exposing what's really happening behind the buzzwords."Marketing just took all the cool technology that each vendor had, put it in a blender and made a shake that just tastes the same," Marco reveals on Random and Unscripted with Sean and Marco, describing how the conference floor felt like one giant echo chamber where innovation got lost in translation.But this isn't just another rant about marketing speak. The Random and Unscripted with Sean and Marco conversation takes a darker turn when Marco introduces the ancient Greek myth of Talos – a bronze giant powered by divine ichor who was tasked with autonomously defending Crete. Powerful, seemingly invincible, until one small vulnerability brought the entire system crashing down.Sound familiar?"Do you really wanna trust the weapon to just go and shoot everybody?" Marco asks, drawing parallels between ancient mythology and today's rush to hand over decision-making to AI systems we don't fully understand.Sean, meanwhile, talked to frustrated CISOs throughout the event who shared a common complaint: "It's hard for them to sift through the noise and figure out what the heck is really going on." When every vendor claims their AI is autonomous and perfect, how do you choose? How do you even know what you're buying?The real danger, they argue on Random and Unscripted with Sean and Marco, isn't just bad purchasing decisions. It's what happens when we stop thinking altogether."If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make our minds better," Sean warns. We risk settling for what he calls the "lowest common denominator" – a world where AI tells us what success looks like, and we never question whether we could do better.Marco goes even further, describing a "circular knowledge learning" trap where "we use AI to create the knowledge, then to ask the question, then to give the answers." The result? "We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."Their solution isn't to abandon AI – it's to get honest about what it can and can't do. "Stop looking for the easy button and stop selling the easy button," Marco urges vendors on Random and Unscripted with Sean and Marco. "Your product is probably as good as it is."Sean adds: "Don't be afraid to share your blemishes, share your weaknesses. Share your gaps."Because here's the thing CISOs know that vendors often forget: "CISOs are not stupid. They talk to each other. The truth will come out."In an industry built on protecting against deception, maybe it's time to stop deceiving ourselves about what AI can actually deliver. ________________ Keywordscybersecurity, artificialintelligence, blackhat2025, agentic, ai, marketing, ciso, cybersec, infosec, technology, leadership, vendor, innovation, automation, security, tech, AI, machinelearning, enterprise, business________________Hosts links:

 In this episode of Reimagining Cyber, host Rob Aragao sits down with Betsy Cooper, Director of the Aspen Policy Academy. Betsy shares how the Academy is helping to train cybersecurity professionals to effectively engage with and influence public policy. They discuss the importance of civic engagement, the need for technical voices in policymaking, and how the Academy fills a critical gap by offering accessible, actionable training for both experts and everyday citizens. Real-world success stories—including efforts to improve scam reporting tools for older adults and developing cybersecurity baselines for medical devices—highlight the Academy's impact. Betsy also introduces a new initiative focused on cyber civic engagement to empower communities across the country.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

At Black Hat USA, cybersecurity experts revealed an eye-opening case of billion-dollar scams hiding in plain sight. In this episode, Ben is joined by cyber threat expert Tyler Moffitt to unpack the world of malicious ad tech, where criminal networks run like Fortune 500 companies. From the VexTrio traffic distribution system to its flashy partner network Los Pollos, discover how cybercriminals hijack legitimate ad frameworks to push fake apps, push notification scams, and credit card traps—while flaunting their wealth on Instagram. Learn why this form of organized cybercrime is so hard to shut down, and why your next redirect might not be as harmless as it looks.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

In this episode of Reimagining Cyber, host Rob Aragao sits down with cybersecurity executive and domain security expert Ihab Shraim to spotlight one of the most overlooked yet critical areas of cyber risk—fraudulent domain registrations and DNS hijacking. As the digital attack surface expands, bad actors are exploiting unmonitored domain portfolios and exposed DNS infrastructure to launch phishing campaigns, malware distribution, and business email compromise—all while flying under the radar of traditional security tools.Ihab explains why domain risk is a foundational weakness in many organizations' security postures and argues that without domain security, cybersecurity is incomplete. From shadow IT and orphaned domains to poor DNS hygiene and lack of domain portfolio governance, Ihab outlines the blind spots that make companies vulnerable—and provides actionable strategies CISOs and security leaders must adopt to regain control.Whether you're managing brand reputation, protecting customer trust, or looking to tighten your security fundamentals, this episode delivers an eye-opening exploration into why domain risk needs to be a board-level conversation.Key Takeaways:Why domain name portfolios are a high ROI target for cybercriminalsThe dangers of DNS exposure and subdomain hijackingHow social media abuse and unauthorized resellers magnify brand riskWhy domain monitoring, locking, and defensive registrations are essentialThe case for making CISOs accountable for domain strategy and protectionFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

ITSPmagazine Weekly Update | From Black Hat to Black Sabbath / Ozzy: AI Agents and Guitars (again!) + Entry Level Cybersecurity Jobs, Robots Evolution, and the Weekly Recap You Didn't Expect  -  On Marco & Sean's Random & Unscripted Podcast  __________________Marco Ciappelli and Sean Martin are back with another random and unscripted weekly recap—from pre-Black Hat buzz and AI agents to vintage wood guitars, talent gaps, and Glen Miller debates. This week's reflection hits tech, music, and philosophy in all the right ways. Tune in, ramble with us, and subscribe. __________________Full Blog Article This week's recap was a ride.Sean and I kicked things off with the big news: we're officially consistent. Weekly recap number… I lost count. But we're doing it. We covered what ITSPmagazine's been working on, what we've been publishing, and where our minds are wandering lately (spoiler: everywhere).Black Hat USA 2025 is just around the corner, and we're deep into prep mode. I even bought a paper map. Why? I don't know. But we've got some great pre-event conversations already out—like our annual chat with Black Hat GM Steve Wylie, plus briefings with Dropzone AI (get ready for “agentic automation” to be the next big buzzword) and Akamai (yes, bots and APIs again, but with a solid strategy twist).We also talked about a fantastic episode Sean did on resonance and reinvention—featuring Cindy, a luthier in NYC who builds custom guitars using century-old beams from historic buildings. The pickups even use the old nails. Music and wood with a past life. It's beautiful stuff.Speaking of stories, I officially closed down the Storytelling podcast. But don't worry—I'm still telling stories. I've just shifted focus to “Redefining Society and Technology,” my newsletter and podcast series where I explore how humans and tech evolve together. This week's edition tackled the merging of humans and machines as a new species. Isaac Asimov meets Andy Clark.We also got a bit philosophical about AI and jobs. If machines take over the “easy” roles, where do humans begin? Are we cutting off our own training paths?Sean's episode with John Solomon dug into the cybersecurity hiring crisis—challenging the idea that we have a “talent gap.” The real issue? We're not hiring or nurturing people properly.Oh, and I finally released my long-overdue interview with Michael Sheldrick from Global Citizen. Music. Social impact. Doing good. It's all there. I'm honored to support even a small piece of what he's building.And yes… Ozzy. RIP. Music never dies.So if you're into random reflections with meaning, tech with humanity, and stories that don't always follow the rules—subscribe, share, and join the ride.See you in Vegas. Or the future. Or somewhere in between.________________ KeywordsBlack Hat USA 2025, ITSPmagazine recap, Marco Ciappelli, Sean Martin, cybersecurity podcast, AI in cybersecurity, agentic automation, Dropzone AI, Akamai APIs, HITRUST security, Global Citizen, Michael Sheldrick, storytelling podcast, Redefining Society, Andy Clark, Isaac Asimov, human-machine evolution, cybersecurity talent gap, custom guitar NYC, Ozzy tributeHosts links: