POPULARITY
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 132: Solving Problems at Scale: Kenny Mesker on OT Cybersecurity Strategy, Risk, and LeadershipPub date: 2026-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKenny Mesker, OT Cybersecurity Strategist and Distinguished Engineer at Chevron, joins Derek Harp to share his remarkable journey from growing up on a farm in West Texas to becoming one of the industry's leading voices in operational technology (OT) cybersecurity.With more than 30 years of experience spanning electric utilities, SCADA systems, industrial control systems, and cybersecurity, Kenny reflects on the evolution of OT security from the days of air-gapped networks to today's interconnected digital environments. He discusses how a passion for problem-solving led him from electrical engineering into industrial operations and ultimately into cybersecurity strategy.Kenny offers practical advice for professionals looking to enter the OT cybersecurity field, explaining why hands-on operational experience remains one of the most valuable foundations for success. He also explores the challenges of IT/OT convergence, the importance of risk assessment, and how cybersecurity leaders must think beyond individual systems to protect entire organizations and critical infrastructure.Looking ahead, Kenny shares his perspective on artificial intelligence, cloud technologies, and the future of OT architectures, highlighting both the opportunities and challenges these emerging technologies will bring to industrial environments.Whether you're an engineer, cybersecurity professional, student, or industry leader, this episode provides valuable insights into building a successful OT cybersecurity career while helping protect the systems that power modern society.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Kenny Mesker, OT Cybersecurity Strategist and Distinguished Engineer at Chevron, joins Derek Harp to share his remarkable journey from growing up on a farm in West Texas to becoming one of the industry's leading voices in operational technology (OT) cybersecurity.With more than 30 years of experience spanning electric utilities, SCADA systems, industrial control systems, and cybersecurity, Kenny reflects on the evolution of OT security from the days of air-gapped networks to today's interconnected digital environments. He discusses how a passion for problem-solving led him from electrical engineering into industrial operations and ultimately into cybersecurity strategy.Kenny offers practical advice for professionals looking to enter the OT cybersecurity field, explaining why hands-on operational experience remains one of the most valuable foundations for success. He also explores the challenges of IT/OT convergence, the importance of risk assessment, and how cybersecurity leaders must think beyond individual systems to protect entire organizations and critical infrastructure.Looking ahead, Kenny shares his perspective on artificial intelligence, cloud technologies, and the future of OT architectures, highlighting both the opportunities and challenges these emerging technologies will bring to industrial environments.Whether you're an engineer, cybersecurity professional, student, or industry leader, this episode provides valuable insights into building a successful OT cybersecurity career while helping protect the systems that power modern society.
Enterprise strategists need to worry about securing their environments against AI-powered attacks. John and Johna discuss what cybersecurity and IT leaders need to consider in developing a cybersecurity strategy that addresses AI-augmented threats as well as how to use AI defensively … and why AI attacks can be like a duckbilled platypus. AdSpot Sponsor: Meter... Read more »
Enterprise strategists need to worry about securing their environments against AI-powered attacks. John and Johna discuss what cybersecurity and IT leaders need to consider in developing a cybersecurity strategy that addresses AI-augmented threats as well as how to use AI defensively … and why AI attacks can be like a duckbilled platypus. AdSpot Sponsor: Meter... Read more »
In episode one of our 2026 CDW Canadian Cybersecurity Study series, Ivo Wiens and Ben Boi‑Doku explore how cybersecurity has become a board‑level priority and why increased funding now comes with higher expectations. As budgets grow, leaders are demanding measurable proof of risk reduction, not just security activity. This episode breaks down practical ways to quantify cyber risk, from KRIs and vulnerability management to financial risk frameworks, helping security teams connect technical efforts to real business outcomes. To learn more, visit cdw.ca Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Welcome to the CanadianSME Small Business Podcast, hosted by Kripa Anand. Today, we explore why cybersecurity is no longer just about buying the latest software. In 2026, real protection comes from aligning people, processes, and technology to build true cyber resilience. Joining us is Brandon Krieger, President and CEO of KNSS Consulting Group. With more than 20 years of cybersecurity experience, Brandon works as a Fractional vCISO helping organizations turn security into a business enabler while guiding leaders through the realities of ransomware and risk management. Key Highlights The Silver Bullet Myth: Why most breaches occur due to human and process gaps rather than technology failures. Realistic Security: What practical and achievable cybersecurity looks like for growing businesses. Outcomes Over Compliance: How leaders can focus on real security results instead of checklist driven frameworks. Ransomware Readiness: How organizations should prepare for and respond to modern cyber attacks. Executive Cyber Awareness: The common cybersecurity myths that still mislead business leaders. Special Thanks to Our Partners: UPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWA Google: https://www.google.ca/ ADP Canada: https://www.adp.ca/en.aspx For more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age! Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.
Is the RSA Conference floor a visionary glimpse into the future, or just an "AI blender" where every vendor tastes the same? Join hosts Marco Ciappelli and Sean Martin as they sit down with industry heavyweights Theresa Lanowitz and Joe Carson to dissect the real sentiment of RSAC 2026. Key Discussion Points: The AI Agent Explosion: Everyone says they can secure your agents, but is there any actual differentiation? Keynote Insights: A breakdown of George Kurtz's CrowdStrike keynote on "Full Throttle" AI vs. total fear. The "Mushroom" Metaphor: Why AI is like a power-up in Super Mario Kart—it makes you go faster, but it doesn't make you a better driver. The Marketing Disconnect: Why vendor messaging is failing to map to the actual "to-do lists" of modern CISOs. Niche Power: Why the most innovative solutions are often found on the perimeter of the expo floor. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Welcome to the CanadianSME Small Business Podcast, hosted by Maheen Bari. In this episode, the focus shifts from traditional IT uptime to intelligence driven technology, cybersecurity accountability, and responsible AI adoption in 2026. Our guest is Daniel Mitchell, Founder and CEO of Alt-Tech Inc. and Co-Founder of MIP Global. With a background in national security investigations and executive education from Harvard, Daniel shares how intelligence, governance, and strategy must converge to power modern business leadership. Key Highlights From Public Safety to Business Strategy: How investigative experience shaped a people first philosophy in technology leadership. Intelligence Driven Advisory: What modern advisory means when data, risk, and AI intersect. Responsible AI Adoption: How to implement AI with governance, clarity, and measurable value. Modernizing with Confidence: Where non technical leaders should focus first in IT and cybersecurity upgrades. Behind the Firewall 2026: What the new series brings to leaders seeking clarity in a complex digital world. Special Thanks to Our Partners: UPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWA Google: https://www.google.ca/ A1 Global College: https://a1globalcollege.ca/ ADP Canada: https://www.adp.ca/en.aspx For more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age! Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.
The Trump administration has released a national cybersecurity strategy that commits to strengthening defenses through six core pillars: employing more offensive cyber operations, streamlining regulations, modernizing and protecting federal networks, securing critical infrastructure, leading in new technologies, and developing talent. In this episode, Rob Sheldon, Sr. Director of Public Policy and Strategy at CrowdStrike, joins Adam and Cristian for a deep dive into three of the pillars that are top of mind for them: offensive cyber operations, updating federal systems, and protecting critical infrastructure. They discuss why these are difficult problems to solve and key considerations for how to approach them, including relevant threat activity and the involvement of the private sector. Though they could have talked about this for hours, this is a busy team! Check out the full cybersecurity strategy text for more details. [https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf] Interested in government cybersecurity? Register here for Fal.Con Gov 2026, taking place March 18 in Washington, D.C. [https://www.crowdstrike.com/en-us/events/fal-con/gov/register/]
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-447
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-447
Podcast: Industrial Cybersecurity InsiderEpisode: Your OT Cybersecurity Strategy Is Failing: Here's WhyPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
In this episode, we are joined by Professor Ciaran Martin, one of the globe's leading cyber thought leaders. He is often called upon by Governments, Government agencies and the private sector alike. He is also currently taking a leading educational role, demystifying the cyber space. Ciaran was the former head of the National Cyber Security Centre in the UK and played a critical role supporting the Australian Government in the creation of the Cyber Security Strategy. Our discussion with Ciaran was so interesting that we have broken it into two. In this part 1, we talk about Ciaran's various roles and how he has become such an important voice in the cybersphere. We also talk about the impact of geopolitics on the cyber threat. We know you are going to enjoy this discussion. Here we go...
Podcast: Critical Assets PodcastEpisode: Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric SectorPub date: 2026-02-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the Policy Pulse Panel, a new monthly series within the Critical Assets Podcast. Hosted by Patrick Miller (Ampyx Cyber), Earl Shockley (CEO, Inpowerd), and Joy Ditto (CEO, Joy Ditto Consulting), this recurring panel dives into the most significant policy shifts and regulatory developments impacting critical infrastructure, operational technology (OT), and industrial cybersecurity. Each month, we unpack emerging legislation, agency actions, and standards updates - connecting the dots between policy and the practical realities faced by asset owners, utilities, vendors, and government partners. If you're trying to stay ahead of your auditors and your legislators, this is your monthly must-listen.https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sectorThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Safe Mode Podcast (LS 25 · TOP 10% what is this?)Episode: Opportunistic by Default: How OT gets pulled into the blast radiusPub date: 2026-01-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Safe Mode, we look at how opportunistic campaigns—often starting as loud disruption like DDoS—can probe for weak points and, in some cases, move closer to operational technology and industrial control systems. Using a recent Justice Department case tied to pro‑Russia hacktivist groups as a jumping-off point, we discuss what this pattern says about the OT threat landscape in 2025, from remote access and trust boundaries to engineering workflows and data integrity risk. Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, joins to explain what defenders should prioritize now to keep “noise” from becoming real-world operational impact.The podcast and artwork embedded on this page are from Safe Mode Podcast, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker
Japanese Prime Minister Sanae Takaichi's government plans to adopt a new cybersecurity strategy next month that calls for necessary measures to address foreign threats such as election interference.
The Trump administration is starting to develop a new National Cyber Security Strategy. Several presidential administrations, including Trump's first, have tried to get their arms around securing US interests in cyberspace, but digital threats to agencies and critical infrastructure have only gotten worse, while artificial intelligence is posing a whole new set of challenges. For more on how the White House is addressing those issues, Federal News Network's Justin Doubleday.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Jamie Crotts, CIO of the House of Representatives, details how a zero-trust assessment reshaped a three-year internal technology roadmap, while securing a nationwide enterprise of over 900 district offices with consistent, user-friendly access. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
In this episode of the Cyber Uncut podcast, Daniel Croft and David Hollingworth touch on the latest in AI news, concerning developments in the world of cyber crime, and recommendations by the Law Council of Australia regarding the next phase of the nation's Cyber Security Strategy. Croft and Hollingworth begin by discussing eSafety and changes made to the Online Safety Act to ensure that young children are less vulnerable to the dangers of sexually explicit and other AI chatbots. The pair then discuss the dramatic increase in ransomware attacks worldwide and in Australia, as well as the Australian Cyber Security Centre's alarm over a year-old vulnerability being exploited against Australian organisations. Croft and Hollingworth then discuss the ongoing Jaguar Land Rover cyber attack, with data now confirmed compromised and an impact that could last until at least next month. Finally, the two discuss the Law Council of Australia's recommendations for Horizon 2 of the Australian Cyber Security Strategy, which suggest that small businesses should have their cyber security subsidised. Enjoy the episode, The Cyber Uncut team
Think cybersecurity is just an IT issue? Think again. Eden Data founder & CEO, Taylor Hersom, joins us to expose how security is no longer just about avoiding breaches — it's a powerful tool for building customer trust, boosting sales, and standing out in a crowded market.He shares why smart companies are making cybersecurity part of the brand conversation and how marketing and CX leaders can leverage security to win hearts (and wallets). We also dig into the uncomfortable truth that most data breaches aren't the work of sophisticated hackers — they're caused by everyday human mistakes.From the surprising details behind the Coinbase breach to the silent risks of AI misuse, Taylor pulls back the curtain on what's really threatening your customer experience. If you think your team is in the clear, this episode might change your mind. Key Moments:00:00 Who is Taylor Hersom, Founder & CEO of Eden Data?04:39 Taylor's Journey to Cybersecurity07:49 Building & Scaling Eden Data29:53 Current Cybersecurity Threats39:20 Client Engagement and Cybersecurity as a Sales Strategy45:56 Cybersecurity Training and Human Error47:54 Leveraging AI in Cybersecurity50:32 Future Threats and Everyday Security Tips57:43 Recovering Trust After a Data Breach59:35 Building a Culture of Cybersecurity –Are your teams facing growing demands? Join CX leaders transforming their AI strategy with Agentforce. Start achieving your ambitious goals. Visit salesforce.com/agentforce Mission.org is a media studio producing content alongside world-class clients. Learn more at mission.org
Send us a textThe Importance of Managerial Controls in Cybersecurity: Insights from 1978In this episode of Doctor's Advice, Dr. B discusses the critical idea presented by Steward Madnick in 1978, emphasizing that computer security can't rely solely on technical measures. Dr. B explains how operational computer security requires managerial controls, such as policies, standards, and procedures. The conversation highlights the importance of prioritizing the protection of systems that align with corporate objectives and customer service rather than randomly patching vulnerabilities. Dr. B urges examining internal processes and adapting strategies to focus on mission-based cybersecurity, especially in today's environment where deploying numerous systems and services through cloud computing has become remarkably easy.00:00 Introduction to Computer Security00:32 Madnick's 1978 Insight on Managerial Controls01:27 The Importance of Prioritizing Vulnerabilities03:28 Mission-Based Cybersecurity03:37 Challenges in Modern Cybersecurity04:29 The Need for Strategic Cybersecurity04:53 Criticality of Production Systems05:33 Reflecting on 1978 Principles in 202506:23 Final Thoughts and Call to Action07:25 Conclusion and Subscription ReminderDr. B.
Can Generative AI Be Secured? Amazon's Chief Security Officer Weighs In In this episode of Eye on AI, Amazon's Chief Security Officer Stephen Schmidt pulls back the curtain on how Amazon is using AI-powered cybersecurity to defend against real-world threats. From global honeypots to intelligent alarm systems and secure AI agent networks, Steve shares never-before-heard details on how Amazon is protecting both its infrastructure and your data in the age of generative AI. We dive deep into: Amazon's MadPot honeypot network and how it tracks adversaries in 90 seconds The role of AI in threat detection, alarm triage, and code validation Why open-source vs. closed-source models are a real security debate The critical need for data privacy, secure LLM usage, and agent oversight Amazon's $5M+ Nova Trusted AI Challenge to battle adversarial code generation Whether you're building AI tools, deploying models at scale, or just want to understand how the future of cybersecurity is evolving—this episode is a must-listen. Don't forget to like, subscribe, and turn on notifications to stay updated on the latest in AI, security, and innovation. Stay Updated: Craig Smith on X:https://x.com/craigss Eye on A.I. on X: https://x.com/EyeOn_AI (00:00) Preview (00:52) Stephen Schmidt's Role and Background at Amazon (02:11) Inside Amazon's Global Honeypot Network (MadPot) (05:26) How Amazon Shares Threat Intel Through GuardDuty (08:06) Are Cybercriminals Using AI? (10:28) Open Source vs Closed Source AI Security Debate (13:09) What Is Amazon GuardDuty (17:44) How Amazon Protects Customer Data at Scale (20:18) Can Autonomous AI Agents Handle Security? (25:14) How Amazon Empowers SMBs with Agent-Driven Security (26:18) What Tools Power Amazon's Security Agents? (29:25) AI Security Basics (35:34) Securing AI-Generated Code (37:26) Are Models Learning from Our Queries? (39:44) Risks of Agent-to-Agent Data Sharing (42:08) Inside the $5M Nova Trusted AI Security Challenge (47:01) Supply Chain Attacks and State Actor Tactics (51:32) How Many True Adversaries Are Out There? (53:04) What Everyone Needs to Know About AI Security
In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Julie Chatman. Julie is a distinguished cybersecurity executive with nearly two decades of experience in cybersecurity strategy, risk management, and AI governance. She began her career in the U.S. Navy, serving on active duty as a Hospital Corpsman specializing in Medical Laboratory Science & Technology. Her transition into cybersecurity began at the FBI, where strong mentorship shaped her approach to leadership, problem solving, and talent development. She currently serves as the Deputy Chief Information Security Officer for Finance at the Virginia Information Technologies Agency (VITA), where she is focused on driving risk reduction across state agencies. The role is part of a strategic engagement through her company, ResilientTech Advisors. Julie leads CyberPath Coaching, where she draws on her experience as an active CISO to mentor cybersecurity professionals, accelerate their growth, and prepare them for executive roles. She works with individuals breaking into the field, mid-career professionals, aspiring CISOs, and cybersecurity entrepreneurs. [May 19, 2025] 00:00 - Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:03 - Julie Chatman Intro 03:14 - A Hungry Brain 04:25 - We Are Mushroomed 05:54 - Being an Enabler 10:13 - Speak Their Language 13:33 - Assigning Responsibility 16:05 - A Tool, Not a Replacement 20:35 - Career Challenges 22:40 - Strategic Empathy 23:46 - Setting Boundaries 24:15 - Narrative Control 25:38 - Staying Positive 29:39 - The Target is the Same 32:09 - Book Recommendations - World War Z - Max Brooks 33:20 - Mentors - MB Kinder - Martha Williams 35:14 - Find Julie Chatman Online - Website: cyberpathcoaching.net - LinkedIn: linkedin.com/in/julie-chatman-mba-infosec 35:54 Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams. Resources: View Christina Morillo on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
summaryIn this episode of No Password Required, host Jack Clabby and guest Trevor Hillegas discuss various aspects of cybersecurity, including the transition from military service to the private sector, the importance of leadership in tech, and the misconceptions surrounding cyber threats. Trevor shares insights from his career, emphasizing the need for a proactive approach to cybersecurity and the value of empowering teams to innovate and learn from failures. In this engaging conversation, the speakers delve into memorable experiences in cybersecurity, including impactful interactions and the importance of sharing knowledge. They explore personal preferences through a fun lifestyle polygraph segment, discussing walk-up songs, breakfast favorites, and nerd culture. The conversation also touches on the lighter side of cybersecurity with prank calls and the dynamics of building an escape room team. The episode concludes with contact information and an invitation to connect further.takeawaysTrevor emphasizes the importance of metaphors in understanding cybersecurity.The public often fears sophisticated threats while ignoring more common dangers.Leadership in cybersecurity should focus on empowering teams rather than micromanaging.A proactive approach in cybersecurity can prevent victimization before it occurs.Technical leaders should understand core concepts to effectively guide their teams.Misconceptions about cyber criminals often stem from Hollywood portrayals.The military experience can significantly shape leadership styles in tech.Daily life in cybersecurity involves constant learning and adaptation.Sophistication in cyber threats does not always correlate with success.Cybersecurity is about both fighting threats and fortifying defenses. Memorable interactions can lead to impactful collaborations in cybersecurity.Sharing knowledge can help mitigate cyber threats effectively.Personal preferences can reveal a lot about an individual's character.Walk-up songs can reflect one's personality and professional identity.Breakfast choices can be a blend of cultural influences and personal tastes.Building a team for an escape room requires diverse skills and personalities.Nerd culture can foster connections and shared interests among individuals.Prank calls can be a humorous way to engage with public figures.Culinary competitions highlight the absurdity of turning survival into entertainment.Networking in cybersecurity can lead to unexpected opportunities.titlesCybersecurity Connections: Memorable MomentsThe Lifestyle Polygraph: Fun and InsightsWalk-Up Songs: A Reflection of IdentityBreakfast Favorites: A Culinary JourneySound Bites"Tell them what needs to get done.""Empower your people to fail.""We can stop that identity theft.""I was in Europe giving a talk.""I sent him everything that we had.""I would get Jack Sparrow.""I love Star Wars.""I would call Gordon Ramsey."Chapters00:00 Introduction to Cybersecurity Insights02:54 Career Path and Unexpected Experiences05:55 Transitioning from Military to Cybersecurity09:07 Daily Life at Spy Cloud12:12 Leadership Philosophy and Management Style14:53 The Nature of Cyber Threats17:50 Technical Skills in Leadership20:52 Misconceptions About Cyber Criminals25:32 Memorable Cybersecurity Interactions28:12 Lifestyle Polygraph Introduction28:35 Walk-Up Songs and Personal Preferences32:07 Breakfast Favorites and Culinary Influences34:40 Building the Ultimate Escape Room Team37:36 Nerd Culture and Personal Interests39:02 Prank Calls and Culinary Competitions41:20 Closing Thoughts and Contact Information
US federal funding cuts to the cybersecurity center that serves state and local government entities has raised concern about vulnerabilities in these decentralized systems. Netta Squires, President of Government Affairs, Cybersecurity Strategy, and Enterprise Resilience at Open District Solutions, told KAN reporter Naomi Segal that the situation has created an opportunity for Israeli startups to collaborate more closely with US state and local authorities to deliver cybersecurity solutions. Squires is currently in Israel attending Cybertech Global Tel Aviv. (Photo: Courtesy)See omnystudio.com/listener for privacy information.
What does it truly mean to "never trust, always verify"? In this episode of Tech Talks Daily, I'm joined by John Kindervag, Senior Vice President of Cybersecurity Strategy at Illumio and the pioneer of the Zero Trust approach to cybersecurity. With cyber threats evolving at an unprecedented rate, John argues that Zero Trust is no longer optional for organisations moving to cloud-based environments—it's a necessity. John explains why the traditional trust-based approach to cybersecurity is obsolete and shares actionable insights on adopting a Zero Trust strategy. He highlights the critical steps in implementing Zero Trust, emphasizing the importance of starting small with Protect Surfaces and flow maps to create manageable, effective security policies. Through real-world examples, he demonstrates how organisations have reduced their attack surfaces by up to 90% by embracing this model. We also explore common pitfalls, such as attempting to implement Zero Trust all at once, and how incremental changes can set the stage for long-term success. John sheds light on how Zero Trust dramatically enhances an organisation's resilience against cyberattacks, providing continuous monitoring and automated policies to safeguard critical assets in an increasingly cloud-driven world. How can organisations move beyond outdated approaches to cybersecurity and embrace the transformative power of Zero Trust? Are you ready to take the first steps toward securing your digital future? Tune in to this essential conversation with John Kindervag, and let us know your thoughts!
In this episode, Cam is again joined by Kaman Tsoi and, together, they continue the cross-examination of Privacy Commissioner Carly Kind. In this podcast, we talk about the role of the board, the OAIC's enforcement approach and the Cyber Security Strategy, including the Commissioner's view on the extortion demand ‘conundrum'. Commissioner Kind also offers some wise words on what it takes to be a good lawyer in the cyber space…courageous! Commissioner Kind is a very impressive individual. She brings a very pragmatic perspective to the role and her personality is coming through in the OAIC's approach and engagement. Thanks again for listening. This is Cross Examining Commissioner Kind, Part 2…here we go…
Welcome back to Intrigue Events! The space for geopolitical discussion and exploration is often relegated to dusty rooms, with jargony conversations, and one too many uses of the word 'tripolarity.' At Intrigue Media, we're here to change that. Our mission is to discover, contextualize, and analyze the consequences of global political events. Intrigue Events transforms these insights into vibrant, engaging experiences where professionals connect, hear exclusive insights, and engage in dynamic discussions. On October 24th we hosted an event in partnership with Samsung at their Future Center in Washington DC: “Securing Tomorrow: The Future of Cyber Threats and Global Defense.” Our incredible guests from the State Department, DARPA, and SentinelOne offered great insight into the growing role of cybersecurity in a geopolitically active world. Enjoy! Chapters: 0:00-2:00 Opening Remarks from Intrigue's Helen Zhang 2:00-4:30 Remarks from Eric Tamarkin – Director & Senior Public Policy Counsel at Samsung 4:30-27:50 Liesyl Franz – Deputy Assistant Secretary for International Cyberspace Security, Bureau of Cyberspace and Digital Policy at the Department of State 27:50-47:45 Dr. Matt Turek – Deputy Director, Information Innovation Office, Defense Advanced Research Projects Agency (DARPA) 47:45-1:08:56 Brandon Wales – Vice President of Cybersecurity Strategy, SentinelOne and Former Executive Director at the Cybersecurity and Infrastructure Security Agency (CISA) Subscribe to International Intrigue, the free 5-minute global news briefing: https://www.internationalintrigue.io/
“I let them know... You messed with the wrong parent.” Welcome back to What The Fraud? In the first episode of series two, Thomas Taraniuk is joined by world-leading cyber threat intelligence analyst, Charity Wright. Charity works as the ‘Principal Threat Intelligence Consultant' at cyber security company, Recorded Future, in the United States. Thomas and Charity take a look at how a leading financial service provider is enhancing its efforts in combating payment fraud. They delve into strategies for effectively integrating fraud prevention into a company's cybersecurity framework and explore how threat intelligence can strengthen anti-fraud measures. Charity also bravely shares a story involving her teenage son who unfortunately fell victim to a sextortion attack. She's now on a mission to spread awareness of the fraudsters behind these kinds of attacks and provide essential advice for parents. If you or someone you know has been a victim of sextortion, please visit: stopsextortion.com/get-help/ Sumsub's website: sumsub.com Sumsub's LinkedIn: linkedin.com/sumsub Sumsub's Facebook: facebook.com/sumsub Sumsub's Instagram: facebook.com/sumsubcom Sumsub's YouTube Channel: youtube.com/@sumsubcom Thomas Taraniuk on LinkedIn: linkedin.com/in/tomtaraniuk Charity Wright on LinkedIn: https://www.linkedin.com/in/cwillhoite/ Hosted on Acast. See acast.com/privacy for more information.
In the latest episode of Reimagining Cyber, Rob interviews Bindu Sundaresan, Director of Cybersecurity Solutions at Level Blue, about the evolution and significance of cyber resilience. Bindu, with over 20 years in cybersecurity, discusses how the field has shifted from a focus solely on prevention to a broader approach that includes resilience and recovery.Key points from the conversation:1. Historical Focus: Traditionally, cybersecurity strategies concentrated on preventing attacks. However, the current threat landscape necessitates a shift towards resilience, acknowledging that breaches are inevitable.2. Modern Approach: Organizations are now integrating business continuity planning and disaster recovery with cybersecurity efforts. This holistic approach ensures that operations can continue and recover swiftly after an attack.3. Business Alignment: Bindu emphasizes that cybersecurity should be seen not just as a technical issue but as a business problem affecting overall operations. This shift in perspective helps align cybersecurity efforts with business outcomes and improves the strategic value of cybersecurity roles.4. CISO's Role: For Chief Information Security Officers (CISOs), successfully integrating resilience into their programs involves understanding and prioritizing risks based on business impact. This requires effective communication with other business units and aligning cybersecurity investments with broader business goals.5. Evolution of Cybersecurity: The conversation highlights the shift from compliance-driven approaches to risk-driven and resilience-focused strategies. This evolution is crucial for achieving digital resilience and 6. Identifying Sensitive Data: Organizations must first identify what constitutes sensitive data for their specific context, considering regulatory requirements, business use, and industry standards. Without this understanding, investments in data protection might be misallocated.7. Data Classification and Flow: It is crucial to classify sensitive data and map how it flows within and outside the organization. This helps in applying appropriate security controls and prevents unnecessary complexity and expense.8. Continuous Review: Data classification and protection are not one-time tasks. Organizations need to regularly update their data inventory and classification as their data environment evolves9. Incident Response and Resilience: Organizations should develop tiered recovery plans that prioritize critical business functions during incidents. Regularly updated tabletop exercises should simulate realistic and current scenarios to test response plans effectively.10.Cross-Functional Involvement: Effective incident response involves cross-functional teams, including IT, legal, PR, and executive leadership. Establishing what constitutes minimum viable operations helps prioritize recovery efforts and resource allocation during an incident.11.Evolving Practices: The goal is to continuously refine incident response and recovery practices to improve resilience over time. Embracing a lifecycle approach to security and resilience can turn digital resilience into a competitive advantage.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
In this bonus episode of The Business of Tech podcast, Brett Leatherman, a senior executive with the FBI, provides insights into the current cybersecurity landscape from a law enforcement perspective. Leatherman highlights the ongoing threat of ransomware targeting businesses, particularly in critical sectors like healthcare and energy. He emphasizes the importance of imposing costs on cybercriminals while also offering substantial assistance to victims of cybercrime.The FBI's success in pushing back against cybercriminals is attributed to their strategic approach of imposing costs on malicious actors while providing assistance to victims. Leatherman discusses a recent operation against the LockBit ransomware group, showcasing the FBI's efforts to disrupt cybercriminal infrastructure and assist affected businesses in decrypting data. By collaborating with international partners and conducting technical operations, the FBI aims to deter cyber adversaries and bring them to justice.Leatherman delves into the process of engaging with the FBI during a cybersecurity incident, emphasizing the importance of establishing a relationship with the local field office before a breach occurs. He outlines the steps MSPs can take before, during, and after a breach, including contacting the FBI, preserving evidence, and collaborating with law enforcement. By sharing insights on contentious information, legal considerations, and post-incident procedures, Leatherman provides valuable guidance for organizations navigating cybersecurity incidents.As cyber threats evolve, Leatherman highlights emerging technologies like artificial intelligence being leveraged by state actors for disinformation campaigns. He underscores the significance of maintaining strong cyber hygiene practices, such as implementing multi-factor authentication, patch management, and software inventory management. By focusing on the basics of cybersecurity and engaging with law enforcement proactively, organizations can enhance their defenses and mitigate the risk of cyberattacks. Leatherman concludes by emphasizing the FBI's role in assisting businesses and encouraging listeners to establish a partnership with their local FBI field office for cybersecurity support. Supported by: https://coreview.com/msp/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social
Send us a textIn the rapidly evolving landscape of cybersecurity, staying ahead of emerging threats and technologies is crucial. This episode delves into the intricate world of cybersecurity with Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, as we explore the latest advancements and challenges in the field.With over three decades of experience, Carson shares valuable insights on the evolution of cybersecurity, from its humble beginnings as a subset of IT to its current status as a critical business function. He discusses the pivotal moments that shaped his career and the industry as a whole, including the impact of major cyber incidents and the changing nature of threats.Key Topics Covered:The transition of cybersecurity from an IT function to a business-critical roleThe importance of aligning cybersecurity strategies with business objectivesThe role of AI and quantum computing in shaping future cybersecurity challengesHuman risk management and its significance in modern cybersecurity practicesThe ethical considerations surrounding emerging technologiesConnect with Joseph CarsonLinkedIn: https://www.linkedin.com/in/josephcarson/Twitter / X: https://twitter.com/joe_carsonConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today!
In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Show Notes: https://securityweekly.com/bsw-363
In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them. Also learn why it's vital to do cybersecurity assessments in real time and why you can't integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Cybersecurity Preparedness Assessment. Rockwell Automation Industrial Cybersecurity Solutions. Blog: Improving Critical Infrastructure Cybersecurity (includes NIST explanation). Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe and give us a 5-star rating and a review. ** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.
Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack. This week on CSO Perspectives This week on N2K Pro's CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here. Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT malware (Security Affairs) California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek) Finance: Secret Bank Ratings Show US Regulator's Concern on Handling Risk (Bloomberg) U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews) Internships can be a gold mine for cybersecurity hiring (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Guest: Robert Fernandes, Chief Information Security Officer, The Investment Center, Inc.On LinkedIn | https://www.linkedin.com/in/robert-fernandes-cybersecurity/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a compelling conversation with Robert Fernandes, CISO at the Investment Center, a financial service provider based in New Jersey. Together, they delve into the concept of viewing cybersecurity not merely as a cost center but as a profit center. This innovative perspective is fundamentally altering how businesses approach their cybersecurity investments.Sean Martin opens the discussion by addressing the evolving landscape of cybersecurity. He highlights how traditional views of cybersecurity — such as those held for an insurance policy — are outdated. Robert Fernandes agrees and emphasizes that times have changed; there's a growing need for businesses to leverage their cybersecurity posture as a competitive advantage. He advocates for the proactive use of a robust cybersecurity program to attract clients and secure trust, much like other marketing strategies.Drawing parallels from various industries, Fernandes notes that grocery stores and restaurants don't just sell food; they sell safe and high-quality food experiences. Similarly, automobile manufacturers sell not just vehicles but also safety and comfort. In the same vein, cybersecurity should be seen as an integral part of the product, enhancing its value and appeal to customers. For Fernandes, this shift in thinking can transform a company's cybersecurity program from a necessary expense into a key marketing asset.Fernandes also discusses the importance of breaking down silos within organizations. Effective communication between different departments, such as marketing, operations, and cybersecurity, can lead to a more cohesive strategy where cybersecurity is embedded in the company's culture and operations. This integration can significantly enhance the company's security posture, making it a selling point rather than an afterthought.One particularly intriguing point Fernandes makes is the role of education in shifting perceptions about cybersecurity. He stresses the need to inform and educate stakeholders - from end-users to executives - about the importance of cybersecurity. By moving past buzzwords and misconceptions, businesses can better understand and articulate the value of their cybersecurity measures to clients and partners. Martin and Fernandes also touch on the role of cyber insurance in conveying trust. A robust cyber insurance policy can serve as a testament to the company's strong security posture, further building client confidence.Ultimately, the conversation underscores that by rethinking cybersecurity - from product design to marketing and beyond - businesses can realize substantial benefits. This episode is a must-listen for business leaders looking to turn their cybersecurity efforts into a profitable and strategic advantage.Top Questions AddressedHow can businesses transform cybersecurity from a cost center to a profit center?What are the benefits of breaking down organizational silos in cybersecurity strategy?How does educating stakeholders affect the perception and effectiveness of cybersecurity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
How do you adopt a cybersecurity strategy that fits your manufacturing business? In this episode of Manufacturing Happy Hour, host Chris Lueke is speaking to Mollie Breen, CEO & Founder of Perygee, an automation platform for IT and security teams, built to eliminate the visibility challenges of the digital-first world. They kick off by exploring significant developments in cybersecurity over the past few years. Mollie highlights the dual role AI plays, assisting both hackers in identifying vulnerabilities and defenders in fortifying network security. She underscores the importance of reverting to cybersecurity fundamentals amid tech evolutions, noting that a shift back to basics is essential for adapting to new threats effectively. Mollie provides background on her time at the NSA, revealing the surprising routine nature of tackling seemingly insurmountable tasks due to robust capabilities and top-tier expertise available. Her time at the NSA played a crucial role in her entrepreneurial journey with Perygee, where she navigated the intricate processes within governmental organizations to introduce innovative security measures. Mollie and Chris also discuss practical advice for implementing cybersecurity strategies within organizations of varying sizes. Mollie touches on the unique cybersecurity challenges faced by medical device companies due to heavy regulations and the criticality of their operations. The conversation then moves to the timing and evolution of cybersecurity roles within growing businesses.To wrap up, they discuss the potential for leadership in cybersecurity across all levels of an organization. This episode is packed with valuable insights for leaders across the manufacturing sector looking to enhance their cybersecurity strategies and foster a more secure operational environment.In this episode, find out:What's new in cybersecurity, AI, and going back to basics Mollie's journey with the NSA and how that lead to her founding PerygeeMollie offers practical cybersecurity advice for companies of all sizesHow training can go a long way in the context of cyber security Mollie expounds on the right approach to cybersecurity in public vs. private companiesUnpacking cybersecurity strategies for small to medium-sized businessesUnderstanding the unique cybersecurity challenges in medical devicesThe benefits of learning from different cybersecurity approaches across industriesMollie talks about the future of cybersecurity leadership in manufacturingEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“You have to remember cyber is an offensive and a defensive game.”“Inevitably every time you have to secure a new thing, there's an ushering in of going back to the basics and asking yourself, ‘what do we do?'”“I'm glad we're moving into a position where people are more informed. Doing something just out of fear of the headlines isn't necessarily the best decision for the organization.”Links & mentions:Perygee, an automation platform for IT and security teams purpose-built to eliminate the visibility challenges of the digital-first worldNIST Framework, excellent guidelines for getting started with cybersecurity
In today's podcast, we'll hear from Christin Cifaldi, Director of Product Development & Analytics, on the concept of scoping in cyber security. What is scoping, and what role does it play in the security landscape? Listen in to learn more.
A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, shares trends in cloud-native security. To learn more, you can check out Sysdig's 2024 Cloud-Native Security and Usage Report. Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window' to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors Quits Sharing Driving Behavior With Data Brokers (The New York Times) AI's Hippocratic Oath by Chinmayi Sharma (SSRN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Kemba Walden and Stewart revisit the National Cybersecurity Strategy a year later. Sultan Meghji examines the ransomware attack on Change Healthcare and its consequences. Brandon Pugh reminds us that even large companies like Google are not immune to having their intellectual property stolen. The group conducts a thorough analysis of a "public option" model for AI development. Brandon discusses the latest developments in personal data and child online protection. Lastly, Stewart inquires about Kemba's new position at Paladin Global Institute, following her departure from the role of Acting National Cyber Director.
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn't the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week's show is brought to you by Proofpoint. Ryan Kalember, Proofpoint's EVP of Cybersecurity Strategy, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed' attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences' ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky' hackers after surveillance satellite launch ‘Fugitive' Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch
On March 2, the Biden administration released its long-awaited National Cybersecurity Strategy. The new strategy comes more than two years after President Biden took office and sets out a bold vision to achieve a more cyber-secure future by the end of the decade. Lawfare Legal Fellow Saraphin Dhanani sat down with our in-house cyber experts, Lawfare's Senior Editor Stephanie Pell and Fellow in Tech Policy and Law Eugenia Lostri, to discuss the strategy and their latest piece published on Lawfare, titled “The Biden-Harris Administration Releases New National Cybersecurity Strategy.” Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.